Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor GetFakeSSLCert #4008

Merged
merged 1 commit into from
Apr 14, 2019
Merged

refactor GetFakeSSLCert #4008

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 1 addition & 15 deletions cmd/nginx/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,6 @@ const (
// High enough Burst to fit all expected use cases. Burst=0 is not set here, because
// client code is overriding it.
defaultBurst = 1e6

fakeCertificateName = "default-fake-certificate"
)

func main() {
Expand Down Expand Up @@ -109,20 +107,8 @@ func main() {
}
}

// create the default SSL certificate (dummy)
// TODO(elvinefendi) do this in a single function in ssl package
defCert, defKey := ssl.GetFakeSSLCert()
sslCert, err := ssl.CreateSSLCert(defCert, defKey)
if err != nil {
klog.Fatalf("unexpected error creating fake SSL Cert: %v", err)
}
err = ssl.StoreSSLCertOnDisk(fs, fakeCertificateName, sslCert)
if err != nil {
klog.Fatalf("unexpected error storing fake SSL Cert: %v", err)
}
conf.FakeCertificate = sslCert
conf.FakeCertificate = ssl.GetFakeSSLCert(fs)
klog.Infof("Created fake certificate with PemFileName: %v", conf.FakeCertificate.PemFileName)
// end create default fake SSL certificates

conf.Client = kubeClient

Expand Down
12 changes: 1 addition & 11 deletions internal/ingress/controller/controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -921,17 +921,7 @@ func newNGINXController(t *testing.T) *NGINXController {
pod,
false)

// BEGIN create fake ssl cert
defCert, defKey := ssl.GetFakeSSLCert()
sslCert, err := ssl.CreateSSLCert(defCert, defKey)
if err != nil {
t.Fatalf("unexpected error creating fake SSL Cert: %v", err)
}
err = ssl.StoreSSLCertOnDisk(fs, fakeCertificateName, sslCert)
if err != nil {
t.Fatalf("unexpected error storing fake SSL Cert: %v", err)
}
// END create fake ssl cert
sslCert := ssl.GetFakeSSLCert(fs)
config := &Configuration{
FakeCertificate: sslCert,
ListenPorts: &ngx_config.ListenPorts{
Expand Down
19 changes: 16 additions & 3 deletions internal/net/ssl/ssl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ var (
oidExtensionSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17}
)

const (
fakeCertificateName = "default-fake-certificate"
)

// getPemFileName returns absolute file path and file name of pem cert related to given fullSecretName
func getPemFileName(fullSecretName string) (string, string) {
pemName := fmt.Sprintf("%v.pem", fullSecretName)
Expand Down Expand Up @@ -355,8 +359,7 @@ func AddOrUpdateDHParam(name string, dh []byte, fs file.Filesystem) (string, err

// GetFakeSSLCert creates a Self Signed Certificate
// Based in the code https://golang.org/src/crypto/tls/generate_cert.go
func GetFakeSSLCert() ([]byte, []byte) {

func GetFakeSSLCert(fs file.Filesystem) *ingress.SSLCert {
var priv interface{}
var err error

Expand Down Expand Up @@ -400,7 +403,17 @@ func GetFakeSSLCert() ([]byte, []byte) {

key := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))})

return cert, key
sslCert, err := CreateSSLCert(cert, key)
if err != nil {
klog.Fatalf("unexpected error creating fake SSL Cert: %v", err)
}

err = StoreSSLCertOnDisk(fs, fakeCertificateName, sslCert)
if err != nil {
klog.Fatalf("unexpected error storing fake SSL Cert: %v", err)
}

return sslCert
}

// FullChainCert checks if a certificate file contains issues in the intermediate CA chain
Expand Down
31 changes: 22 additions & 9 deletions internal/net/ssl/ssl_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,20 +139,33 @@ func TestCACert(t *testing.T) {
}

func TestGetFakeSSLCert(t *testing.T) {
k, c := GetFakeSSLCert()
if len(k) == 0 {
t.Fatalf("expected a valid key")
fs := newFS(t)

sslCert := GetFakeSSLCert(fs)

if len(sslCert.PemCertKey) == 0 {
t.Fatalf("expected PemCertKey to not be empty")
}

if len(sslCert.PemFileName) == 0 {
t.Fatalf("expected PemFileName to not be empty")
}

if len(sslCert.CN) != 2 {
t.Fatalf("expected 2 entries in CN, but got %v", len(sslCert.CN))
}
if len(c) == 0 {
t.Fatalf("expected a valid certificate")

if sslCert.CN[0] != "Kubernetes Ingress Controller Fake Certificate" {
t.Fatalf("expected common name to be \"Kubernetes Ingress Controller Fake Certificate\" but got %v", sslCert.CN[0])
}

if sslCert.CN[1] != "ingress.local" {
t.Fatalf("expected a DNS name \"ingress.local\" but got: %v", sslCert.CN[1])
}
}

func TestConfigureCACert(t *testing.T) {
fs, err := file.NewFakeFS()
if err != nil {
t.Fatalf("unexpected error creating filesystem: %v", err)
}
fs := newFS(t)

cn := "demo-ca"
_, ca, err := generateRSACerts(cn)
Expand Down