feat: implement internal PKI utilities for CA and certificate management
This commit is contained in:
73
internal/pki/ca_test.go
Normal file
73
internal/pki/ca_test.go
Normal file
@ -0,0 +1,73 @@
|
||||
package pki
|
||||
|
||||
import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestGenerateCA(t *testing.T) {
|
||||
// Create a temporary directory for the test
|
||||
tempDir, err := os.MkdirTemp("", "kat-pki-test")
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create temp directory: %v", err)
|
||||
}
|
||||
defer os.RemoveAll(tempDir)
|
||||
|
||||
// Define paths for CA key and certificate
|
||||
keyPath := filepath.Join(tempDir, "ca.key")
|
||||
certPath := filepath.Join(tempDir, "ca.crt")
|
||||
|
||||
// Generate CA
|
||||
err = GenerateCA(tempDir, keyPath, certPath)
|
||||
if err != nil {
|
||||
t.Fatalf("GenerateCA failed: %v", err)
|
||||
}
|
||||
|
||||
// Verify files exist
|
||||
if _, err := os.Stat(keyPath); os.IsNotExist(err) {
|
||||
t.Errorf("CA key file was not created at %s", keyPath)
|
||||
}
|
||||
if _, err := os.Stat(certPath); os.IsNotExist(err) {
|
||||
t.Errorf("CA certificate file was not created at %s", certPath)
|
||||
}
|
||||
|
||||
// Load and verify CA certificate
|
||||
caCert, err := LoadCACertificate(certPath)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to load CA certificate: %v", err)
|
||||
}
|
||||
|
||||
// Verify CA properties
|
||||
if !caCert.IsCA {
|
||||
t.Errorf("Certificate is not marked as CA")
|
||||
}
|
||||
if caCert.Subject.CommonName != "KAT Root CA" {
|
||||
t.Errorf("Unexpected CA CommonName: got %s, want %s", caCert.Subject.CommonName, "KAT Root CA")
|
||||
}
|
||||
if len(caCert.Subject.Organization) == 0 || caCert.Subject.Organization[0] != "KAT System" {
|
||||
t.Errorf("Unexpected CA Organization: got %v, want [KAT System]", caCert.Subject.Organization)
|
||||
}
|
||||
|
||||
// Load and verify CA key
|
||||
_, err = LoadCAPrivateKey(keyPath)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to load CA private key: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetPKIPathFromClusterConfig(t *testing.T) {
|
||||
// Test with empty backup path
|
||||
pkiPath := GetPKIPathFromClusterConfig("")
|
||||
if pkiPath != DefaultPKIDir {
|
||||
t.Errorf("Expected default PKI path %s, got %s", DefaultPKIDir, pkiPath)
|
||||
}
|
||||
|
||||
// Test with backup path
|
||||
backupPath := "/opt/kat/backups"
|
||||
expectedPKIPath := "/opt/kat/pki"
|
||||
pkiPath = GetPKIPathFromClusterConfig(backupPath)
|
||||
if pkiPath != expectedPKIPath {
|
||||
t.Errorf("Expected PKI path %s, got %s", expectedPKIPath, pkiPath)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user