Skip to content

Commit

Permalink
Update TLS certificates in tests (#169)
Browse files Browse the repository at this point in the history
Some TLS certificates used in tests expired, this commit fixes it by
generating the certificates and, if needed, calculating the
fingerprint on each test.

This will prevent future CI failures and reduce the maintenance
burden.
  • Loading branch information
belimawr authored Dec 21, 2023
1 parent 7f2c636 commit b200fb1
Show file tree
Hide file tree
Showing 12 changed files with 172 additions and 337 deletions.
23 changes: 16 additions & 7 deletions transport/tlscommon/ca_pinning_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func TestCAPinning(t *testing.T) {
ca, err := genCA()
require.NoError(t, err)

serverCert, err := genSignedCert(ca, x509.KeyUsageDigitalSignature, false, "localhost", []string{"localhost"}, nil)
serverCert, err := genSignedCert(ca, x509.KeyUsageDigitalSignature, false, "localhost", []string{"localhost"}, nil, false)
require.NoError(t, err)

mux := http.NewServeMux()
Expand Down Expand Up @@ -172,10 +172,10 @@ func TestCAPinning(t *testing.T) {
ca, err := genCA()
require.NoError(t, err)

intermediate, err := genSignedCert(ca, x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign, true, "localhost", []string{"localhost"}, nil)
intermediate, err := genSignedCert(ca, x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign, true, "localhost", []string{"localhost"}, nil, false)
require.NoError(t, err)

serverCert, err := genSignedCert(intermediate, x509.KeyUsageDigitalSignature, false, "localhost", []string{"localhost"}, nil)
serverCert, err := genSignedCert(intermediate, x509.KeyUsageDigitalSignature, false, "localhost", []string{"localhost"}, nil, false)
require.NoError(t, err)

mux := http.NewServeMux()
Expand Down Expand Up @@ -246,10 +246,10 @@ func TestCAPinning(t *testing.T) {
ca, err := genCA()
require.NoError(t, err)

intermediate, err := genSignedCert(ca, x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign, true, "localhost", []string{"localhost"}, nil)
intermediate, err := genSignedCert(ca, x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign, true, "localhost", []string{"localhost"}, nil, false)
require.NoError(t, err)

serverCert, err := genSignedCert(intermediate, x509.KeyUsageDigitalSignature, false, "localhost", []string{"localhost"}, nil)
serverCert, err := genSignedCert(intermediate, x509.KeyUsageDigitalSignature, false, "localhost", []string{"localhost"}, nil, false)
require.NoError(t, err)

mux := http.NewServeMux()
Expand Down Expand Up @@ -360,10 +360,19 @@ func genSignedCert(
commonName string,
dnsNames []string,
ips []net.IP,
expired bool,
) (tls.Certificate, error) {
if commonName == "" {
commonName = "You know, for search"
}

notBefore := time.Now()
notAfter := notBefore.Add(5 * time.Hour)

if expired {
notBefore = notBefore.Add(-42 * time.Hour)
notAfter = notAfter.Add(-42 * time.Hour)
}
// Create another Cert/key
cert := &x509.Certificate{
SerialNumber: big.NewInt(2000),
Expand All @@ -382,8 +391,8 @@ func genSignedCert(
PostalCode: []string{"HOH OHO"},
},

NotBefore: time.Now(),
NotAfter: time.Now().Add(1 * time.Hour),
NotBefore: notBefore,
NotAfter: notAfter,
IsCA: isCA,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: keyUsage,
Expand Down
24 changes: 0 additions & 24 deletions transport/tlscommon/testdata/cacert.crt

This file was deleted.

27 changes: 0 additions & 27 deletions transport/tlscommon/testdata/cacert.key

This file was deleted.

48 changes: 0 additions & 48 deletions transport/tlscommon/testdata/client1.crt

This file was deleted.

27 changes: 0 additions & 27 deletions transport/tlscommon/testdata/client1.key

This file was deleted.

32 changes: 0 additions & 32 deletions transport/tlscommon/testdata/es-leaf.crt

This file was deleted.

31 changes: 0 additions & 31 deletions transport/tlscommon/testdata/es-root-ca-cert.crt

This file was deleted.

22 changes: 0 additions & 22 deletions transport/tlscommon/testdata/server.crt

This file was deleted.

15 changes: 0 additions & 15 deletions transport/tlscommon/testdata/server.key

This file was deleted.

22 changes: 0 additions & 22 deletions transport/tlscommon/testdata/tls.crt

This file was deleted.

22 changes: 0 additions & 22 deletions transport/tlscommon/testdata/unsigned_tls.crt

This file was deleted.

Loading

0 comments on commit b200fb1

Please sign in to comment.