Add a CA.Pool() method to ./internal/certauthority.
This is convenient for at least one test and is simple enough to write and test. Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
parent
fe0481c304
commit
22953cdb78
@ -136,6 +136,13 @@ func (c *CA) Bundle() []byte {
|
|||||||
return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: c.caCertBytes})
|
return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: c.caCertBytes})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Pool returns the current CA signing bundle as a *x509.CertPool.
|
||||||
|
func (c *CA) Pool() *x509.CertPool {
|
||||||
|
pool := x509.NewCertPool()
|
||||||
|
pool.AppendCertsFromPEM(c.Bundle())
|
||||||
|
return pool
|
||||||
|
}
|
||||||
|
|
||||||
// Issue a new server certificate for the given identity and duration.
|
// Issue a new server certificate for the given identity and duration.
|
||||||
func (c *CA) Issue(subject pkix.Name, dnsNames []string, ips []net.IP, ttl time.Duration) (*tls.Certificate, error) {
|
func (c *CA) Issue(subject pkix.Name, dnsNames []string, ips []net.IP, ttl time.Duration) (*tls.Certificate, error) {
|
||||||
// Choose a random 128 bit serial number.
|
// Choose a random 128 bit serial number.
|
||||||
|
@ -182,6 +182,16 @@ func TestBundle(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPool(t *testing.T) {
|
||||||
|
t.Run("success", func(t *testing.T) {
|
||||||
|
ca, err := New(pkix.Name{CommonName: "test"}, 1*time.Hour)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
got := ca.Pool()
|
||||||
|
require.Len(t, got.Subjects(), 1)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
type errSigner struct {
|
type errSigner struct {
|
||||||
pubkey crypto.PublicKey
|
pubkey crypto.PublicKey
|
||||||
err error
|
err error
|
||||||
|
Loading…
Reference in New Issue
Block a user