Merge pull request #4008 from ElvinEfendi/refactor-get-fake-cert

refactor GetFakeSSLCert
2019-04-14 11:50:00 -07:00 · 2019-04-14 11:50:00 -07:00 · 461954facb
commit 461954facb
parent 4c37e0e4b7 13a7e2c5d0
4 changed files with 40 additions and 38 deletions
--- a/cmd/nginx/main.go
+++ b/cmd/nginx/main.go
@ -54,8 +54,6 @@ const (
 	// High enough Burst to fit all expected use cases. Burst=0 is not set here, because
 	// client code is overriding it.
 	defaultBurst = 1e6
-
-	fakeCertificateName = "default-fake-certificate"
 )

 func main() {
@ -109,20 +107,8 @@ func main() {
 		}
 	}

-	// create the default SSL certificate (dummy)
-	// TODO(elvinefendi) do this in a single function in ssl package
-	defCert, defKey := ssl.GetFakeSSLCert()
-	sslCert, err := ssl.CreateSSLCert(defCert, defKey)
-	if err != nil {
-		klog.Fatalf("unexpected error creating fake SSL Cert: %v", err)
-	}
-	err = ssl.StoreSSLCertOnDisk(fs, fakeCertificateName, sslCert)
-	if err != nil {
-		klog.Fatalf("unexpected error storing fake SSL Cert: %v", err)
-	}
-	conf.FakeCertificate = sslCert
+	conf.FakeCertificate = ssl.GetFakeSSLCert(fs)
 	klog.Infof("Created fake certificate with PemFileName: %v", conf.FakeCertificate.PemFileName)
-	// end create default fake SSL certificates

 	conf.Client = kubeClient

--- a/internal/ingress/controller/controller_test.go
+++ b/internal/ingress/controller/controller_test.go
@ -921,17 +921,7 @@ func newNGINXController(t *testing.T) *NGINXController {
 		pod,
 		false)

-	// BEGIN create fake ssl cert
-	defCert, defKey := ssl.GetFakeSSLCert()
-	sslCert, err := ssl.CreateSSLCert(defCert, defKey)
-	if err != nil {
-		t.Fatalf("unexpected error creating fake SSL Cert: %v", err)
-	}
-	err = ssl.StoreSSLCertOnDisk(fs, fakeCertificateName, sslCert)
-	if err != nil {
-		t.Fatalf("unexpected error storing fake SSL Cert: %v", err)
-	}
-	// END create fake ssl cert
+	sslCert := ssl.GetFakeSSLCert(fs)
 	config := &Configuration{
 		FakeCertificate: sslCert,
 		ListenPorts: &ngx_config.ListenPorts{
--- a/internal/net/ssl/ssl.go
+++ b/internal/net/ssl/ssl.go
@ -46,6 +46,10 @@ var (
 	oidExtensionSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17}
 )

+const (
+	fakeCertificateName = "default-fake-certificate"
+)
+
 // getPemFileName returns absolute file path and file name of pem cert related to given fullSecretName
 func getPemFileName(fullSecretName string) (string, string) {
 	pemName := fmt.Sprintf("%v.pem", fullSecretName)
@ -355,8 +359,7 @@ func AddOrUpdateDHParam(name string, dh []byte, fs file.Filesystem) (string, err

 // GetFakeSSLCert creates a Self Signed Certificate
 // Based in the code https://golang.org/src/crypto/tls/generate_cert.go
-func GetFakeSSLCert() ([]byte, []byte) {
-
+func GetFakeSSLCert(fs file.Filesystem) *ingress.SSLCert {
 	var priv interface{}
 	var err error

@ -400,7 +403,17 @@ func GetFakeSSLCert() ([]byte, []byte) {

 	key := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv.(*rsa.PrivateKey))})

-	return cert, key
+	sslCert, err := CreateSSLCert(cert, key)
+	if err != nil {
+		klog.Fatalf("unexpected error creating fake SSL Cert: %v", err)
+	}
+
+	err = StoreSSLCertOnDisk(fs, fakeCertificateName, sslCert)
+	if err != nil {
+		klog.Fatalf("unexpected error storing fake SSL Cert: %v", err)
+	}
+
+	return sslCert
 }

 // FullChainCert checks if a certificate file contains issues in the intermediate CA chain
--- a/internal/net/ssl/ssl_test.go
+++ b/internal/net/ssl/ssl_test.go
@ -139,20 +139,33 @@ func TestCACert(t *testing.T) {
 }

 func TestGetFakeSSLCert(t *testing.T) {
-	k, c := GetFakeSSLCert()
-	if len(k) == 0 {
-		t.Fatalf("expected a valid key")
+	fs := newFS(t)
+
+	sslCert := GetFakeSSLCert(fs)
+
+	if len(sslCert.PemCertKey) == 0 {
+		t.Fatalf("expected PemCertKey to not be empty")
 	}
-	if len(c) == 0 {
-		t.Fatalf("expected a valid certificate")
+
+	if len(sslCert.PemFileName) == 0 {
+		t.Fatalf("expected PemFileName to not be empty")
+	}
+
+	if len(sslCert.CN) != 2 {
+		t.Fatalf("expected 2 entries in CN, but got %v", len(sslCert.CN))
+	}
+
+	if sslCert.CN[0] != "Kubernetes Ingress Controller Fake Certificate" {
+		t.Fatalf("expected common name to be \"Kubernetes Ingress Controller Fake Certificate\" but got %v", sslCert.CN[0])
+	}
+
+	if sslCert.CN[1] != "ingress.local" {
+		t.Fatalf("expected a DNS name \"ingress.local\" but got: %v", sslCert.CN[1])
 	}
 }

 func TestConfigureCACert(t *testing.T) {
-	fs, err := file.NewFakeFS()
-	if err != nil {
-		t.Fatalf("unexpected error creating filesystem: %v", err)
-	}
+	fs := newFS(t)

 	cn := "demo-ca"
 	_, ca, err := generateRSACerts(cn)