ContainerImage.Pinniped/internal/testutil/x509_error.go

// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package testutil

import (
	"fmt"
	"runtime"
	"strings"

	"github.com/Masterminds/semver/v3"
)

var (
	go1195 = semver.MustParse("1.19.5")
)

func X509UntrustedCertError(commonName string) string {
	// https://github.com/golang/go/issues/57427
	// Golang 1.19.5 no longer returns a different error for darwin
	runtimeVersion, err := semver.NewVersion(strings.ReplaceAll("foo"+runtime.Version(), "go", ""))

	if err != nil || runtimeVersion == nil {
		return fmt.Sprintf("Runtime version %s should match format go.1.19.5", runtime.Version())
	}

	if runtime.GOOS == "darwin" && runtimeVersion.LessThan(go1195) {
		// Golang use's macos' x509 verification APIs on darwin.
		// This output slightly different error messages than golang's
		// own x509 verification.
		return fmt.Sprintf(`x509: “%s” certificate is not trusted`, commonName)
	}
	return `x509: certificate signed by unknown authority`
}
wip 2023-01-20 20:58:14 +00:00			`// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved.`
Error format of untrusted certificate errors should depend on OS Go 1.18.1 started using MacOS' x509 verification APIs on Macs rather than Go's own. The error messages are different. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-15 00:37:36 +00:00			`// SPDX-License-Identifier: Apache-2.0`

			`package testutil`

			`import (`
			`"fmt"`
			`"runtime"`
wip 2023-01-20 20:58:14 +00:00			`"strings"`

			`"github.com/Masterminds/semver/v3"`
			`)`

			`var (`
			`go1195 = semver.MustParse("1.19.5")`
Error format of untrusted certificate errors should depend on OS Go 1.18.1 started using MacOS' x509 verification APIs on Macs rather than Go's own. The error messages are different. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-15 00:37:36 +00:00			`)`

			`func X509UntrustedCertError(commonName string) string {`
wip 2023-01-20 20:58:14 +00:00			`// https://github.com/golang/go/issues/57427`
			`// Golang 1.19.5 no longer returns a different error for darwin`
			`runtimeVersion, err := semver.NewVersion(strings.ReplaceAll("foo"+runtime.Version(), "go", ""))`

			`if err != nil \|\| runtimeVersion == nil {`
			`return fmt.Sprintf("Runtime version %s should match format go.1.19.5", runtime.Version())`
			`}`

			`if runtime.GOOS == "darwin" && runtimeVersion.LessThan(go1195) {`
Error format of untrusted certificate errors should depend on OS Go 1.18.1 started using MacOS' x509 verification APIs on Macs rather than Go's own. The error messages are different. Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-15 00:37:36 +00:00			`// Golang use's macos' x509 verification APIs on darwin.`
			`// This output slightly different error messages than golang's`
			`// own x509 verification.`
			return fmt.Sprintf(`x509: “%s” certificate is not trusted`, commonName)
			`}`
			return `x509: certificate signed by unknown authority`
			`}`