File: pem_test.go

package info (click to toggle)
golang-github-spiffe-go-spiffe 2.6.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,104 kB
  • sloc: makefile: 156
file content (145 lines) | stat: -rw-r--r-- 4,002 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
package pemutil_test

import (
	"bytes"
	"crypto/x509"
	"encoding/pem"
	"testing"

	"github.com/spiffe/go-spiffe/v2/internal/pemutil"
	"github.com/stretchr/testify/require"
)

var (
	testCertsPEM = []byte(`-----BEGIN CERTIFICATE-----
MIH0MIGboAMCAQICAQEwCgYIKoZIzj0EAwIwADAiGA8wMDAxMDEwMTAwMDAwMFoY
DzAwMDEwMTAxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElb3Z
CIuzbVMQsWP1b0snmJxNkpG9xT8ZHt88byGhJsde2y0zoOld9+soPZpjLBehx2Wf
6pTc22/r61HCoIFkfaMCMAAwCgYIKoZIzj0EAwIDSAAwRQIhANztuW3qmu/UfoXQ
97bYXmIunEIRPSowxAcruqO46GqhAiBSxPFst6yb3cIRwDnr4rBfaUb13NigI1iK
TM0VOlcTxg==
-----END CERTIFICATE-----
`)
	testCerts, _ = x509.ParseCertificates(pemBlockData(testCertsPEM))

	testKeyPEM = []byte(`-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsswWk0ZyjTDMD7zL
zUFjYzbfrouQgIAitSmJMnHQcyqhRANCAASVvdkIi7NtUxCxY/VvSyeYnE2Skb3F
Pxke3zxvIaEmx17bLTOg6V336yg9mmMsF6HHZZ/qlNzbb+vrUcKggWR9
-----END PRIVATE KEY-----
`)
	testKey, _ = x509.ParsePKCS8PrivateKey(pemBlockData(testKeyPEM))
)

func TestEncodeCertificates(t *testing.T) {
	actualPEM := pemutil.EncodeCertificates(testCerts)
	require.Equal(t, testCertsPEM, actualPEM)
}

func TestEncodePKCSPrivateKey(t *testing.T) {
	actualPEM, err := pemutil.EncodePKCS8PrivateKey(testKey)
	require.NoError(t, err)
	require.Equal(t, testKeyPEM, actualPEM)
}

func TestParseCertificates(t *testing.T) {
	filler := []byte("filler\n")

	t.Run("empty", func(t *testing.T) {
		_, err := pemutil.ParseCertificates(nil)
		require.EqualError(t, err, "no PEM blocks found")
	})

	t.Run("only filler", func(t *testing.T) {
		_, err := pemutil.ParseCertificates(filler)
		require.EqualError(t, err, "no PEM blocks found")
	})

	t.Run("without filler", func(t *testing.T) {
		certs, err := pemutil.ParseCertificates(testCertsPEM)
		require.NoError(t, err)
		require.Equal(t, testCerts, certs)
	})

	t.Run("with filler", func(t *testing.T) {
		certs, err := pemutil.ParseCertificates(concatBytes(filler, testCertsPEM, filler))
		require.NoError(t, err)
		require.Equal(t, testCerts, certs)
	})

	t.Run("before key", func(t *testing.T) {
		certs, err := pemutil.ParseCertificates(concatBytes(testCertsPEM, testKeyPEM))
		require.NoError(t, err)
		require.Equal(t, testCerts, certs)
	})

	t.Run("after key", func(t *testing.T) {
		certs, err := pemutil.ParseCertificates(concatBytes(testKeyPEM, testCertsPEM))
		require.NoError(t, err)
		require.Equal(t, testCerts, certs)
	})
}

func TestParsePrivateKey(t *testing.T) {
	filler := []byte("filler\n")

	t.Run("empty", func(t *testing.T) {
		_, err := pemutil.ParsePrivateKey(nil)
		require.EqualError(t, err, "no PEM blocks found")
	})

	t.Run("only filler", func(t *testing.T) {
		_, err := pemutil.ParsePrivateKey(filler)
		require.EqualError(t, err, "no PEM blocks found")
	})

	t.Run("without filler", func(t *testing.T) {
		key, err := pemutil.ParsePrivateKey(testKeyPEM)
		require.NoError(t, err)
		require.Equal(t, testKey, key)
	})

	t.Run("with filler", func(t *testing.T) {
		key, err := pemutil.ParsePrivateKey(concatBytes(filler, testKeyPEM, filler))
		require.NoError(t, err)
		require.Equal(t, testKey, key)
	})

	t.Run("before certificate", func(t *testing.T) {
		key, err := pemutil.ParsePrivateKey(concatBytes(testKeyPEM, testCertsPEM))
		require.NoError(t, err)
		require.Equal(t, testKey, key)
	})

	t.Run("after certificate", func(t *testing.T) {
		key, err := pemutil.ParsePrivateKey(concatBytes(testCertsPEM, testKeyPEM))
		require.NoError(t, err)
		require.Equal(t, testKey, key)
	})
}

func pemBlockData(data []byte) (out []byte) {
	blocks, _ := decodePEM(data)
	for _, block := range blocks {
		if block != nil {
			out = append(out, block.Bytes...)
		}
	}
	return out
}

func decodePEM(data []byte) (blocks []*pem.Block, extra [][]byte) {
	for {
		block, rest := pem.Decode(data)
		blocks = append(blocks, block)
		extra = append(extra, rest)
		if block == nil {
			return blocks, extra
		}
		data = rest
	}
}

func concatBytes(bs ...[]byte) []byte {
	return bytes.Join(bs, nil)
}