1package reload 2 3import ( 4 "crypto/x509" 5 "io/ioutil" 6 "testing" 7 8 "github.com/hashicorp/errwrap" 9) 10 11func TestReload_KeyWithPassphrase(t *testing.T) { 12 password := "password" 13 cert := []byte(`-----BEGIN CERTIFICATE----- 14MIICLzCCAZgCCQCq27CeP4WhlDANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJV 15UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoM 16CUhhc2hpQ29ycDEUMBIGA1UEAwwLbXl2YXVsdC5jb20wHhcNMTcxMjEzMjEzNTM3 17WhcNMTgxMjEzMjEzNTM3WjBcMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAU 18BgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCUhhc2hpQ29ycDEUMBIGA1UE 19AwwLbXl2YXVsdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvsz/9l 20EJIlRG6DOw4fXdB/aJgJk2rR8cU0D8+vECIzb+MdDK0cBHtLiVpZC/RnZMdMzjGn 21Z++Fp3dEnT6CD0IjKdJcD+qSyZSjHIuYpHjnjrVlM/Le0xST7egoG+fXkSt4myzG 22ec2WK1jcZefRRGPycvMqx1yUWU76jDdFZSL5AgMBAAEwDQYJKoZIhvcNAQEFBQAD 23gYEAQfYE26FLZ9SPPU8bHNDxoxDmGrn8yJ78C490Qpix/w6gdLaBtILenrZbhpnB 243L3okraM8mplaN2KdAcpnsr4wPv9hbYkam0coxCQEKs8ltHSBaXT6uKRWb00nkGu 25yAXDRpuPdFRqbXW3ZFC5broUrz4ujxTDKfVeIn0zpPZkv24= 26-----END CERTIFICATE-----`) 27 key := []byte(`-----BEGIN RSA PRIVATE KEY----- 28Proc-Type: 4,ENCRYPTED 29DEK-Info: DES-EDE3-CBC,64B032D83BD6A6DC 30 31qVJ+mXEBKMkUPrQ8odHunMpPgChQUny4CX73/dAcm7O9iXIv9eXQSxj2qfgCOloj 32vthg7jYNwtRb0ydzCEnEud35zWw38K/l19/pe4ULfNXlOddlsk4XIHarBiz+KUaX 33WTbNk0H+DwdcEwhprPgpTk8gp88lZBiHCnTG/s8v/JNt+wkdqjfAp0Xbm9m+OZ7s 34hlNxZin1OuBdprBqfKWBltUALZYiIBhspMTmh+jGQSyEKNTAIBejIiRH5+xYWuOy 35xKencq8UpQMOMPR2ZiSw42dU9j8HHMgldI7KszU2FDIEFXG7aSjcxNyyybeBT+Uz 36YPoxGxSdUYWqaz50UszvHg/QWR8NlPlQc3nFAUVpGKUF9MEQCIAK8HjcpMP+IAVO 37ertp4cTa2Rpm9YeoFrY6tabvmXApXlQPw6rBn6o5KpceWG3ceOsDOsT+e3edHu9g 38SGO4hjggbRpO+dBOuwfw4rMn9X1BbqXKJcREAmrgVVSf9/s942E4YOQ+IGJPdtmY 39WHAFk8hiJepsVCA2NpwVlAD+QbPPaR2RtvYOtq3IKlWRuVQ+6dpxDsz5FlJhs2L+ 40HsX6XqtwuQM8kk1hO8Gm3VeV7+b64r9kfbO8jCM18GexCYiCtig51mJW6IO42d1K 41bS1axMx/KeDc/sy7LKEbHnjnYanpGz2Wa2EWhnWAeNXD1nUfUNFPp2SsIGbCMnat 42mC4O4cO7YRl3+iJg3kHtTPGtgtCjrZcjlyBtxT2VC7SsTcTXZBWovczMIstyr4Ka 43opM24uvQT3Bc0UM0WNh3tdRFuboxDeBDh7PX/2RIoiaMuCCiRZ3O0A== 44-----END RSA PRIVATE KEY-----`) 45 tempDir, err := ioutil.TempDir("", "vault-test") 46 if err != nil { 47 t.Fatalf("Error creating temporary directory: %s", err) 48 } 49 keyFile := tempDir + "/server.key" 50 certFile := tempDir + "/server.crt" 51 52 err = ioutil.WriteFile(certFile, cert, 0755) 53 if err != nil { 54 t.Fatalf("Error writing to temp file: %s", err) 55 } 56 err = ioutil.WriteFile(keyFile, key, 0755) 57 if err != nil { 58 t.Fatalf("Error writing to temp file: %s", err) 59 } 60 61 cg := NewCertificateGetter(certFile, keyFile, "") 62 err = cg.Reload(nil) 63 if err == nil { 64 t.Fatal("error expected") 65 } 66 if !errwrap.Contains(err, x509.IncorrectPasswordError.Error()) { 67 t.Fatalf("expected incorrect password error, got %v", err) 68 } 69 70 cg = NewCertificateGetter(certFile, keyFile, password) 71 if err := cg.Reload(nil); err != nil { 72 t.Fatalf("err: %v", err) 73 } 74} 75