Add setup for Authority tests
This commit is contained in:
parent
74d8bdc298
commit
7e82bd6ef3
5 changed files with 211 additions and 0 deletions
|
@ -6,6 +6,7 @@ import (
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
@ -320,3 +321,150 @@ func TestAuthority_CloseForReload(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testScepAuthority(t *testing.T, opts ...Option) *Authority {
|
||||||
|
|
||||||
|
p := provisioner.List{
|
||||||
|
&provisioner.SCEP{
|
||||||
|
Name: "scep1",
|
||||||
|
Type: "SCEP",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
c := &Config{
|
||||||
|
Address: "127.0.0.1:8443",
|
||||||
|
InsecureAddress: "127.0.0.1:8080",
|
||||||
|
Root: []string{"testdata/scep/root.crt"},
|
||||||
|
IntermediateCert: "testdata/scep/intermediate.crt",
|
||||||
|
IntermediateKey: "testdata/scep/intermediate.key",
|
||||||
|
DNSNames: []string{"example.com"},
|
||||||
|
Password: "pass",
|
||||||
|
AuthorityConfig: &AuthConfig{
|
||||||
|
Provisioners: p,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
a, err := New(c, opts...)
|
||||||
|
assert.FatalError(t, err)
|
||||||
|
return a
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAuthority_GetSCEPService(t *testing.T) {
|
||||||
|
auth := testScepAuthority(t)
|
||||||
|
fmt.Println(auth)
|
||||||
|
|
||||||
|
p := provisioner.List{
|
||||||
|
&provisioner.SCEP{
|
||||||
|
Name: "scep1",
|
||||||
|
Type: "SCEP",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
type fields struct {
|
||||||
|
config *Config
|
||||||
|
// keyManager kms.KeyManager
|
||||||
|
// provisioners *provisioner.Collection
|
||||||
|
// db db.AuthDB
|
||||||
|
// templates *templates.Templates
|
||||||
|
// x509CAService cas.CertificateAuthorityService
|
||||||
|
// rootX509Certs []*x509.Certificate
|
||||||
|
// federatedX509Certs []*x509.Certificate
|
||||||
|
// certificates *sync.Map
|
||||||
|
// scepService *scep.Service
|
||||||
|
// sshCAUserCertSignKey ssh.Signer
|
||||||
|
// sshCAHostCertSignKey ssh.Signer
|
||||||
|
// sshCAUserCerts []ssh.PublicKey
|
||||||
|
// sshCAHostCerts []ssh.PublicKey
|
||||||
|
// sshCAUserFederatedCerts []ssh.PublicKey
|
||||||
|
// sshCAHostFederatedCerts []ssh.PublicKey
|
||||||
|
// initOnce bool
|
||||||
|
// startTime time.Time
|
||||||
|
// sshBastionFunc func(ctx context.Context, user, hostname string) (*Bastion, error)
|
||||||
|
// sshCheckHostFunc func(ctx context.Context, principal string, tok string, roots []*x509.Certificate) (bool, error)
|
||||||
|
// sshGetHostsFunc func(ctx context.Context, cert *x509.Certificate) ([]Host, error)
|
||||||
|
// getIdentityFunc provisioner.GetIdentityFunc
|
||||||
|
}
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
fields fields
|
||||||
|
wantService bool
|
||||||
|
wantErr bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "ok",
|
||||||
|
fields: fields{
|
||||||
|
config: &Config{
|
||||||
|
Address: "127.0.0.1:8443",
|
||||||
|
InsecureAddress: "127.0.0.1:8080",
|
||||||
|
Root: []string{"testdata/scep/root.crt"},
|
||||||
|
IntermediateCert: "testdata/scep/intermediate.crt",
|
||||||
|
IntermediateKey: "testdata/scep/intermediate.key",
|
||||||
|
DNSNames: []string{"example.com"},
|
||||||
|
Password: "pass",
|
||||||
|
AuthorityConfig: &AuthConfig{
|
||||||
|
Provisioners: p,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
wantService: true,
|
||||||
|
wantErr: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "wrong password",
|
||||||
|
fields: fields{
|
||||||
|
config: &Config{
|
||||||
|
Address: "127.0.0.1:8443",
|
||||||
|
InsecureAddress: "127.0.0.1:8080",
|
||||||
|
Root: []string{"testdata/scep/root.crt"},
|
||||||
|
IntermediateCert: "testdata/scep/intermediate.crt",
|
||||||
|
IntermediateKey: "testdata/scep/intermediate.key",
|
||||||
|
DNSNames: []string{"example.com"},
|
||||||
|
Password: "wrongpass",
|
||||||
|
AuthorityConfig: &AuthConfig{
|
||||||
|
Provisioners: p,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
wantService: false,
|
||||||
|
wantErr: true,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
// a := &Authority{
|
||||||
|
// config: tt.fields.config,
|
||||||
|
// keyManager: tt.fields.keyManager,
|
||||||
|
// provisioners: tt.fields.provisioners,
|
||||||
|
// db: tt.fields.db,
|
||||||
|
// templates: tt.fields.templates,
|
||||||
|
// x509CAService: tt.fields.x509CAService,
|
||||||
|
// rootX509Certs: tt.fields.rootX509Certs,
|
||||||
|
// federatedX509Certs: tt.fields.federatedX509Certs,
|
||||||
|
// certificates: tt.fields.certificates,
|
||||||
|
// scepService: tt.fields.scepService,
|
||||||
|
// sshCAUserCertSignKey: tt.fields.sshCAUserCertSignKey,
|
||||||
|
// sshCAHostCertSignKey: tt.fields.sshCAHostCertSignKey,
|
||||||
|
// sshCAUserCerts: tt.fields.sshCAUserCerts,
|
||||||
|
// sshCAHostCerts: tt.fields.sshCAHostCerts,
|
||||||
|
// sshCAUserFederatedCerts: tt.fields.sshCAUserFederatedCerts,
|
||||||
|
// sshCAHostFederatedCerts: tt.fields.sshCAHostFederatedCerts,
|
||||||
|
// initOnce: tt.fields.initOnce,
|
||||||
|
// startTime: tt.fields.startTime,
|
||||||
|
// sshBastionFunc: tt.fields.sshBastionFunc,
|
||||||
|
// sshCheckHostFunc: tt.fields.sshCheckHostFunc,
|
||||||
|
// sshGetHostsFunc: tt.fields.sshGetHostsFunc,
|
||||||
|
// getIdentityFunc: tt.fields.getIdentityFunc,
|
||||||
|
// }
|
||||||
|
a, err := New(tt.fields.config)
|
||||||
|
fmt.Println(err)
|
||||||
|
fmt.Println(a)
|
||||||
|
if (err != nil) != tt.wantErr {
|
||||||
|
t.Errorf("Authority.New(), error = %v, wantErr %v", err, tt.wantErr)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if tt.wantService {
|
||||||
|
if got := a.GetSCEPService(); (got != nil) != tt.wantService {
|
||||||
|
t.Errorf("Authority.GetSCEPService() = %v, wantService %v", got, tt.wantService)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
15
authority/testdata/scep/intermediate.crt
vendored
Normal file
15
authority/testdata/scep/intermediate.crt
vendored
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICZTCCAgugAwIBAgIQDPpOQXW7OLMFNR/+iOUdQjAKBggqhkjOPQQDAjAXMRUw
|
||||||
|
EwYDVQQDEwxzY2VwdGVzdHJvb3QwHhcNMjEwNTA3MTUyMjU2WhcNMzEwNTA1MTUy
|
||||||
|
MjU2WjAfMR0wGwYDVQQDExRzY2VwdGVzdGludGVybWVkaWF0ZTCCASIwDQYJKoZI
|
||||||
|
hvcNAQEBBQADggEPADCCAQoCggEBAJTw49z9/MeZ/YeRO89ylMV3HnYpw52/Vs2G
|
||||||
|
NsgYZRKiPz2RjixUp1iWRPoDONdlEOIAo0TALNOqz4EqJHB+FpBPBA1ZfwG/PlP/
|
||||||
|
eWFubNXLXIhZPSQOiHmL4dIw0FS/VFGZm1eqc9JPG/V2G6UaKvOa8+W9/nhi4eeL
|
||||||
|
+/9nTwG4cTav9ltaVxQ55kcoJtMcvouYQ4oPSZ6yNuVYbFAoaqZnJqNQhxDvKsFH
|
||||||
|
lHmvl28FAVM+otmEQNTm91uPwXuVusxEGn9N/d7M4iojCiMGg0S3luBS8IrGRI1Y
|
||||||
|
bSKZvGsFnqUjHh2cLL1lqqo5+QvhvP9ut6+g8QGoq8NTc2yCRy8CAwEAAaNmMGQw
|
||||||
|
DgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGfO
|
||||||
|
jTNTKTAyra+rAd/NL2ydarSFMB8GA1UdIwQYMBaAFKJr1p5QRfkHzewG3YEhPAtv
|
||||||
|
FQNrMAoGCCqGSM49BAMCA0gAMEUCIEYK76FN9a/hWkMZcQ+NXyzGtfW+bnwsX3oN
|
||||||
|
wT6jfyO0AiEAojTeSwf/H2l/E1lvsWJfNr8nOokWz+ZsbmMm5PU0Y+g=
|
||||||
|
-----END CERTIFICATE-----
|
30
authority/testdata/scep/intermediate.key
vendored
Normal file
30
authority/testdata/scep/intermediate.key
vendored
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: AES-256-CBC,a54ae9388ce050f0a479a258d105fbb7
|
||||||
|
|
||||||
|
VkJp9kKZQ7O9Gy9orvXaO+klt4Lrqp9oSABSBy8yFcc3neniLixqcyZZ4+CC/OG2
|
||||||
|
TGTm4TiB9RBucrUyPwoxBraWbtTLHvS4nfPwr2feSTKoHDhSIr4Z1VMDF8PWiOSg
|
||||||
|
vD3iYs5F1lz78hcB/SNdSZ2jm0ze84DFC2E49agWeiFLwezcLhXKQ2HHRJ6PmJv7
|
||||||
|
IYB7+aLw8cUis/eJquWv7vrmlnshXBXLOrDekNq/mGhdpUmguDNEGX/3yT+8QYRv
|
||||||
|
yeCqLVWcfkQ7KkXAeet0tVPNGQQF0+yS80Hv2/LBcskhL467qa79Xm+QPbBbhsEB
|
||||||
|
aa4rettMLEdxk3IB1dgXdWhdJ4zBD+RFjczJbQlZRfmPb8sR20V/xp3x9i+SLqKp
|
||||||
|
seVoNF+LhLhEwJdMF23t2KpuiOShzC60ApjALN6/O2/XGCl0KQ+NzucX+wpirS6z
|
||||||
|
d2XfEYpsUaUFEFraOwfGXxLmluRtS6Q3+0+NPgwVQuH7EE7KuoTDUoSrUG4OFjaq
|
||||||
|
CeUeZv1IVf0sYqZQVRiMxxdoFBKUSgcaR1gzzLZgHeoZCGP0PewmZDfJMQ5rWe0D
|
||||||
|
zYYIKXUg8+oytHsz+5pQ277psXsl7iApZu56s6w3rD45w/zBeEyBhyL5JMBP8Y6y
|
||||||
|
7ReaUGsoFu3WEvrMcOsN+0Vag/SdQsvEH0PGA/ltlrlhaHKq+4t/ZwP6WxUmnaVV
|
||||||
|
JNtTWB8IqxtO0zbwK1owxjrO7t42K2isSryg/y2sQb4wgokoOzg1PqEaM8PIUvjl
|
||||||
|
qkGhwrOz4lNNQ9b6Hgy81DpnXnJkRNY7B5yKi62TCc6K/DHrFs0fHKb9Qxac5KKf
|
||||||
|
paasGWuEC5IP0lUyn81BmAVlfByBvnGmYiDmmGXLmfsyqtGFL9fpOl1Txq3/URfT
|
||||||
|
f705lzeUt9r2BT5FJtV5lkTntRzjpi5QeRiJsvfXA7nCPZj2hoLWgIm/D/HRgfVR
|
||||||
|
PIX1M7nxefRgES+T6UJNsBbGjSTgEVIPqVnyWs0JUyg4+KQ5VMU8g8SGA0dtnJyF
|
||||||
|
9JrZHy2OA/AYt/c96vJj4WdFvqw3kodIKOipBbKjBBGokaOTsLADFEYgOr51BfvO
|
||||||
|
QmxGZoXsRpD4sBOAwW039Ka5uCfuBETa+XQPtlHailaRZLlK9cZaDlzQr/K9jAgM
|
||||||
|
qOmZIKr3L8YPK3mQV+mWVYchPXTf+UyTFiWIt30z1JlyrTw1H+h62pV9f1QXDB6P
|
||||||
|
FIlfWHUK2mohWqzBnv4zFRBTVUnUDC9ONT+cVLh0cvlbRt2yy2ZgR4+d6IGH6mRH
|
||||||
|
VLgWAFpS3KS1/4NfwWRBaMvIBfqfXCzXSqVJsq7RlBSW/EBwe9TDXhcTzOLHjx4E
|
||||||
|
vdp+hqyXT62cTd7oWe78BBw3xOgpQwQ8bUdhye0kXMLNpU9j70pA7CjLVoVsdzH6
|
||||||
|
n1EG7Mz/5NmXLy7LP8RuVU90mNQzNu8PFWtfjZ/jr3/OxoOc0Wx6mFykXkZbxKXI
|
||||||
|
xOlaOnUHKnEmsCLnZUkIxEqwKo+RYWBRtKxYsS8x8TLXyFGEfHidI75ulZM7eAS8
|
||||||
|
jWtVNKbPIyal+nQMpqa/lKW6fiGGUVp0u2x3Pnd8luRCs2htBmXSB7W7mJ2SMCui
|
||||||
|
-----END RSA PRIVATE KEY-----
|
10
authority/testdata/scep/root.crt
vendored
Normal file
10
authority/testdata/scep/root.crt
vendored
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBczCCARigAwIBAgIRAImbSwfqrrI6p72t0b9f6l4wCgYIKoZIzj0EAwIwFzEV
|
||||||
|
MBMGA1UEAxMMc2NlcHRlc3Ryb290MB4XDTIxMDUwNzE1MjEzMFoXDTMxMDUwNTE1
|
||||||
|
MjEzMFowFzEVMBMGA1UEAxMMc2NlcHRlc3Ryb290MFkwEwYHKoZIzj0CAQYIKoZI
|
||||||
|
zj0DAQcDQgAE3fyAgJsDICrnXhhoxHKmXMHLoW0EM9bYiBmx1xRyol0Qa3SZMW43
|
||||||
|
rtTykqVP3HUA3rIrLdX106s9IFcA3eIYiaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIG
|
||||||
|
A1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFKJr1p5QRfkHzewG3YEhPAtvFQNr
|
||||||
|
MAoGCCqGSM49BAMCA0kAMEYCIQDlXU695zKmSSfVPaPbM2cx7OlKr2n6NSyifatH
|
||||||
|
9zDITwIhAJUbbHzRJVgscxx+VSMqC2TkFvug6ryNu6kQIKNRwolr
|
||||||
|
-----END CERTIFICATE-----
|
8
authority/testdata/scep/root.key
vendored
Normal file
8
authority/testdata/scep/root.key
vendored
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: AES-256-CBC,0ea78864d21de199d3a737e4337589c2
|
||||||
|
|
||||||
|
ZD3ggzw3eDYJp8NovTWgTxk6MagLutgU2UfwbYliAl7wKvVyzwkPytwRkyAXPBM6
|
||||||
|
jMfiAdq6wY2wEpc8OSfrvAXrGuYqlCakDhdMaFDPcS3K29VLl4BaO2X2Rfk55nBd
|
||||||
|
ASBNREKVb+hg2HV22DO7r6t+EYXTSD6iO7EB90bvKdE=
|
||||||
|
-----END EC PRIVATE KEY-----
|
Loading…
Reference in a new issue