From b56a625bb1da7f99c38d85878cbc099bcd3176fc Mon Sep 17 00:00:00 2001 From: zLukas Date: Sun, 24 Sep 2023 15:42:25 +0200 Subject: [PATCH] x509 interface added --- src/cert-generator/pkg/tls/pem.go | 21 ++------- src/cert-generator/pkg/tls/types.go | 23 ++++++++- src/cert-generator/pkg/tls/x509.go | 20 ++++---- src/cert-generator/tests/pkg/tls/pem_test.go | 29 ++++++------ src/cert-generator/tests/pkg/tls/types.go | 49 ++++++++++++++++++++ 5 files changed, 100 insertions(+), 42 deletions(-) create mode 100644 src/cert-generator/tests/pkg/tls/types.go diff --git a/src/cert-generator/pkg/tls/pem.go b/src/cert-generator/pkg/tls/pem.go index 078c1b5..3fe9b97 100644 --- a/src/cert-generator/pkg/tls/pem.go +++ b/src/cert-generator/pkg/tls/pem.go @@ -5,23 +5,10 @@ import ( "fmt" ) -type Block struct{ - Bytes []byte -} - -type IPem interface { - Decode(data []byte) (*Block, []byte) -} - - -type Ix509 interface { - -} - -func PemToX509(input []byte, p IPem) (*x509.Certificate, error) { +func PemToX509(input []byte, p IPem, x Ix509) (*x509.Certificate, error) { block, _ := p.Decode(input) if block == nil { return nil, fmt.Errorf("failed to parse certificate PEM") - } - return x509.ParseCertificate(block.Bytes) -} + } + return x.ParseCertificate(block.Bytes) +} diff --git a/src/cert-generator/pkg/tls/types.go b/src/cert-generator/pkg/tls/types.go index b412d9c..1a02851 100644 --- a/src/cert-generator/pkg/tls/types.go +++ b/src/cert-generator/pkg/tls/types.go @@ -1,6 +1,11 @@ package tls -import "math/big" +import ( + "crypto/x509" + "encoding/pem" + "io" + "math/big" +) type CACert struct { Serial *big.Int `yaml:"serial"` @@ -23,4 +28,18 @@ type CertSubject struct { PostalCode string `yaml:"postalCode"` SerialNumber string `yaml:"serialNumber"` CommonName string `yaml:"commonName"` -} \ No newline at end of file +} + +type Block struct { + Bytes []byte +} + +type IPem interface { + Decode(data []byte) (*Block, []byte) + Encode(out io.Writer, b *pem.Block) error +} + +type Ix509 interface { + ParseCertificate(der []byte) (*x509.Certificate, error) + CreateCertificate(rand io.Reader, template *x509.Certificate, parent *x509.Certificate, pub any, priv any) ([]byte, error) +} diff --git a/src/cert-generator/pkg/tls/x509.go b/src/cert-generator/pkg/tls/x509.go index 8232e8f..154e44a 100644 --- a/src/cert-generator/pkg/tls/x509.go +++ b/src/cert-generator/pkg/tls/x509.go @@ -22,7 +22,7 @@ func WriteKeyCertFile(Key []byte, Cert []byte, filePath string) error { return nil } -func CreateCACert(ca *CACert) ([]byte, []byte, error) { +func CreateCACert(ca *CACert, p IPem, x Ix509) ([]byte, []byte, error) { template := &x509.Certificate{ SerialNumber: ca.Serial, Subject: pkix.Name{ @@ -43,7 +43,7 @@ func CreateCACert(ca *CACert) ([]byte, []byte, error) { BasicConstraintsValid: true, } - keyBytes, certBytes, err := createCert(template, nil, nil) + keyBytes, certBytes, err := createCert(template, nil, nil, p, x) if err != nil { return nil, nil, err } @@ -51,7 +51,7 @@ func CreateCACert(ca *CACert) ([]byte, []byte, error) { return keyBytes, certBytes, nil } -func CreateCert(cert *Cert, caKey []byte, caCert []byte, p IPem) ([]byte, []byte, error) { +func CreateCert(cert *Cert, caKey []byte, caCert []byte, p IPem, x Ix509) ([]byte, []byte, error) { template := &x509.Certificate{ SerialNumber: cert.Serial, Subject: pkix.Name{ @@ -75,19 +75,19 @@ func CreateCert(cert *Cert, caKey []byte, caCert []byte, p IPem) ([]byte, []byte if err != nil { return nil, nil, err } - caCertParsed, err := PemToX509(caCert, p) + caCertParsed, err := PemToX509(caCert, p, x) if err != nil { return nil, nil, err } - keyBytes, certBytes, err := createCert(template, caKeyParsed, caCertParsed) + keyBytes, certBytes, err := createCert(template, caKeyParsed, caCertParsed, p, x) if err != nil { return nil, nil, err } return keyBytes, certBytes, nil } -func createCert(template *x509.Certificate, caKey *rsa.PrivateKey, caCert *x509.Certificate) ([]byte, []byte, error) { +func createCert(template *x509.Certificate, caKey *rsa.PrivateKey, caCert *x509.Certificate, p IPem, x Ix509) ([]byte, []byte, error) { var ( derBytes []byte certOut bytes.Buffer @@ -99,21 +99,21 @@ func createCert(template *x509.Certificate, caKey *rsa.PrivateKey, caCert *x509. return nil, nil, err } if template.IsCA { - derBytes, err = x509.CreateCertificate(rand.Reader, template, template, &privateKey.PublicKey, privateKey) + derBytes, err = x.CreateCertificate(rand.Reader, template, template, &privateKey.PublicKey, privateKey) if err != nil { return nil, nil, err } } else { - derBytes, err = x509.CreateCertificate(rand.Reader, template, caCert, &privateKey.PublicKey, caKey) + derBytes, err = x.CreateCertificate(rand.Reader, template, caCert, &privateKey.PublicKey, caKey) if err != nil { return nil, nil, err } } - if err = pem.Encode(&certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { + if err = p.Encode(&certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { return nil, nil, err } - if err = pem.Encode(&keyOut, key.RSAPrivateKeyToPEM(privateKey)); err != nil { + if err = p.Encode(&keyOut, key.RSAPrivateKeyToPEM(privateKey)); err != nil { return nil, nil, err } diff --git a/src/cert-generator/tests/pkg/tls/pem_test.go b/src/cert-generator/tests/pkg/tls/pem_test.go index a7c0fa4..a103f15 100644 --- a/src/cert-generator/tests/pkg/tls/pem_test.go +++ b/src/cert-generator/tests/pkg/tls/pem_test.go @@ -1,27 +1,30 @@ -package test +package tests import ( "testing" + "github.com/zLukas/CloudTools/src/cert-generator/pkg/tls" ) -type mockPemOK struct {} -type mockPemFail struct {} - -func (m *mockPemOK) Decode(input []byte) (*tls.Block, []byte){ - b := tls.Block{Bytes: []byte{0xAA, 0xC5, 0xAB}} - return &b, nil -} +func TestPemToX509_ok(t *testing.T) { + pemMock := mockPemOK{} + x509Mock := mockX509OK{} + var false_bytes = []byte{0xAA, 0xC5, 0xAB} + results, err := tls.PemToX509(false_bytes, &pemMock, &x509Mock) + if err != nil { + t.Errorf("err expected to be nil, got %s ", err) + } + if results == nil { + t.Errorf("results var execept to be %v, got nil ", tls.Block{Bytes: false_bytes}) + } -func (m *mockPemFail) Decode(input []byte) (*tls.Block, []byte){ - return nil, nil } - func TestPemToX509_fail(t *testing.T) { - var pemMock = mockPemOK{} + pemMock := mockPemFail{} + x509Mock := mockX509Fail{} var false_bytes = []byte{0xAA, 0xC5, 0xAB} - results, err := tls.PemToX509(false_bytes, &pemMock) + results, err := tls.PemToX509(false_bytes, &pemMock, &x509Mock) if results != nil { t.Errorf("results var execept to be nil, got %v ", results) } diff --git a/src/cert-generator/tests/pkg/tls/types.go b/src/cert-generator/tests/pkg/tls/types.go new file mode 100644 index 0000000..eb6162b --- /dev/null +++ b/src/cert-generator/tests/pkg/tls/types.go @@ -0,0 +1,49 @@ +package tests + +import ( + "crypto/x509" + "encoding/pem" + "fmt" + "io" + + "github.com/zLukas/CloudTools/src/cert-generator/pkg/tls" +) + +type mockPemOK struct{} +type mockPemFail struct{} +type mockX509OK struct{} +type mockX509Fail struct{} + +func (m *mockPemOK) Decode(input []byte) (*tls.Block, []byte) { + b := tls.Block{Bytes: input} + return &b, nil +} +func (m *mockPemOK) Encode(out io.Writer, b *pem.Block) error { + return nil +} + +func (m *mockPemFail) Decode(input []byte) (*tls.Block, []byte) { + return nil, nil +} + +func (m *mockPemFail) Encode(out io.Writer, b *pem.Block) error { + return fmt.Errorf("cannot encode buffer") +} + +func (m *mockX509OK) CreateCertificate(rand io.Reader, template *x509.Certificate, parent *x509.Certificate, pub any, priv any) ([]byte, error) { + b := []byte{0x56, 0xAA, 0x21} + return b, nil +} + +func (m *mockX509Fail) CreateCertificate(rand io.Reader, template *x509.Certificate, parent *x509.Certificate, pub any, priv any) ([]byte, error) { + b := []byte{0x56, 0xAA, 0x21} + return b, nil +} + +func (m *mockX509OK) ParseCertificate(der []byte) (*x509.Certificate, error) { + return &x509.Certificate{}, nil +} + +func (m *mockX509Fail) ParseCertificate(der []byte) (*x509.Certificate, error) { + return nil, fmt.Errorf("x509: malformed certificate") +}