mirror of https://github.com/kubernetes/kops.git
Increase the key size for KubeConfig private key
It's now required to have a minimum of 1024 bits the RSA private key. https://pkg.go.dev/crypto/rsa@master#GenerateKey. Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
This commit is contained in:
Arnaud Meukam
parent
f3191bd8a0
commit
1ed0cde748
|
|
@ -142,7 +142,7 @@ func fakeKeyset() *fi.Keyset {
|
|||
|
||||
func TestBuildKubecfg(t *testing.T) {
|
||||
originalPKIDefaultPrivateKeySize := pki.DefaultPrivateKeySize
|
||||
pki.DefaultPrivateKeySize = 512
|
||||
pki.DefaultPrivateKeySize = 2048
|
||||
defer func() {
|
||||
pki.DefaultPrivateKeySize = originalPKIDefaultPrivateKeySize
|
||||
}()
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@ import (
|
|||
)
|
||||
|
||||
func TestGenerateCertificate(t *testing.T) {
|
||||
data := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH\nAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA\ngvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF\nGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/\nP2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx\n9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI\nBezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9\n/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM\n0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t\nvpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd\ncuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G\n8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj\n22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1\nAsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV\n99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs\nz2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg\nST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK\nsfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7\nKhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i\nQ4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T\nt9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q\ndGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z\nworz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu\nBAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq\nY/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==\n-----END RSA PRIVATE KEY-----\n"
|
||||
publicKeyData := "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l\nAh+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD\nZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp\nOxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m\n74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG\nkwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF\n6QIDAQAB\n-----END RSA PUBLIC KEY-----\n"
|
||||
signerCertData := "-----BEGIN CERTIFICATE-----\nMIIBTDCB96ADAgECAhBjHcUz56MCdYqSYy7TYNe3MA0GCSqGSIb3DQEBCwUAMBUx\nEzARBgNVBAMTCnNlbGZzaWduZWQwHhcNMjAwNDI0MjMzNDM5WhcNMzAwNDI0MjMz\nNDM5WjAVMRMwEQYDVQQDEwpzZWxmc2lnbmVkMFwwDQYJKoZIhvcNAQEBBQADSwAw\nSAJBAL5zWUObMH5dBestQgDIa4B/rT7Cc21AK+B7gPvMcEfIWow5u6QE+EyhRTPv\n727oY+2MU9e4vq5RXBG7hneuBoECAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQBLUFz7gDKRRyjEwgRZnZzP\nOma9WIgOjX36OFllyGkspu1ZcW/EtGEGNXqtMsm1QmG38Lh7Nkehb5xoAmm6hkFA\n-----END CERTIFICATE-----"
|
||||
signerKeyData := "-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBAL5zWUObMH5dBestQgDIa4B/rT7Cc21AK+B7gPvMcEfIWow5u6QE\n+EyhRTPv727oY+2MU9e4vq5RXBG7hneuBoECAwEAAQJAZ9ZUUPwIEJ1/YJ4oYmzj\n0AfM2W8DqAlY4ufzh1YL0daGUkiuQg0p6CeqFqgnQluZ3bcXPG8iBQp1EeekULFL\nAQIhAOGbozbIEI+26Ehv41aCMWkKO1R05AVzmoNp1T2Ke6npAiEA2BtEPRSdhLek\nZR7vhk7KNTJ2XExJ+T/l2849EsojANkCIAWYD1b3ZPm7Rk0tgQyPE9yP5WK1t0Wv\nVSB3ClOJUIGpAiAfUBQbJZmNWW6gmFLsiw4RlzY/OW6ehvuvVbrTtiZMQQIgD2zY\nU2EjvR0zY5PsJYbcLHa9ieCA5ni/VW70WKn9K5s=\n-----END RSA PRIVATE KEY-----"
|
||||
data := "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCthOYz2rjTI2x7hyWDiqxUS4LPBXctThTRCm8mGANvCaHESVhMMAVkeIINn90zhVHvr48CnMR2qSWwxR8AZJpFvR7hKk8gHh494pLW/eSUwP3pJbSOxt0OsxXEflaiHR5x1VJ9DsTl9Vy3qSkhsYBFPMMoLk7kpb3Y0F+t6ewIFrFw0IHXvbSYm07dN6amJXU/L78X/kAcsD9IDfE4EqOf5P4WBpXZ4YnCt+kpQR0sFmCst/2ktlgU+TCsP+PNUuzHsAovmLNdOdpplC1VmIUaT5/CuAITz0YASs8L2H9MlgxtwJ3CkNr/H4Y1UhTXxgKPMskdvrMGLLkh+Y7z4k/vAgMBAAECggEABLEsI759h/a/F2SzVCga+oPji3iQ3UXtadetOMD70B6uY/yTFCr/l6oV44ttSQLeZoD/TilHZhQIg7auMhhbqZjFwyid5MxGXL20jcwQyHWi3Waacs/tfgPEChZb07ITjC13YmVUrV6MqB9oEClYwsaJWnFMyyxbgrI5HB6lYMnnjzU+otkqwVtMbe1mO1nX7paBxJ+pNbtasihKCWRJZAMZ9bcRw01+QFRca2CVJjPWlkD9N2S/0Q7+4YqUTNh/dx3t2uBuxg1ji7TQzBKT5ftF9lLlDwlEyXYqqOYUFgU9541sGVUVisXp/mykJVN7z3osoz+oU62kXqQm0YLlQQKBgQDdZqDKwDVmL23Tguwhrs6quj8VWCpD78YC8zzICFBDDWWY5Jdl+07Bw9gwgHyb8h3JfRMXXFg62tFald10hqi5raLva6QKYwkLSe372syrJXaEej/x8NE1bQf8wzl6yS0fv/UwZ1aZTiKUSj7LKNS720IDAGdEn/1NdL6zUBNkQQKBgQDIorZGO/zkLyWRU1Zzc2pxwtL/iYwFmsndKEEojvs0NIe6ySIG0HOw+wFqczjoiyIORten8Vypz4CEUe4fVJwkeJa6GrVFNWTlNi4mX2p33L9OJEFa82Uisf0amTedC2RQEfnMu5PKDedVl5WZ3HOUbQPNJ+qYy+9SyhHi73joLwKBgBpbb2TzwOerWc3GVkokP2I/zebCmjWAQ/hx8Jh3tOZmn+O1wvhXFKcoo4ISqcL+7eDgzPcI/U/0YNwB311R8qA4NZ9/FwZNh/QaFwTWpWryiMt4qkgpPR65HixPKXaeoIqZFZ1vj/WsQZ2ZwSP6dmjuz0sAL0sSKNuhvFoofEaBAoGAGzppvjJZ6aW0VXqX2uco5PNpqyBBjmkpSAg0f4qX8MfIO8McCQy1Bqmp0YZ9jKGFJ6bZkYMh7jGo4Uw1Iq9a2WA8JFmHjDLo1Gp77N06F7YviC1HaU5qxUCedsOgVoG7RVqLKguyzNMCOA1wUgcm8FezEl5+aeoTOosNzlxtbiUCgYB0OWavac9ZP/BDU2gfTkeks/Z+HtIssToBQ1AiByQxdTPNHZ5GCDvvy/9g8CKETkHU1DoG78lAsMCMDUc1mPFVpTJllxaO9SOIgfYxgkRt9fyenQmdhiXbvJ4vv503sAQdU1knw2UgIcwPjXAaBR3Rf2gyMBkdZ2icQvILKz2OOQ==\n-----END PRIVATE KEY-----"
|
||||
publicKeyData := "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYTmM9q40yNse4clg4qs\nVEuCzwV3LU4U0QpvJhgDbwmhxElYTDAFZHiCDZ/dM4VR76+PApzEdqklsMUfAGSa\nRb0e4SpPIB4ePeKS1v3klMD96SW0jsbdDrMVxH5Woh0ecdVSfQ7E5fVct6kpIbGA\nRTzDKC5O5KW92NBfrensCBaxcNCB1720mJtO3TempiV1Py+/F/5AHLA/SA3xOBKj\nn+T+FgaV2eGJwrfpKUEdLBZgrLf9pLZYFPkwrD/jzVLsx7AKL5izXTnaaZQtVZiF\nGk+fwrgCE89GAErPC9h/TJYMbcCdwpDa/x+GNVIU18YCjzLJHb6zBiy5IfmO8+JP\n7wIDAQAB\n-----END RSA PUBLIC KEY-----\n"
|
||||
signerCertData := "-----BEGIN CERTIFICATE-----\nMIIDAzCCAeugAwIBAgIUX5OneoJSyzLbD5/cUsacl0+kbLcwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGc2lnbmVyMB4XDTI1MDMxMDEzMzkwNFoXDTM1MDMwODEzMzkwNFowETEPMA0GA1UEAwwGc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ym6Hcv4f7OU8rkrZr6ur9VC9HnJe/Gi/lmHvwLe+RqnpqDWxbQDR5Q3dwVnBgbMS3CVVTwcERqK5AkHSehG68OtUu9ygMFZDoqMU+7UJglfsY550SBk5YZuvhTRFgtlGqiKjRoD+p8/thrx0l4BV54FJvE9g7k31X+ynHP75hAsPTIobsAk3DYAtV651NLwpmyEQqCiyImJKi7jcvR/YpZobzFSQ1fPp9yBxxKTJZrBf54ZATPOLc0Pxv0rA5MscT0ujFYe7lC1EKUAlZ6mSIWFXsuJaXQmPmGctX5m50DxhKXfVEfr77xIa1+Xqh9bq4/sFxryuPyYiNJNnRMY4QIDAQABo1MwUTAdBgNVHQ4EFgQU0pax2FviEHNrcKbXtjmQsB8LBe8wHwYDVR0jBBgwFoAU0pax2FviEHNrcKbXtjmQsB8LBe8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxtC4lB/HqvfFh/7qcgUInfZ7f0p4EzthTSDOf83zuOV4YFzD1K003YloTC720PNjURc3JMCSl2gT4vzM3zxwfp0FXuzTkW9mU8IPoWX7iArXp80wl1zLBc9HJ2eVN4zK8abTgnq2j7U3Fd/pCQjNeToyHfYk7VW3d4Xco38NIh9GWTCDwjfYAr0jNLBATuYZreCSatysIITQcE7LNUhD1QywNtF74SS4J3rHOgYHK+/jFW4KqCMA5VeXBenutpqYKIcP8lg4/qQiAWrqiY/dTyhKSDdb8vczaq31H6XMv5czcmUHRx0yI2XwoKuD4uTBIPGisJWqoMaW/GyyKdvugw==\n-----END CERTIFICATE-----"
|
||||
signerKeyData := "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZibody/h/s5TyuStmvq6v1UL0ecl78aL+WYe/At75GqemoNbFtANHlDd3BWcGBsxLcJVVPBwRGorkCQdJ6Ebrw61S73KAwVkOioxT7tQmCV+xjnnRIGTlhm6+FNEWC2UaqIqNGgP6nz+2GvHSXgFXngUm8T2DuTfVf7Kcc/vmECw9MihuwCTcNgC1XrnU0vCmbIRCoKLIiYkqLuNy9H9ilmhvMVJDV8+n3IHHEpMlmsF/nhkBM84tzQ/G/SsDkyxxPS6MVh7uULUQpQCVnqZIhYVey4lpdCY+YZy1fmbnQPGEpd9UR+vvvEhrX5eqH1urj+wXGvK4/JiI0k2dExjhAgMBAAECggEAAXDKDLx3DtFvoRPc17dXjM6KvPe5f9qfy7NoFLm+JEQq7A2QnoqMowK2Q1GD1yRgYfeC5aeaP/q/BLeSlsi0/4ayNSRky7l8D36XY07nlMDnI1PgNqRSRrrXLOcSY2T77GtFT53mfNhlIZ2YEF6S/7OKMTHTyHWHiyBnXGXgOyvJHufKZ6+VECL4PlYLIAom1PlClNVt/TafwbEIhpbfpH/XYJCJ6GcpbWU2EpkZPYxxlCF+kd7PVI7kPzQQ9DTWDBmBI6mX9t0HPFmzlo4TfaUdgqIZfOwuBEVwi5+Pb4kppVK1QGKAl4DxqBgQnmqeWfEelwhsEEzIyUaocU0PYQKBgQDw1e+5tjL4bqNvuKGJwZcMplVMmEv6W+sxV4qMfFkV/dzEwsYQgqjDz2B9lipTadlXiuQ6B6iNVkAGwfZhTHjq0ruf5UB7yZ5CJSA8sXARR1Y4aEefes4np5Pw+N/jOY30PWrgtClT4PJxON3w9LnSWHDg62whvMUzqDZuz2JVdQKBgQDnPEB607FNoEgFAnfm4hy0JcmePvgndIPRJe+2vlWr0+xwtLoFCAQWIm4sagXWWzRco981eCPovElQ7T9SZwFVH1xBSEY54N4KSoX7L+HffeDB52i1a+UlQQEY0vi6ep48smBoJ+7UOFpDHp2LSn3bkyNy5XtxAG9hTXilBW5MPQKBgQCZXFJ0my5n/uQ6b4MGWu2aE4174ft36PKjEBDdFw4PsAHWlgVUXC+lyTezoV1AksXhNkPRJDFUF1lcNEV1fiH9vsXVs0HV0fTiQAwAOimYBypDbzw0tRn0LIVLzN+dLXhU0Itvnao3jKY2LTU/jEeMR99RivjnnvKgy3wmIg+HRQKBgFmzTtQW8M3LIoUG+xpOlpHvorHHfZ5YnZXxoHcEiNlaIXtrMEopXOR1QMXr7w3DXaGeVEU6sLtk5xAEqK6/lI2/15rffZaQO7JETIsvfPCktR6jNURDcaWs/M7zcFdun5muHKXq78PVhHZLFxRktkQKZRL6IJOqdoqJcgaZ/7qFAoGAWb2dubn2yi6EoRh24T9+qQ1FZLMOigHEnv0+X93A8KS5pqKJ7Fc9NBnXng1f3R5wBjinXjenVGWDJYLe3LQA2w85OmdEL/cqkLIuCARyc/r5MFB0jzGTvbXZUvg2TCE2MdwZMX91dN4RS5B1o06g4ISWO6cdLl9y0EUHLtUTiZc=\n-----END PRIVATE KEY-----"
|
||||
|
||||
key, err := ParsePEMPrivateKey([]byte(data))
|
||||
require.NoError(t, err, "ParsePEMPrivateKey")
|
||||
|
|
@ -64,6 +64,7 @@ func TestGenerateCertificate(t *testing.T) {
|
|||
name: "selfsigned",
|
||||
template: x509.Certificate{
|
||||
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
|
||||
Issuer: pkix.Name{CommonName: "selfsigned"},
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{},
|
||||
BasicConstraintsValid: true,
|
||||
IsCA: true,
|
||||
|
|
@ -133,7 +134,11 @@ func TestGenerateCertificate(t *testing.T) {
|
|||
if tc.signer == nil {
|
||||
tc.signer = cert.Certificate
|
||||
}
|
||||
assert.Equal(t, cert.Certificate.Issuer, signer.Certificate.Subject, "Issuer")
|
||||
if tc.name == "selfsigned" {
|
||||
assert.Equal(t, cert.Certificate.Issuer, cert.Certificate.Subject, "Issuer")
|
||||
} else {
|
||||
assert.Equal(t, cert.Certificate.Issuer, signer.Certificate.Subject, "Issuer")
|
||||
}
|
||||
pool := x509.NewCertPool()
|
||||
pool.AddCert(tc.signer)
|
||||
_, err = cert.Certificate.Verify(x509.VerifyOptions{
|
||||
|
|
|
|||
|
|
@ -18,9 +18,11 @@ package pki
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"math/big"
|
||||
"net"
|
||||
"os"
|
||||
"testing"
|
||||
|
|
@ -54,12 +56,29 @@ func TestIssueCert(t *testing.T) {
|
|||
os.Setenv("KOPS_RSA_PRIVATE_KEY_SIZE", origSize)
|
||||
}()
|
||||
|
||||
caCertificate, err := ParsePEMCertificate([]byte("-----BEGIN CERTIFICATE-----\nMIIBRjCB8aADAgECAhAzhRMOcwfggPtgZNIOFU19MA0GCSqGSIb3DQEBCwUAMBIx\nEDAOBgNVBAMTB1Rlc3QgQ0EwHhcNMjAwNTE1MDIzNjI0WhcNMzAwNTE1MDIzNjI0\nWjASMRAwDgYDVQQDEwdUZXN0IENBMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM/S\ncagGaiDA3jJWBXUr8rM19TWLA65jK/iA05FCsmQbyvETs5gbJdBfnhQp8wkKFlkt\nKxZ34k3wQUzoB1lv8/kCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB\n/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQCDOxvs58AVAWgWLtD3Obvy7XXsKx6d\nMzg9epbiQchLE4G/jlbgVu7vwh8l5XFNfQooG6stCU7pmLFXkXzkJQxr\n-----END CERTIFICATE-----\n"))
|
||||
// Generate a new RSA key pair using rsa.GenerateKey
|
||||
caKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
require.NoError(t, err)
|
||||
caPrivateKey, err := ParsePEMPrivateKey([]byte("-----BEGIN RSA PRIVATE KEY-----\nMIIBPAIBAAJBAM/ScagGaiDA3jJWBXUr8rM19TWLA65jK/iA05FCsmQbyvETs5gb\nJdBfnhQp8wkKFlktKxZ34k3wQUzoB1lv8/kCAwEAAQJBAJzXQZeBX87gP9DVQsEv\nLbc6XZjPFTQi/ChLcWALaf5J7drFJHUcWbKIHzOmM3fm3lQlb/1IcwOBU5cTY0e9\nBVECIQD73kxOWWAIzKqMOvFZ9s79Et7G1HUMnVAVKJ1NS1uvYwIhANM7LULdi0YD\nbcHvDl3+Msj4cPH7CXAJFyPWaQZPlXPzAiEAhDg6jpbUl0n57guzT6sFFk2lrXMy\nzyB2PeVITp9UzkkCIEpcF7flQ+U2ycmuvVELbpdfFmupIw5ktNex4DEPjR5PAiEA\n68vR1L1Kaja/GzU76qAQaYA/V1Ag4sPmOQdEaVZKu78=\n-----END RSA PRIVATE KEY-----\n"))
|
||||
|
||||
// Create pki.PrivateKey wrapper for CA key
|
||||
caPrivateKey := &PrivateKey{Key: caKey}
|
||||
|
||||
// Create the CA
|
||||
caTemplate := &x509.Certificate{
|
||||
SerialNumber: big.NewInt(1),
|
||||
Subject: pkix.Name{CommonName: "Test CA"},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().Add(10 * 365 * 24 * time.Hour),
|
||||
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
|
||||
BasicConstraintsValid: true,
|
||||
IsCA: true,
|
||||
}
|
||||
|
||||
caCertDER, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, &caKey.PublicKey, caKey)
|
||||
require.NoError(t, err)
|
||||
privateKey, err := ParsePEMPrivateKey([]byte("-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBANgL5cR2cLOB7oZZTiuiUmMwQRBaia8yLULt+XtBtDHf0lPOrn78\nvLPh7P7zRBgHczbTddcsg68g9vAfb9TC5M8CAwEAAQJAJytxCv+WS1VhU4ZZf9u8\nKDOVeEuR7uuf/SR8OPaenvPqONpYbZSVjnWnRBRHvg3HaHchQqH32UljZUojs9z4\nEQIhAO/yoqCFckfqswOGwWyYX1oNOtU8w9ulXlZqAtZieavVAiEA5n/tKHoZyx3U\nbZcks/wns1WqhAoSmDJpMyVXOVrUlBMCIDGnalQBiYasYOMn7bsFRSYjertJ2dYI\nQJ9tTK0Er90JAiAmpVQx8SbZ80pmhWzV8HUHkFligf3UHr+cn6ocJ6p0mQIgB728\npdvrS5zRPoUN8BHfWOZcPrElKTuJjP2kH6eNPvI=\n-----END RSA PRIVATE KEY-----"))
|
||||
caCert, err := x509.ParseCertificate(caCertDER)
|
||||
require.NoError(t, err)
|
||||
caCertificate := &Certificate{Certificate: caCert}
|
||||
|
||||
for _, tc := range []struct {
|
||||
name string
|
||||
|
|
@ -115,7 +134,7 @@ func TestIssueCert(t *testing.T) {
|
|||
CommonName: "Test client/server",
|
||||
},
|
||||
AlternateNames: []string{"*.internal.test.cluster.local", "localhost", "127.0.0.1"},
|
||||
PrivateKey: privateKey,
|
||||
PrivateKey: caPrivateKey,
|
||||
},
|
||||
expectedKeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
|
||||
expectedExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
|
|
@ -131,7 +150,7 @@ func TestIssueCert(t *testing.T) {
|
|||
CommonName: "Test server",
|
||||
},
|
||||
AlternateNames: []string{"*.internal.test.cluster.local", "localhost", "127.0.0.1"},
|
||||
PrivateKey: privateKey,
|
||||
PrivateKey: caPrivateKey,
|
||||
},
|
||||
expectedKeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
|
||||
expectedExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||
|
|
|
|||
Loading…
Reference in New Issue