Skip to content

Commit

Permalink
Merge pull request #15 from ellgreen/serial-cn-support
Browse files Browse the repository at this point in the history
Add ability to pass Serial Number and Common Name
  • Loading branch information
madflojo authored Sep 26, 2024
2 parents 0fbb387 + 129213a commit 5cf4d0f
Show file tree
Hide file tree
Showing 3 changed files with 71 additions and 1 deletion.
7 changes: 7 additions & 0 deletions kpconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package testcerts

import (
"errors"
"math/big"
"net"
)

Expand All @@ -22,6 +23,12 @@ type KeyPairConfig struct {
// IPAddresses is a list of IP addresses to include in the certificate
// as Subject Alternative Names.
IPAddresses []string

// SerialNumber is the serial number to use for the certificate.
SerialNumber *big.Int

// CommonName is the Common Name to use for the certificate.
CommonName string
}

// Validate validates the KeyPairConfig ensuring that it is not empty and that
Expand Down
9 changes: 8 additions & 1 deletion testcerts.go
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,21 @@ func (ca *CertificateAuthority) NewKeyPairFromConfig(config KeyPairConfig) (*Key
return nil, err
}

// If a serial number is provided, use it, otherwise use 42
serialNumber := config.SerialNumber
if serialNumber == nil {
serialNumber = big.NewInt(42)
}

// Create a Certificate
kp := &KeyPair{cert: &x509.Certificate{
Subject: pkix.Name{
Organization: []string{"Never Use this Certificate in Production Inc."},
CommonName: config.CommonName,
},
DNSNames: config.Domains,
IPAddresses: ips,
SerialNumber: big.NewInt(42),
SerialNumber: serialNumber,
NotBefore: time.Now().Add(-1 * time.Hour),
NotAfter: time.Now().Add(2 * time.Hour),
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
Expand Down
56 changes: 56 additions & 0 deletions testcerts_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"crypto/tls"
"crypto/x509"
"fmt"
"math/big"
"net/http"
"os"
"path/filepath"
Expand Down Expand Up @@ -273,6 +274,22 @@ func TestKeyPairConfig(t *testing.T) {
},
err: ErrInvalidIP,
},
{
name: "Happy Path - Serial Number provided",
cfg: KeyPairConfig{
Domains: []string{"example.com"},
SerialNumber: big.NewInt(123),
},
err: nil,
},
{
name: "Happy Path - Common Name provided",
cfg: KeyPairConfig{
Domains: []string{"example.com"},
CommonName: "Example Common Name",
},
err: nil,
},
}

for _, c := range tc {
Expand All @@ -290,6 +307,34 @@ func TestKeyPairConfig(t *testing.T) {
}
})
}

t.Run("Serial Number is correct in Key Pair", func(t *testing.T) {
certs, err := NewCA().NewKeyPairFromConfig(KeyPairConfig{
Domains: []string{"example.com"},
SerialNumber: big.NewInt(123),
})
if err != nil {
t.Fatalf("KeyPair Generation Failed expected nil got %v", err)
}

if certs.cert.SerialNumber.Cmp(big.NewInt(123)) != 0 {
t.Fatalf("Unexpected Serial Number expected 123 got %v", certs.cert.SerialNumber)
}
})

t.Run("Common Name is correct in Key Pair", func(t *testing.T) {
certs, err := NewCA().NewKeyPairFromConfig(KeyPairConfig{
Domains: []string{"example.com"},
CommonName: "Example Common Name",
})
if err != nil {
t.Fatalf("KeyPair Generation Failed expected nil got %v", err)
}

if certs.cert.Subject.CommonName != "Example Common Name" {
t.Fatalf("Unexpected Common Name expected 'Example Common Name' got %v", certs.cert.Subject.CommonName)
}
})
}

type FullFlowTestCase struct {
Expand Down Expand Up @@ -327,6 +372,17 @@ func TestFullFlow(t *testing.T) {
},
kpErr: nil,
},
{
name: "Localhost IP, Domain, Serial Number, and Common Name",
listenAddr: "0.0.0.0",
kpCfg: KeyPairConfig{
IPAddresses: []string{"127.0.0.1", "::1"},
Domains: []string{"localhost"},
SerialNumber: big.NewInt(123),
CommonName: "Example Common Name",
},
kpErr: nil,
},
}

for _, c := range tc {
Expand Down

0 comments on commit 5cf4d0f

Please sign in to comment.