NotificationsYou must be signed in to change notification settings
Fork244
Star5.2k

Commite78f37e

committed

Fixed some issues and added tests.

1 parente16a2e8 commite78f37eCopy full SHA for e78f37e

File tree

2 files changed

+131

-9

lines changed

security
- tls.go
- tls_test.go

2 files changed

+131

-9

lines changed

`‎security/tls.go‎`

Lines changed: 10 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,12 +37,6 @@ func GenerateCA() error {`
`37`	`37`	`caKeyPath:=filepath.Join(gaia.Cfg.DataPath,keyName)`
`38`	`38`	`cleanupCerts(caCertPath,caKeyPath)`
`39`	`39`
`40`		`-// Generate the key`
`41`		`-key,err:=rsa.GenerateKey(rand.Reader,rsaBits)`
`42`		`-iferr!=nil {`
`43`		`-returnerr`
`44`		`-}`
`45`		`-`
`46`	`40`	`// Set time range for cert validation`
`47`	`41`	`notBefore:=time.Now()`
`48`	`42`	`notAfter:=notBefore.Add(time.Hour*maxValidCA)`
`@@ -55,7 +49,7 @@ func GenerateCA() error {`
`55`	`49`	`}`
`56`	`50`
`57`	`51`	`// Generate CA template`
`58`		`-template:= x509.Certificate{`
	`52`	`+template:=&x509.Certificate{`
`59`	`53`	`SerialNumber:serialNumber,`
`60`	`54`	`Subject: pkix.Name{`
`61`	`55`	`Organization: []string{orgName},`
`@@ -65,13 +59,19 @@ func GenerateCA() error {`
`65`	`59`
`66`	`60`	`IsCA:true,`
`67`	`61`	`KeyUsage:x509.KeyUsageKeyEncipherment\|x509.KeyUsageDigitalSignature\|x509.KeyUsageCertSign,`
`68`		`-ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},`
	`62`	`+ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth,x509.ExtKeyUsageServerAuth},`
`69`	`63`	`BasicConstraintsValid:true,`
`70`	`64`	`DNSNames: []string{orgDNS},`
`71`	`65`	`}`
`72`	`66`
	`67`	`+// Generate the key`
	`68`	`+key,err:=rsa.GenerateKey(rand.Reader,rsaBits)`
	`69`	`+iferr!=nil {`
	`70`	`+returnerr`
	`71`	`+}`
	`72`	`+`
`73`	`73`	`// Create certificate authority`
`74`		`-derBytes,err:=x509.CreateCertificate(rand.Reader,&template,&template,key.PublicKey,key)`
	`74`	`+derBytes,err:=x509.CreateCertificate(rand.Reader,template,template,&key.PublicKey,key)`
`75`	`75`	`iferr!=nil {`
`76`	`76`	`returnerr`
`77`	`77`	`}`
`@@ -134,6 +134,7 @@ func createSignedCert() (string, string, error) {`
`134`	`134`	`SubjectKeyId: []byte{1,2,3,4,6},`
`135`	`135`	`ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth,x509.ExtKeyUsageServerAuth},`
`136`	`136`	`KeyUsage:x509.KeyUsageDigitalSignature,`
	`137`	`+DNSNames: []string{orgDNS},`
`137`	`138`	`}`
`138`	`139`	`priv,_:=rsa.GenerateKey(rand.Reader,rsaBits)`
`139`	`140`	`pub:=&priv.PublicKey`

`‎security/tls_test.go‎`

Lines changed: 121 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,121 @@`
	`1`	`+package security`
	`2`	`+`
	`3`	`+import (`
	`4`	`+"crypto/tls"`
	`5`	`+"crypto/x509"`
	`6`	`+"io/ioutil"`
	`7`	`+"os"`
	`8`	`+"path/filepath"`
	`9`	`+"testing"`
	`10`	`+`
	`11`	`+"github.com/gaia-pipeline/gaia"`
	`12`	`+)`
	`13`	`+`
	`14`	`+funcTestGenerateCA(t*testing.T) {`
	`15`	`+gaia.Cfg=&gaia.Config{}`
	`16`	`+gaia.Cfg.DataPath=os.TempDir()`
	`17`	`+`
	`18`	`+err:=GenerateCA()`
	`19`	`+iferr!=nil {`
	`20`	`+t.Fatal(err)`
	`21`	`+}`
	`22`	`+`
	`23`	`+caCertPath:=filepath.Join(gaia.Cfg.DataPath,"ca.crt")`
	`24`	`+caKeyPath:=filepath.Join(gaia.Cfg.DataPath,"ca.key")`
	`25`	`+`
	`26`	`+// Load CA plain`
	`27`	`+caPlain,err:=tls.LoadX509KeyPair(caCertPath,caKeyPath)`
	`28`	`+iferr!=nil {`
	`29`	`+t.Fatal(err)`
	`30`	`+}`
	`31`	`+`
	`32`	`+// Parse certificate`
	`33`	`+ca,err:=x509.ParseCertificate(caPlain.Certificate[0])`
	`34`	`+iferr!=nil {`
	`35`	`+t.Fatal(err)`
	`36`	`+}`
	`37`	`+`
	`38`	`+// Create cert pool and load ca root`
	`39`	`+certPool:=x509.NewCertPool()`
	`40`	`+rootCA,err:=ioutil.ReadFile(caCertPath)`
	`41`	`+iferr!=nil {`
	`42`	`+t.Fatal(err)`
	`43`	`+}`
	`44`	`+`
	`45`	`+ok:=certPool.AppendCertsFromPEM(rootCA)`
	`46`	`+if!ok {`
	`47`	`+t.Fatalf("Cannot append root cert to cert pool!\n")`
	`48`	`+}`
	`49`	`+`
	`50`	`+_,err=ca.Verify(x509.VerifyOptions{`
	`51`	`+Roots:certPool,`
	`52`	`+DNSName:orgDNS,`
	`53`	`+})`
	`54`	`+iferr!=nil {`
	`55`	`+t.Fatal(err)`
	`56`	`+}`
	`57`	`+`
	`58`	`+err=cleanupCerts(caCertPath,caKeyPath)`
	`59`	`+iferr!=nil {`
	`60`	`+t.Fatal(err)`
	`61`	`+}`
	`62`	`+}`
	`63`	`+`
	`64`	`+funcTestCreateSignedCert(t*testing.T) {`
	`65`	`+gaia.Cfg=&gaia.Config{}`
	`66`	`+gaia.Cfg.DataPath=os.TempDir()`
	`67`	`+`
	`68`	`+err:=GenerateCA()`
	`69`	`+iferr!=nil {`
	`70`	`+t.Fatal(err)`
	`71`	`+}`
	`72`	`+`
	`73`	`+caCertPath:=filepath.Join(gaia.Cfg.DataPath,"ca.crt")`
	`74`	`+caKeyPath:=filepath.Join(gaia.Cfg.DataPath,"ca.key")`
	`75`	`+`
	`76`	`+certPath,keyPath,err:=createSignedCert()`
	`77`	`+iferr!=nil {`
	`78`	`+t.Fatal(err)`
	`79`	`+}`
	`80`	`+`
	`81`	`+// Load CA plain`
	`82`	`+caPlain,err:=tls.LoadX509KeyPair(certPath,keyPath)`
	`83`	`+iferr!=nil {`
	`84`	`+t.Fatal(err)`
	`85`	`+}`
	`86`	`+`
	`87`	`+// Parse certificate`
	`88`	`+ca,err:=x509.ParseCertificate(caPlain.Certificate[0])`
	`89`	`+iferr!=nil {`
	`90`	`+t.Fatal(err)`
	`91`	`+}`
	`92`	`+`
	`93`	`+// Create cert pool and load ca root`
	`94`	`+certPool:=x509.NewCertPool()`
	`95`	`+rootCA,err:=ioutil.ReadFile(caCertPath)`
	`96`	`+iferr!=nil {`
	`97`	`+t.Fatal(err)`
	`98`	`+}`
	`99`	`+`
	`100`	`+ok:=certPool.AppendCertsFromPEM(rootCA)`
	`101`	`+if!ok {`
	`102`	`+t.Fatalf("Cannot append root cert to cert pool!\n")`
	`103`	`+}`
	`104`	`+`
	`105`	`+_,err=ca.Verify(x509.VerifyOptions{`
	`106`	`+Roots:certPool,`
	`107`	`+DNSName:orgDNS,`
	`108`	`+})`
	`109`	`+iferr!=nil {`
	`110`	`+t.Fatal(err)`
	`111`	`+}`
	`112`	`+`
	`113`	`+err=cleanupCerts(caCertPath,caKeyPath)`
	`114`	`+iferr!=nil {`
	`115`	`+t.Fatal(err)`
	`116`	`+}`
	`117`	`+err=cleanupCerts(certPath,keyPath)`
	`118`	`+iferr!=nil {`
	`119`	`+t.Fatal(err)`
	`120`	`+}`
	`121`	`+}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite78f37e

File tree

2 files changed

2 files changed

`‎security/tls.go‎`

`‎security/tls_test.go‎`

0 commit comments