From 1550a21f6894399bbad73ece4226ad4cedaed480 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Tue, 15 Sep 2020 18:14:21 -0700 Subject: [PATCH] Fix unit tests. --- authority/tls_test.go | 21 ++++++++++++++++++--- cas/softcas/softcas.go | 20 +++++++++++++++----- 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/authority/tls_test.go b/authority/tls_test.go index e96a4bd9..9d8c6226 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -17,6 +17,8 @@ import ( "testing" "time" + "github.com/smallstep/certificates/cas/softcas" + "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/authority/provisioner" @@ -277,7 +279,7 @@ func TestAuthority_Sign(t *testing.T) { }, "fail create cert": func(t *testing.T) *signTest { _a := testAuthority(t) - _a.x509Signer = nil + _a.x509CAService.(*softcas.SoftCAS).Signer = nil csr := getCSR(t, priv) return &signTest{ auth: _a, @@ -635,7 +637,7 @@ func TestAuthority_Renew(t *testing.T) { tests := map[string]func() (*renewTest, error){ "fail/create-cert": func() (*renewTest, error) { _a := testAuthority(t) - _a.x509Signer = nil + _a.x509CAService.(*softcas.SoftCAS).Signer = nil return &renewTest{ auth: _a, cert: cert, @@ -661,6 +663,8 @@ func TestAuthority_Renew(t *testing.T) { intCert, intSigner := generateIntermidiateCertificate(t, rootCert, rootSigner) _a := testAuthority(t) + _a.x509CAService.(*softcas.SoftCAS).Issuer = intCert + _a.x509CAService.(*softcas.SoftCAS).Signer = intSigner _a.x509Signer = intSigner _a.x509Issuer = intCert return &renewTest{ @@ -831,7 +835,7 @@ func TestAuthority_Rekey(t *testing.T) { tests := map[string]func() (*renewTest, error){ "fail/create-cert": func() (*renewTest, error) { _a := testAuthority(t) - _a.x509Signer = nil + _a.x509CAService.(*softcas.SoftCAS).Signer = nil return &renewTest{ auth: _a, cert: cert, @@ -864,6 +868,8 @@ func TestAuthority_Rekey(t *testing.T) { intCert, intSigner := generateIntermidiateCertificate(t, rootCert, rootSigner) _a := testAuthority(t) + _a.x509CAService.(*softcas.SoftCAS).Issuer = intCert + _a.x509CAService.(*softcas.SoftCAS).Signer = intSigner _a.x509Signer = intSigner _a.x509Issuer = intCert return &renewTest{ @@ -1107,6 +1113,9 @@ func TestAuthority_Revoke(t *testing.T) { MUseToken: func(id, tok string) (bool, error) { return true, nil }, + MGetCertificate: func(sn string) (*x509.Certificate, error) { + return nil, nil + }, Err: errors.New("force"), })) @@ -1143,6 +1152,9 @@ func TestAuthority_Revoke(t *testing.T) { MUseToken: func(id, tok string) (bool, error) { return true, nil }, + MGetCertificate: func(sn string) (*x509.Certificate, error) { + return nil, nil + }, Err: db.ErrAlreadyExists, })) @@ -1179,6 +1191,9 @@ func TestAuthority_Revoke(t *testing.T) { MUseToken: func(id, tok string) (bool, error) { return true, nil }, + MGetCertificate: func(sn string) (*x509.Certificate, error) { + return nil, errors.New("not found") + }, })) cl := jwt.Claims{ diff --git a/cas/softcas/softcas.go b/cas/softcas/softcas.go index 751913a0..b0ce19ee 100644 --- a/cas/softcas/softcas.go +++ b/cas/softcas/softcas.go @@ -5,7 +5,6 @@ import ( "crypto" "crypto/x509" "errors" - "fmt" "time" "github.com/smallstep/certificates/cas/apiv1" @@ -54,8 +53,12 @@ func (c *SoftCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv1 } t := now() - req.Template.NotBefore = t.Add(-1 * req.Backdate) - req.Template.NotAfter = t.Add(req.Lifetime) + if req.Template.NotBefore.IsZero() { + req.Template.NotBefore = t.Add(-1 * req.Backdate) + } + if req.Template.NotAfter.IsZero() { + req.Template.NotAfter = t.Add(req.Lifetime) + } req.Template.Issuer = c.Issuer.Subject cert, err := x509util.CreateCertificate(req.Template, c.Issuer, req.Template.PublicKey, c.Signer) @@ -98,7 +101,14 @@ func (c *SoftCAS) RenewCertificate(req *apiv1.RenewCertificateRequest) (*apiv1.R }, nil } -// RevokeCertificate revokes the given certificate in step-ca. +// RevokeCertificate revokes the given certificate in step-ca. In SoftCAS this +// operation is a no-op as the actual revoke will happen when we store the entry +// in the db. func (c *SoftCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv1.RevokeCertificateResponse, error) { - return nil, fmt.Errorf("not implemented") + return &apiv1.RevokeCertificateResponse{ + Certificate: req.Certificate, + CertificateChain: []*x509.Certificate{ + c.Issuer, + }, + }, nil }