Use EC crypto (instead of RSA) to workaround weird test timeout
When we use RSA private keys to sign our test certificates, we run into strange test timeouts. The internal/controller/apicerts package was timing out on my machine more than once every 3 runs. When I changed the RSA crypto to EC crypto, this timeout goes away. I'm not gonna try to figure out what the deal is here because I think it would take longer than it would be worth (although I am sure it is some fun story involving prime numbers; the goroutine traces for timed out tests would always include some big.Int operations involving prime numbers...). Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler
parent
a4fe76f6a9
commit
ddb7a20c53
@ -7,8 +7,9 @@ package apicerts
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/ecdsa"
|
||||||
|
"crypto/elliptic"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/rsa"
|
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"errors"
|
"errors"
|
||||||
"testing"
|
"testing"
|
||||||
@ -197,11 +198,12 @@ func TestExpirerControllerSync(t *testing.T) {
|
|||||||
{
|
{
|
||||||
name: "parse cert failure",
|
name: "parse cert failure",
|
||||||
fillSecretData: func(t *testing.T, m map[string][]byte) {
|
fillSecretData: func(t *testing.T, m map[string][]byte) {
|
||||||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// See certs_manager.go for this constant.
|
// See certs_manager.go for this constant.
|
||||||
m["tlsCertificateChain"] = x509.MarshalPKCS1PrivateKey(privateKey)
|
m["tlsCertificateChain"], err = x509.MarshalPKCS8PrivateKey(privateKey)
|
||||||
|
require.NoError(t, err)
|
||||||
},
|
},
|
||||||
wantDelete: false,
|
wantDelete: false,
|
||||||
},
|
},
|
||||||
|
|||||||
@ -6,8 +6,9 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
package testutil
|
package testutil
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/ecdsa"
|
||||||
|
"crypto/elliptic"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/rsa"
|
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
@ -82,7 +83,7 @@ func (v *ValidCert) RequireMatchesPrivateKey(keyPEM string) {
|
|||||||
// There is nothing very special about the certificate that it creates, just
|
// There is nothing very special about the certificate that it creates, just
|
||||||
// that it is a valid certificate that can be used for testing.
|
// that it is a valid certificate that can be used for testing.
|
||||||
func CreateCertificate(notBefore, notAfter time.Time) ([]byte, error) {
|
func CreateCertificate(notBefore, notAfter time.Time) ([]byte, error) {
|
||||||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user