alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fix sign and renew tests.

Browse source
This commit is contained in:
Mariano Cano 2019-03-11 18:15:24 -07:00
parent 2fb77b8a4d
commit 1f5ff5c899
3 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
authority/authorize_test.go
View file

@ -45,8 +45,6 @@ func generateToken(sub, iss, aud string, sans []string, iat time.Time, jwk *jose
func TestAuthorize(t *testing.T) { func TestAuthorize(t *testing.T) {
a := testAuthority(t) a := testAuthority(t)
time.Sleep(time.Second)
now := time.Now()
key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err) assert.FatalError(t, err)
@ -54,6 +52,7 @@ func TestAuthorize(t *testing.T) {
keyNoKid := &jose.JSONWebKey{Key: key.Key, KeyID: ""} keyNoKid := &jose.JSONWebKey{Key: key.Key, KeyID: ""}
keyBadKid := &jose.JSONWebKey{Key: key.Key, KeyID: "foo"} keyBadKid := &jose.JSONWebKey{Key: key.Key, KeyID: "foo"}
now := time.Now()
validIssuer := "step-cli" validIssuer := "step-cli"
validAudience := []string{"https://test.ca.smallstep.com/sign"} validAudience := []string{"https://test.ca.smallstep.com/sign"}

4
authority/tls.go
View file

@ -102,7 +102,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
certValidators = append(certValidators, k) certValidators = append(certValidators, k)
case provisioner.CertificateRequestValidator: case provisioner.CertificateRequestValidator:
if err := k.Valid(csr); err != nil { if err := k.Valid(csr); err != nil {
return nil, nil, &apiError{err, http.StatusUnauthorized, errContext} return nil, nil, &apiError{errors.Wrap(err, "sign"), http.StatusUnauthorized, errContext}
} }
case provisioner.ProfileModifier: case provisioner.ProfileModifier:
mods = append(mods, k.Option(signOpts)) mods = append(mods, k.Option(signOpts))
@ -140,7 +140,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
// FIXME: This should be before creating the certificate. // FIXME: This should be before creating the certificate.
for _, v := range certValidators { for _, v := range certValidators {
if err := v.Valid(serverCert); err != nil { if err := v.Valid(serverCert); err != nil {
return nil, nil, &apiError{err, http.StatusUnauthorized, errContext} return nil, nil, &apiError{errors.Wrap(err, "sign"), http.StatusUnauthorized, errContext}
} }
} }

20
authority/tls_test.go
View file

@ -18,6 +18,7 @@ import (
"github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/tlsutil" "github.com/smallstep/cli/crypto/tlsutil"
"github.com/smallstep/cli/crypto/x509util" "github.com/smallstep/cli/crypto/x509util"
"github.com/smallstep/cli/jose"
stepx509 "github.com/smallstep/cli/pkg/x509" stepx509 "github.com/smallstep/cli/pkg/x509"
) )
@ -57,13 +58,14 @@ func TestSign(t *testing.T) {
NotAfter: nb.Add(time.Minute * 5), NotAfter: nb.Add(time.Minute * 5),
} }
// Create a token to get test extra opts.
p := a.config.AuthorityConfig.Provisioners[1].(*provisioner.JWK) p := a.config.AuthorityConfig.Provisioners[1].(*provisioner.JWK)
extraOpts := []provisioner.SignOption{ key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
// &commonNameClaim{"smallstep test"}, assert.FatalError(t, err)
// &dnsNamesClaim{[]string{"test.smallstep.com"}}, token, err := generateToken("smallstep test", "step-cli", "https://test.ca.smallstep.com/sign", []string{"test.smallstep.com"}, time.Now(), key)
// &ipAddressesClaim{[]net.IP{}}, assert.FatalError(t, err)
// p, extraOpts, err := a.Authorize(token)
} assert.FatalError(t, err)
type signTest struct { type signTest struct {
auth *Authority auth *Authority
@ -123,7 +125,7 @@ func TestSign(t *testing.T) {
return &signTest{ return &signTest{
auth: _a, auth: _a,
csr: csr, csr: csr,
extraOpts: []provisioner.SignOption{p}, extraOpts: extraOpts,
signOpts: signOpts, signOpts: signOpts,
err: &apiError{errors.New("sign: error creating new leaf certificate"), err: &apiError{errors.New("sign: error creating new leaf certificate"),
http.StatusInternalServerError, http.StatusInternalServerError,
@ -157,7 +159,7 @@ func TestSign(t *testing.T) {
csr: csr, csr: csr,
extraOpts: extraOpts, extraOpts: extraOpts,
signOpts: signOpts, signOpts: signOpts,
err: &apiError{errors.New("sign: DNS names claim failed - got [test.smallstep.com smallstep test], want [test.smallstep.com]"), err: &apiError{errors.New("sign: certificate request does not contain the valid DNS names - got [test.smallstep.com smallstep test], want [test.smallstep.com]"),
http.StatusUnauthorized, http.StatusUnauthorized,
context{"csr": csr, "signOptions": signOpts}, context{"csr": csr, "signOptions": signOpts},
}, },
@ -321,7 +323,7 @@ func TestRenew(t *testing.T) {
} }
return &renewTest{ return &renewTest{
crt: crtNoRenew, crt: crtNoRenew,
err: &apiError{errors.New("renew disabled"), err: &apiError{errors.New("renew is disabled for provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"),
http.StatusUnauthorized, ctx}, http.StatusUnauthorized, ctx},
}, nil }, nil
}, },