package testutils

import "github.com/moby/swarmkit/v2/ca/testutils"

Index

Variables

var (
	NotYetValidCert = []byte("" /* 553 byte string literal not displayed */,
	)

	NotYetValidKey = []byte("" /* 230 byte string literal not displayed */,
	)

	ExpiredCert = []byte("" /* 549 byte string literal not displayed */,
	)

	ExpiredKey = []byte("" /* 230 byte string literal not displayed */,
	)

	RSA2048SHA256Cert = []byte("" /* 1292 byte string literal not displayed */,
	)

	RSA2048SHA1Cert = []byte("" /* 1292 byte string literal not displayed */,
	)

	RSA2048Key = []byte("" /* 1682 byte string literal not displayed */,
	)

	RSA1024Cert = []byte("" /* 939 byte string literal not displayed */,
	)

	RSA1024Key = []byte("" /* 890 byte string literal not displayed */,
	)

	ECDSA224Cert = []byte("" /* 732 byte string literal not displayed */,
	)

	ECDSA224Key = []byte("" /* 210 byte string literal not displayed */,
	)

	ECDSA256SHA256Cert = []byte("" /* 756 byte string literal not displayed */,
	)

	ECDSA256SHA1Cert = []byte("" /* 756 byte string literal not displayed */,
	)

	ECDSA256Key = []byte("" /* 230 byte string literal not displayed */,
	)

	DSA2048Cert = []byte("" /* 1723 byte string literal not displayed */,
	)

	DSA2048Key = []byte("" /* 1195 byte string literal not displayed */,
	)

	ECDSACertChain = [][]byte{
		[]byte("" /* 712 byte string literal not displayed */,
		),
		[]byte("" /* 598 byte string literal not displayed */,
		),
		[]byte("" /* 553 byte string literal not displayed */,
		),
	}

	ECDSACertChainKeys = [][]byte{
		[]byte("" /* 230 byte string literal not displayed */,
		),
		[]byte("" /* 230 byte string literal not displayed */,
		),
		[]byte("" /* 230 byte string literal not displayed */,
		),
	}

	ECDSACertChainPKCS8Keys = [][]byte{
		[]byte("" /* 245 byte string literal not displayed */),
		[]byte("" /* 245 byte string literal not displayed */),
		[]byte("" /* 245 byte string literal not displayed */),
	}
)
var External bool

External controls whether or not NewTestCA() will create a TestCA server configured to use an external signer or not.

Functions

func CreateCertFromSigner

func CreateCertFromSigner(rootCN string, priv crypto.Signer) ([]byte, error)

CreateCertFromSigner creates a Certificate authority for a new Swarm Cluster given an existing key only.

func CreateRootCertAndKey

func CreateRootCertAndKey(rootCN string) ([]byte, []byte, error)

CreateRootCertAndKey returns a generated certificate and key for a root CA

func ReDateCert

func ReDateCert(t *testing.T, cert, signerCert, signerKey []byte, notBefore, notAfter time.Time) []byte

ReDateCert takes an existing cert and changes the not before and not after date, to make it easier to test expiry

Types

type ExternalSigningServer

type ExternalSigningServer struct {
	NumIssued uint64
	URL       string
	// contains filtered or unexported fields
}

ExternalSigningServer runs an HTTPS server with an endpoint at a specified URL which signs node certificate requests from a swarm manager client.

func NewExternalSigningServer

func NewExternalSigningServer(rootCA ca.RootCA, basedir string) (*ExternalSigningServer, error)

NewExternalSigningServer creates and runs a new ExternalSigningServer which uses the given rootCA to sign node certificates. A server key and cert are generated and saved into the given basedir and then a TLS listener is started on a random available port. On success, an HTTPS server will be running in a separate goroutine. The URL of the singing endpoint is available in the returned *ExternalSignerServer value. Calling the Close() method will stop the server.

func (*ExternalSigningServer) Deflake

func (ess *ExternalSigningServer) Deflake()

Deflake restores normal operation after a call to Flake.

func (*ExternalSigningServer) DisableCASigning

func (ess *ExternalSigningServer) DisableCASigning()

DisableCASigning prevents the server from being able to sign CA certificates

func (*ExternalSigningServer) EnableCASigning

func (ess *ExternalSigningServer) EnableCASigning() error

EnableCASigning updates the root CA signer to be able to sign CAs

func (*ExternalSigningServer) Flake

func (ess *ExternalSigningServer) Flake()

Flake makes the signing server return HTTP 500 errors.

func (*ExternalSigningServer) Stop

func (ess *ExternalSigningServer) Stop() error

Stop stops this signing server by closing the underlying TCP/TLS listener.

type TestCA

type TestCA struct {
	RootCA                      ca.RootCA
	ExternalSigningServer       *ExternalSigningServer
	MemoryStore                 *store.MemoryStore
	Addr, TempDir, Organization string
	Paths                       *ca.SecurityConfigPaths
	Server                      *grpc.Server
	ServingSecurityConfig       *ca.SecurityConfig
	CAServer                    *ca.Server
	Context                     context.Context
	NodeCAClients               []api.NodeCAClient
	CAClients                   []api.CAClient
	Conns                       []*grpc.ClientConn
	WorkerToken                 string
	ManagerToken                string
	ConnBroker                  *connectionbroker.Broker
	KeyReadWriter               *ca.KeyReadWriter
	// contains filtered or unexported fields
}

TestCA is a structure that encapsulates everything needed to test a CA Server

func NewFIPSTestCA

func NewFIPSTestCA(t *testing.T) *TestCA

NewFIPSTestCA is a helper method that creates a mandatory fips TestCA and a bunch of default connections and security configs.

func NewTestCA

func NewTestCA(t *testing.T, krwGenerators ...func(ca.CertPaths) *ca.KeyReadWriter) *TestCA

NewTestCA is a helper method that creates a TestCA and a bunch of default connections and security configs.

func NewTestCAFromAPIRootCA

func NewTestCAFromAPIRootCA(t *testing.T, tempBaseDir string, apiRootCA api.RootCA, krwGenerators []func(ca.CertPaths) *ca.KeyReadWriter) *TestCA

NewTestCAFromAPIRootCA is a helper method that creates a TestCA and a bunch of default connections and security configs, given a temp directory and an api.RootCA to use for creating a cluster and for signing.

func (*TestCA) NewNodeConfig

func (tc *TestCA) NewNodeConfig(role string) (*ca.SecurityConfig, error)

NewNodeConfig returns security config for a new node, given a role

func (*TestCA) NewNodeConfigOrg

func (tc *TestCA) NewNodeConfigOrg(role, org string) (*ca.SecurityConfig, error)

NewNodeConfigOrg returns security config for a new node, given a role and an org

func (*TestCA) Stop

func (tc *TestCA) Stop()

Stop cleans up after TestCA

func (*TestCA) WriteNewNodeConfig

func (tc *TestCA) WriteNewNodeConfig(role string) (*ca.SecurityConfig, error)

WriteNewNodeConfig returns security config for a new node, given a role saving the generated key and certificates to disk

Source Files

cautils.go externalutils.go staticcerts.go

Version
v2.0.0-20250103191802-8c1959736554 (latest)
Published
Jan 3, 2025
Platform
linux/amd64
Imports
41 packages
Last checked
1 week ago

Tools for package owners.