alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fix unit tests.

Browse source
This commit is contained in:
Mariano Cano 2020-09-15 18:14:21 -07:00
parent e17ce39e3a
commit 1550a21f68
2 changed files with 33 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
authority/tls_test.go
View file

@ -17,6 +17,8 @@ import (
"testing" "testing"
"time" "time"
"github.com/smallstep/certificates/cas/softcas"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/smallstep/assert" "github.com/smallstep/assert"
"github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/authority/provisioner"
@ -277,7 +279,7 @@ func TestAuthority_Sign(t *testing.T) {
}, },
"fail create cert": func(t *testing.T) *signTest { "fail create cert": func(t *testing.T) *signTest {
_a := testAuthority(t) _a := testAuthority(t)
_a.x509Signer = nil _a.x509CAService.(*softcas.SoftCAS).Signer = nil
csr := getCSR(t, priv) csr := getCSR(t, priv)
return &signTest{ return &signTest{
auth: _a, auth: _a,
@ -635,7 +637,7 @@ func TestAuthority_Renew(t *testing.T) {
tests := map[string]func() (*renewTest, error){ tests := map[string]func() (*renewTest, error){
"fail/create-cert": func() (*renewTest, error) { "fail/create-cert": func() (*renewTest, error) {
_a := testAuthority(t) _a := testAuthority(t)
_a.x509Signer = nil _a.x509CAService.(*softcas.SoftCAS).Signer = nil
return &renewTest{ return &renewTest{
auth: _a, auth: _a,
cert: cert, cert: cert,
@ -661,6 +663,8 @@ func TestAuthority_Renew(t *testing.T) {
intCert, intSigner := generateIntermidiateCertificate(t, rootCert, rootSigner) intCert, intSigner := generateIntermidiateCertificate(t, rootCert, rootSigner)
_a := testAuthority(t) _a := testAuthority(t)
_a.x509CAService.(*softcas.SoftCAS).Issuer = intCert
_a.x509CAService.(*softcas.SoftCAS).Signer = intSigner
_a.x509Signer = intSigner _a.x509Signer = intSigner
_a.x509Issuer = intCert _a.x509Issuer = intCert
return &renewTest{ return &renewTest{
@ -831,7 +835,7 @@ func TestAuthority_Rekey(t *testing.T) {
tests := map[string]func() (*renewTest, error){ tests := map[string]func() (*renewTest, error){
"fail/create-cert": func() (*renewTest, error) { "fail/create-cert": func() (*renewTest, error) {
_a := testAuthority(t) _a := testAuthority(t)
_a.x509Signer = nil _a.x509CAService.(*softcas.SoftCAS).Signer = nil
return &renewTest{ return &renewTest{
auth: _a, auth: _a,
cert: cert, cert: cert,
@ -864,6 +868,8 @@ func TestAuthority_Rekey(t *testing.T) {
intCert, intSigner := generateIntermidiateCertificate(t, rootCert, rootSigner) intCert, intSigner := generateIntermidiateCertificate(t, rootCert, rootSigner)
_a := testAuthority(t) _a := testAuthority(t)
_a.x509CAService.(*softcas.SoftCAS).Issuer = intCert
_a.x509CAService.(*softcas.SoftCAS).Signer = intSigner
_a.x509Signer = intSigner _a.x509Signer = intSigner
_a.x509Issuer = intCert _a.x509Issuer = intCert
return &renewTest{ return &renewTest{
@ -1107,6 +1113,9 @@ func TestAuthority_Revoke(t *testing.T) {
MUseToken: func(id, tok string) (bool, error) { MUseToken: func(id, tok string) (bool, error) {
return true, nil return true, nil
}, },
MGetCertificate: func(sn string) (*x509.Certificate, error) {
return nil, nil
},
Err: errors.New("force"), Err: errors.New("force"),
})) }))
@ -1143,6 +1152,9 @@ func TestAuthority_Revoke(t *testing.T) {
MUseToken: func(id, tok string) (bool, error) { MUseToken: func(id, tok string) (bool, error) {
return true, nil return true, nil
}, },
MGetCertificate: func(sn string) (*x509.Certificate, error) {
return nil, nil
},
Err: db.ErrAlreadyExists, Err: db.ErrAlreadyExists,
})) }))
@ -1179,6 +1191,9 @@ func TestAuthority_Revoke(t *testing.T) {
MUseToken: func(id, tok string) (bool, error) { MUseToken: func(id, tok string) (bool, error) {
return true, nil return true, nil
}, },
MGetCertificate: func(sn string) (*x509.Certificate, error) {
return nil, errors.New("not found")
},
})) }))
cl := jwt.Claims{ cl := jwt.Claims{

16
cas/softcas/softcas.go
View file

@ -5,7 +5,6 @@ import (
"crypto" "crypto"
"crypto/x509" "crypto/x509"
"errors" "errors"
"fmt"
"time" "time"
"github.com/smallstep/certificates/cas/apiv1" "github.com/smallstep/certificates/cas/apiv1"
@ -54,8 +53,12 @@ func (c *SoftCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv1
} }
t := now() t := now()
if req.Template.NotBefore.IsZero() {
req.Template.NotBefore = t.Add(-1 * req.Backdate) req.Template.NotBefore = t.Add(-1 * req.Backdate)
}
if req.Template.NotAfter.IsZero() {
req.Template.NotAfter = t.Add(req.Lifetime) req.Template.NotAfter = t.Add(req.Lifetime)
}
req.Template.Issuer = c.Issuer.Subject req.Template.Issuer = c.Issuer.Subject
cert, err := x509util.CreateCertificate(req.Template, c.Issuer, req.Template.PublicKey, c.Signer) cert, err := x509util.CreateCertificate(req.Template, c.Issuer, req.Template.PublicKey, c.Signer)
@ -98,7 +101,14 @@ func (c *SoftCAS) RenewCertificate(req *apiv1.RenewCertificateRequest) (*apiv1.R
}, nil }, nil
} }
// RevokeCertificate revokes the given certificate in step-ca. // RevokeCertificate revokes the given certificate in step-ca. In SoftCAS this
// operation is a no-op as the actual revoke will happen when we store the entry
// in the db.
func (c *SoftCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv1.RevokeCertificateResponse, error) { func (c *SoftCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv1.RevokeCertificateResponse, error) {
return nil, fmt.Errorf("not implemented") return &apiv1.RevokeCertificateResponse{
Certificate: req.Certificate,
CertificateChain: []*x509.Certificate{
c.Issuer,
},
}, nil
} }