Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 024ddf52b0
Branches Tags
helm-externa...
/
runtime
/
template
/
v2
/
pem_test.go

pem_test.go 11 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430 
  1. /*
    2. 

  2. Copyright © The ESO Authors
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package template
    18. 

  18. 

  19. import (
    20. 

  20. 	"os"
    21. 

  21. 	"slices"
    22. 

  22. 	"testing"
    23. 

  23. )
    24. 

  24. 

  25. const (
    26. 

  26. 	certData = `-----BEGIN CERTIFICATE-----
    27. 

  27. MIIDHTCCAgWgAwIBAgIRAKC4yxy9QGocND+6avTf7BgwDQYJKoZIhvcNAQELBQAw
    28. 

  28. EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0yMTAzMjAyMDA4MDhaFw0yMTAzMjAyMDM4
    29. 

  29. MDhaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
    30. 

  30. ggEKAoIBAQC3o6/JdZEqNbqNRkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4Nzj
    31. 

  31. aG15owr92/11W0pxPUliRLti3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvW
    32. 

  32. Y8jh8A0LQALZiV/9QsrJdXZdS47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE
    33. 

  33. 1gEDqnKfRxXI8DEQKXr+CKPUwCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4e
    34. 

  34. ugHe52vXHdh/HJ9VjNp0xOH1waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJa
    35. 

  35. YOOonQSEswveSv6PcG9AHvpNPot2Xs6hAgMBAAGjbjBsMA4GA1UdDwEB/wQEAwIC
    36. 

  36. pDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    37. 

  37. BBR00805mrpoonp95RmC3B6oLl+cGTAVBgNVHREEDjAMggpnb29ibGUuY29tMA0G
    38. 

  38. CSqGSIb3DQEBCwUAA4IBAQAipc1b6JrEDayPjpz5GM5krcI8dCWVd8re0a9bGjjN
    39. 

  39. ioWGlu/eTr5El0ffwCNZ2WLmL9rewfHf/bMvYz3ioFZJ2OTxfazqYXNggQz6cMfa
    40. 

  40. lbedDCdt5XLVX2TyerGvFram+9Uyvk3l0uM7rZnwAmdirG4Tv94QRaD3q4xTj/c0
    41. 

  41. mv+AggtK0aRFb9o47z/BypLdk5mhbf3Mmr88C8XBzEnfdYyf4JpTlZrYLBmDCu5d
    42. 

  42. 9RLLsjXxhag8xqMtd1uLUM8XOTGzVWacw8iGY+CTtBKqyA+AE6/bDwZvEwVtsKtC
    43. 

  43. QJ85ioEpy00NioqcF0WyMZH80uMsPycfpnl5uF7RkW8u
    44. 

  44. -----END CERTIFICATE-----
    45. 

  45. `
    46. 

  46. 

  47. 	otherCert = `-----BEGIN CERTIFICATE-----
    48. 

  48. MIIBqjCCAU+gAwIBAgIRAPnGGsBUMbZhmh5QdnYdBmUwCgYIKoZIzj0EAwIwGjEY
    49. 

  49. MBYGA1UEAxMPaW50ZXJtZWRpYXRlLWNhMB4XDTIyMDIwOTEwMjUzMVoXDTIyMDIx
    50. 

  50. MDEwMjUzMVowDjEMMAoGA1UEAxMDZm9vMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
    51. 

  51. QgAEqnxdeInykx8JZsLi13rZLekoG2cosQ3F+2InVNy7hCQ7soMqdaJsGQ6LFtov
    52. 

  52. ogUFtOOTRWrunblqNWGZsowHbKOBgTB/MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUE
    53. 

  53. FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFLtundVbuKd73OWzo6SY
    54. 

  54. by0Ajeb2MB8GA1UdIwQYMBaAFCLg80J/bZBbOd+Y8+V94l5xM2zEMA4GA1UdEQQH
    55. 

  55. MAWCA2ZvbzAKBggqhkjOPQQDAgNJADBGAiEA4K4SbVNqrEtl7RfwBfJFMnWI+X8D
    56. 

  56. zMPMc4Xqzp2qTxcCIQDsySgtiakypZfWakpB49zJph0kLwGK8xhWvGMUw1N1/w==
    57. 

  57. -----END CERTIFICATE-----
    58. 

  58. `
    59. 

  59. 

  60. 	keyData = `-----BEGIN PRIVATE KEY-----
    61. 

  61. MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC3o6/JdZEqNbqN
    62. 

  62. RkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4NzjaG15owr92/11W0pxPUliRLti
    63. 

  63. 3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvWY8jh8A0LQALZiV/9QsrJdXZd
    64. 

  64. S47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE1gEDqnKfRxXI8DEQKXr+CKPU
    65. 

  65. wCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4eugHe52vXHdh/HJ9VjNp0xOH1
    66. 

  66. waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJaYOOonQSEswveSv6PcG9AHvpN
    67. 

  67. Pot2Xs6hAgMBAAECggEACTGPrmVNZDCWa1Y2hkJ0J7SoNcw+9O4M/jwMp4l/PD6P
    68. 

  68. I98S78LYLCZhPLK17SmjUcnFO1AXKW1JeFS2D/fjfP256guvcqQNjLFoioxcOhVb
    69. 

  69. ZGyd1Mi8JPqP5wfOj16gBeYDwTkjz9wqldcfiZaL9XoXetkZecbzR2JwC2FtIVuC
    70. 

  70. 0njTjMNYpaBKnoLb8OTR0EQz7lYEo2MkQiWryz8wseONnFmdfh18p+p10YgCbuCH
    71. 

  71. qesrWfDLLxaxZelNtDhDngg9LoCLmarYy7BgShacmUEgJTZ/x3xFC75thK3ln0OY
    72. 

  72. +ktTgvVotYYaZi7qAjQiEsTvkTAPg5RMpQLd2UIWsQKBgQDCBp+1vURbwGzmTNUg
    73. 

  73. HMipD6WDFdLc9DCacx6+ZqsEPTMWQbCpVZrDKiY0Rjt5F+xOCyMr00J5RDJXRC0G
    74. 

  74. +L7NcJdywOFutT7vB+cmETg7l/6PHweNYBnE66706eTL/KVYZMi4tEinarPWhHmL
    75. 

  75. jasfdLANtpDjdWkRt299TkPRbQKBgQDyS8Rr7KZdv04Csqkf+ASmiJpT5R6Y72kc
    76. 

  76. 3XYpKETyB2FyPZkuh/zInMut9SkkSI9O/jA3zf956jj6sF1DHvp7T8KkIp5OAQeD
    77. 

  77. J9AF65m2MnZfHFUeJ6ZQsggwMWqrD0ycIWP7YWtiBHH+D1wGkjYrssq+bvG/yNpA
    78. 

  78. LtqdKq9lhQKBgQCZA2hIhy61vRckuEsLvCdzTGeW7UsR/XGnHEqOlaEhArKbRsrv
    79. 

  79. gBdA+qiOaSTV5svw8E+YbE7sG6AnuhhYeyreEYEeeoZOLJmpIG5mUwYp2UBj1nC6
    80. 

  80. SaOI7OVZOGu7g09SWokBQQxbG4cgEfFY4Sym7fs5lVTGTP3Dfwppo6NQMQKBgQCo
    81. 

  81. J5NDP3Lafwk58BpV+H/pv8YzUUDh7M2rXbtCpxLqUdr8OOnVlEUISWFF8m5CIyVq
    82. 

  82. MhjuscWLK9Wtjba7/YTjDaDM3sW05xv6lyfU5ATCoNTr/zLHgcb4HAZ4w+L+otiN
    83. 

  83. RtMnxB2NYf5mzuwUF2cG/secUEzwyAlIH/xStSwTLQKBgQCRvqF+rqxnegoOgwVW
    84. 

  84. qrWPv06wXD8dW2FlPpY5GXqA0l6erSK3YsQQToRmbem9ibPD7bd5P4gNbWfxwK4C
    85. 

  85. Wt+1Rcb8OrDhDJbYz85bXBnPecKp4EN0b9SHO0/dsCqn2w30emc+9T/4m1ZDkpBd
    86. 

  86. BixHvI/EJ8YK3ta5WdJWKC6hnA==
    87. 

  87. -----END PRIVATE KEY-----
    88. 

  88. `
    89. 

  89. )
    90. 

  90. 

  91. const (
    92. 

  92. 	filterPrivateKey = "private key"
    93. 

  93. 	filterCert       = "certificate"
    94. 

  94. )
    95. 

  95. 

  96. func TestFilterPEM(t *testing.T) {
    97. 

  97. 	type args struct {
    98. 

  98. 		input   string
    99. 

  99. 		pemType string
    100. 

  100. 	}
    101. 

  101. 	tests := []struct {
    102. 

  102. 		name    string
    103. 

  103. 		args    args
    104. 

  104. 		want    string
    105. 

  105. 		wantErr bool
    106. 

  106. 	}{
    107. 

  107. 		{
    108. 

  108. 			name: "extract cert / cert first",
    109. 

  109. 			args: args{
    110. 

  110. 				input:   certData + keyData,
    111. 

  111. 				pemType: filterCert,
    112. 

  112. 			},
    113. 

  113. 			want: certData,
    114. 

  114. 		},
    115. 

  115. 		{
    116. 

  116. 			name: "extract cert / key first",
    117. 

  117. 			args: args{
    118. 

  118. 				input:   keyData + certData,
    119. 

  119. 				pemType: filterCert,
    120. 

  120. 			},
    121. 

  121. 			want: certData,
    122. 

  122. 		},
    123. 

  123. 		{
    124. 

  124. 			name: "extract multiple certs",
    125. 

  125. 			args: args{
    126. 

  126. 				input:   keyData + certData + keyData + otherCert,
    127. 

  127. 				pemType: filterCert,
    128. 

  128. 			},
    129. 

  129. 			want: certData + otherCert,
    130. 

  130. 		},
    131. 

  131. 		{
    132. 

  132. 			name: "extract key",
    133. 

  133. 			args: args{
    134. 

  134. 				input:   keyData + certData,
    135. 

  135. 				pemType: filterPrivateKey,
    136. 

  136. 			},
    137. 

  137. 			want: keyData,
    138. 

  138. 		},
    139. 

  139. 		{
    140. 

  140. 			name: "key with junk",
    141. 

  141. 			args: args{
    142. 

  142. 				input:   certData + keyData + "some ---junk---",
    143. 

  143. 				pemType: filterPrivateKey,
    144. 

  144. 			},
    145. 

  145. 			want: keyData,
    146. 

  146. 		},
    147. 

  147. 		{
    148. 

  148. 			name: "begin/end with junk",
    149. 

  149. 			args: args{
    150. 

  150. 				// pem.Decode trims junk from the beginning of the input
    151. 

  151. 				// so we are able to decode both cert & key
    152. 

  152. 				input:   "some junk" + certData + keyData + "some ---junk---",
    153. 

  153. 				pemType: filterPrivateKey,
    154. 

  154. 			},
    155. 

  155. 			want: keyData,
    156. 

  156. 		},
    157. 

  157. 		{
    158. 

  158. 			name: "interleaved junk",
    159. 

  159. 			args: args{
    160. 

  160. 				// can parse cert but not key due to junk
    161. 

  161. 				input:   certData + "some junk" + keyData,
    162. 

  162. 				pemType: filterPrivateKey,
    163. 

  163. 			},
    164. 

  164. 			wantErr: true,
    165. 

  165. 		},
    166. 

  166. 		{
    167. 

  167. 			name: "err when junk",
    168. 

  168. 			args: args{
    169. 

  169. 				input:   "---junk---",
    170. 

  170. 				pemType: filterPrivateKey,
    171. 

  171. 			},
    172. 

  172. 			wantErr: true,
    173. 

  173. 		},
    174. 

  174. 	}
    175. 

  175. 	for _, tt := range tests {
    176. 

  176. 		t.Run(tt.name, func(t *testing.T) {
    177. 

  177. 			got, err := filterPEM(tt.args.pemType, tt.args.input)
    178. 

  178. 			if (err != nil) != tt.wantErr {
    179. 

  179. 				t.Errorf("filterPEM() error = %v, wantErr %v", err, tt.wantErr)
    180. 

  180. 				return
    181. 

  181. 			}
    182. 

  182. 			if got != tt.want {
    183. 

  183. 				t.Errorf("filterPEM() = %v, want %v", got, tt.want)
    184. 

  184. 			}
    185. 

  185. 		})
    186. 

  186. 	}
    187. 

  187. }
    188. 

  188. 

  189. type filterCertChainTestArgs struct {
    190. 

  190. 	input    []string
    191. 

  191. 	certType string
    192. 

  192. }
    193. 

  193. 

  194. type filterCertChainTest struct {
    195. 

  195. 	name    string
    196. 

  196. 	args    filterCertChainTestArgs
    197. 

  197. 	want    string
    198. 

  198. 	wantErr bool
    199. 

  199. }
    200. 

  200. 

  201. func TestFilterCertChain(t *testing.T) {
    202. 

  202. 	const (
    203. 

  203. 		leafCertPath         = "_testdata/foo.crt"
    204. 

  204. 		intermediateCertPath = "_testdata/intermediate-ca.crt"
    205. 

  205. 		rootCertPath         = "_testdata/root-ca.crt"
    206. 

  206. 		rootKeyPath          = "_testdata/root-ca.key"
    207. 

  207. 	)
    208. 

  208. 	tests := []filterCertChainTest{
    209. 

  209. 		{
    210. 

  210. 			name: "extract leaf cert / empty cert chain",
    211. 

  211. 			args: filterCertChainTestArgs{
    212. 

  212. 				input:    []string{},
    213. 

  213. 				certType: certTypeLeaf,
    214. 

  214. 			},
    215. 

  215. 			wantErr: true,
    216. 

  216. 		},
    217. 

  217. 		{
    218. 

  218. 			name: "extract leaf cert / cert chain with pkey",
    219. 

  219. 			args: filterCertChainTestArgs{
    220. 

  220. 				input: []string{
    221. 

  221. 					leafCertPath,
    222. 

  222. 					rootKeyPath,
    223. 

  223. 				},
    224. 

  224. 				certType: certTypeLeaf,
    225. 

  225. 			},
    226. 

  226. 			wantErr: true,
    227. 

  227. 		},
    228. 

  228. 		{
    229. 

  229. 			name: "extract leaf cert / leaf cert only",
    230. 

  230. 			args: filterCertChainTestArgs{
    231. 

  231. 				input: []string{
    232. 

  232. 					leafCertPath,
    233. 

  233. 				},
    234. 

  234. 				certType: certTypeLeaf,
    235. 

  235. 			},
    236. 

  236. 			want: leafCertPath,
    237. 

  237. 		},
    238. 

  238. 		{
    239. 

  239. 			name: "extract leaf cert / cert chain without root",
    240. 

  240. 			args: filterCertChainTestArgs{
    241. 

  241. 				input: []string{
    242. 

  242. 					leafCertPath,
    243. 

  243. 					intermediateCertPath,
    244. 

  244. 				},
    245. 

  245. 				certType: certTypeLeaf,
    246. 

  246. 			},
    247. 

  247. 			want: leafCertPath,
    248. 

  248. 		},
    249. 

  249. 		{
    250. 

  250. 			name: "extract leaf cert / root cert only",
    251. 

  251. 			args: filterCertChainTestArgs{
    252. 

  252. 				input: []string{
    253. 

  253. 					rootCertPath,
    254. 

  254. 				},
    255. 

  255. 				certType: certTypeLeaf,
    256. 

  256. 			},
    257. 

  257. 			want: "",
    258. 

  258. 		},
    259. 

  259. 		{
    260. 

  260. 			name: "extract leaf cert / full cert chain",
    261. 

  261. 			args: filterCertChainTestArgs{
    262. 

  262. 				input: []string{
    263. 

  263. 					leafCertPath,
    264. 

  264. 					intermediateCertPath,
    265. 

  265. 					rootCertPath,
    266. 

  266. 				},
    267. 

  267. 				certType: certTypeLeaf,
    268. 

  268. 			},
    269. 

  269. 			want: leafCertPath,
    270. 

  270. 		},
    271. 

  271. 		{
    272. 

  272. 			name: "extract intermediate cert / leaf cert only",
    273. 

  273. 			args: filterCertChainTestArgs{
    274. 

  274. 				input: []string{
    275. 

  275. 					leafCertPath,
    276. 

  276. 				},
    277. 

  277. 				certType: certTypeIntermediate,
    278. 

  278. 			},
    279. 

  279. 			want: "",
    280. 

  280. 		},
    281. 

  281. 		{
    282. 

  282. 			name: "extract intermediate cert / cert chain without root",
    283. 

  283. 			args: filterCertChainTestArgs{
    284. 

  284. 				input: []string{
    285. 

  285. 					leafCertPath,
    286. 

  286. 					intermediateCertPath,
    287. 

  287. 				},
    288. 

  288. 				certType: certTypeIntermediate,
    289. 

  289. 			},
    290. 

  290. 			want: intermediateCertPath,
    291. 

  291. 		},
    292. 

  292. 		{
    293. 

  293. 			name: "extract intermediate cert / full cert chain",
    294. 

  294. 			args: filterCertChainTestArgs{
    295. 

  295. 				input: []string{
    296. 

  296. 					leafCertPath,
    297. 

  297. 					intermediateCertPath,
    298. 

  298. 					rootCertPath,
    299. 

  299. 				},
    300. 

  300. 				certType: certTypeIntermediate,
    301. 

  301. 			},
    302. 

  302. 			want: intermediateCertPath,
    303. 

  303. 		},
    304. 

  304. 		{
    305. 

  305. 			name: "extract root cert / leaf cert only",
    306. 

  306. 			args: filterCertChainTestArgs{
    307. 

  307. 				input: []string{
    308. 

  308. 					leafCertPath,
    309. 

  309. 				},
    310. 

  310. 				certType: certTypeRoot,
    311. 

  311. 			},
    312. 

  312. 			want: "",
    313. 

  313. 		},
    314. 

  314. 		{
    315. 

  315. 			name: "extract root cert / root cert only",
    316. 

  316. 			args: filterCertChainTestArgs{
    317. 

  317. 				input: []string{
    318. 

  318. 					rootCertPath,
    319. 

  319. 				},
    320. 

  320. 				certType: certTypeRoot,
    321. 

  321. 			},
    322. 

  322. 			want: rootCertPath,
    323. 

  323. 		},
    324. 

  324. 		{
    325. 

  325. 			name: "extract root cert / full cert chain",
    326. 

  326. 			args: filterCertChainTestArgs{
    327. 

  327. 				input: []string{
    328. 

  328. 					leafCertPath,
    329. 

  329. 					intermediateCertPath,
    330. 

  330. 					rootCertPath,
    331. 

  331. 				},
    332. 

  332. 				certType: certTypeRoot,
    333. 

  333. 			},
    334. 

  334. 			want: rootCertPath,
    335. 

  335. 		},
    336. 

  336. 	}
    337. 

  337. 	for _, tt := range tests {
    338. 

  338. 		runFilterCertChainTest(t, tt)
    339. 

  339. 	}
    340. 

  340. }
    341. 

  341. 

  342. func runFilterCertChainTest(t *testing.T, tt filterCertChainTest) {
    343. 

  343. 	t.Run(tt.name, func(t *testing.T) {
    344. 

  344. 		chainIn, err := readCertificates(tt.args.input)
    345. 

  345. 		if err != nil {
    346. 

  346. 			t.Error(err)
    347. 

  347. 		}
    348. 

  348. 		var expOut []byte
    349. 

  349. 		if tt.want != "" {
    350. 

  350. 			var err error
    351. 

  351. 			expOut, err = os.ReadFile(tt.want)
    352. 

  352. 			if err != nil {
    353. 

  353. 				t.Error(err)
    354. 

  354. 			}
    355. 

  355. 		}
    356. 

  356. 		got, err := filterCertChain(tt.args.certType, string(chainIn))
    357. 

  357. 		if (err != nil) != tt.wantErr {
    358. 

  358. 			t.Errorf("filterCertChain() error = %v, wantErr %v", err, tt.wantErr)
    359. 

  359. 			return
    360. 

  360. 		}
    361. 

  361. 		if got != string(expOut) {
    362. 

  362. 			t.Errorf("filterCertChain() = %v, want %v", got, string(expOut))
    363. 

  363. 		}
    364. 

  364. 	})
    365. 

  365. }
    366. 

  366. 

  367. func readCertificates(certFiles []string) ([]byte, error) {
    368. 

  368. 	var certificates []byte
    369. 

  369. 	for _, f := range certFiles {
    370. 

  370. 		c, err := os.ReadFile(f)
    371. 

  371. 		if err != nil {
    372. 

  372. 			return nil, err
    373. 

  373. 		}
    374. 

  374. 		certificates = append(certificates, c...)
    375. 

  375. 	}
    376. 

  376. 	return certificates, nil
    377. 

  377. }
    378. 

  378. 

  379. func TestCertSANs(t *testing.T) {
    380. 

  380. 	tests := []struct {
    381. 

  381. 		name    string
    382. 

  382. 		input   string
    383. 

  383. 		want    []string
    384. 

  384. 		wantErr bool
    385. 

  385. 	}{
    386. 

  386. 		{
    387. 

  387. 			name:  "extract DNS SANs from cert",
    388. 

  388. 			input: certData,
    389. 

  389. 			want:  []string{"gooble.com"},
    390. 

  390. 		},
    391. 

  391. 		{
    392. 

  392. 			name:    "invalid PEM input",
    393. 

  393. 			input:   "not a pem",
    394. 

  394. 			wantErr: true,
    395. 

  395. 		},
    396. 

  396. 		{
    397. 

  397. 			name:    "empty input",
    398. 

  398. 			input:   "",
    399. 

  399. 			wantErr: true,
    400. 

  400. 		},
    401. 

  401. 		{
    402. 

  402. 			name:  "cert with junk before PEM",
    403. 

  403. 			input: "some junk\n" + certData,
    404. 

  404. 			want:  []string{"gooble.com"},
    405. 

  405. 		},
    406. 

  406. 		{
    407. 

  407. 			name: "cert from file with all types of SANs",
    408. 

  408. 			input: func() string {
    409. 

  409. 				b, err := os.ReadFile("_testdata/sans.crt")
    410. 

  410. 				if err != nil {
    411. 

  411. 					panic("test setup failed: " + err.Error())
    412. 

  412. 				}
    413. 

  413. 				return string(b)
    414. 

  414. 			}(),
    415. 

  415. 			want: []string{"example.com", "www.example.com", "192.168.1.10", "10.0.0.1", "admin@example.com", "https://example.com"},
    416. 

  416. 		},
    417. 

  417. 	}
    418. 

  418. 	for _, tt := range tests {
    419. 

  419. 		t.Run(tt.name, func(t *testing.T) {
    420. 

  420. 			got, err := certSANs(tt.input)
    421. 

  421. 			if (err != nil) != tt.wantErr {
    422. 

  422. 				t.Errorf("certSANs() error = %v, wantErr %v", err, tt.wantErr)
    423. 

  423. 				return
    424. 

  424. 			}
    425. 

  425. 			if !tt.wantErr && !slices.Equal(got, tt.want) {
    426. 

  426. 				t.Errorf("certSANs() = %v, want %v", got, tt.want)
    427. 

  427. 			}
    428. 

  428. 		})
    429. 

  429. 	}
    430. 

  430. }
    431.