| 29 | ) |
| 30 | |
| 31 | func TestKeyPair_Load(t *testing.T) { |
| 32 | rootSigner, err := keyutil.GenerateDefaultSigner() |
| 33 | if err != nil { |
| 34 | t.Fatalf("Failed creating signer: %v", err) |
| 35 | } |
| 36 | |
| 37 | tmpl := &x509.Certificate{ |
| 38 | Subject: pkix.Name{CommonName: "test-root"}, |
| 39 | IsCA: true, |
| 40 | MaxPathLen: 3, |
| 41 | } |
| 42 | rootBytes, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, rootSigner.Public(), rootSigner) |
| 43 | if err != nil { |
| 44 | t.Fatalf("Creating root certificate failed: %v", err) |
| 45 | } |
| 46 | |
| 47 | root, err := x509.ParseCertificate(rootBytes) |
| 48 | if err != nil { |
| 49 | t.Fatalf("Parsing root certificate failed: %v", err) |
| 50 | } |
| 51 | |
| 52 | intermediateSigner, err := keyutil.GenerateDefaultSigner() |
| 53 | if err != nil { |
| 54 | t.Fatalf("Creating intermedaite signer failed: %v", err) |
| 55 | } |
| 56 | |
| 57 | intermediateBytes, err := x509.CreateCertificate(rand.Reader, &x509.Certificate{ |
| 58 | Subject: pkix.Name{CommonName: "test-first-intermediate"}, |
| 59 | IsCA: true, |
| 60 | MaxPathLen: 2, |
| 61 | NotAfter: time.Now().Add(time.Hour), |
| 62 | }, root, intermediateSigner.Public(), rootSigner) |
| 63 | if err != nil { |
| 64 | t.Fatalf("Creating intermediate certificate failed: %v", err) |
| 65 | } |
| 66 | |
| 67 | intermediate, err := x509.ParseCertificate(intermediateBytes) |
| 68 | if err != nil { |
| 69 | t.Fatalf("Parsing intermediate certificate failed: %v", err) |
| 70 | } |
| 71 | |
| 72 | var chainContents []byte |
| 73 | chain := []*x509.Certificate{intermediate, root} |
| 74 | for _, cert := range chain { |
| 75 | b, err := pemutil.Serialize(cert) |
| 76 | if err != nil { |
| 77 | t.Fatalf("Failed serializing intermediate certificate: %v", err) |
| 78 | } |
| 79 | chainContents = append(chainContents, pem.EncodeToMemory(b)...) |
| 80 | } |
| 81 | |
| 82 | dir := t.TempDir() |
| 83 | rootCertFile := filepath.Join(dir, "root.pem") |
| 84 | if _, err = pemutil.Serialize(root, pemutil.WithFilename(rootCertFile)); err != nil { |
| 85 | t.Fatalf("Failed serializing root certificate: %v", err) |
| 86 | } |
| 87 | rootKeyFile := filepath.Join(dir, "root.key") |
| 88 | if _, err = pemutil.Serialize(rootSigner, pemutil.WithFilename(rootKeyFile)); err != nil { |