testca

package

v1.2.1 Latest Latest Go to latest Published: Apr 17, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/razashariff/agentpass-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package testca builds AgentPass-shaped certificate bundles in memory for tests. It mirrors the DER extension layout produced by aptaas/pki.js so that the verifier is exercised against the exact wire format it will see in production.

This package is deliberately test-only. Production code MUST NOT import it; reflection-based or init-time behaviour in this package is acceptable only because it lives under internal/.

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	OIDAgentTrustLevel = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 99999, 1, 1}
	OIDAgentScope      = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 99999, 1, 2}
	OIDAgentIssuer     = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 99999, 1, 3}
)

Extension OIDs -- mirror github.com/razashariff/agentpass-go/extensions.go.

Functions ¶

This section is empty.

Types ¶

type AgentOptions ¶

type AgentOptions struct {
	CommonName string
	TrustLevel int
	Scopes     []string
	IssuerID   string
	NotBefore  time.Time
	NotAfter   time.Time

	// OmitTrust, OmitScope, OmitIssuer skip the corresponding
	// AgentPass custom extension. Used by tests that want to
	// assert on ErrMissingAgentExtensions.
	OmitTrust  bool
	OmitScope  bool
	OmitIssuer bool

	// BadTrustValue, if non-empty, overrides the normal "L<n>"
	// trust-level payload. Used by tests that want to hit
	// ErrInvalidTrustLevel.
	BadTrustValue string
}

AgentOptions controls the contents of the agent certificate that Build emits. Zero values produce a sensible L2 agent valid for 24h.

type Bundle ¶

type Bundle struct {
	CAKey     *ecdsa.PrivateKey
	CACert    *x509.Certificate
	CAPEM     []byte
	AgentKey  *ecdsa.PrivateKey
	AgentCert *x509.Certificate
	AgentPEM  []byte
}

Bundle is a throwaway CA plus one agent certificate, suitable for a single test. Each test gets a fresh Bundle so state cannot leak between test cases.

func Build ¶

func Build(opts AgentOptions) Bundle

Build produces a fresh CA + agent pair using the supplied options. It panics on crypto errors because test setup failing indicates a bug in this helper, not in the code under test.

Source Files ¶

View all Source files

testca.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL