| 34 | ) |
| 35 | |
| 36 | func TestInternalIssuer_Issue(t *testing.T) { |
| 37 | rootSigner, err := keyutil.GenerateDefaultSigner() |
| 38 | if err != nil { |
| 39 | t.Fatalf("Creating root signer failed: %v", err) |
| 40 | } |
| 41 | |
| 42 | tmpl := &x509.Certificate{ |
| 43 | Subject: pkix.Name{CommonName: "test-root"}, |
| 44 | IsCA: true, |
| 45 | MaxPathLen: 3, |
| 46 | NotAfter: time.Now().Add(7 * 24 * time.Hour), |
| 47 | NotBefore: time.Now().Add(-7 * 24 * time.Hour), |
| 48 | } |
| 49 | rootBytes, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, rootSigner.Public(), rootSigner) |
| 50 | if err != nil { |
| 51 | t.Fatalf("Creating root certificate failed: %v", err) |
| 52 | } |
| 53 | |
| 54 | root, err := x509.ParseCertificate(rootBytes) |
| 55 | if err != nil { |
| 56 | t.Fatalf("Parsing root certificate failed: %v", err) |
| 57 | } |
| 58 | |
| 59 | firstIntermediateSigner, err := keyutil.GenerateDefaultSigner() |
| 60 | if err != nil { |
| 61 | t.Fatalf("Creating intermedaite signer failed: %v", err) |
| 62 | } |
| 63 | |
| 64 | firstIntermediateBytes, err := x509.CreateCertificate(rand.Reader, &x509.Certificate{ |
| 65 | Subject: pkix.Name{CommonName: "test-first-intermediate"}, |
| 66 | IsCA: true, |
| 67 | MaxPathLen: 2, |
| 68 | NotAfter: time.Now().Add(24 * time.Hour), |
| 69 | NotBefore: time.Now().Add(-24 * time.Hour), |
| 70 | }, root, firstIntermediateSigner.Public(), rootSigner) |
| 71 | if err != nil { |
| 72 | t.Fatalf("Creating intermediate certificate failed: %v", err) |
| 73 | } |
| 74 | |
| 75 | firstIntermediate, err := x509.ParseCertificate(firstIntermediateBytes) |
| 76 | if err != nil { |
| 77 | t.Fatalf("Parsing intermediate certificate failed: %v", err) |
| 78 | } |
| 79 | |
| 80 | secondIntermediateSigner, err := keyutil.GenerateDefaultSigner() |
| 81 | if err != nil { |
| 82 | t.Fatalf("Creating second intermedaite signer failed: %v", err) |
| 83 | } |
| 84 | |
| 85 | secondIntermediateBytes, err := x509.CreateCertificate(rand.Reader, &x509.Certificate{ |
| 86 | Subject: pkix.Name{CommonName: "test-second-intermediate"}, |
| 87 | IsCA: true, |
| 88 | MaxPathLen: 2, |
| 89 | NotAfter: time.Now().Add(24 * time.Hour), |
| 90 | NotBefore: time.Now().Add(-24 * time.Hour), |
| 91 | }, firstIntermediate, secondIntermediateSigner.Public(), firstIntermediateSigner) |
| 92 | if err != nil { |
| 93 | t.Fatalf("Creating second intermediate certificate failed: %v", err) |