@ -75,6 +75,15 @@ var (
testSignedIntermediateTemplate = mustSign ( testIntermediateTemplate , testSignedRootTemplate , testNow , testNow . Add ( 24 * time . Hour ) )
)
type signatureAlgorithmSigner struct {
crypto . Signer
algorithm x509 . SignatureAlgorithm
}
func ( s * signatureAlgorithmSigner ) SignatureAlgorithm ( ) x509 . SignatureAlgorithm {
return s . algorithm
}
type mockKeyManager struct {
signer crypto . Signer
errGetPublicKey error
@ -247,6 +256,13 @@ func TestSoftCAS_CreateCertificate(t *testing.T) {
tmplNoSerial := * testTemplate
tmplNoSerial . SerialNumber = nil
saTemplate := * testSignedTemplate
saTemplate . SignatureAlgorithm = 0
saSigner := & signatureAlgorithmSigner {
Signer : testSigner ,
algorithm : x509 . PureEd25519 ,
}
type fields struct {
Issuer * x509 . Certificate
Signer crypto . Signer
@ -267,6 +283,12 @@ func TestSoftCAS_CreateCertificate(t *testing.T) {
Certificate : testSignedTemplate ,
CertificateChain : [ ] * x509 . Certificate { testIssuer } ,
} , false } ,
{ "ok signature algorithm" , fields { testIssuer , saSigner } , args { & apiv1 . CreateCertificateRequest {
Template : & saTemplate , Lifetime : 24 * time . Hour ,
} } , & apiv1 . CreateCertificateResponse {
Certificate : testSignedTemplate ,
CertificateChain : [ ] * x509 . Certificate { testIssuer } ,
} , false } ,
{ "ok with notBefore" , fields { testIssuer , testSigner } , args { & apiv1 . CreateCertificateRequest {
Template : & tmplNotBefore , Lifetime : 24 * time . Hour ,
} } , & apiv1 . CreateCertificateResponse {
@ -316,6 +338,11 @@ func TestSoftCAS_RenewCertificate(t *testing.T) {
tmplNoSerial := * testTemplate
tmplNoSerial . SerialNumber = nil
saSigner := & signatureAlgorithmSigner {
Signer : testSigner ,
algorithm : x509 . PureEd25519 ,
}
type fields struct {
Issuer * x509 . Certificate
Signer crypto . Signer
@ -336,6 +363,12 @@ func TestSoftCAS_RenewCertificate(t *testing.T) {
Certificate : testSignedTemplate ,
CertificateChain : [ ] * x509 . Certificate { testIssuer } ,
} , false } ,
{ "ok signature algorithm" , fields { testIssuer , saSigner } , args { & apiv1 . RenewCertificateRequest {
Template : testTemplate , Lifetime : 24 * time . Hour ,
} } , & apiv1 . RenewCertificateResponse {
Certificate : testSignedTemplate ,
CertificateChain : [ ] * x509 . Certificate { testIssuer } ,
} , false } ,
{ "fail template" , fields { testIssuer , testSigner } , args { & apiv1 . RenewCertificateRequest { Lifetime : 24 * time . Hour } } , nil , true } ,
{ "fail lifetime" , fields { testIssuer , testSigner } , args { & apiv1 . RenewCertificateRequest { Template : testTemplate } } , nil , true } ,
{ "fail CreateCertificate" , fields { testIssuer , testSigner } , args { & apiv1 . RenewCertificateRequest {
@ -425,6 +458,11 @@ func Test_now(t *testing.T) {
func TestSoftCAS_CreateCertificateAuthority ( t * testing . T ) {
mockNow ( t )
saSigner := & signatureAlgorithmSigner {
Signer : testSigner ,
algorithm : x509 . PureEd25519 ,
}
type fields struct {
Issuer * x509 . Certificate
Signer crypto . Signer
@ -467,6 +505,17 @@ func TestSoftCAS_CreateCertificateAuthority(t *testing.T) {
PrivateKey : testSigner ,
Signer : testSigner ,
} , false } ,
{ "ok signature algorithm" , fields { nil , nil , & mockKeyManager { signer : saSigner } } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Template : testRootTemplate ,
Lifetime : 24 * time . Hour ,
} } , & apiv1 . CreateCertificateAuthorityResponse {
Name : "Test Root CA" ,
Certificate : testSignedRootTemplate ,
PublicKey : testSignedRootTemplate . PublicKey ,
PrivateKey : saSigner ,
Signer : saSigner ,
} , false } ,
{ "fail template" , fields { nil , nil , & mockKeyManager { } } , args { & apiv1 . CreateCertificateAuthorityRequest {
Type : apiv1 . RootCA ,
Lifetime : 24 * time . Hour ,