Cleanup ca/ca.go and use new helper

Signed-off-by: apostasie <spam_blackhole@farcloser.world>

Author: apostasie

pkg/testutil/nerdtest/ca/ca.go

@@ -31,9 +31,9 @@ import (
 
 	"github.com/containerd/nerdctl/mod/tigron/expect"
 	"github.com/containerd/nerdctl/mod/tigron/test"
+	"github.com/containerd/nerdctl/mod/tigron/utils"
 
 	"github.com/containerd/nerdctl/v2/pkg/inspecttypes/dockercompat"
-	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/ca"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/platform"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nettestutil"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/portlock"
@@ -119,7 +119,7 @@ func ensureContainerStarted(helpers test.Helpers, con string) {
 	}
 }
 
-func NewCesantaAuthServer(data test.Data, helpers test.Helpers, ca *ca.CA, port int, user, pass string, tls bool) *TokenAuthServer {
+func NewCesantaAuthServer(data test.Data, helpers test.Helpers, ca *utils.Cert, port int, user, pass string, tls bool) *TokenAuthServer {
 	// listen on 0.0.0.0 to enable 127.0.0.1
 	listenIP := net.ParseIP("0.0.0.0")
 	hostIP, err := nettestutil.NonLoopbackIPv4()
@@ -165,7 +165,7 @@ func NewCesantaAuthServer(data test.Data, helpers test.Helpers, ca *ca.CA, port
 	err = cc.Save(configFileName)
 	assert.NilError(helpers.T(), err, fmt.Errorf("failed writing configuration: %w", err))
 
-	cert := ca.NewCert(hostIP.String())
+	cert := ca.GenerateServerX509(data, helpers, hostIP.String())
 	// FIXME: this will fail in many circumstances. Review strategy on how to acquire a free port.
 	// We probably have better code for that already somewhere.
 	port, err = portlock.Acquire(port)
@@ -177,13 +177,9 @@ func NewCesantaAuthServer(data test.Data, helpers test.Helpers, ca *ca.CA, port
 	cleanup := func(data test.Data, helpers test.Helpers) {
 		helpers.Ensure("rm", "-f", containerName)
 		errPortRelease := portlock.Release(port)
-		errCertClose := cert.Close()
 		if errPortRelease != nil {
 			helpers.T().Error(errPortRelease.Error())
 		}
-		if errCertClose != nil {
-			helpers.T().Error(errCertClose.Error())
-		}
 	}
 
 	setup := func(data test.Data, helpers test.Helpers) {

pkg/testutil/nerdtest/registry/cesanta.go

@@ -25,15 +25,15 @@ import (
 	"gotest.tools/v3/assert"
 
 	"github.com/containerd/nerdctl/mod/tigron/test"
+	"github.com/containerd/nerdctl/mod/tigron/utils"
 
-	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/ca"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/hoststoml"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/platform"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nettestutil"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/portlock"
 )
 
-func NewDockerRegistry(data test.Data, helpers test.Helpers, currentCA *ca.CA, port int, auth Auth) *Server {
+func NewDockerRegistry(data test.Data, helpers test.Helpers, currentCA *utils.Cert, port int, auth Auth) *Server {
 	// listen on 0.0.0.0 to enable 127.0.0.1
 	listenIP := net.ParseIP("0.0.0.0")
 	hostIP, err := nettestutil.NonLoopbackIPv4()
@@ -56,10 +56,10 @@ func NewDockerRegistry(data test.Data, helpers test.Helpers, currentCA *ca.CA, p
 		"--name", containerName,
 	}
 	scheme := "http"
-	var cert *ca.Cert
+	var cert *utils.Cert
 	if currentCA != nil {
 		scheme = "https"
-		cert = currentCA.NewCert(hostIP.String(), "127.0.0.1", "localhost", "::1")
+		cert = currentCA.GenerateServerX509(data, helpers, hostIP.String(), "127.0.0.1", "localhost", "::1")
 		args = append(args,
 			"--env", "REGISTRY_HTTP_TLS_CERTIFICATE=/registry/domain.crt",
 			"--env", "REGISTRY_HTTP_TLS_KEY=/registry/domain.key",
@@ -86,10 +86,6 @@ func NewDockerRegistry(data test.Data, helpers test.Helpers, currentCA *ca.CA, p
 		helpers.Anyhow("rm", "-f", containerName)
 		errPortRelease := portlock.Release(port)
 
-		if cert != nil {
-			assert.NilError(helpers.T(), cert.Close(), fmt.Errorf("failed cleaning certificates: %w", err))
-		}
-
 		assert.NilError(helpers.T(), errPortRelease, fmt.Errorf("failed releasing port: %w", err))
 	}
 

pkg/testutil/nerdtest/registry/docker.go

@@ -25,14 +25,14 @@ import (
 	"gotest.tools/v3/assert"
 
 	"github.com/containerd/nerdctl/mod/tigron/test"
+	"github.com/containerd/nerdctl/mod/tigron/utils"
 
-	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/ca"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/platform"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nettestutil"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/portlock"
 )
 
-func NewKuboRegistry(data test.Data, helpers test.Helpers, t *testing.T, currentCA *ca.CA, port int, auth Auth) *Server {
+func NewKuboRegistry(data test.Data, helpers test.Helpers, t *testing.T, currentCA *utils.Cert, port int, auth Auth) *Server {
 	// listen on 0.0.0.0 to enable 127.0.0.1
 	listenIP := net.ParseIP("0.0.0.0")
 	hostIP, err := nettestutil.NonLoopbackIPv4()

pkg/testutil/nerdtest/registry/kubo.go

@@ -22,8 +22,8 @@ import (
 	"gotest.tools/v3/assert"
 
 	"github.com/containerd/nerdctl/mod/tigron/test"
+	"github.com/containerd/nerdctl/mod/tigron/utils"
 
-	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/ca"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/registry"
 )
 
@@ -45,16 +45,16 @@ func KubeCtlCommand(helpers test.Helpers, args ...string) test.TestableCommand {
 }
 
 func RegistryWithTokenAuth(data test.Data, helpers test.Helpers, user, pass string, port int, tls bool) (*registry.Server, *registry.TokenAuthServer) {
-	rca := ca.New(data, helpers.T())
+	rca := utils.NewX509(data, helpers)
 	as := registry.NewCesantaAuthServer(data, helpers, rca, 0, user, pass, tls)
 	re := registry.NewDockerRegistry(data, helpers, rca, port, as.Auth)
 	return re, as
 }
 
 func RegistryWithNoAuth(data test.Data, helpers test.Helpers, port int, tls bool) *registry.Server {
-	var rca *ca.CA
+	var rca *utils.Cert
 	if tls {
-		rca = ca.New(data, helpers.T())
+		rca = utils.NewX509(data, helpers)
 	}
 	return registry.NewDockerRegistry(data, helpers, rca, port, &registry.NoAuth{})
 }
@@ -64,9 +64,9 @@ func RegistryWithBasicAuth(data test.Data, helpers test.Helpers, user, pass stri
 		Username: user,
 		Password: pass,
 	}
-	var rca *ca.CA
+	var rca *utils.Cert
 	if tls {
-		rca = ca.New(data, helpers.T())
+		rca = utils.NewX509(data, helpers)
 	}
 	return registry.NewDockerRegistry(data, helpers, rca, port, auth)
 }