mirror of https://github.com/linkerd/linkerd2.git
68 lines
1.8 KiB
Go
68 lines
1.8 KiB
Go
package tls
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func getCa(validFrom time.Time, issuerCertLifetime time.Duration, endCertLifetime time.Duration) (*CA, error) {
|
|
key, err := GenerateKey()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
ca, err := CreateRootCA("fake-name", key, Validity{ValidFrom: &validFrom, Lifetime: issuerCertLifetime})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return NewCA(ca.Cred, Validity{ValidFrom: &validFrom, Lifetime: endCertLifetime}), nil
|
|
}
|
|
|
|
func TestCaIssuesCertsWithCorrectExpiration(t *testing.T) {
|
|
|
|
validFrom := time.Now().UTC().Round(time.Second)
|
|
|
|
testCases := []struct {
|
|
desc string
|
|
validFrom time.Time
|
|
issuerLifeTime time.Duration
|
|
endCertLifetime time.Duration
|
|
expectedCertExpiration time.Time
|
|
}{
|
|
{
|
|
desc: "issuer cert expires after end cert",
|
|
validFrom: validFrom,
|
|
issuerLifeTime: time.Hour * 48,
|
|
endCertLifetime: time.Hour * 24,
|
|
expectedCertExpiration: validFrom.Add(time.Hour * 24).Add(DefaultClockSkewAllowance),
|
|
},
|
|
{
|
|
desc: "issuer cert expires before end cert",
|
|
validFrom: validFrom,
|
|
issuerLifeTime: time.Hour * 10,
|
|
endCertLifetime: time.Hour * 24,
|
|
expectedCertExpiration: validFrom.Add(time.Hour * 10).Add(DefaultClockSkewAllowance),
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
tc := tc
|
|
t.Run(tc.desc, func(t *testing.T) {
|
|
|
|
ca, err := getCa(tc.validFrom, tc.issuerLifeTime, tc.endCertLifetime)
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %s", err)
|
|
}
|
|
crt, err := ca.GenerateEndEntityCred("fake-name")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %s", err)
|
|
}
|
|
if crt.Certificate.NotAfter != tc.expectedCertExpiration {
|
|
t.Fatalf("Expected cert expiration %v but got %v", tc.expectedCertExpiration, crt.Certificate.NotAfter)
|
|
}
|
|
})
|
|
}
|
|
|
|
}
|