Update based on comments

Signed-off-by: Hayden Blauzvern <[email protected]>
sigstore · Apr 7, 2022 · 72f22e6 · 72f22e6
1 parent 3e509fd
commit 72f22e6
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 19 deletions.
diff --git a/...rmediateca/fetch_ca_cert/fetch_ca_cert.go → cmd/fetch_ca_cert/fetch_ca_cert.go b/...rmediateca/fetch_ca_cert/fetch_ca_cert.go → cmd/fetch_ca_cert/fetch_ca_cert.go
@@ -40,7 +40,7 @@ import (
 
 /*
 To run:
-go run pkg/ca/intermediateca/update/fetch_ca_cert.go \
+go run cmd/fetch_ca_cert/fetch_ca_cert.go \
   --kms-resource="gcpkms://projects/<project>/locations/<region>/keyRings/<key-ring>/cryptoKeys/<key>/versions/1" \
   --gcp-ca-parent="projects/<project>/locations/<region>/caPools/<ca-pool>" \
   --output="chain.crt.pem"

diff --git a/pkg/ca/intermediateca/intermediateca_test.go b/pkg/ca/intermediateca/intermediateca_test.go
@@ -33,8 +33,8 @@ func TestIntermediateCARoot(t *testing.T) {
 		t.Fatalf("unexpected error generating signer: %v", err)
 	}
 
-	rootCert, rootKey, _ := test.GenerateRootCa()
-	subCert, _, _ := test.GenerateSubordinateCa(rootCert, rootKey)
+	rootCert, rootKey, _ := test.GenerateRootCA()
+	subCert, _, _ := test.GenerateSubordinateCA(rootCert, rootKey)
 	certChain := []*x509.Certificate{subCert, rootCert}
 	pemChain, err := cryptoutils.MarshalCertificatesToPEM(certChain)
 	if err != nil {
@@ -62,8 +62,8 @@ func TestIntermediateCAGetX509KeyPair(t *testing.T) {
 		t.Fatalf("unexpected error generating signer: %v", err)
 	}
 
-	rootCert, rootKey, _ := test.GenerateRootCa()
-	subCert, _, _ := test.GenerateSubordinateCa(rootCert, rootKey)
+	rootCert, rootKey, _ := test.GenerateRootCA()
+	subCert, _, _ := test.GenerateSubordinateCA(rootCert, rootKey)
 	certChain := []*x509.Certificate{subCert, rootCert}
 
 	ica := IntermediateCA{
@@ -83,8 +83,8 @@ func TestIntermediateCAGetX509KeyPair(t *testing.T) {
 }
 
 func TestIntermediateCAVerifyCertChain(t *testing.T) {
-	rootCert, rootKey, _ := test.GenerateRootCa()
-	subCert, subKey, _ := test.GenerateSubordinateCa(rootCert, rootKey)
+	rootCert, rootKey, _ := test.GenerateRootCA()
+	subCert, subKey, _ := test.GenerateSubordinateCA(rootCert, rootKey)
 	leafCert, _, _ := test.GenerateLeafCert("subject", "oidc-issuer", subCert, subKey)
 
 	err := VerifyCertChain([]*x509.Certificate{subCert, rootCert}, subKey)
@@ -99,7 +99,7 @@ func TestIntermediateCAVerifyCertChain(t *testing.T) {
 	}
 
 	// Handles multiple intermediates
-	subCert2, subKey2, _ := test.GenerateSubordinateCa(subCert, subKey)
+	subCert2, subKey2, _ := test.GenerateSubordinateCA(subCert, subKey)
 	err = VerifyCertChain([]*x509.Certificate{subCert2, subCert, rootCert}, subKey2)
 	if err != nil {
 		t.Fatalf("unexpected error verifying cert chain: %v", err)
@@ -113,14 +113,14 @@ func TestIntermediateCAVerifyCertChain(t *testing.T) {
 
 	// Failure: Certificate missing EKU
 	// Note that the wrong EKU will be caught by x509.Verify
-	invalidSubCert, invalidSubKey, _ := test.GenerateSubordinateCaWithoutEKU(rootCert, rootKey)
+	invalidSubCert, invalidSubKey, _ := test.GenerateSubordinateCAWithoutEKU(rootCert, rootKey)
 	err = VerifyCertChain([]*x509.Certificate{invalidSubCert, rootCert}, invalidSubKey)
 	if err == nil || !strings.Contains(err.Error(), "certificate must have extended key usage code signing") {
 		t.Fatalf("expected error verifying cert chain without EKU: %v", err)
 	}
 
 	// Failure: Invalid chain
-	rootCert2, _, _ := test.GenerateRootCa()
+	rootCert2, _, _ := test.GenerateRootCA()
 	err = VerifyCertChain([]*x509.Certificate{subCert, rootCert2}, subKey)
 	if err == nil || !strings.Contains(err.Error(), "certificate signed by unknown authority") {
 		t.Fatalf("expected error verifying cert chain: %v", err)
@@ -137,7 +137,7 @@ func TestIntermediateCAVerifyCertChain(t *testing.T) {
 	}
 
 	// Failure: Weak key
-	weakSubCert, weakSubKey, _ := test.GenerateWeakSubordinateCa(rootCert, rootKey)
+	weakSubCert, weakSubKey, _ := test.GenerateWeakSubordinateCA(rootCert, rootKey)
 	err = VerifyCertChain([]*x509.Certificate{weakSubCert, rootCert}, weakSubKey)
 	if err == nil || !strings.Contains(err.Error(), "unsupported ec curve") {
 		t.Fatalf("expected error verifying weak cert chain: %v", err)

diff --git a/pkg/ca/kmsca/kmsca_test.go b/pkg/ca/kmsca/kmsca_test.go
@@ -37,8 +37,8 @@ func TestNewKmsCA(t *testing.T) {
 	dir := t.TempDir()
 	certPath := filepath.Join(dir, "cert.pem")
 
-	rootCert, rootKey, _ := test.GenerateRootCa()
-	subCert, subKey, _ := test.GenerateSubordinateCa(rootCert, rootKey)
+	rootCert, rootKey, _ := test.GenerateRootCA()
+	subCert, subKey, _ := test.GenerateSubordinateCA(rootCert, rootKey)
 
 	pemChain, err := cryptoutils.MarshalCertificatesToPEM([]*x509.Certificate{subCert, rootCert})
 	if err != nil {
@@ -80,7 +80,7 @@ func TestNewKmsCA(t *testing.T) {
 	}
 
 	// Failure: Invalid certificate chain
-	otherRootCert, _, _ := test.GenerateRootCa()
+	otherRootCert, _, _ := test.GenerateRootCA()
 	pemChain, err = cryptoutils.MarshalCertificatesToPEM([]*x509.Certificate{subCert, otherRootCert})
 	if err != nil {
 		t.Fatalf("error marshalling cert chain: %v", err)

diff --git a/pkg/test/cert_utils.go b/pkg/test/cert_utils.go
@@ -29,7 +29,7 @@ import (
 /*
 To use:
 
-rootCert, rootKey, _ := GenerateRootCa()
+rootCert, rootKey, _ := GenerateRootCA()
 subCert, subKey, _ := GenerateSubordinateCa(rootCert, rootKey)
 leafCert, _, _ := GenerateLeafCert("subject", "oidc-issuer", subCert, subKey)
 
@@ -60,7 +60,7 @@ func createCertificate(template *x509.Certificate, parent *x509.Certificate, pub
 	return cert, nil
 }
 
-func GenerateRootCa() (*x509.Certificate, *ecdsa.PrivateKey, error) {
+func GenerateRootCA() (*x509.Certificate, *ecdsa.PrivateKey, error) {
 	rootTemplate := &x509.Certificate{
 		SerialNumber: big.NewInt(1),
 		Subject: pkix.Name{
@@ -87,7 +87,7 @@ func GenerateRootCa() (*x509.Certificate, *ecdsa.PrivateKey, error) {
 	return cert, priv, nil
 }
 
-func GenerateSubordinateCa(rootTemplate *x509.Certificate, rootPriv crypto.Signer) (*x509.Certificate, *ecdsa.PrivateKey, error) {
+func GenerateSubordinateCA(rootTemplate *x509.Certificate, rootPriv crypto.Signer) (*x509.Certificate, *ecdsa.PrivateKey, error) {
 	subTemplate := &x509.Certificate{
 		SerialNumber: big.NewInt(1),
 		Subject: pkix.Name{
@@ -115,7 +115,7 @@ func GenerateSubordinateCa(rootTemplate *x509.Certificate, rootPriv crypto.Signe
 	return cert, priv, nil
 }
 
-func GenerateWeakSubordinateCa(rootTemplate *x509.Certificate, rootPriv crypto.Signer) (*x509.Certificate, *ecdsa.PrivateKey, error) {
+func GenerateWeakSubordinateCA(rootTemplate *x509.Certificate, rootPriv crypto.Signer) (*x509.Certificate, *ecdsa.PrivateKey, error) {
 	subTemplate := &x509.Certificate{
 		SerialNumber: big.NewInt(1),
 		Subject: pkix.Name{
@@ -143,7 +143,7 @@ func GenerateWeakSubordinateCa(rootTemplate *x509.Certificate, rootPriv crypto.S
 	return cert, priv, nil
 }
 
-func GenerateSubordinateCaWithoutEKU(rootTemplate *x509.Certificate, rootPriv crypto.Signer) (*x509.Certificate, *ecdsa.PrivateKey, error) {
+func GenerateSubordinateCAWithoutEKU(rootTemplate *x509.Certificate, rootPriv crypto.Signer) (*x509.Certificate, *ecdsa.PrivateKey, error) {
 	subTemplate := &x509.Certificate{
 		SerialNumber: big.NewInt(1),
 		Subject: pkix.Name{