refactor: tidy up tls cert stuff

2025-12-15 22:56:48 +00:00 · 2021-01-20 13:11:06 +01:00
parent f17e0d761e
commit ab4776c332
6 changed files with 257 additions and 125 deletions
--- a/internal/config/tls/tls_test.go
+++ b/internal/config/tls/tls_test.go
@ -19,46 +19,59 @@ package tls

 import (
 	"io/ioutil"
-	"os"
-	"path/filepath"
-	"runtime"
 	"testing"
 	"time"

 	"github.com/stretchr/testify/require"
 )

-func TestTLSKeyRenewal(t *testing.T) {
-	// Remove keys.
-	configPath := "/tmp"
-	certPath := filepath.Join(configPath, "cert.pem")
-	keyPath := filepath.Join(configPath, "key.pem")
-	_ = os.Remove(certPath)
-	_ = os.Remove(keyPath)
-
+func TestGetOldConfig(t *testing.T) {
 	dir, err := ioutil.TempDir("", "test-tls")
 	require.NoError(t, err)

+	// Create new tls object.
 	tls := New(dir)

-	// Put old key there.
+	// Create new TLS template.
+	tlsTemplate, err := NewTLSTemplate()
+	require.NoError(t, err)
+
+	// Make the template be an old key.
 	tlsTemplate.NotBefore = time.Now().Add(-365 * 24 * time.Hour)
 	tlsTemplate.NotAfter = time.Now()
-	cert, err := tls.GenerateConfig()
-	require.Equal(t, err, ErrTLSCertExpireSoon)
-	require.Equal(t, len(cert.Certificates), 1)
-	time.Sleep(time.Second)
-	now, notValidAfter := time.Now(), cert.Certificates[0].Leaf.NotAfter
-	require.True(t, now.After(notValidAfter), "old certificate expected to not be valid at %v but have valid until %v", now, notValidAfter)

-	// Renew key.
+	// Generate the certs from the template.
+	require.NoError(t, tls.GenerateCerts(tlsTemplate))
+
+	// Generate the config from the certs -- it's going to expire soon so we don't want to use it.
+	_, err = tls.GetConfig()
+	require.Equal(t, err, ErrTLSCertExpiresSoon)
+}
+
+func TestGetValidConfig(t *testing.T) {
+	dir, err := ioutil.TempDir("", "test-tls")
+	require.NoError(t, err)
+
+	// Create new tls object.
+	tls := New(dir)
+
+	// Create new TLS template.
+	tlsTemplate, err := NewTLSTemplate()
+	require.NoError(t, err)
+
+	// Make the template be a new key.
 	tlsTemplate.NotBefore = time.Now()
 	tlsTemplate.NotAfter = time.Now().Add(2 * 365 * 24 * time.Hour)
-	cert, err = tls.GetConfig()
-	if runtime.GOOS != "darwin" { // Darwin is not supported.
-		require.NoError(t, err)
-	}
-	require.Equal(t, len(cert.Certificates), 1)
-	now, notValidAfter = time.Now(), cert.Certificates[0].Leaf.NotAfter
+
+	// Generate the certs from the template.
+	require.NoError(t, tls.GenerateCerts(tlsTemplate))
+
+	// Generate the config from the certs -- it's not going to expire soon so we want to use it.
+	config, err := tls.GetConfig()
+	require.NoError(t, err)
+	require.Equal(t, len(config.Certificates), 1)
+
+	// Check the cert is valid.
+	now, notValidAfter := time.Now(), config.Certificates[0].Leaf.NotAfter
 	require.False(t, now.After(notValidAfter), "new certificate expected to be valid at %v but have valid until %v", now, notValidAfter)
 }