UNPKG

ts-spiffe

Version:

typescript client for spiffe

github.com/andyfurnival/spiffe-library

andyfurnival/spiffe-library

54 lines (39 loc) 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import { CertificateUtils } from "./CertificateUtils"; import { SpiffeId, TrustDomain } from "../spiffeid"; import { Name } from "@peculiar/x509"; describe('CertificateUtils', () => { it('Creates a valid CA root', async () => { const {certificate} = await CertificateUtils.createRootCA("spiffe://server.fs.com") const subject = new Name(certificate.subject); const commonName = subject.getField("2.5.4.10")[0]; expect(commonName).toBe("Spiffe RootCA") expect(SpiffeId.getSpiffeId(certificate).toString()).toBe("spiffe://server.fs.com") }) it('Create a valid Certificate issued from the CA',async () =>{ const ca = await CertificateUtils.createRootCA("spiffe://server.fs.com") const leaf = await CertificateUtils.createCertificate("O=Demo Org", "spiffe://server.fs.com", ca.certificate, ca.privateKey) // Extract the CommonName from the issuer field const issuerName = new Name(leaf.certificate.issuer); const commonName = issuerName.getField("2.5.4.10")[0]; expect(SpiffeId.getSpiffeId(leaf.certificate).toString()).toBe("spiffe://server.fs.com") expect(commonName).toBe("Spiffe RootCA") expect(ca.certificate.verify(leaf.certificate)).toBeTruthy(); }) it('Certificate has a valid spiffeId', async () =>{ const rootCA = await CertificateUtils.createRootCA("spiffe://server.fs.com") const leaf = await CertificateUtils.createCertificate("Demo Org", "spiffe://server.fs.com/workload", rootCA.certificate, rootCA.privateKey) const spiffeId = SpiffeId.getSpiffeId(leaf.certificate); expect(spiffeId.toString()).toBe("spiffe://server.fs.com/workload") }) it ('TrustDomain can be extracted from Certificate', async () =>{ const rootCA = await CertificateUtils.createRootCA("spiffe://server.fs.com") const intermediate = await CertificateUtils.createCertificate("Demo Org", "spiffe://server.fs.com/host", rootCA.certificate, rootCA.privateKey) const leaf = await CertificateUtils.createCertificate("Demo Org", "spiffe://server.fs.com/workload", intermediate.certificate, intermediate.privateKey) const intermediateCert = intermediate.certificate; const leafCert = leaf.certificate; const chain = Array.of(leafCert, intermediateCert) const trustDomain = SpiffeId.getTrustDomain(chain) expect(trustDomain).not.toBeNull() expect(TrustDomain.parse("server.fs.com")).toStrictEqual(trustDomain) }) });