1
// Copyright 2012, 2013 Canonical Ltd.
2
// Licensed under the AGPLv3, see LICENCE file for details.
13
gitjujutesting "github.com/juju/testing"
15
"github.com/juju/juju/cert"
19
if err := verifyCertificates(); err != nil {
24
// CACert and CAKey make up a CA key pair.
25
// CACertX509 and CAKeyRSA hold their parsed equivalents.
26
// ServerCert and ServerKey hold a CA-signed server cert/key.
27
// Certs holds the certificates and keys required to make a secure
28
// connection to a Mongo database.
30
CACert, CAKey = mustNewCA()
32
CACertX509, CAKeyRSA = mustParseCertAndKey(CACert, CAKey)
34
ServerCert, ServerKey = mustNewServer()
38
// Other valid test certs different from the default.
39
OtherCACert, OtherCAKey = mustNewCA()
42
func verifyCertificates() error {
43
_, err := tls.X509KeyPair([]byte(CACert), []byte(CAKey))
45
return fmt.Errorf("bad CA cert key pair: %v", err)
47
_, err = tls.X509KeyPair([]byte(ServerCert), []byte(ServerKey))
49
return fmt.Errorf("bad server cert key pair: %v", err)
51
return cert.Verify(ServerCert, CACert, time.Now())
54
func mustNewCA() (string, string) {
56
caCert, caKey, err := cert.NewCA("juju testing", "1234-ABCD-IS-NOT-A-REAL-UUID", time.Now().AddDate(10, 0, 0))
60
return string(caCert), string(caKey)
63
func mustNewServer() (string, string) {
65
var hostnames []string
66
srvCert, srvKey, err := cert.NewServer(CACert, CAKey, time.Now().AddDate(10, 0, 0), hostnames)
70
return string(srvCert), string(srvKey)
73
func mustParseCertAndKey(certPEM, keyPEM string) (*x509.Certificate, *rsa.PrivateKey) {
74
cert, key, err := cert.ParseCertAndKey(certPEM, keyPEM)
81
func serverCerts() *gitjujutesting.Certs {
82
serverCert, serverKey := mustParseCertAndKey(ServerCert, ServerKey)
83
return &gitjujutesting.Certs{
85
ServerCert: serverCert,