certs

package
v1.32.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2025 License: Apache-2.0 Imports: 10 Imported by: 20

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AssertCertificateHasClientAuthUsage

func AssertCertificateHasClientAuthUsage(t *testing.T, cert *x509.Certificate)

AssertCertificateHasClientAuthUsage is a utility function for kubeadm testing that asserts if a given certificate has the expected ExtKeyUsageClientAuth

func AssertCertificateHasCommonName

func AssertCertificateHasCommonName(t *testing.T, cert *x509.Certificate, commonName string)

AssertCertificateHasCommonName is a utility function for kubeadm testing that asserts if a given certificate has the expected SubjectCommonName

func AssertCertificateHasDNSNames

func AssertCertificateHasDNSNames(t *testing.T, cert *x509.Certificate, DNSNames ...string)

AssertCertificateHasDNSNames is a utility function for kubeadm testing that asserts if a given certificate has the expected DNSNames

func AssertCertificateHasIPAddresses

func AssertCertificateHasIPAddresses(t *testing.T, cert *x509.Certificate, IPAddresses ...net.IP)

AssertCertificateHasIPAddresses is a utility function for kubeadm testing that asserts if a given certificate has the expected IPAddresses

func AssertCertificateHasNotAfter added in v1.31.0

func AssertCertificateHasNotAfter(t *testing.T, cert *x509.Certificate, expectedNotAfter time.Time)

AssertCertificateHasNotAfter is a utility function for kubeadm testing that asserts if a given certificate has the expected NotAfter. Truncate (round) expectedNotAfter to 1 second, since the certificate stores with seconds as the maximum precision.

func AssertCertificateHasNotBefore added in v1.31.0

func AssertCertificateHasNotBefore(t *testing.T, cert *x509.Certificate, expectedNotBefore time.Time)

AssertCertificateHasNotBefore is a utility function for kubeadm testing that asserts if a given certificate has the expected NotBefore. Truncate (round) expectedNotBefore to 1 second, since the certificate stores with seconds as the maximum precision.

func AssertCertificateHasOrganizations

func AssertCertificateHasOrganizations(t *testing.T, cert *x509.Certificate, organizations ...string)

AssertCertificateHasOrganizations is a utility function for kubeadm testing that asserts if a given certificate has and only has the expected Subject.Organization

func AssertCertificateHasServerAuthUsage

func AssertCertificateHasServerAuthUsage(t *testing.T, cert *x509.Certificate)

AssertCertificateHasServerAuthUsage is a utility function for kubeadm testing that asserts if a given certificate has the expected ExtKeyUsageServerAuth

func AssertCertificateIsSignedByCa

func AssertCertificateIsSignedByCa(t *testing.T, cert *x509.Certificate, signingCa *x509.Certificate)

AssertCertificateIsSignedByCa is a utility function for kubeadm testing that asserts if a given certificate is signed by the expected CA

func CreateCACert

func CreateCACert(t *testing.T) (*x509.Certificate, crypto.Signer)

CreateCACert creates a generic CA cert.

func CreateTestCert

func CreateTestCert(t *testing.T, caCert *x509.Certificate, caKey crypto.Signer, altNames certutil.AltNames) (*x509.Certificate, crypto.Signer, *pkiutil.CertConfig)

CreateTestCert makes a generic certificate with the given CA and alternative names.

func SetupCertificateAuthority added in v1.16.0

func SetupCertificateAuthority(t *testing.T) (*x509.Certificate, crypto.Signer)

SetupCertificateAuthority is a utility function for kubeadm testing that creates a CertificateAuthority cert/key pair

func SetupIntermediateCertificateAuthority added in v1.31.0

func SetupIntermediateCertificateAuthority(t *testing.T, parentCert *x509.Certificate, parentKey crypto.Signer, cn string) (*x509.Certificate, crypto.Signer)

SetupIntermediateCertificateAuthority is a utility function for kubeadm testing that creates a Intermediate CertificateAuthority cert/key pair

func WritePKIFiles

func WritePKIFiles(t *testing.T, dir string, files PKIFiles)

WritePKIFiles writes the given files out to the given directory

Types

type CertTestCase

type CertTestCase struct {
	Name        string
	Files       PKIFiles
	ExpectError bool
}

CertTestCase is a configuration of certificates and whether it's expected to work.

func GetSparseCertTestCases

func GetSparseCertTestCases(t *testing.T) []CertTestCase

GetSparseCertTestCases produces a series of cert configurations and their intended outcomes.

type PKIFiles

type PKIFiles map[string]interface{}

PKIFiles are a list of files that should be created for a test case

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL