← Back to branch summary

~axwalk/juju-core/lp1303195-manual-ubuntuuser-bash

« back to all changes in this revision

Viewing changes to testing/cert.go

  • Committer: Roger Peppe
  • Date: 2012-11-24 13:49:55 UTC
  • mto: (742.2.11 170-use-tls)
  • mto: This revision was merged to the branch mainline in revision 752.
  • Revision ID: roger.peppe@canonical.com-20121124134955-25uc0gnx71e0e6dd
add cert package

Show diffs side-by-side

added added

removed removed

Lines of Context:
testing/cert.go
2
2
 
3
3
import (
4
4
        "crypto/rsa"
 
5
        "crypto/tls"
5
6
        "crypto/x509"
6
7
        "encoding/pem"
 
8
        "fmt"
7
9
)
8
10
 
 
11
func verifyCertificates() error {
 
12
        _, err := tls.X509KeyPair([]byte(CACertPEM), []byte(CAKeyPEM))
 
13
        if err != nil {
 
14
                return fmt.Errorf("bad CA cert key pair: %v", err)
 
15
        }
 
16
        _, err = tls.X509KeyPair([]byte(serverCertPEM), []byte(serverKeyPEM))
 
17
        if err != nil {
 
18
                return fmt.Errorf("bad server cert key pair: %v", err)
 
19
        }
 
20
        caCert, err := trivial.ParseCertificate([]byte(CACertPEM))
 
21
        if err != nil {
 
22
                return err
 
23
        }
 
24
        serverCert, err := trivial.ParseCertificate([]byte(serverCertPEM))
 
25
        if err != nil {
 
26
                return err
 
27
        }
 
28
        pool := x509.NewCertPool()
 
29
        pool.AddCert(caCert)
 
30
        opts := x509.VerifyOptions{
 
31
                DNSName: "anything",
 
32
                Roots: pool,
 
33
        }
 
34
        _, err = serverCert.Verify(opts)
 
35
        if err != nil {
 
36
                return fmt.Errorf("verification failed: %v", err)
 
37
        }
 
38
        return nil
 
39
}
 
40
 
 
41
func init() {
 
42
//      if err := verifyCertificates(); err != nil {
 
43
//              panic(err)
 
44
//      }
 
45
}
 
46
 
9
47
// CACertPEM and CAKeyPEM make up a CA key pair.
10
48
// CACertX509 and CAKeyRSA hold their parsed equivalents.
11
49
var (
37
75
-----END RSA PRIVATE KEY-----
38
76
`[1:]
39
77
        CAKeyRSA = mustParseKeyPEM(CAKeyPEM)
 
78
 
 
79
        // serverCertPEM holds a certificate siged by the above CA cert.
 
80
        serverCertPEM = `
 
81
-----BEGIN CERTIFICATE-----
 
82
MIIBfDCCASigAwIBAgIBADALBgkqhkiG9w0BAQUwJjENMAsGA1UEChMEanVqdTEV
 
83
MBMGA1UEAxMManVqdSB0ZXN0aW5nMB4XDTEyMTEyNDEzMDY1OVoXDTIyMTEyNDEz
 
84
MTE1OVowGjEMMAoGA1UEChMDaG1tMQowCAYDVQQDEwEqMFkwCwYJKoZIhvcNAQEB
 
85
A0oAMEcCQF9KBtClwqaJuvhRKNNdsxyrdVTfgNhLTf1DX+Z3iBTpvb8fxihC9xQv
 
86
voslONe+wL1MQi8QkjUzex1Z7abC+m8CAwEAAaNSMFAwDgYDVR0PAQH/BAQDAgAQ
 
87
MB0GA1UdDgQWBBRUQs95lLcaqz6iGce/APLVfdw5ZjAfBgNVHSMEGDAWgBRQqPrU
 
88
s3Mlim0tNfp20ruYuj6LTTALBgkqhkiG9w0BAQUDQQBBBuMUIKFpSVjhm1ybbHnC
 
89
BP6lvBILWjb6h7f0hFFQQq2Ks8Hr1cwoRNQQFe06qIb7GFhwu6RoY3BDRPAQbZG5
 
90
-----END CERTIFICATE-----
 
91
`[1:]
 
92
 
 
93
        // serverKeyPEM holds the private key for serverCertPEM.
 
94
        serverKeyPEM = `
 
95
-----BEGIN RSA PRIVATE KEY-----
 
96
MIIBOQIBAAJAX0oG0KXCpom6+FEo012zHKt1VN+A2EtN/UNf5neIFOm9vx/GKEL3
 
97
FC++iyU4177AvUxCLxCSNTN7HVntpsL6bwIDAQABAkBP3qifspDZLpC9GqnxoJRE
 
98
76JFJaHFqjkQk6yKbJ5viAUU+rrsKPuU8Sk1oP005QtzofWQKKP8dLZg50dCpDWB
 
99
AiEAjViPqgn2tYt/64xJDUjOK1fMpY/yiK0aEmXFXTctgX8CIQCslXcTO03XeZpD
 
100
0WJDDmEeex2gwAJC2SqtH3XOL3EfEQIgaNWmuJdrRHuTBUGnbRLy13LndmStnnHF
 
101
RJ/3IowqVEECIQCVPzBZdkir1aJdkZ47RR0hwfBuSn3qF2m7i2BSLV7TMQIgR/0Q
 
102
TgZwrr9JK+c8N+/YQ8zMv85a4POQHZnNHrVKeRQ=
 
103
-----END RSA PRIVATE KEY-----
 
104
`[1:]
40
105
)
41
106
 
 
107
 
42
108
func mustParseCertPEM(pemData string) *x509.Certificate {
43
109
        b, _ := pem.Decode([]byte(pemData))
44
110
        if b.Type != "CERTIFICATE" {