4f35c56443
* Added KeyEncoding spec value to Certificate type. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added validation for Certificate Spec field KeyEncoding. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added Encoding PKCS8 function for encoding private keys in generate.go. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Modified the call to the private key encoding function for each issuer in issue.go to pass in the extra KeyEncoding field. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added case for decoding pkcs8 key. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Converting decoded PKCS8 key into crypto.Signer. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added debugging log statements for decoding private keys. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Log messages for decoding private keys. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added logs for decoding private keys. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added debug logs. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Add debug logs. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Modified keys package. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed the key converter to the ssh package. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Testing decoding as pkcs1 key instead. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Trying to convert to crypto.Signer for PKCS8. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Converting to rsa.PrivateKey. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed return to type private key. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changing parsing. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Cleaned up logs. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed logging info. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed debug logging. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fix parse test for new pkcs8 support. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed extra lines. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed extra lines and spaces. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed duplicate PKCS8 functions. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed the KeyEncoding field from an int to a string. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed issue.go for issuers to pass in the certificate when encoding private key. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Corrected capitalization of Spec. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed the error message to use the correct variable. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed selfsigned issue.go to pass in certificate object instead of the keyEncoding. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed error format. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed test to pass in certificate variable into encoding private key function. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed syntax issue. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed parameter for encode private key function in parse_test.go. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed parse test for encode private key function. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed invalid syntax. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Moved the if statement. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Cleaned up go-fmt errors. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Ran bazel run //hack:update-reference-docs. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed encode private key to take keyEncoding instead of certificate. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed setting keyEncoding for ca issue test. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixing passing in the correct type for encoding private key. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixing passing in the correct type for encoding private key. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed parameter passed into encode private key for parse test. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added unit test for encoding different private key types. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed key encoding field from existing test. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added KeyEncoding spec value to Certificate type. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added validation for Certificate Spec field KeyEncoding. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added Encoding PKCS8 function for encoding private keys in generate.go. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Modified the call to the private key encoding function for each issuer in issue.go to pass in the extra KeyEncoding field. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added case for decoding pkcs8 key. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Converting decoded PKCS8 key into crypto.Signer. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added debugging log statements for decoding private keys. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Log messages for decoding private keys. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added logs for decoding private keys. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added debug logs. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Add debug logs. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Modified keys package. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed the key converter to the ssh package. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Testing decoding as pkcs1 key instead. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Trying to convert to crypto.Signer for PKCS8. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Converting to rsa.PrivateKey. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed return to type private key. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changing parsing. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Cleaned up logs. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed logging info. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed debug logging. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fix parse test for new pkcs8 support. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed extra lines. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed extra lines and spaces. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed duplicate PKCS8 functions. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed the KeyEncoding field from an int to a string. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed issue.go for issuers to pass in the certificate when encoding private key. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Corrected capitalization of Spec. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed the error message to use the correct variable. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed selfsigned issue.go to pass in certificate object instead of the keyEncoding. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed error format. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed test to pass in certificate variable into encoding private key function. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed syntax issue. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed parameter for encode private key function in parse_test.go. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed parse test for encode private key function. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed invalid syntax. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Moved the if statement. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Cleaned up go-fmt errors. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Ran bazel run //hack:update-reference-docs. Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Changed encode private key to take keyEncoding instead of certificate. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed setting keyEncoding for ca issue test. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixing passing in the correct type for encoding private key. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixing passing in the correct type for encoding private key. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed parameter passed into encode private key for parse test. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added unit test for encoding different private key types. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed key encoding field from existing test. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed syntax error for declaring constant. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Moving private key all to one line. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added commas after each test case and changed the private key to a pkcs1 rsa private key. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed test errors. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added default error. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Predefined actualEncoding variable. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Undeclared actualEncoding variable. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Declared actualEncoding variable to nil. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Declared actualEncoding variable to empty key encoding type. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixed unit test. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Ran update go-fmt. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Added e2e test for pkcs8 certificate. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Removed unused variable. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Creating issue in pkcs8 e2e test. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Fixing no new variables on the left side of := for err variable. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * Updated docs to mention the key encoding field. Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local> * change venafi issuer to support different cert encoding Signed-off-by: Daniel Morsing <dmo@jetstack.io> * update crds Signed-off-by: Daniel Morsing <dmo@jetstack.io>
177 lines
4.7 KiB
Go
177 lines
4.7 KiB
Go
/*
|
|
Copyright 2019 The Jetstack cert-manager contributors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package pki
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/rsa"
|
|
"encoding/pem"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
|
|
)
|
|
|
|
func generatePrivateKeyBytes(keyAlgo v1alpha1.KeyAlgorithm, keySize int) ([]byte, error) {
|
|
cert := buildCertificateWithKeyParams(keyAlgo, keySize)
|
|
privateKey, err := GeneratePrivateKeyForCertificate(cert)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return EncodePrivateKey(privateKey, cert.Spec.KeyEncoding)
|
|
}
|
|
|
|
func generatePKCS8PrivateKey(keyAlgo v1alpha1.KeyAlgorithm, keySize int) ([]byte, error) {
|
|
privateKey, err := GeneratePrivateKeyForCertificate(buildCertificateWithKeyParams(keyAlgo, keySize))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return EncodePKCS8PrivateKey(privateKey)
|
|
}
|
|
|
|
func TestDecodePrivateKeyBytes(t *testing.T) {
|
|
type testT struct {
|
|
name string
|
|
keyBytes []byte
|
|
keyAlgo v1alpha1.KeyAlgorithm
|
|
expectErr bool
|
|
expectErrStr string
|
|
}
|
|
|
|
rsaKeyBytes, err := generatePrivateKeyBytes(v1alpha1.RSAKeyAlgorithm, MinRSAKeySize)
|
|
if err != nil {
|
|
t.Errorf("error generating key bytes: %s", err)
|
|
return
|
|
}
|
|
|
|
pkcs8RsaKeyBytes, err := generatePKCS8PrivateKey(v1alpha1.RSAKeyAlgorithm, MinRSAKeySize)
|
|
if err != nil {
|
|
t.Errorf("error generating key bytes: %s", err)
|
|
return
|
|
}
|
|
|
|
ecdsaKeyBytes, err := generatePrivateKeyBytes(v1alpha1.ECDSAKeyAlgorithm, 256)
|
|
if err != nil {
|
|
t.Errorf("error generating key bytes: %s", err)
|
|
return
|
|
}
|
|
|
|
pkcs8EcdsaKeyBytes, err := generatePKCS8PrivateKey(v1alpha1.ECDSAKeyAlgorithm, 256)
|
|
if err != nil {
|
|
t.Errorf("error generating key bytes: %s", err)
|
|
return
|
|
}
|
|
|
|
block := &pem.Block{Type: "BLAH BLAH BLAH", Bytes: []byte("blahblahblah")}
|
|
blahKeyBytes := pem.EncodeToMemory(block)
|
|
|
|
privateKeyBlock := &pem.Block{Type: "PRIVATE KEY", Bytes: []byte("blahblahblah")}
|
|
blahPrivateKeyBytes := pem.EncodeToMemory(privateKeyBlock)
|
|
|
|
invalidKeyBytes := []byte("blah-blah-invalid")
|
|
|
|
tests := []testT{
|
|
{
|
|
name: "decode pem encoded rsa private key bytes",
|
|
keyBytes: rsaKeyBytes,
|
|
keyAlgo: v1alpha1.RSAKeyAlgorithm,
|
|
expectErr: false,
|
|
},
|
|
{
|
|
name: "decode pkcs#8 encoded rsa private key bytes",
|
|
keyBytes: pkcs8RsaKeyBytes,
|
|
keyAlgo: v1alpha1.RSAKeyAlgorithm,
|
|
expectErr: false,
|
|
},
|
|
{
|
|
name: "decode pem encoded ecdsa private key bytes",
|
|
keyBytes: ecdsaKeyBytes,
|
|
keyAlgo: v1alpha1.ECDSAKeyAlgorithm,
|
|
expectErr: false,
|
|
},
|
|
{
|
|
name: "decode pkcs#8 encoded ecdsa private key bytes",
|
|
keyBytes: pkcs8EcdsaKeyBytes,
|
|
keyAlgo: v1alpha1.ECDSAKeyAlgorithm,
|
|
expectErr: false,
|
|
},
|
|
{
|
|
name: "fail to decode unknown pem encoded key bytes",
|
|
keyBytes: blahKeyBytes,
|
|
expectErr: true,
|
|
expectErrStr: "unknown private key type",
|
|
},
|
|
{
|
|
name: "fail to decode unknown pkcs#8 encoded key bytes",
|
|
keyBytes: blahPrivateKeyBytes,
|
|
expectErr: true,
|
|
expectErrStr: "error parsing pkcs#8 private key: asn1: structure error:",
|
|
},
|
|
{
|
|
name: "fail to decode unknown not pem encoded key bytes",
|
|
keyBytes: invalidKeyBytes,
|
|
expectErr: true,
|
|
expectErrStr: "error decoding private key PEM block",
|
|
},
|
|
}
|
|
|
|
testFn := func(test testT) func(*testing.T) {
|
|
return func(t *testing.T) {
|
|
privateKey, err := DecodePrivateKeyBytes(test.keyBytes)
|
|
if test.expectErr {
|
|
if err == nil {
|
|
t.Error("expected err, but got no error")
|
|
return
|
|
}
|
|
|
|
if !strings.Contains(err.Error(), test.expectErrStr) {
|
|
t.Errorf("expected err string to match: '%s', got: '%s'", test.expectErrStr, err.Error())
|
|
return
|
|
}
|
|
}
|
|
|
|
if !test.expectErr {
|
|
if err != nil {
|
|
t.Errorf("expected no err, but got '%q'", err)
|
|
return
|
|
}
|
|
|
|
if test.keyAlgo == v1alpha1.RSAKeyAlgorithm {
|
|
_, ok := privateKey.(*rsa.PrivateKey)
|
|
if !ok {
|
|
t.Errorf("expected rsa private key, but got %T", privateKey)
|
|
return
|
|
}
|
|
}
|
|
|
|
if test.keyAlgo == v1alpha1.ECDSAKeyAlgorithm {
|
|
_, ok := privateKey.(*ecdsa.PrivateKey)
|
|
if !ok {
|
|
t.Errorf("expected ecdsa private key, but got %T", privateKey)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.name, testFn(test))
|
|
}
|
|
}
|