ezshare/certs/certservice_test.go

package certs_test

import (
	"crypto/x509"
	"encoding/pem"
	"testing"

	"git.t-juice.club/torjus/ezshare/certs"
	"git.t-juice.club/torjus/ezshare/store"
	"github.com/google/uuid"
)

func TestCertService(t *testing.T) {
	t.Run("TestManualVerifyClientCertificate", func(t *testing.T) {

		s := store.NewMemoryStore()

		caKeyBytes, caCertBytes, err := certs.GenCACert()
		if err != nil {
			t.Fatalf("Error generating ca cert: %s", err)
		}

		svc, err := certs.NewCertService(s, caCertBytes, caKeyBytes)
		if err != nil {
			t.Fatalf("Unable to create service: %s", err)
		}

		clientCertPEM, _, err := svc.NewClient("test")
		if err != nil {
			t.Fatalf("Unable to create client certificate: %s", err)
		}

		caCert, err := x509.ParseCertificate(caCertBytes)
		if err != nil {
			t.Fatalf("Unable to parse CA certificate: %s", err)
		}
		certPool := x509.NewCertPool()
		certPool.AddCert(caCert)

		clientCertPEMBlock, _ := pem.Decode(clientCertPEM)
		if clientCertPEMBlock == nil {
			t.Fatalf("Client does not contain PEM-encoded data")
		}
		if clientCertPEMBlock.Type != "CERTIFICATE" {
			t.Fatal("Client cert is not certificate")
		}

		clientCert, err := x509.ParseCertificate(clientCertPEMBlock.Bytes)
		if err != nil {
			t.Fatalf("Could not parse client certificate: %s", err)
		}

		if _, err := clientCert.Verify(x509.VerifyOptions{Roots: certPool}); err != nil {
			t.Fatalf("Could not verify client certificate: %s", err)
		}
	})
	t.Run("TestVerifyClientCertificate", func(t *testing.T) {

		s := store.NewMemoryStore()

		caKeyBytes, caCertBytes, err := certs.GenCACert()
		if err != nil {
			t.Fatalf("Error generating ca cert: %s", err)
		}

		svc, err := certs.NewCertService(s, caCertBytes, caKeyBytes)
		if err != nil {
			t.Fatalf("Unable to create service: %s", err)
		}

		clientID := uuid.Must(uuid.NewRandom()).String()
		clientCertPEM, _, err := svc.NewClient(clientID)
		if err != nil {
			t.Fatalf("Unable to create client certificate: %s", err)
		}

		id, err := svc.VerifyClient(clientCertPEM)
		if err != nil {
			t.Fatalf("Failed to verify certificate: %s", err)
		}
		if id != clientID {
			t.Fatalf("Verify returned wrong id. Got %s want %s", id, clientID)
		}
	})
}
Add certificate service 2021-12-05 00:01:05 +00:00			`package certs_test`

			`import (`
			`"crypto/x509"`
			`"encoding/pem"`
			`"testing"`
Rename module 2022-01-13 17:40:15 +00:00
			`"git.t-juice.club/torjus/ezshare/certs"`
			`"git.t-juice.club/torjus/ezshare/store"`
			`"github.com/google/uuid"`
Add certificate service 2021-12-05 00:01:05 +00:00			`)`

			`func TestCertService(t *testing.T) {`
			`t.Run("TestManualVerifyClientCertificate", func(t *testing.T) {`

			`s := store.NewMemoryStore()`

			`caKeyBytes, caCertBytes, err := certs.GenCACert()`
			`if err != nil {`
			`t.Fatalf("Error generating ca cert: %s", err)`
			`}`

			`svc, err := certs.NewCertService(s, caCertBytes, caKeyBytes)`
			`if err != nil {`
			`t.Fatalf("Unable to create service: %s", err)`
			`}`

			`clientCertPEM, _, err := svc.NewClient("test")`
			`if err != nil {`
			`t.Fatalf("Unable to create client certificate: %s", err)`
			`}`

			`caCert, err := x509.ParseCertificate(caCertBytes)`
			`if err != nil {`
			`t.Fatalf("Unable to parse CA certificate: %s", err)`
			`}`
			`certPool := x509.NewCertPool()`
			`certPool.AddCert(caCert)`

			`clientCertPEMBlock, _ := pem.Decode(clientCertPEM)`
			`if clientCertPEMBlock == nil {`
			`t.Fatalf("Client does not contain PEM-encoded data")`
			`}`
			`if clientCertPEMBlock.Type != "CERTIFICATE" {`
			`t.Fatal("Client cert is not certificate")`
			`}`

			`clientCert, err := x509.ParseCertificate(clientCertPEMBlock.Bytes)`
			`if err != nil {`
			`t.Fatalf("Could not parse client certificate: %s", err)`
			`}`

			`if _, err := clientCert.Verify(x509.VerifyOptions{Roots: certPool}); err != nil {`
			`t.Fatalf("Could not verify client certificate: %s", err)`
			`}`
			`})`
			`t.Run("TestVerifyClientCertificate", func(t *testing.T) {`

			`s := store.NewMemoryStore()`

			`caKeyBytes, caCertBytes, err := certs.GenCACert()`
			`if err != nil {`
			`t.Fatalf("Error generating ca cert: %s", err)`
			`}`

			`svc, err := certs.NewCertService(s, caCertBytes, caKeyBytes)`
			`if err != nil {`
			`t.Fatalf("Unable to create service: %s", err)`
			`}`

			`clientID := uuid.Must(uuid.NewRandom()).String()`
			`clientCertPEM, _, err := svc.NewClient(clientID)`
			`if err != nil {`
			`t.Fatalf("Unable to create client certificate: %s", err)`
			`}`

			`id, err := svc.VerifyClient(clientCertPEM)`
			`if err != nil {`
			`t.Fatalf("Failed to verify certificate: %s", err)`
			`}`
			`if id != clientID {`
			`t.Fatalf("Verify returned wrong id. Got %s want %s", id, clientID)`
			`}`
			`})`
			`}`