From 5ec1fbd1cadf79beb085b4bef89c643ad6cb92b0 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Tue, 11 Aug 2020 10:39:50 -0700 Subject: [PATCH] Add an assertion that the private key and cert chain match in certs_manager_test.go Signed-off-by: Matt Moyer --- internal/controller/apicerts/certs_manager_test.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/internal/controller/apicerts/certs_manager_test.go b/internal/controller/apicerts/certs_manager_test.go index 26a76e11..c4c68e13 100644 --- a/internal/controller/apicerts/certs_manager_test.go +++ b/internal/controller/apicerts/certs_manager_test.go @@ -7,6 +7,7 @@ package apicerts import ( "context" + "crypto/tls" "crypto/x509" "encoding/pem" "errors" @@ -239,8 +240,9 @@ func TestManagerControllerSync(t *testing.T) { r.WithinDuration(time.Now(), parsedCert.NotBefore, time.Minute*2) r.WithinDuration(time.Now().Add(24*365*time.Hour), parsedCert.NotAfter, time.Minute*2) - // TODO How can we validate that the actualPrivateKey is correct and works with the other cert values? - // Maybe start a test http server using these certs and then make a request to it using the actualCACert? + // Check that the private key and cert chain match + _, err = tls.X509KeyPair([]byte(actualCertChain), []byte(actualPrivateKey)) + r.NoError(err) // Make sure we updated the APIService caBundle and left it otherwise unchanged r.Len(aggregatorAPIClient.Actions(), 2)