Fix sign and renew tests.

This commit is contained in:
Mariano Cano 2019-03-11 18:15:24 -07:00
parent 2fb77b8a4d
commit 1f5ff5c899
3 changed files with 14 additions and 13 deletions

View file

@ -45,8 +45,6 @@ func generateToken(sub, iss, aud string, sans []string, iat time.Time, jwk *jose
func TestAuthorize(t *testing.T) {
a := testAuthority(t)
time.Sleep(time.Second)
now := time.Now()
key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
@ -54,6 +52,7 @@ func TestAuthorize(t *testing.T) {
keyNoKid := &jose.JSONWebKey{Key: key.Key, KeyID: ""}
keyBadKid := &jose.JSONWebKey{Key: key.Key, KeyID: "foo"}
now := time.Now()
validIssuer := "step-cli"
validAudience := []string{"https://test.ca.smallstep.com/sign"}

View file

@ -102,7 +102,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
certValidators = append(certValidators, k)
case provisioner.CertificateRequestValidator:
if err := k.Valid(csr); err != nil {
return nil, nil, &apiError{err, http.StatusUnauthorized, errContext}
return nil, nil, &apiError{errors.Wrap(err, "sign"), http.StatusUnauthorized, errContext}
}
case provisioner.ProfileModifier:
mods = append(mods, k.Option(signOpts))
@ -140,7 +140,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
// FIXME: This should be before creating the certificate.
for _, v := range certValidators {
if err := v.Valid(serverCert); err != nil {
return nil, nil, &apiError{err, http.StatusUnauthorized, errContext}
return nil, nil, &apiError{errors.Wrap(err, "sign"), http.StatusUnauthorized, errContext}
}
}

View file

@ -18,6 +18,7 @@ import (
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/tlsutil"
"github.com/smallstep/cli/crypto/x509util"
"github.com/smallstep/cli/jose"
stepx509 "github.com/smallstep/cli/pkg/x509"
)
@ -57,13 +58,14 @@ func TestSign(t *testing.T) {
NotAfter: nb.Add(time.Minute * 5),
}
// Create a token to get test extra opts.
p := a.config.AuthorityConfig.Provisioners[1].(*provisioner.JWK)
extraOpts := []provisioner.SignOption{
// &commonNameClaim{"smallstep test"},
// &dnsNamesClaim{[]string{"test.smallstep.com"}},
// &ipAddressesClaim{[]net.IP{}},
// p,
}
key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
token, err := generateToken("smallstep test", "step-cli", "https://test.ca.smallstep.com/sign", []string{"test.smallstep.com"}, time.Now(), key)
assert.FatalError(t, err)
extraOpts, err := a.Authorize(token)
assert.FatalError(t, err)
type signTest struct {
auth *Authority
@ -123,7 +125,7 @@ func TestSign(t *testing.T) {
return &signTest{
auth: _a,
csr: csr,
extraOpts: []provisioner.SignOption{p},
extraOpts: extraOpts,
signOpts: signOpts,
err: &apiError{errors.New("sign: error creating new leaf certificate"),
http.StatusInternalServerError,
@ -157,7 +159,7 @@ func TestSign(t *testing.T) {
csr: csr,
extraOpts: extraOpts,
signOpts: signOpts,
err: &apiError{errors.New("sign: DNS names claim failed - got [test.smallstep.com smallstep test], want [test.smallstep.com]"),
err: &apiError{errors.New("sign: certificate request does not contain the valid DNS names - got [test.smallstep.com smallstep test], want [test.smallstep.com]"),
http.StatusUnauthorized,
context{"csr": csr, "signOptions": signOpts},
},
@ -321,7 +323,7 @@ func TestRenew(t *testing.T) {
}
return &renewTest{
crt: crtNoRenew,
err: &apiError{errors.New("renew disabled"),
err: &apiError{errors.New("renew is disabled for provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"),
http.StatusUnauthorized, ctx},
}, nil
},