Move certificate test util functions to common location so they can be reused

Signed-off-by: irbekrm <irbekrm@gmail.com>
2021-02-25 09:40:50 +00:00 · 2021-02-25 09:40:50 +00:00 · 9a306e73e1
commit 9a306e73e1
parent ad53be3138
2 changed files with 85 additions and 84 deletions
--- a/pkg/controller/certificates/internal/test/test.go
+++ b/pkg/controller/certificates/internal/test/test.go
@ -22,6 +22,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"testing"
+	"time"

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	fakeclock "k8s.io/utils/clock/testing"
@ -223,3 +224,69 @@ func generateCSRImpl(crt *cmapi.Certificate, pk []byte) ([]byte, error) {

 	return csrPEM, nil
 }
+
+// MustGenerateCSRImpl returns PEM encoded certificate signing request
+func MustGenerateCSRImpl(t *testing.T, pkData []byte, cert *cmapi.Certificate) []byte {
+	csrPEM, err := generateCSRImpl(cert, pkData)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return csrPEM
+}
+
+// MustCreatePEMPrivateKey returns a PEM encoded 2048 bit RSA private key
+func MustCreatePEMPrivateKey(t *testing.T) []byte {
+	pk, err := pki.GenerateRSAPrivateKey(2048)
+	if err != nil {
+		t.Fatal(err)
+	}
+	pkData, err := pki.EncodePrivateKey(pk, cmapi.PKCS8)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return pkData
+}
+
+// MustCreateCertWithNotBeforeAfter returns a self-signed x509 cert for Certificate
+// with the provided NotBefore, NotAfter values
+func MustCreateCertWithNotBeforeAfter(t *testing.T, pkData []byte, spec *cmapi.Certificate, notBefore, notAfter time.Time) []byte {
+	pk, err := pki.DecodePrivateKeyBytes(pkData)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	template, err := pki.GenerateTemplate(spec)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	template.NotBefore = notBefore
+	template.NotAfter = notAfter
+
+	certData, _, err := pki.SignCertificate(template, template, pk.Public(), pk)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return certData
+}
+
+// MustCreateCert returns a self-signed x509 certificate
+func MustCreateCert(t *testing.T, pkData []byte, spec *cmapi.Certificate) []byte {
+	pk, err := pki.DecodePrivateKeyBytes(pkData)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	template, err := pki.GenerateTemplate(spec)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	certData, _, err := pki.SignCertificate(template, template, pk.Public(), pk)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return certData
+}
--- a/pkg/controller/certificates/trigger/policies/policies_test.go
+++ b/pkg/controller/certificates/trigger/policies/policies_test.go
@ -17,7 +17,6 @@ limitations under the License.
 package policies

 import (
-	"encoding/pem"
 	"testing"
 	"time"

@ -27,7 +26,7 @@ import (

 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
-	"github.com/jetstack/cert-manager/pkg/util/pki"
+	testutil "github.com/jetstack/cert-manager/pkg/controller/certificates/internal/test"
 )

 // Runs a full set of tests against the 'policy chain' once it is composed
@ -37,7 +36,7 @@ import (
 // modifying existing code.
 func TestDefaultPolicyChain(t *testing.T) {
 	clock := &fakeclock.FakeClock{}
-	staticFixedPrivateKey := generatePEMPrivateKey(t)
+	staticFixedPrivateKey := testutil.MustCreatePEMPrivateKey(t)
 	tests := map[string]struct {
 		// policy inputs
 		certificate *cmapi.Certificate
@ -95,7 +94,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 			certificate: &cmapi.Certificate{Spec: cmapi.CertificateSpec{SecretName: "something"}},
 			secret: &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "something"},
 				Data: map[string][]byte{
-					corev1.TLSPrivateKeyKey: generatePEMPrivateKey(t),
+					corev1.TLSPrivateKeyKey: testutil.MustCreatePEMPrivateKey(t),
 					corev1.TLSCertKey:       []byte("test"),
 				},
 			},
@ -108,7 +107,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 			secret: &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "something"},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: []byte("invalid"),
-					corev1.TLSCertKey: selfSignCertificate(t, generatePEMPrivateKey(t),
+					corev1.TLSCertKey: testutil.MustCreateCert(t, testutil.MustCreatePEMPrivateKey(t),
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
 				},
@ -121,8 +120,8 @@ func TestDefaultPolicyChain(t *testing.T) {
 			certificate: &cmapi.Certificate{Spec: cmapi.CertificateSpec{SecretName: "something"}},
 			secret: &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "something"},
 				Data: map[string][]byte{
-					corev1.TLSPrivateKeyKey: generatePEMPrivateKey(t),
-					corev1.TLSCertKey: selfSignCertificate(t, generatePEMPrivateKey(t),
+					corev1.TLSPrivateKeyKey: testutil.MustCreatePEMPrivateKey(t),
+					corev1.TLSCertKey: testutil.MustCreateCert(t, testutil.MustCreatePEMPrivateKey(t),
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
 				},
@ -146,7 +145,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificate(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCert(t, staticFixedPrivateKey,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
 				},
@ -172,7 +171,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificate(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCert(t, staticFixedPrivateKey,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
 				},
@ -200,7 +199,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificate(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCert(t, staticFixedPrivateKey,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
 				},
@ -230,7 +229,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificate(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCert(t, staticFixedPrivateKey,
 						// It does not matter what certificate data is stored in the Secret
 						// as the CertificateRequest will be used to determine whether a
 						// re-issuance is required.
@ -244,7 +243,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 					Kind:  "IssuerKind",
 					Group: "group.example.com",
 				},
-				Request: generatePEMCertificateRequest(t, staticFixedPrivateKey, &cmapi.Certificate{Spec: cmapi.CertificateSpec{
+				Request: testutil.MustGenerateCSRImpl(t, staticFixedPrivateKey, &cmapi.Certificate{Spec: cmapi.CertificateSpec{
 					CommonName: "old.example.com",
 				}}),
 			}},
@ -271,7 +270,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificate(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCert(t, staticFixedPrivateKey,
 						// It does not matter what certificate data is stored in the Secret
 						// as the CertificateRequest will be used to determine whether a
 						// re-issuance is required.
@ -285,7 +284,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 					Kind:  "IssuerKind",
 					Group: "group.example.com",
 				},
-				Request: generatePEMCertificateRequest(t, staticFixedPrivateKey, &cmapi.Certificate{Spec: cmapi.CertificateSpec{
+				Request: testutil.MustGenerateCSRImpl(t, staticFixedPrivateKey, &cmapi.Certificate{Spec: cmapi.CertificateSpec{
 					CommonName: "example.com",
 				}}),
 			}},
@ -309,7 +308,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificate(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCert(t, staticFixedPrivateKey,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "old.example.com"}},
 					),
 				},
@ -337,7 +336,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificate(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCert(t, staticFixedPrivateKey,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
 				},
@ -368,7 +367,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificateWithNotBeforeAfter(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCertWithNotBeforeAfter(t, staticFixedPrivateKey,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 						clock.Now().Add(time.Minute*-30),
 						// expires in 1 minute time
@ -405,7 +404,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificateWithNotBeforeAfter(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCertWithNotBeforeAfter(t, staticFixedPrivateKey,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 						clock.Now().Add(time.Minute*-30),
 						// expires in 1 minute time
@ -442,7 +441,7 @@ func TestDefaultPolicyChain(t *testing.T) {
 				},
 				Data: map[string][]byte{
 					corev1.TLSPrivateKeyKey: staticFixedPrivateKey,
-					corev1.TLSCertKey: selfSignCertificateWithNotBeforeAfter(t, staticFixedPrivateKey,
+					corev1.TLSCertKey: testutil.MustCreateCertWithNotBeforeAfter(t, staticFixedPrivateKey,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 						clock.Now().Add(time.Minute*-30),
 						// expires in 5 minutes time
@ -473,68 +472,3 @@ func TestDefaultPolicyChain(t *testing.T) {
 		})
 	}
 }
-
-func generatePEMPrivateKey(t *testing.T) []byte {
-	pk, err := pki.GenerateRSAPrivateKey(2048)
-	if err != nil {
-		t.Fatal(err)
-	}
-	pkData, err := pki.EncodePrivateKey(pk, cmapi.PKCS8)
-	if err != nil {
-		t.Fatal(err)
-	}
-	return pkData
-}
-
-func selfSignCertificateWithNotBeforeAfter(t *testing.T, pkData []byte, spec *cmapi.Certificate, notBefore, notAfter time.Time) []byte {
-	pk, err := pki.DecodePrivateKeyBytes(pkData)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	template, err := pki.GenerateTemplate(spec)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if notBefore != (time.Time{}) {
-		template.NotBefore = notBefore
-	}
-	if notAfter != (time.Time{}) {
-		template.NotAfter = notAfter
-	}
-
-	certData, _, err := pki.SignCertificate(template, template, pk.Public(), pk)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return certData
-}
-
-func selfSignCertificate(t *testing.T, pkData []byte, spec *cmapi.Certificate) []byte {
-	return selfSignCertificateWithNotBeforeAfter(t, pkData, spec, time.Time{}, time.Time{})
-}
-
-func generatePEMCertificateRequest(t *testing.T, pkData []byte, cert *cmapi.Certificate) []byte {
-	csr, err := pki.GenerateCSR(cert)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	pk, err := pki.DecodePrivateKeyBytes(pkData)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	csrDER, err := pki.EncodeCSR(csr, pk)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	csrPEM := pem.EncodeToMemory(&pem.Block{
-		Type: "CERTIFICATE REQUEST", Bytes: csrDER,
-	})
-
-	return csrPEM
-}