MCPcopy
hub / github.com/istio/istio / TestGenCSR

Function TestGenCSR

security/pkg/pki/util/generate_csr_test.go:28–99  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

26)
27
28func TestGenCSR(t *testing.T) {
29 // Options to generate a CSR.
30 cases := map[string]struct {
31 csrOptions CertOptions
32 err error
33 }{
34 "GenCSR with RSA": {
35 csrOptions: CertOptions{
36 Host: "test_ca.com",
37 Org: "MyOrg",
38 RSAKeySize: 2048,
39 },
40 },
41 "GenCSR with EC": {
42 csrOptions: CertOptions{
43 Host: "test_ca.com",
44 Org: "MyOrg",
45 ECSigAlg: EcdsaSigAlg,
46 },
47 },
48 "GenCSR with EC errors due to invalid signature algorithm": {
49 csrOptions: CertOptions{
50 Host: "test_ca.com",
51 Org: "MyOrg",
52 ECSigAlg: "ED25519",
53 },
54 err: errors.New("csr cert generation fails due to unsupported EC signature algorithm"),
55 },
56 }
57
58 for id, tc := range cases {
59 csrPem, _, err := GenCSR(tc.csrOptions)
60 if err != nil {
61 if tc.err != nil {
62 if err.Error() == tc.err.Error() {
63 continue
64 }
65 t.Fatalf("%s: expected error to match expected error: %v", id, err)
66 } else {
67 t.Errorf("%s: failed to gen CSR", id)
68 }
69 }
70
71 pemBlock, _ := pem.Decode(csrPem)
72 if pemBlock == nil {
73 t.Fatalf("%s: failed to decode csr", id)
74 }
75 csr, err := x509.ParseCertificateRequest(pemBlock.Bytes)
76 if err != nil {
77 t.Fatalf("%s: failed to parse csr", id)
78 }
79 if err = csr.CheckSignature(); err != nil {
80 t.Errorf("%s: csr signature is invalid", id)
81 }
82 if csr.Subject.Organization[0] != "MyOrg" {
83 t.Errorf("%s: csr subject does not match", id)
84 }
85 if !strings.HasSuffix(string(csr.Extensions[0].Value), "test_ca.com") {

Callers

nothing calls this directly

Calls 5

GenCSRFunction · 0.85
NewMethod · 0.65
ErrorMethod · 0.65
FatalfMethod · 0.65
ErrorfMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…