1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package vespa
import (
"encoding/base64"
"math/rand"
"net/http"
"strings"
"testing"
"time"
"github.com/stretchr/testify/assert"
)
func TestCreateKeyPair(t *testing.T) {
kp, err := CreateKeyPair()
assert.Nil(t, err)
assert.NotEmpty(t, kp.Certificate)
assert.NotEmpty(t, kp.PrivateKey)
}
func TestSignRequest(t *testing.T) {
fixedTime := time.Unix(0, 0)
rnd := rand.New(rand.NewSource(0)) // Fixed seed for testing purposes
privateKey, err := CreateAPIKey()
if err != nil {
t.Fatal(err)
}
rs := RequestSigner{
now: func() time.Time { return fixedTime },
rnd: rnd,
KeyID: "my-key",
PemPrivateKey: []byte(privateKey),
}
req, err := http.NewRequest("POST", "https://example.com", strings.NewReader("body"))
if err != nil {
assert.Nil(t, err)
}
if err := rs.SignRequest(req); err != nil {
assert.Nil(t, err)
}
assert.Equal(t, "1970-01-01T00:00:00Z", req.Header.Get("X-Timestamp"))
assert.Equal(t, "Iw2DWNyOiJC0xY3utikS7i8gNXrpKlzIYbmOaP4xrLU=", req.Header.Get("X-Content-Hash"))
assert.Equal(t, "my-key", req.Header.Get("X-Key-Id"))
key := req.Header.Get("X-Key")
assert.NotEmpty(t, key)
_, err = base64.StdEncoding.DecodeString(key)
assert.Nil(t, err)
auth := req.Header.Get("X-Authorization")
assert.NotEmpty(t, auth)
_, err = base64.StdEncoding.DecodeString(auth)
assert.Nil(t, err)
}
func TestFingerprintMD5(t *testing.T) {
pemData := []byte(`-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEObBhkEO6w1YwLXU441keCDGKe+f8
lu+CDhkxu4ZwLbwQtKBlNF5F7TXuTapUwcTErVgqrHqogrQUzthqrhbNfg==
-----END PUBLIC KEY-----`)
fp, err := FingerprintMD5(pemData)
if err != nil {
t.Fatal(err)
}
assert.Equal(t, "c5:26:6a:11:e2:b5:74:f3:73:66:9d:80:2e:fd:b7:96", fp)
}
func TestECPrivateKeyFrom(t *testing.T) {
rawECKey := `-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICgU7xtZvAyxvbmJn9pm8jOBUgNfM8rT7aDvvk7nyEUUoAoGCCqGSM49
AwEHoUQDQgAEq2kSwXAmTR9AkocfAvxi8Y64cflaGKef9Ub2m3oa8cEvRPYgazrj
THpg65DWF0Ui8d9ga2VkjqCz2zp7Cm8MXw==
-----END EC PRIVATE KEY-----`
k1, err := ECPrivateKeyFrom([]byte(rawECKey))
if err != nil {
t.Fatal(err)
}
pkcs8ECKey := `-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKBTvG1m8DLG9uYmf
2mbyM4FSA18zytPtoO++TufIRRShRANCAASraRLBcCZNH0CShx8C/GLxjrhx+VoY
p5/1RvabehrxwS9E9iBrOuNMemDrkNYXRSLx32BrZWSOoLPbOnsKbwxf
-----END PRIVATE KEY-----`
k2, err := ECPrivateKeyFrom([]byte(pkcs8ECKey))
if err != nil {
t.Fatal(err)
}
assert.True(t, k1.Equal(k2))
}
|
