From d773770a44609e181db8807102ddcec376ff91e4 Mon Sep 17 00:00:00 2001 From: max furman Date: Mon, 8 Oct 2018 21:48:44 -0700 Subject: [PATCH] add authority.New unit tests --- Gopkg.lock | 6 +-- Gopkg.toml | 2 +- authority/authority.go | 2 - authority/authority_test.go | 82 +++++++++++++++++++++++++++++++++++++ ca/testdata/ca.json | 6 +-- 5 files changed, 89 insertions(+), 9 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 147c17f5..32b5b340 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -143,8 +143,8 @@ revision = "de77670473b5492f5d0bce155b5c01534c2d13f7" [[projects]] - branch = "ca-commands-wip" - digest = "1:723d56910291478edfd50fa2146e52fc6d8f5b5e67ddd6e5b8e89291313256a2" + branch = "ca-commands" + digest = "1:e81a129363c3570e218497e61c2c71c66e99b8f05be45eb8e8a32612f3ad1d7b" name = "github.com/smallstep/cli" packages = [ "crypto/keys", @@ -158,7 +158,7 @@ "utils", ] pruneopts = "UT" - revision = "75ee5a0262bdbb305c75dcb98e7f806540537678" + revision = "802214a46ad6aad96b741acebc85de63d03d00b5" [[projects]] branch = "master" diff --git a/Gopkg.toml b/Gopkg.toml index e10bab73..c7a37d28 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -46,7 +46,7 @@ required = [ name = "github.com/go-chi/chi" [[constraint]] - branch = "ca-commands-wip" + branch = "ca-commands" name = "github.com/smallstep/cli" [prune] diff --git a/authority/authority.go b/authority/authority.go index 671d4fb8..a4e107d8 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -66,7 +66,6 @@ func (a *Authority) init() error { // Decrypt and load intermediate public / private key pair. if len(a.config.Password) > 0 { - //fmt.Printf("Decrypting intermediate... ") a.intermediateIdentity, err = x509util.LoadIdentityFromDisk( a.config.IntermediateCert, a.config.IntermediateKey, @@ -75,7 +74,6 @@ func (a *Authority) init() error { if err != nil { return err } - //fmt.Printf("all done.\n") } else { a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(a.config.IntermediateCert, a.config.IntermediateKey) if err != nil { diff --git a/authority/authority_test.go b/authority/authority_test.go index e531a79e..ca26025a 100644 --- a/authority/authority_test.go +++ b/authority/authority_test.go @@ -1,8 +1,11 @@ package authority import ( + "crypto/sha256" + "encoding/hex" "testing" + "github.com/pkg/errors" "github.com/smallstep/assert" stepJOSE "github.com/smallstep/cli/jose" ) @@ -39,3 +42,82 @@ func testAuthority(t *testing.T) *Authority { assert.FatalError(t, err) return a } + +func TestAuthorityNew(t *testing.T) { + type newTest struct { + config *Config + err error + } + tests := map[string]func(t *testing.T) *newTest{ + "ok": func(t *testing.T) *newTest { + c, err := LoadConfiguration("../ca/testdata/ca.json") + assert.FatalError(t, err) + return &newTest{ + config: c, + } + }, + "fail-bad-root": func(t *testing.T) *newTest { + c, err := LoadConfiguration("../ca/testdata/ca.json") + assert.FatalError(t, err) + c.Root = "foo" + return &newTest{ + config: c, + err: errors.New("open foo failed: no such file or directory"), + } + }, + "fail-bad-password": func(t *testing.T) *newTest { + c, err := LoadConfiguration("../ca/testdata/ca.json") + assert.FatalError(t, err) + c.Password = "wrong" + return &newTest{ + config: c, + err: errors.New("error decrypting ../ca/testdata/secrets/intermediate_ca_key: x509: decryption password incorrect"), + } + }, + "fail-loading-ca-cert": func(t *testing.T) *newTest { + c, err := LoadConfiguration("../ca/testdata/ca.json") + assert.FatalError(t, err) + c.IntermediateCert = "wrong" + return &newTest{ + config: c, + err: errors.New("open wrong failed: no such file or directory"), + } + }, + } + + for name, genTestCase := range tests { + t.Run(name, func(t *testing.T) { + tc := genTestCase(t) + + auth, err := New(tc.config) + if err != nil { + if assert.NotNil(t, tc.err) { + assert.HasPrefix(t, err.Error(), tc.err.Error()) + } + } else { + if assert.Nil(t, tc.err) { + sum := sha256.Sum256(auth.rootX509Crt.Raw) + root, ok := auth.certificates.Load(hex.EncodeToString(sum[:])) + assert.Fatal(t, ok) + assert.Equals(t, auth.rootX509Crt, root) + + assert.True(t, auth.initOnce) + assert.NotNil(t, auth.intermediateIdentity) + for _, p := range tc.config.AuthorityConfig.Provisioners { + _p, ok := auth.provisionerIDIndex.Load(p.Key.KeyID) + assert.True(t, ok) + assert.Equals(t, p, _p) + if len(p.EncryptedKey) > 0 { + key, ok := auth.encryptedKeyIndex.Load(p.Key.KeyID) + assert.True(t, ok) + assert.Equals(t, p.EncryptedKey, key) + } + } + // sanity check + _, ok = auth.provisionerIDIndex.Load("fooo") + assert.False(t, ok) + } + } + }) + } +} diff --git a/ca/testdata/ca.json b/ca/testdata/ca.json index 8372bf61..2ddb49b9 100644 --- a/ca/testdata/ca.json +++ b/ca/testdata/ca.json @@ -1,7 +1,7 @@ { - "root": "testdata/secrets/root_ca.crt", - "crt": "testdata/secrets/intermediate_ca.crt", - "key": "testdata/secrets/intermediate_ca_key", + "root": "../ca/testdata/secrets/root_ca.crt", + "crt": "../ca/testdata/secrets/intermediate_ca.crt", + "key": "../ca/testdata/secrets/intermediate_ca_key", "password": "password", "address": "127.0.0.1:0", "dnsNames": ["127.0.0.1"],