TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Return a non-implemented error in stepcas.RenewCertificate.

Browse source
This commit is contained in:
Mariano Cano 2021-03-22 12:56:12 -07:00
parent 348815f4f6
commit 96de4e6ec8
4 changed files with 77 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
cas/apiv1/services.go
View file

@ -1,6 +1,7 @@
package apiv1 package apiv1
import ( import (
"net/http"
"strings" "strings"
) )
@ -48,3 +49,22 @@ func (t Type) String() string {
} }
return strings.ToLower(string(t)) return strings.ToLower(string(t))
} }
// ErrNotImplemented is the type of error returned if an operation is not
// implemented.
type ErrNotImplemented struct {
Message string
}
func (e ErrNotImplemented) Error() string {
if e.Message != "" {
return e.Message
}
return "not implemented"
}
// StatusCode implements the StatusCoder interface and returns the HTTP 501
// error.
func (s ErrNotImplemented) StatusCode() int {
return http.StatusNotImplemented
}

52
cas/apiv1/services_test.go
View file

@ -1,6 +1,8 @@
package apiv1 package apiv1
import "testing" import (
"testing"
)
func TestType_String(t *testing.T) { func TestType_String(t *testing.T) {
tests := []struct { tests := []struct {
@ -21,3 +23,51 @@ func TestType_String(t *testing.T) {
}) })
} }
} }
func TestErrNotImplemented_Error(t *testing.T) {
type fields struct {
Message string
}
tests := []struct {
name string
fields fields
want string
}{
{"default", fields{""}, "not implemented"},
{"with message", fields{"method not supported"}, "method not supported"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
e := ErrNotImplemented{
Message: tt.fields.Message,
}
if got := e.Error(); got != tt.want {
t.Errorf("ErrNotImplemented.Error() = %v, want %v", got, tt.want)
}
})
}
}
func TestErrNotImplemented_StatusCode(t *testing.T) {
type fields struct {
Message string
}
tests := []struct {
name string
fields fields
want int
}{
{"default", fields{""}, 501},
{"with message", fields{"method not supported"}, 501},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := ErrNotImplemented{
Message: tt.fields.Message,
}
if got := s.StatusCode(); got != tt.want {
t.Errorf("ErrNotImplemented.StatusCode() = %v, want %v", got, tt.want)
}
})
}
}

21
cas/stepcas/stepcas.go
View file

@ -63,6 +63,8 @@ func New(ctx context.Context, opts apiv1.Options) (*StepCAS, error) {
}, nil }, nil
} }
// CreateCertificate uses the step-ca sign request with the configured
// provisioner to get a new certificate from the certificate authority.
func (s *StepCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv1.CreateCertificateResponse, error) { func (s *StepCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv1.CreateCertificateResponse, error) {
switch { switch {
case req.CSR == nil: case req.CSR == nil:
@ -82,23 +84,10 @@ func (s *StepCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv1
}, nil }, nil
} }
// RenewCertificate will always return a non-implemented error as mTLS renewals
// are not supported yet.
func (s *StepCAS) RenewCertificate(req *apiv1.RenewCertificateRequest) (*apiv1.RenewCertificateResponse, error) { func (s *StepCAS) RenewCertificate(req *apiv1.RenewCertificateRequest) (*apiv1.RenewCertificateResponse, error) {
switch { return nil, apiv1.ErrNotImplemented{Message: "stepCAS does not support mTLS renewals"}
case req.CSR == nil:
return nil, errors.New("renewCertificateRequest `template` cannot be nil")
case req.Lifetime == 0:
return nil, errors.New("renewCertificateRequest `lifetime` cannot be 0")
}
cert, chain, err := s.createCertificate(req.CSR, req.Lifetime)
if err != nil {
return nil, err
}
return &apiv1.RenewCertificateResponse{
Certificate: cert,
CertificateChain: chain,
}, nil
} }
func (s *StepCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv1.RevokeCertificateResponse, error) { func (s *StepCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv1.RevokeCertificateResponse, error) {

21
cas/stepcas/stepcas_test.go
View file

@ -497,28 +497,9 @@ func TestStepCAS_RenewCertificate(t *testing.T) {
want *apiv1.RenewCertificateResponse want *apiv1.RenewCertificateResponse
wantErr bool wantErr bool
}{ }{
{"ok", fields{x5c, client, testRootFingerprint}, args{&apiv1.RenewCertificateRequest{ {"not implemented", fields{x5c, client, testRootFingerprint}, args{&apiv1.RenewCertificateRequest{
CSR: testCR, CSR: testCR,
Lifetime: time.Hour, Lifetime: time.Hour,
}}, &apiv1.RenewCertificateResponse{
Certificate: testCrt,
CertificateChain: []*x509.Certificate{testIssCrt},
}, false},
{"fail CSR", fields{x5c, client, testRootFingerprint}, args{&apiv1.RenewCertificateRequest{
CSR: nil,
Lifetime: time.Hour,
}}, nil, true},
{"fail lifetime", fields{x5c, client, testRootFingerprint}, args{&apiv1.RenewCertificateRequest{
CSR: testCR,
Lifetime: 0,
}}, nil, true},
{"fail sign token", fields{nil, client, testRootFingerprint}, args{&apiv1.RenewCertificateRequest{
CSR: testCR,
Lifetime: time.Hour,
}}, nil, true},
{"fail client sign", fields{x5c, client, testRootFingerprint}, args{&apiv1.RenewCertificateRequest{
CSR: testFailCR,
Lifetime: time.Hour,
}}, nil, true}, }}, nil, true},
} }
for _, tt := range tests { for _, tt := range tests {