| 18 | ) |
| 19 | |
| 20 | func TestCertificateSignCommand(t *testing.T) { |
| 21 | signer, err := keyutil.GenerateDefaultSigner() |
| 22 | require.NoError(t, err) |
| 23 | csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{Subject: pkix.Name{CommonName: "test"}}, signer) |
| 24 | require.NoError(t, err) |
| 25 | csr, err := x509.ParseCertificateRequest(csrBytes) |
| 26 | require.NoError(t, err) |
| 27 | caSigner, err := keyutil.GenerateDefaultSigner() |
| 28 | require.NoError(t, err) |
| 29 | tmpl := &x509.Certificate{ |
| 30 | Subject: pkix.Name{CommonName: "test-ca"}, |
| 31 | SerialNumber: big.NewInt(1), |
| 32 | IsCA: true, |
| 33 | MaxPathLen: 1, |
| 34 | BasicConstraintsValid: true, |
| 35 | KeyUsage: x509.KeyUsageCertSign, |
| 36 | } |
| 37 | caCertBytes, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, caSigner.Public(), caSigner) |
| 38 | require.NoError(t, err) |
| 39 | caCert, err := x509.ParseCertificate(caCertBytes) |
| 40 | require.NoError(t, err) |
| 41 | |
| 42 | testscript.Run(t, testscript.Params{ |
| 43 | Files: []string{"testdata/certificate/sign.txtar"}, |
| 44 | Setup: func(e *testscript.Env) error { |
| 45 | _, err := pemutil.Serialize(csr, pemutil.WithFilename(filepath.Join(e.Cd, "test.csr"))) |
| 46 | require.NoError(t, err) |
| 47 | _, err = pemutil.Serialize(caCert, pemutil.WithFilename(filepath.Join(e.Cd, "cacert.pem"))) |
| 48 | require.NoError(t, err) |
| 49 | _, err = pemutil.Serialize(caSigner, pemutil.WithFilename(filepath.Join(e.Cd, "cakey.pem"))) |
| 50 | require.NoError(t, err) |
| 51 | |
| 52 | return nil |
| 53 | }, |
| 54 | Cmds: map[string]func(ts *testscript.TestScript, neg bool, args []string){ |
| 55 | "check_certificate": checkCertificate, |
| 56 | }, |
| 57 | }) |
| 58 | |
| 59 | testscript.Run(t, testscript.Params{ |
| 60 | Files: []string{"testdata/certificate/sign-bad-csr.txtar"}, |
| 61 | Setup: func(e *testscript.Env) error { |
| 62 | err := os.WriteFile(filepath.Join(e.Cd, "bad.csr"), []byte("bogus"), 0644) |
| 63 | require.NoError(t, err) |
| 64 | _, err = pemutil.Serialize(caCert, pemutil.WithFilename(filepath.Join(e.Cd, "cacert.pem"))) |
| 65 | require.NoError(t, err) |
| 66 | _, err = pemutil.Serialize(caSigner, pemutil.WithFilename(filepath.Join(e.Cd, "cakey.pem"))) |
| 67 | require.NoError(t, err) |
| 68 | |
| 69 | return nil |
| 70 | }, |
| 71 | }) |
| 72 | } |
| 73 | |
| 74 | func TestCertificateVerifyCommand(t *testing.T) { |
| 75 | ca, err := minica.New(minica.WithName("TestCertificateVerify")) |