| 26 | ) |
| 27 | |
| 28 | func TestGenCSR(t *testing.T) { |
| 29 | // Options to generate a CSR. |
| 30 | cases := map[string]struct { |
| 31 | csrOptions CertOptions |
| 32 | err error |
| 33 | }{ |
| 34 | "GenCSR with RSA": { |
| 35 | csrOptions: CertOptions{ |
| 36 | Host: "test_ca.com", |
| 37 | Org: "MyOrg", |
| 38 | RSAKeySize: 2048, |
| 39 | }, |
| 40 | }, |
| 41 | "GenCSR with EC": { |
| 42 | csrOptions: CertOptions{ |
| 43 | Host: "test_ca.com", |
| 44 | Org: "MyOrg", |
| 45 | ECSigAlg: EcdsaSigAlg, |
| 46 | }, |
| 47 | }, |
| 48 | "GenCSR with EC errors due to invalid signature algorithm": { |
| 49 | csrOptions: CertOptions{ |
| 50 | Host: "test_ca.com", |
| 51 | Org: "MyOrg", |
| 52 | ECSigAlg: "ED25519", |
| 53 | }, |
| 54 | err: errors.New("csr cert generation fails due to unsupported EC signature algorithm"), |
| 55 | }, |
| 56 | } |
| 57 | |
| 58 | for id, tc := range cases { |
| 59 | csrPem, _, err := GenCSR(tc.csrOptions) |
| 60 | if err != nil { |
| 61 | if tc.err != nil { |
| 62 | if err.Error() == tc.err.Error() { |
| 63 | continue |
| 64 | } |
| 65 | t.Fatalf("%s: expected error to match expected error: %v", id, err) |
| 66 | } else { |
| 67 | t.Errorf("%s: failed to gen CSR", id) |
| 68 | } |
| 69 | } |
| 70 | |
| 71 | pemBlock, _ := pem.Decode(csrPem) |
| 72 | if pemBlock == nil { |
| 73 | t.Fatalf("%s: failed to decode csr", id) |
| 74 | } |
| 75 | csr, err := x509.ParseCertificateRequest(pemBlock.Bytes) |
| 76 | if err != nil { |
| 77 | t.Fatalf("%s: failed to parse csr", id) |
| 78 | } |
| 79 | if err = csr.CheckSignature(); err != nil { |
| 80 | t.Errorf("%s: csr signature is invalid", id) |
| 81 | } |
| 82 | if csr.Subject.Organization[0] != "MyOrg" { |
| 83 | t.Errorf("%s: csr subject does not match", id) |
| 84 | } |
| 85 | if !strings.HasSuffix(string(csr.Extensions[0].Value), "test_ca.com") { |