本文整理汇总了Golang中github.com/juju/juju/cert.ParseCertAndKey函数的典型用法代码示例。如果您正苦于以下问题:Golang ParseCertAndKey函数的具体用法?Golang ParseCertAndKey怎么用?Golang ParseCertAndKey使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ParseCertAndKey函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: TestNewServer
func (certSuite) TestNewServer(c *gc.C) {
now := time.Now()
expiry := roundTime(now.AddDate(1, 0, 0))
caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
c.Assert(err, gc.IsNil)
caCert, _, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
c.Assert(err, gc.IsNil)
var noHostnames []string
srvCertPEM, srvKeyPEM, err := cert.NewServer(caCertPEM, caKeyPEM, expiry, noHostnames)
c.Assert(err, gc.IsNil)
srvCert, srvKey, err := cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
c.Assert(err, gc.IsNil)
c.Assert(srvCert.Subject.CommonName, gc.Equals, "*")
// Check that the certificate is valid from one week before today.
c.Check(srvCert.NotBefore.Before(now), jc.IsTrue)
c.Check(srvCert.NotBefore.Before(now.AddDate(0, 0, -6)), jc.IsTrue)
c.Check(srvCert.NotBefore.After(now.AddDate(0, 0, -8)), jc.IsTrue)
c.Assert(srvCert.NotAfter.Equal(expiry), gc.Equals, true)
c.Assert(srvCert.BasicConstraintsValid, gc.Equals, false)
c.Assert(srvCert.IsCA, gc.Equals, false)
c.Assert(srvCert.ExtKeyUsage, gc.DeepEquals, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth})
checkTLSConnection(c, caCert, srvCert, srvKey)
}
示例2: TestNewServerHostnames
func (certSuite) TestNewServerHostnames(c *gc.C) {
type test struct {
hostnames []string
expectedDNSNames []string
expectedIPAddresses []net.IP
}
tests := []test{{
[]string{},
nil,
nil,
}, {
[]string{"example.com"},
[]string{"example.com"},
nil,
}, {
[]string{"example.com", "127.0.0.1"},
[]string{"example.com"},
[]net.IP{net.IPv4(127, 0, 0, 1).To4()},
}, {
[]string{"::1"},
nil,
[]net.IP{net.IPv6loopback},
}}
for i, t := range tests {
c.Logf("test %d: %v", i, t.hostnames)
expiry := roundTime(time.Now().AddDate(1, 0, 0))
srvCertPEM, srvKeyPEM, err := cert.NewServer(caCertPEM, caKeyPEM, expiry, t.hostnames)
c.Assert(err, jc.ErrorIsNil)
srvCert, _, err := cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
c.Assert(err, jc.ErrorIsNil)
c.Assert(srvCert.DNSNames, gc.DeepEquals, t.expectedDNSNames)
c.Assert(srvCert.IPAddresses, gc.DeepEquals, t.expectedIPAddresses)
}
}
示例3: mustParseCertAndKey
func mustParseCertAndKey(certPEM, keyPEM string) (*x509.Certificate, *rsa.PrivateKey) {
cert, key, err := cert.ParseCertAndKey(certPEM, keyPEM)
if err != nil {
panic(err)
}
return cert, key
}
示例4: TestParseCertAndKey
func (certSuite) TestParseCertAndKey(c *gc.C) {
xcert, key, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
c.Assert(err, jc.ErrorIsNil)
c.Assert(xcert.Subject.CommonName, gc.Equals, "juju testing")
c.Assert(key, gc.NotNil)
c.Assert(xcert.PublicKey.(*rsa.PublicKey), gc.DeepEquals, &key.PublicKey)
}
示例5: TestPrepare
func (*OpenSuite) TestPrepare(c *gc.C) {
baselineAttrs := dummy.SampleConfig().Merge(testing.Attrs{
"state-server": false,
"name": "erewhemos",
}).Delete(
"ca-cert",
"ca-private-key",
"admin-secret",
"uuid",
)
cfg, err := config.New(config.NoDefaults, baselineAttrs)
c.Assert(err, gc.IsNil)
store := configstore.NewMem()
ctx := testing.Context(c)
env, err := environs.Prepare(cfg, ctx, store)
c.Assert(err, gc.IsNil)
// Check we can access storage ok, which implies the environment has been prepared.
c.Assert(env.Storage(), gc.NotNil)
// Check that the environment info file was correctly created.
info, err := store.ReadInfo("erewhemos")
c.Assert(err, gc.IsNil)
c.Assert(info.Initialized(), jc.IsTrue)
c.Assert(info.BootstrapConfig(), gc.DeepEquals, env.Config().AllAttrs())
c.Logf("bootstrap config: %#v", info.BootstrapConfig())
// Check that an admin-secret was chosen.
adminSecret := env.Config().AdminSecret()
c.Assert(adminSecret, gc.HasLen, 32)
c.Assert(adminSecret, gc.Matches, "^[0-9a-f]*$")
// Check that the CA cert was generated.
cfgCertPEM, cfgCertOK := env.Config().CACert()
cfgKeyPEM, cfgKeyOK := env.Config().CAPrivateKey()
c.Assert(cfgCertOK, gc.Equals, true)
c.Assert(cfgKeyOK, gc.Equals, true)
// Check the common name of the generated cert
caCert, _, err := cert.ParseCertAndKey(cfgCertPEM, cfgKeyPEM)
c.Assert(err, gc.IsNil)
c.Assert(caCert.Subject.CommonName, gc.Equals, `juju-generated CA for environment "`+testing.SampleEnvName+`"`)
// Check that a uuid was chosen.
uuid, exists := env.Config().UUID()
c.Assert(exists, gc.Equals, true)
c.Assert(uuid, gc.Matches, `[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}`)
// Check we can call Prepare again.
env, err = environs.Prepare(cfg, ctx, store)
c.Assert(err, gc.IsNil)
c.Assert(env.Storage(), gc.NotNil)
c.Assert(env.Config().AllAttrs(), gc.DeepEquals, info.BootstrapConfig())
}
示例6: checkCertificate
func checkCertificate(c *gc.C, caCert *x509.Certificate, srvCertPEM, srvKeyPEM string, now, expiry time.Time) {
srvCert, srvKey, err := cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
c.Assert(err, jc.ErrorIsNil)
c.Assert(srvCert.Subject.CommonName, gc.Equals, "*")
checkNotBefore(c, srvCert, now)
checkNotAfter(c, srvCert, expiry)
c.Assert(srvCert.BasicConstraintsValid, jc.IsFalse)
c.Assert(srvCert.IsCA, jc.IsFalse)
c.Assert(srvCert.ExtKeyUsage, gc.DeepEquals, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth})
checkTLSConnection(c, caCert, srvCert, srvKey)
}
示例7: TestNewServer
func (certSuite) TestNewServer(c *gc.C) {
now := time.Now()
expiry := roundTime(now.AddDate(1, 0, 0))
caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
c.Assert(err, jc.ErrorIsNil)
caCert, _, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
c.Assert(err, jc.ErrorIsNil)
srvCertPEM, srvKeyPEM, err := cert.NewServer(caCertPEM, caKeyPEM, expiry, nil)
c.Assert(err, jc.ErrorIsNil)
checkCertificate(c, caCert, srvCertPEM, srvKeyPEM, now, expiry)
}
示例8: TestNewServer
func (certSuite) TestNewServer(c *gc.C) {
expiry := roundTime(time.Now().AddDate(1, 0, 0))
caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
c.Assert(err, gc.IsNil)
caCert, _, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
c.Assert(err, gc.IsNil)
var noHostnames []string
srvCertPEM, srvKeyPEM, err := cert.NewServer(caCertPEM, caKeyPEM, expiry, noHostnames)
c.Assert(err, gc.IsNil)
srvCert, srvKey, err := cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
c.Assert(err, gc.IsNil)
c.Assert(srvCert.Subject.CommonName, gc.Equals, "*")
c.Assert(srvCert.NotAfter.Equal(expiry), gc.Equals, true)
c.Assert(srvCert.BasicConstraintsValid, gc.Equals, false)
c.Assert(srvCert.IsCA, gc.Equals, false)
c.Assert(srvCert.ExtKeyUsage, gc.DeepEquals, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth})
checkTLSConnection(c, caCert, srvCert, srvKey)
}
示例9: TestModeAccumulate
func (s *RsyslogSuite) TestModeAccumulate(c *gc.C) {
st, m := s.st, s.machine
worker, err := rsyslog.NewRsyslogConfigWorker(st.Rsyslog(), rsyslog.RsyslogModeAccumulate, m.Tag(), "", nil, s.ConfDir())
c.Assert(err, jc.ErrorIsNil)
defer func() { c.Assert(worker.Wait(), gc.IsNil) }()
defer worker.Kill()
dirname := filepath.Join(s.ConfDir(), "rsyslog")
waitForFile(c, filepath.Join(dirname, "ca-cert.pem"))
// We should have ca-cert.pem, rsyslog-cert.pem, and rsyslog-key.pem.
caCertPEM, err := ioutil.ReadFile(filepath.Join(dirname, "ca-cert.pem"))
c.Assert(err, jc.ErrorIsNil)
rsyslogCertPEM, err := ioutil.ReadFile(filepath.Join(dirname, "rsyslog-cert.pem"))
c.Assert(err, jc.ErrorIsNil)
rsyslogKeyPEM, err := ioutil.ReadFile(filepath.Join(dirname, "rsyslog-key.pem"))
c.Assert(err, jc.ErrorIsNil)
_, _, err = cert.ParseCertAndKey(string(rsyslogCertPEM), string(rsyslogKeyPEM))
c.Assert(err, jc.ErrorIsNil)
err = cert.Verify(string(rsyslogCertPEM), string(caCertPEM), time.Now().UTC())
c.Assert(err, jc.ErrorIsNil)
// Verify rsyslog configuration.
waitForFile(c, filepath.Join(*rsyslog.RsyslogConfDir, "25-juju.conf"))
rsyslogConf, err := ioutil.ReadFile(filepath.Join(*rsyslog.RsyslogConfDir, "25-juju.conf"))
c.Assert(err, jc.ErrorIsNil)
syslogPort := s.Environ.Config().SyslogPort()
syslogConfig := &syslog.SyslogConfig{
LogFileName: m.Tag().String(),
LogDir: *rsyslog.LogDir,
Port: syslogPort,
Namespace: "",
StateServerAddresses: []string{},
}
syslog.NewAccumulateConfig(syslogConfig)
syslogConfig.ConfigDir = *rsyslog.RsyslogConfDir
syslogConfig.JujuConfigDir = filepath.Join(s.ConfDir(), "rsyslog")
rendered, err := syslogConfig.Render()
c.Assert(err, jc.ErrorIsNil)
c.Assert(string(rsyslogConf), gc.DeepEquals, string(rendered))
// Verify logrotate files
assertPathExists(c, filepath.Join(dirname, "logrotate.conf"))
assertPathExists(c, filepath.Join(dirname, "logrotate.run"))
}
示例10: TestGenerateStateServerCertAndKey
func (s *ConfigSuite) TestGenerateStateServerCertAndKey(c *gc.C) {
// Add a cert.
s.FakeHomeSuite.Home.AddFiles(c, gitjujutesting.TestFile{".ssh/id_rsa.pub", "rsa\n"})
for _, test := range []struct {
configValues map[string]interface{}
errMatch string
}{{
configValues: map[string]interface{}{
"name": "test-no-certs",
"type": "dummy",
},
errMatch: "environment configuration has no ca-cert",
}, {
configValues: map[string]interface{}{
"name": "test-no-certs",
"type": "dummy",
"ca-cert": testing.CACert,
},
errMatch: "environment configuration has no ca-private-key",
}, {
configValues: map[string]interface{}{
"name": "test-no-certs",
"type": "dummy",
"ca-cert": testing.CACert,
"ca-private-key": testing.CAKey,
},
}} {
cfg, err := config.New(config.UseDefaults, test.configValues)
c.Assert(err, gc.IsNil)
certPEM, keyPEM, err := cfg.GenerateStateServerCertAndKey()
if test.errMatch == "" {
c.Assert(err, gc.IsNil)
_, _, err = cert.ParseCertAndKey(certPEM, keyPEM)
c.Check(err, gc.IsNil)
err = cert.Verify(certPEM, testing.CACert, time.Now())
c.Assert(err, gc.IsNil)
err = cert.Verify(certPEM, testing.CACert, time.Now().AddDate(9, 0, 0))
c.Assert(err, gc.IsNil)
err = cert.Verify(certPEM, testing.CACert, time.Now().AddDate(10, 0, 1))
c.Assert(err, gc.NotNil)
} else {
c.Assert(err, gc.ErrorMatches, test.errMatch)
c.Assert(certPEM, gc.Equals, "")
c.Assert(keyPEM, gc.Equals, "")
}
}
}
示例11: TestPrepare
func (*OpenSuite) TestPrepare(c *gc.C) {
baselineAttrs := dummy.SampleConfig().Merge(testing.Attrs{
"controller": false,
"name": "erewhemos",
}).Delete(
"ca-cert",
"ca-private-key",
"admin-secret",
)
cfg, err := config.New(config.NoDefaults, baselineAttrs)
c.Assert(err, jc.ErrorIsNil)
controllerStore := jujuclienttesting.NewMemStore()
ctx := envtesting.BootstrapContext(c)
env, err := environs.Prepare(ctx, controllerStore, environs.PrepareParams{
ControllerName: cfg.Name(),
BaseConfig: cfg.AllAttrs(),
CloudName: "dummy",
})
c.Assert(err, jc.ErrorIsNil)
// Check that an admin-secret was chosen.
adminSecret := env.Config().AdminSecret()
c.Assert(adminSecret, gc.HasLen, 32)
c.Assert(adminSecret, gc.Matches, "^[0-9a-f]*$")
// Check that the CA cert was generated.
cfgCertPEM, cfgCertOK := env.Config().CACert()
cfgKeyPEM, cfgKeyOK := env.Config().CAPrivateKey()
c.Assert(cfgCertOK, jc.IsTrue)
c.Assert(cfgKeyOK, jc.IsTrue)
// Check the common name of the generated cert
caCert, _, err := cert.ParseCertAndKey(cfgCertPEM, cfgKeyPEM)
c.Assert(err, jc.ErrorIsNil)
c.Assert(caCert.Subject.CommonName, gc.Equals, `juju-generated CA for model "`+testing.SampleModelName+`"`)
// Check that controller was cached
foundController, err := controllerStore.ControllerByName(cfg.Name())
c.Assert(err, jc.ErrorIsNil)
c.Assert(foundController.ControllerUUID, gc.DeepEquals, cfg.UUID())
// Check we cannot call Prepare again.
env, err = environs.Prepare(ctx, controllerStore, environs.PrepareParams{
ControllerName: cfg.Name(),
BaseConfig: cfg.AllAttrs(),
CloudName: "dummy",
})
c.Assert(err, jc.Satisfies, errors.IsAlreadyExists)
c.Assert(err, gc.ErrorMatches, `controller "erewhemos" already exists`)
}
示例12: TestNewCA
func (certSuite) TestNewCA(c *gc.C) {
expiry := roundTime(time.Now().AddDate(0, 0, 1))
caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
c.Assert(err, gc.IsNil)
caCert, caKey, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
c.Assert(err, gc.IsNil)
c.Assert(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
c.Assert(caCert.Subject.CommonName, gc.Equals, `juju-generated CA for environment "foo"`)
c.Assert(caCert.NotAfter.Equal(expiry), gc.Equals, true)
c.Assert(caCert.BasicConstraintsValid, gc.Equals, true)
c.Assert(caCert.IsCA, gc.Equals, true)
//c.Assert(caCert.MaxPathLen, Equals, 0) TODO it ends up as -1 - check that this is ok.
}
示例13: TestNewCA
func (certSuite) TestNewCA(c *gc.C) {
now := time.Now()
expiry := roundTime(now.AddDate(0, 0, 1))
caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
c.Assert(err, jc.ErrorIsNil)
caCert, caKey, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
c.Assert(err, jc.ErrorIsNil)
c.Check(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
c.Check(caCert.Subject.CommonName, gc.Equals, `juju-generated CA for model "foo"`)
checkNotBefore(c, caCert, now)
checkNotAfter(c, caCert, expiry)
c.Check(caCert.BasicConstraintsValid, jc.IsTrue)
c.Check(caCert.IsCA, jc.IsTrue)
//c.Assert(caCert.MaxPathLen, Equals, 0) TODO it ends up as -1 - check that this is ok.
}
示例14: upgradeCertificateDNSNames
// upgradeCertificateDNSNames ensure that the controller certificate
// recorded in the agent config and also mongo server.pem contains the
// DNSNames entries required by Juju.
func upgradeCertificateDNSNames(config agent.ConfigSetter) error {
si, ok := config.StateServingInfo()
if !ok || si.CAPrivateKey == "" {
// No certificate information exists yet, nothing to do.
return nil
}
// Validate the current certificate and private key pair, and then
// extract the current DNS names from the certificate. If the
// certificate validation fails, or it does not contain the DNS
// names we require, we will generate a new one.
var dnsNames set.Strings
serverCert, _, err := cert.ParseCertAndKey(si.Cert, si.PrivateKey)
if err != nil {
// The certificate is invalid, so create a new one.
logger.Infof("parsing certificate/key failed, will generate a new one: %v", err)
dnsNames = set.NewStrings()
} else {
dnsNames = set.NewStrings(serverCert.DNSNames...)
}
update := false
requiredDNSNames := []string{"local", "juju-apiserver", "juju-mongodb"}
for _, dnsName := range requiredDNSNames {
if dnsNames.Contains(dnsName) {
continue
}
dnsNames.Add(dnsName)
update = true
}
if !update {
return nil
}
// Write a new certificate to the mongo pem and agent config files.
si.Cert, si.PrivateKey, err = cert.NewDefaultServer(config.CACert(), si.CAPrivateKey, dnsNames.Values())
if err != nil {
return err
}
if err := mongo.UpdateSSLKey(config.DataDir(), si.Cert, si.PrivateKey); err != nil {
return err
}
config.SetStateServingInfo(si)
return nil
}
示例15: TestFinishBootstrapConfig
func (s *CloudInitSuite) TestFinishBootstrapConfig(c *gc.C) {
attrs := dummySampleConfig().Merge(testing.Attrs{
"authorized-keys": "we-are-the-keys",
"admin-secret": "lisboan-pork",
"agent-version": "1.2.3",
"controller": false,
})
cfg, err := config.New(config.NoDefaults, attrs)
c.Assert(err, jc.ErrorIsNil)
oldAttrs := cfg.AllAttrs()
icfg := &instancecfg.InstanceConfig{
Bootstrap: true,
}
err = instancecfg.FinishInstanceConfig(icfg, cfg)
c.Assert(err, jc.ErrorIsNil)
c.Check(icfg.AuthorizedKeys, gc.Equals, "we-are-the-keys")
c.Check(icfg.DisableSSLHostnameVerification, jc.IsFalse)
password := "lisboan-pork"
c.Check(icfg.APIInfo, gc.DeepEquals, &api.Info{
Password: password, CACert: testing.CACert,
ModelTag: testing.ModelTag,
})
c.Check(icfg.MongoInfo, gc.DeepEquals, &mongo.MongoInfo{
Password: password, Info: mongo.Info{CACert: testing.CACert},
})
c.Check(icfg.StateServingInfo.StatePort, gc.Equals, cfg.StatePort())
c.Check(icfg.StateServingInfo.APIPort, gc.Equals, cfg.APIPort())
c.Check(icfg.StateServingInfo.CAPrivateKey, gc.Equals, oldAttrs["ca-private-key"])
oldAttrs["ca-private-key"] = ""
oldAttrs["admin-secret"] = ""
c.Check(icfg.Config.AllAttrs(), gc.DeepEquals, oldAttrs)
srvCertPEM := icfg.StateServingInfo.Cert
srvKeyPEM := icfg.StateServingInfo.PrivateKey
_, _, err = cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
c.Check(err, jc.ErrorIsNil)
err = cert.Verify(srvCertPEM, testing.CACert, time.Now())
c.Assert(err, jc.ErrorIsNil)
err = cert.Verify(srvCertPEM, testing.CACert, time.Now().AddDate(9, 0, 0))
c.Assert(err, jc.ErrorIsNil)
err = cert.Verify(srvCertPEM, testing.CACert, time.Now().AddDate(10, 0, 1))
c.Assert(err, gc.NotNil)
}