coredns/core/https/crypto_test.go

package https

import (
	"bytes"
	"crypto"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"os"
	"runtime"
	"testing"
)

func TestSaveAndLoadRSAPrivateKey(t *testing.T) {
	keyFile := "test.key"
	defer os.Remove(keyFile)

	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		t.Fatal(err)
	}

	// test save
	err = savePrivateKey(privateKey, keyFile)
	if err != nil {
		t.Fatal("error saving private key:", err)
	}

	// it doesn't make sense to test file permission on windows
	if runtime.GOOS != "windows" {
		// get info of the key file
		info, err := os.Stat(keyFile)
		if err != nil {
			t.Fatal("error stating private key:", err)
		}
		// verify permission of key file is correct
		if info.Mode().Perm() != 0600 {
			t.Error("Expected key file to have permission 0600, but it wasn't")
		}
	}

	// test load
	loadedKey, err := loadPrivateKey(keyFile)
	if err != nil {
		t.Error("error loading private key:", err)
	}

	// verify loaded key is correct
	if !PrivateKeysSame(privateKey, loadedKey) {
		t.Error("Expected key bytes to be the same, but they weren't")
	}
}

func TestSaveAndLoadECCPrivateKey(t *testing.T) {
	keyFile := "test.key"
	defer os.Remove(keyFile)

	privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
	if err != nil {
		t.Fatal(err)
	}

	// test save
	err = savePrivateKey(privateKey, keyFile)
	if err != nil {
		t.Fatal("error saving private key:", err)
	}

	// it doesn't make sense to test file permission on windows
	if runtime.GOOS != "windows" {
		// get info of the key file
		info, err := os.Stat(keyFile)
		if err != nil {
			t.Fatal("error stating private key:", err)
		}
		// verify permission of key file is correct
		if info.Mode().Perm() != 0600 {
			t.Error("Expected key file to have permission 0600, but it wasn't")
		}
	}

	// test load
	loadedKey, err := loadPrivateKey(keyFile)
	if err != nil {
		t.Error("error loading private key:", err)
	}

	// verify loaded key is correct
	if !PrivateKeysSame(privateKey, loadedKey) {
		t.Error("Expected key bytes to be the same, but they weren't")
	}
}

// PrivateKeysSame compares the bytes of a and b and returns true if they are the same.
func PrivateKeysSame(a, b crypto.PrivateKey) bool {
	return bytes.Equal(PrivateKeyBytes(a), PrivateKeyBytes(b))
}

// PrivateKeyBytes returns the bytes of DER-encoded key.
func PrivateKeyBytes(key crypto.PrivateKey) []byte {
	var keyBytes []byte
	switch key := key.(type) {
	case *rsa.PrivateKey:
		keyBytes = x509.MarshalPKCS1PrivateKey(key)
	case *ecdsa.PrivateKey:
		keyBytes, _ = x509.MarshalECPrivateKey(key)
	}
	return keyBytes
}
First commit 2016-03-18 20:57:35 +00:00			`package https`

			`import (`
			`"bytes"`
			`"crypto"`
			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"os"`
			`"runtime"`
			`"testing"`
			`)`

			`func TestSaveAndLoadRSAPrivateKey(t *testing.T) {`
			`keyFile := "test.key"`
			`defer os.Remove(keyFile)`

			`privateKey, err := rsa.GenerateKey(rand.Reader, 2048)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`// test save`
			`err = savePrivateKey(privateKey, keyFile)`
			`if err != nil {`
			`t.Fatal("error saving private key:", err)`
			`}`

			`// it doesn't make sense to test file permission on windows`
			`if runtime.GOOS != "windows" {`
			`// get info of the key file`
			`info, err := os.Stat(keyFile)`
			`if err != nil {`
			`t.Fatal("error stating private key:", err)`
			`}`
			`// verify permission of key file is correct`
			`if info.Mode().Perm() != 0600 {`
			`t.Error("Expected key file to have permission 0600, but it wasn't")`
			`}`
			`}`

			`// test load`
			`loadedKey, err := loadPrivateKey(keyFile)`
			`if err != nil {`
			`t.Error("error loading private key:", err)`
			`}`

			`// verify loaded key is correct`
			`if !PrivateKeysSame(privateKey, loadedKey) {`
			`t.Error("Expected key bytes to be the same, but they weren't")`
			`}`
			`}`

			`func TestSaveAndLoadECCPrivateKey(t *testing.T) {`
			`keyFile := "test.key"`
			`defer os.Remove(keyFile)`

			`privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`// test save`
			`err = savePrivateKey(privateKey, keyFile)`
			`if err != nil {`
			`t.Fatal("error saving private key:", err)`
			`}`

			`// it doesn't make sense to test file permission on windows`
			`if runtime.GOOS != "windows" {`
			`// get info of the key file`
			`info, err := os.Stat(keyFile)`
			`if err != nil {`
			`t.Fatal("error stating private key:", err)`
			`}`
			`// verify permission of key file is correct`
			`if info.Mode().Perm() != 0600 {`
			`t.Error("Expected key file to have permission 0600, but it wasn't")`
			`}`
			`}`

			`// test load`
			`loadedKey, err := loadPrivateKey(keyFile)`
			`if err != nil {`
			`t.Error("error loading private key:", err)`
			`}`

			`// verify loaded key is correct`
Adding wildcard support (#190) * Commenting out unused functions. TODO: remove when it is not needed * Update README with namespace and template example * Adding note about changing the record name format via a template * Adding test scripts to automate k8s startup * Automating k8s namespace creation * Adding automation to start 4 k8s services * Updating documentation for k8s tests * Avoid downloading kubectl if already exists * Adding debug statement when namespace is not exposed. * Adding basic kubernetes integration tests * Makefile now contains a "testk8s" target. This target requires k8s to be running. * Adding test/kubernetes_test.go file with a couple of basic A record tests. * Updating k8s integration tests to only run k8s integration tests * Adding support for namespace wildcards * Refactoring to move filtering logic to kubernetes.go file * go fmt fixes * Adding wildcard support for namespaces and service names * Kubernetes integration tests updated for A records. * Expanded record name assembly for answer section not yet implemented. * Refactoring to focus k8sclient code just on accessing k8s API. Filtering now handled in kubernetes.go * Adding wildcard test cases * Adding skydns startup script. (To allow side by side testing of wildcards.) * Commenting out record name assmebly based on NameTemplate. Need to improve template before this makes sense. * Adding basic SRV integration tests * Need to add verification for additional answer section * Fixing comments and formatting * Moving wildcard constants to vars * Travis test execution appears to be failing on access to these constants * Fixing access to util package * Trying to work around Travis test bug * Reverting to access kubernetes/util as "util" Travis breakage is due to "Infoblox-CTO" in src path 2016-07-14 14:50:14 -07:00			`if !PrivateKeysSame(privateKey, loadedKey) {`
			`t.Error("Expected key bytes to be the same, but they weren't")`
			`}`
First commit 2016-03-18 20:57:35 +00:00			`}`

			`// PrivateKeysSame compares the bytes of a and b and returns true if they are the same.`
			`func PrivateKeysSame(a, b crypto.PrivateKey) bool {`
			`return bytes.Equal(PrivateKeyBytes(a), PrivateKeyBytes(b))`
			`}`

			`// PrivateKeyBytes returns the bytes of DER-encoded key.`
			`func PrivateKeyBytes(key crypto.PrivateKey) []byte {`
			`var keyBytes []byte`
			`switch key := key.(type) {`
			`case *rsa.PrivateKey:`
			`keyBytes = x509.MarshalPKCS1PrivateKey(key)`
			`case *ecdsa.PrivateKey:`
			`keyBytes, _ = x509.MarshalECPrivateKey(key)`
			`}`
			`return keyBytes`
			`}`