// SetupCertificateAuthority is a utility function for kubeadm testing that creates a // CertificateAuthority cert/key pair func SetupCertificateAuthority(t *testing.T) (*x509.Certificate, crypto.Signer) { … } // SetupIntermediateCertificateAuthority is a utility function for kubeadm testing that creates a // Intermediate CertificateAuthority cert/key pair func SetupIntermediateCertificateAuthority(t *testing.T, parentCert *x509.Certificate, parentKey crypto.Signer, cn string) (*x509.Certificate, crypto.Signer) { … } // AssertCertificateIsSignedByCa is a utility function for kubeadm testing that asserts if a given certificate is signed // by the expected CA func AssertCertificateIsSignedByCa(t *testing.T, cert *x509.Certificate, signingCa *x509.Certificate) { … } // AssertCertificateHasNotBefore is a utility function for kubeadm testing that asserts if a given certificate has // the expected NotBefore. Truncate (round) expectedNotBefore to 1 second, since the certificate stores // with seconds as the maximum precision. func AssertCertificateHasNotBefore(t *testing.T, cert *x509.Certificate, expectedNotBefore time.Time) { … } // AssertCertificateHasNotAfter is a utility function for kubeadm testing that asserts if a given certificate has // the expected NotAfter. Truncate (round) expectedNotAfter to 1 second, since the certificate stores // with seconds as the maximum precision. func AssertCertificateHasNotAfter(t *testing.T, cert *x509.Certificate, expectedNotAfter time.Time) { … } // AssertCertificateHasCommonName is a utility function for kubeadm testing that asserts if a given certificate has // the expected SubjectCommonName func AssertCertificateHasCommonName(t *testing.T, cert *x509.Certificate, commonName string) { … } // AssertCertificateHasOrganizations is a utility function for kubeadm testing that asserts if a given certificate has // and only has the expected Subject.Organization func AssertCertificateHasOrganizations(t *testing.T, cert *x509.Certificate, organizations ...string) { … } // AssertCertificateHasClientAuthUsage is a utility function for kubeadm testing that asserts if a given certificate has // the expected ExtKeyUsageClientAuth func AssertCertificateHasClientAuthUsage(t *testing.T, cert *x509.Certificate) { … } // AssertCertificateHasServerAuthUsage is a utility function for kubeadm testing that asserts if a given certificate has // the expected ExtKeyUsageServerAuth func AssertCertificateHasServerAuthUsage(t *testing.T, cert *x509.Certificate) { … } // AssertCertificateHasDNSNames is a utility function for kubeadm testing that asserts if a given certificate has // the expected DNSNames func AssertCertificateHasDNSNames(t *testing.T, cert *x509.Certificate, DNSNames ...string) { … } // AssertCertificateHasIPAddresses is a utility function for kubeadm testing that asserts if a given certificate has // the expected IPAddresses func AssertCertificateHasIPAddresses(t *testing.T, cert *x509.Certificate, IPAddresses ...net.IP) { … } // CreateCACert creates a generic CA cert. func CreateCACert(t *testing.T) (*x509.Certificate, crypto.Signer) { … } // CreateTestCert makes a generic certificate with the given CA and alternative names. func CreateTestCert(t *testing.T, caCert *x509.Certificate, caKey crypto.Signer, altNames certutil.AltNames) (*x509.Certificate, crypto.Signer, *pkiutil.CertConfig) { … } type CertTestCase … // GetSparseCertTestCases produces a series of cert configurations and their intended outcomes. func GetSparseCertTestCases(t *testing.T) []CertTestCase { … } type PKIFiles … // WritePKIFiles writes the given files out to the given directory func WritePKIFiles(t *testing.T, dir string, files PKIFiles) { … }