Add a CA.Pool() method to ./internal/certauthority.

This is convenient for at least one test and is simple enough to write and test.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2020-12-02 14:33:07 -06:00
parent fe0481c304
commit 22953cdb78
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
2 changed files with 17 additions and 0 deletions

View File

@ -136,6 +136,13 @@ func (c *CA) Bundle() []byte {
return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: c.caCertBytes}) return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: c.caCertBytes})
} }
// Pool returns the current CA signing bundle as a *x509.CertPool.
func (c *CA) Pool() *x509.CertPool {
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(c.Bundle())
return pool
}
// Issue a new server certificate for the given identity and duration. // Issue a new server certificate for the given identity and duration.
func (c *CA) Issue(subject pkix.Name, dnsNames []string, ips []net.IP, ttl time.Duration) (*tls.Certificate, error) { func (c *CA) Issue(subject pkix.Name, dnsNames []string, ips []net.IP, ttl time.Duration) (*tls.Certificate, error) {
// Choose a random 128 bit serial number. // Choose a random 128 bit serial number.

View File

@ -182,6 +182,16 @@ func TestBundle(t *testing.T) {
}) })
} }
func TestPool(t *testing.T) {
t.Run("success", func(t *testing.T) {
ca, err := New(pkix.Name{CommonName: "test"}, 1*time.Hour)
require.NoError(t, err)
got := ca.Pool()
require.Len(t, got.Subjects(), 1)
})
}
type errSigner struct { type errSigner struct {
pubkey crypto.PublicKey pubkey crypto.PublicKey
err error err error