From 22953cdb7849201ced46a4b3c9a56e1cd4be865a Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 2 Dec 2020 14:33:07 -0600 Subject: [PATCH] Add a CA.Pool() method to ./internal/certauthority. This is convenient for at least one test and is simple enough to write and test. Signed-off-by: Matt Moyer --- internal/certauthority/certauthority.go | 7 +++++++ internal/certauthority/certauthority_test.go | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/internal/certauthority/certauthority.go b/internal/certauthority/certauthority.go index 6d3cff84..87bdd784 100644 --- a/internal/certauthority/certauthority.go +++ b/internal/certauthority/certauthority.go @@ -136,6 +136,13 @@ func (c *CA) Bundle() []byte { return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: c.caCertBytes}) } +// Pool returns the current CA signing bundle as a *x509.CertPool. +func (c *CA) Pool() *x509.CertPool { + pool := x509.NewCertPool() + pool.AppendCertsFromPEM(c.Bundle()) + return pool +} + // Issue a new server certificate for the given identity and duration. func (c *CA) Issue(subject pkix.Name, dnsNames []string, ips []net.IP, ttl time.Duration) (*tls.Certificate, error) { // Choose a random 128 bit serial number. diff --git a/internal/certauthority/certauthority_test.go b/internal/certauthority/certauthority_test.go index 10e74743..4c1fdf8e 100644 --- a/internal/certauthority/certauthority_test.go +++ b/internal/certauthority/certauthority_test.go @@ -182,6 +182,16 @@ func TestBundle(t *testing.T) { }) } +func TestPool(t *testing.T) { + t.Run("success", func(t *testing.T) { + ca, err := New(pkix.Name{CommonName: "test"}, 1*time.Hour) + require.NoError(t, err) + + got := ca.Pool() + require.Len(t, got.Subjects(), 1) + }) +} + type errSigner struct { pubkey crypto.PublicKey err error