certificates/authority/provisioner/sign_options_test.go

package provisioner

import (
	"crypto/x509"
	"crypto/x509/pkix"
	"net"
	"net/url"
	"testing"
	"time"

	"github.com/pkg/errors"
	"github.com/smallstep/assert"
	"github.com/smallstep/cli/crypto/pemutil"
	"github.com/smallstep/cli/crypto/x509util"
	stepx509 "github.com/smallstep/cli/pkg/x509"
)

func Test_emailOnlyIdentity_Valid(t *testing.T) {
	uri, err := url.Parse("https://example.com/1.0/getUser")
	if err != nil {
		t.Fatal(err)
	}

	type args struct {
		req *x509.CertificateRequest
	}
	tests := []struct {
		name    string
		e       emailOnlyIdentity
		args    args
		wantErr bool
	}{
		{"ok", "name@smallstep.com", args{&x509.CertificateRequest{EmailAddresses: []string{"name@smallstep.com"}}}, false},
		{"DNSNames", "name@smallstep.com", args{&x509.CertificateRequest{DNSNames: []string{"foo.bar.zar"}}}, true},
		{"IPAddresses", "name@smallstep.com", args{&x509.CertificateRequest{IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1)}}}, true},
		{"URIs", "name@smallstep.com", args{&x509.CertificateRequest{URIs: []*url.URL{uri}}}, true},
		{"no-emails", "name@smallstep.com", args{&x509.CertificateRequest{EmailAddresses: []string{}}}, true},
		{"empty-email", "", args{&x509.CertificateRequest{EmailAddresses: []string{""}}}, true},
		{"multiple-emails", "name@smallstep.com", args{&x509.CertificateRequest{EmailAddresses: []string{"name@smallstep.com", "foo@smallstep.com"}}}, true},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if err := tt.e.Valid(tt.args.req); (err != nil) != tt.wantErr {
				t.Errorf("emailOnlyIdentity.Valid() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}

func Test_defaultPublicKeyValidator_Valid(t *testing.T) {
	_shortRSA, err := pemutil.Read("./testdata/short-rsa.csr")
	assert.FatalError(t, err)
	shortRSA, ok := _shortRSA.(*x509.CertificateRequest)
	assert.Fatal(t, ok)

	_rsa, err := pemutil.Read("./testdata/rsa.csr")
	assert.FatalError(t, err)
	rsaCSR, ok := _rsa.(*x509.CertificateRequest)
	assert.Fatal(t, ok)

	_ecdsa, err := pemutil.Read("./testdata/ecdsa.csr")
	assert.FatalError(t, err)
	ecdsaCSR, ok := _ecdsa.(*x509.CertificateRequest)
	assert.Fatal(t, ok)

	_ed25519, err := pemutil.Read("./testdata/ed25519.csr", pemutil.WithStepCrypto())
	assert.FatalError(t, err)
	ed25519CSR, ok := _ed25519.(*stepx509.CertificateRequest)
	assert.Fatal(t, ok)

	v := defaultPublicKeyValidator{}
	tests := []struct {
		name string
		csr  *x509.CertificateRequest
		err  error
	}{
		{
			"fail/unrecognized-key-type",
			&x509.CertificateRequest{PublicKey: "foo"},
			errors.New("unrecognized public key of type 'string' in CSR"),
		},
		{
			"fail/rsa/too-short",
			shortRSA,
			errors.New("rsa key in CSR must be at least 2048 bits (256 bytes)"),
		},
		{
			"ok/rsa",
			rsaCSR,
			nil,
		},
		{
			"ok/ecdsa",
			ecdsaCSR,
			nil,
		},
		{
			"ok/ed25519",
			x509util.ToX509CertificateRequest(ed25519CSR),
			nil,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if err := v.Valid(tt.csr); err != nil {
				if assert.NotNil(t, tt.err) {
					assert.HasPrefix(t, err.Error(), tt.err.Error())
				}
			} else {
				assert.Nil(t, tt.err)
			}
		})
	}
}

func Test_commonNameValidator_Valid(t *testing.T) {
	type args struct {
		req *x509.CertificateRequest
	}
	tests := []struct {
		name    string
		v       commonNameValidator
		args    args
		wantErr bool
	}{
		{"ok", "foo.bar.zar", args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "foo.bar.zar"}}}, false},
		{"empty", "", args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: ""}}}, true},
		{"wrong", "foo.bar.zar", args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "example.com"}}}, true},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {
				t.Errorf("commonNameValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}

func Test_commonNameSliceValidator_Valid(t *testing.T) {
	type args struct {
		req *x509.CertificateRequest
	}
	tests := []struct {
		name    string
		v       commonNameSliceValidator
		args    args
		wantErr bool
	}{
		{"ok", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "foo.bar.zar"}}}, false},
		{"ok", []string{"example.com", "foo.bar.zar"}, args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "foo.bar.zar"}}}, false},
		{"empty", []string{""}, args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: ""}}}, true},
		{"wrong", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "example.com"}}}, true},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {
				t.Errorf("commonNameSliceValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}

func Test_emailAddressesValidator_Valid(t *testing.T) {
	type args struct {
		req *x509.CertificateRequest
	}
	tests := []struct {
		name    string
		v       emailAddressesValidator
		args    args
		wantErr bool
	}{
		{"ok0", []string{}, args{&x509.CertificateRequest{EmailAddresses: []string{}}}, false},
		{"ok1", []string{"max@smallstep.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"max@smallstep.com"}}}, false},
		{"ok2", []string{"max@step.com", "mike@step.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"max@step.com", "mike@step.com"}}}, false},
		{"ok3", []string{"max@step.com", "mike@step.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"mike@step.com", "max@step.com"}}}, false},
		{"fail1", []string{"max@step.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"mike@step.com"}}}, true},
		{"fail2", []string{"mike@step.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"max@step.com", "mike@step.com"}}}, true},
		{"fail3", []string{"mike@step.com", "max@step.com"}, args{&x509.CertificateRequest{DNSNames: []string{"mike@step.com", "mex@step.com"}}}, true},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {
				t.Errorf("dnsNamesValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}

func Test_dnsNamesValidator_Valid(t *testing.T) {
	type args struct {
		req *x509.CertificateRequest
	}
	tests := []struct {
		name    string
		v       dnsNamesValidator
		args    args
		wantErr bool
	}{
		{"ok0", []string{}, args{&x509.CertificateRequest{DNSNames: []string{}}}, false},
		{"ok1", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"foo.bar.zar"}}}, false},
		{"ok2", []string{"foo.bar.zar", "bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"foo.bar.zar", "bar.zar"}}}, false},
		{"ok3", []string{"foo.bar.zar", "bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"bar.zar", "foo.bar.zar"}}}, false},
		{"fail1", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"bar.zar"}}}, true},
		{"fail2", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"bar.zar", "foo.bar.zar"}}}, true},
		{"fail3", []string{"foo.bar.zar", "bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"foo.bar.zar", "zar.bar"}}}, true},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {
				t.Errorf("dnsNamesValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}

func Test_ipAddressesValidator_Valid(t *testing.T) {
	ip1 := net.IPv4(10, 3, 2, 1)
	ip2 := net.IPv4(10, 3, 2, 2)
	ip3 := net.IPv4(10, 3, 2, 3)

	type args struct {
		req *x509.CertificateRequest
	}
	tests := []struct {
		name    string
		v       ipAddressesValidator
		args    args
		wantErr bool
	}{
		{"ok0", []net.IP{}, args{&x509.CertificateRequest{IPAddresses: []net.IP{}}}, false},
		{"ok1", []net.IP{ip1}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip1}}}, false},
		{"ok2", []net.IP{ip1, ip2}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip1, ip2}}}, false},
		{"ok3", []net.IP{ip1, ip2}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip2, ip1}}}, false},
		{"fail1", []net.IP{ip1}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip2}}}, true},
		{"fail2", []net.IP{ip1}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip2, ip1}}}, true},
		{"fail3", []net.IP{ip1, ip2}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip1, ip3}}}, true},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {
				t.Errorf("ipAddressesValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}

func Test_validityValidator_Valid(t *testing.T) {
	type fields struct {
		min time.Duration
		max time.Duration
	}
	type args struct {
		crt *x509.Certificate
	}
	tests := []struct {
		name    string
		fields  fields
		args    args
		wantErr bool
	}{
		// TODO: Add test cases.
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			v := &validityValidator{
				min: tt.fields.min,
				max: tt.fields.max,
			}
			if err := v.Valid(tt.args.crt); (err != nil) != tt.wantErr {
				t.Errorf("validityValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}
testing work in progress. 2019-03-08 03:30:17 +00:00			`package provisioner`
first commit 2018-10-05 21:48:36 +00:00
			`import (`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`"crypto/x509"`
first commit 2018-10-05 21:48:36 +00:00			`"crypto/x509/pkix"`
			`"net"`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`"net/url"`
first commit 2018-10-05 21:48:36 +00:00			`"testing"`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`"time"`
Enforce >= 2048 bit rsa keys at the provisioner layer * Fixes #94 * In the future this should be configurable by provisioner 2019-08-27 00:52:49 +00:00
			`"github.com/pkg/errors"`
			`"github.com/smallstep/assert"`
			`"github.com/smallstep/cli/crypto/pemutil"`
			`"github.com/smallstep/cli/crypto/x509util"`
			`stepx509 "github.com/smallstep/cli/pkg/x509"`
first commit 2018-10-05 21:48:36 +00:00			`)`

Add tests for sign options. 2019-03-11 20:25:19 +00:00			`func Test_emailOnlyIdentity_Valid(t *testing.T) {`
			`uri, err := url.Parse("https://example.com/1.0/getUser")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`type args struct {`
			`req *x509.CertificateRequest`
			`}`
			`tests := []struct {`
			`name string`
			`e emailOnlyIdentity`
			`args args`
			`wantErr bool`
first commit 2018-10-05 21:48:36 +00:00			`}{`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`{"ok", "name@smallstep.com", args{&x509.CertificateRequest{EmailAddresses: []string{"name@smallstep.com"}}}, false},`
			`{"DNSNames", "name@smallstep.com", args{&x509.CertificateRequest{DNSNames: []string{"foo.bar.zar"}}}, true},`
			`{"IPAddresses", "name@smallstep.com", args{&x509.CertificateRequest{IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1)}}}, true},`
			`{"URIs", "name@smallstep.com", args{&x509.CertificateRequest{URIs: []*url.URL{uri}}}, true},`
			`{"no-emails", "name@smallstep.com", args{&x509.CertificateRequest{EmailAddresses: []string{}}}, true},`
			`{"empty-email", "", args{&x509.CertificateRequest{EmailAddresses: []string{""}}}, true},`
			`{"multiple-emails", "name@smallstep.com", args{&x509.CertificateRequest{EmailAddresses: []string{"name@smallstep.com", "foo@smallstep.com"}}}, true},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`if err := tt.e.Valid(tt.args.req); (err != nil) != tt.wantErr {`
			`t.Errorf("emailOnlyIdentity.Valid() error = %v, wantErr %v", err, tt.wantErr)`
			`}`
			`})`
first commit 2018-10-05 21:48:36 +00:00			`}`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`}`
first commit 2018-10-05 21:48:36 +00:00
Enforce >= 2048 bit rsa keys at the provisioner layer * Fixes #94 * In the future this should be configurable by provisioner 2019-08-27 00:52:49 +00:00			`func Test_defaultPublicKeyValidator_Valid(t *testing.T) {`
			`_shortRSA, err := pemutil.Read("./testdata/short-rsa.csr")`
			`assert.FatalError(t, err)`
			`shortRSA, ok := _shortRSA.(*x509.CertificateRequest)`
			`assert.Fatal(t, ok)`

			`_rsa, err := pemutil.Read("./testdata/rsa.csr")`
			`assert.FatalError(t, err)`
			`rsaCSR, ok := _rsa.(*x509.CertificateRequest)`
			`assert.Fatal(t, ok)`

			`_ecdsa, err := pemutil.Read("./testdata/ecdsa.csr")`
			`assert.FatalError(t, err)`
			`ecdsaCSR, ok := _ecdsa.(*x509.CertificateRequest)`
			`assert.Fatal(t, ok)`

			`_ed25519, err := pemutil.Read("./testdata/ed25519.csr", pemutil.WithStepCrypto())`
			`assert.FatalError(t, err)`
			`ed25519CSR, ok := _ed25519.(*stepx509.CertificateRequest)`
			`assert.Fatal(t, ok)`

			`v := defaultPublicKeyValidator{}`
			`tests := []struct {`
			`name string`
			`csr *x509.CertificateRequest`
			`err error`
			`}{`
			`{`
			`"fail/unrecognized-key-type",`
			`&x509.CertificateRequest{PublicKey: "foo"},`
			`errors.New("unrecognized public key of type 'string' in CSR"),`
			`},`
			`{`
			`"fail/rsa/too-short",`
			`shortRSA,`
			`errors.New("rsa key in CSR must be at least 2048 bits (256 bytes)"),`
			`},`
			`{`
			`"ok/rsa",`
			`rsaCSR,`
			`nil,`
			`},`
			`{`
			`"ok/ecdsa",`
			`ecdsaCSR,`
			`nil,`
			`},`
			`{`
			`"ok/ed25519",`
			`x509util.ToX509CertificateRequest(ed25519CSR),`
			`nil,`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`if err := v.Valid(tt.csr); err != nil {`
			`if assert.NotNil(t, tt.err) {`
			`assert.HasPrefix(t, err.Error(), tt.err.Error())`
			`}`
			`} else {`
			`assert.Nil(t, tt.err)`
			`}`
			`})`
			`}`
			`}`

Add tests for sign options. 2019-03-11 20:25:19 +00:00			`func Test_commonNameValidator_Valid(t *testing.T) {`
			`type args struct {`
			`req *x509.CertificateRequest`
			`}`
			`tests := []struct {`
			`name string`
			`v commonNameValidator`
			`args args`
			`wantErr bool`
			`}{`
			`{"ok", "foo.bar.zar", args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "foo.bar.zar"}}}, false},`
			`{"empty", "", args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: ""}}}, true},`
			`{"wrong", "foo.bar.zar", args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "example.com"}}}, true},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {`
			`t.Errorf("commonNameValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)`
first commit 2018-10-05 21:48:36 +00:00			`}`
			`})`
			`}`
Allow custom common names in cloud identity provisioners. 2019-07-15 22:52:36 +00:00			`}`

			`func Test_commonNameSliceValidator_Valid(t *testing.T) {`
			`type args struct {`
			`req *x509.CertificateRequest`
			`}`
			`tests := []struct {`
			`name string`
			`v commonNameSliceValidator`
			`args args`
			`wantErr bool`
			`}{`
			`{"ok", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "foo.bar.zar"}}}, false},`
			`{"ok", []string{"example.com", "foo.bar.zar"}, args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "foo.bar.zar"}}}, false},`
			`{"empty", []string{""}, args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: ""}}}, true},`
			`{"wrong", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{Subject: pkix.Name{CommonName: "example.com"}}}, true},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {`
			`t.Errorf("commonNameSliceValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)`
			`}`
			`})`
			`}`
Accept emails SANs 2019-08-23 19:09:16 +00:00			`}`

			`func Test_emailAddressesValidator_Valid(t *testing.T) {`
			`type args struct {`
			`req *x509.CertificateRequest`
			`}`
			`tests := []struct {`
			`name string`
			`v emailAddressesValidator`
			`args args`
			`wantErr bool`
			`}{`
			`{"ok0", []string{}, args{&x509.CertificateRequest{EmailAddresses: []string{}}}, false},`
			`{"ok1", []string{"max@smallstep.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"max@smallstep.com"}}}, false},`
			`{"ok2", []string{"max@step.com", "mike@step.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"max@step.com", "mike@step.com"}}}, false},`
			`{"ok3", []string{"max@step.com", "mike@step.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"mike@step.com", "max@step.com"}}}, false},`
			`{"fail1", []string{"max@step.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"mike@step.com"}}}, true},`
			`{"fail2", []string{"mike@step.com"}, args{&x509.CertificateRequest{EmailAddresses: []string{"max@step.com", "mike@step.com"}}}, true},`
			`{"fail3", []string{"mike@step.com", "max@step.com"}, args{&x509.CertificateRequest{DNSNames: []string{"mike@step.com", "mex@step.com"}}}, true},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {`
			`t.Errorf("dnsNamesValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)`
			`}`
			`})`
			`}`
first commit 2018-10-05 21:48:36 +00:00			`}`

Add tests for sign options. 2019-03-11 20:25:19 +00:00			`func Test_dnsNamesValidator_Valid(t *testing.T) {`
			`type args struct {`
			`req *x509.CertificateRequest`
			`}`
			`tests := []struct {`
			`name string`
			`v dnsNamesValidator`
			`args args`
			`wantErr bool`
first commit 2018-10-05 21:48:36 +00:00			`}{`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`{"ok0", []string{}, args{&x509.CertificateRequest{DNSNames: []string{}}}, false},`
			`{"ok1", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"foo.bar.zar"}}}, false},`
			`{"ok2", []string{"foo.bar.zar", "bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"foo.bar.zar", "bar.zar"}}}, false},`
			`{"ok3", []string{"foo.bar.zar", "bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"bar.zar", "foo.bar.zar"}}}, false},`
			`{"fail1", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"bar.zar"}}}, true},`
			`{"fail2", []string{"foo.bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"bar.zar", "foo.bar.zar"}}}, true},`
			`{"fail3", []string{"foo.bar.zar", "bar.zar"}, args{&x509.CertificateRequest{DNSNames: []string{"foo.bar.zar", "zar.bar"}}}, true},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {`
			`t.Errorf("dnsNamesValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)`
			`}`
			`})`
first commit 2018-10-05 21:48:36 +00:00			`}`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`}`

			`func Test_ipAddressesValidator_Valid(t *testing.T) {`
			`ip1 := net.IPv4(10, 3, 2, 1)`
			`ip2 := net.IPv4(10, 3, 2, 2)`
			`ip3 := net.IPv4(10, 3, 2, 3)`
first commit 2018-10-05 21:48:36 +00:00
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`type args struct {`
			`req *x509.CertificateRequest`
			`}`
			`tests := []struct {`
			`name string`
			`v ipAddressesValidator`
			`args args`
			`wantErr bool`
			`}{`
			`{"ok0", []net.IP{}, args{&x509.CertificateRequest{IPAddresses: []net.IP{}}}, false},`
			`{"ok1", []net.IP{ip1}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip1}}}, false},`
			`{"ok2", []net.IP{ip1, ip2}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip1, ip2}}}, false},`
			`{"ok3", []net.IP{ip1, ip2}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip2, ip1}}}, false},`
			`{"fail1", []net.IP{ip1}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip2}}}, true},`
			`{"fail2", []net.IP{ip1}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip2, ip1}}}, true},`
			`{"fail3", []net.IP{ip1, ip2}, args{&x509.CertificateRequest{IPAddresses: []net.IP{ip1, ip3}}}, true},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`if err := tt.v.Valid(tt.args.req); (err != nil) != tt.wantErr {`
			`t.Errorf("ipAddressesValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)`
first commit 2018-10-05 21:48:36 +00:00			`}`
			`})`
			`}`
			`}`

Add tests for sign options. 2019-03-11 20:25:19 +00:00			`func Test_validityValidator_Valid(t *testing.T) {`
			`type fields struct {`
			`min time.Duration`
			`max time.Duration`
			`}`
			`type args struct {`
change sign + authorize authority api \| add provisioners * authorize returns []interface{} - operators in this list can conform to any interface the user decides - our implementation has a combination of certificate claim validators and certificate template modifiers. * provisioners can set and enforce tls cert options 2018-10-19 05:26:39 +00:00			`crt *x509.Certificate`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`args args`
			`wantErr bool`
first commit 2018-10-05 21:48:36 +00:00			`}{`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`// TODO: Add test cases.`
first commit 2018-10-05 21:48:36 +00:00			`}`
Add tests for sign options. 2019-03-11 20:25:19 +00:00			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`v := &validityValidator{`
			`min: tt.fields.min,`
			`max: tt.fields.max,`
			`}`
			`if err := v.Valid(tt.args.crt); (err != nil) != tt.wantErr {`
			`t.Errorf("validityValidator.Valid() error = %v, wantErr %v", err, tt.wantErr)`
first commit 2018-10-05 21:48:36 +00:00			`}`
			`})`
			`}`
			`}`