forked from TrueCloudLab/certificates
Add setup for Authority tests
This commit is contained in:
parent
877fc9ae8c
commit
375687cd1b
5 changed files with 211 additions and 0 deletions
|
@ -6,6 +6,7 @@ import (
|
|||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"reflect"
|
||||
|
@ -320,3 +321,150 @@ func TestAuthority_CloseForReload(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func testScepAuthority(t *testing.T, opts ...Option) *Authority {
|
||||
|
||||
p := provisioner.List{
|
||||
&provisioner.SCEP{
|
||||
Name: "scep1",
|
||||
Type: "SCEP",
|
||||
},
|
||||
}
|
||||
c := &Config{
|
||||
Address: "127.0.0.1:8443",
|
||||
InsecureAddress: "127.0.0.1:8080",
|
||||
Root: []string{"testdata/scep/root.crt"},
|
||||
IntermediateCert: "testdata/scep/intermediate.crt",
|
||||
IntermediateKey: "testdata/scep/intermediate.key",
|
||||
DNSNames: []string{"example.com"},
|
||||
Password: "pass",
|
||||
AuthorityConfig: &AuthConfig{
|
||||
Provisioners: p,
|
||||
},
|
||||
}
|
||||
a, err := New(c, opts...)
|
||||
assert.FatalError(t, err)
|
||||
return a
|
||||
}
|
||||
|
||||
func TestAuthority_GetSCEPService(t *testing.T) {
|
||||
auth := testScepAuthority(t)
|
||||
fmt.Println(auth)
|
||||
|
||||
p := provisioner.List{
|
||||
&provisioner.SCEP{
|
||||
Name: "scep1",
|
||||
Type: "SCEP",
|
||||
},
|
||||
}
|
||||
|
||||
type fields struct {
|
||||
config *Config
|
||||
// keyManager kms.KeyManager
|
||||
// provisioners *provisioner.Collection
|
||||
// db db.AuthDB
|
||||
// templates *templates.Templates
|
||||
// x509CAService cas.CertificateAuthorityService
|
||||
// rootX509Certs []*x509.Certificate
|
||||
// federatedX509Certs []*x509.Certificate
|
||||
// certificates *sync.Map
|
||||
// scepService *scep.Service
|
||||
// sshCAUserCertSignKey ssh.Signer
|
||||
// sshCAHostCertSignKey ssh.Signer
|
||||
// sshCAUserCerts []ssh.PublicKey
|
||||
// sshCAHostCerts []ssh.PublicKey
|
||||
// sshCAUserFederatedCerts []ssh.PublicKey
|
||||
// sshCAHostFederatedCerts []ssh.PublicKey
|
||||
// initOnce bool
|
||||
// startTime time.Time
|
||||
// sshBastionFunc func(ctx context.Context, user, hostname string) (*Bastion, error)
|
||||
// sshCheckHostFunc func(ctx context.Context, principal string, tok string, roots []*x509.Certificate) (bool, error)
|
||||
// sshGetHostsFunc func(ctx context.Context, cert *x509.Certificate) ([]Host, error)
|
||||
// getIdentityFunc provisioner.GetIdentityFunc
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
fields fields
|
||||
wantService bool
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "ok",
|
||||
fields: fields{
|
||||
config: &Config{
|
||||
Address: "127.0.0.1:8443",
|
||||
InsecureAddress: "127.0.0.1:8080",
|
||||
Root: []string{"testdata/scep/root.crt"},
|
||||
IntermediateCert: "testdata/scep/intermediate.crt",
|
||||
IntermediateKey: "testdata/scep/intermediate.key",
|
||||
DNSNames: []string{"example.com"},
|
||||
Password: "pass",
|
||||
AuthorityConfig: &AuthConfig{
|
||||
Provisioners: p,
|
||||
},
|
||||
},
|
||||
},
|
||||
wantService: true,
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "wrong password",
|
||||
fields: fields{
|
||||
config: &Config{
|
||||
Address: "127.0.0.1:8443",
|
||||
InsecureAddress: "127.0.0.1:8080",
|
||||
Root: []string{"testdata/scep/root.crt"},
|
||||
IntermediateCert: "testdata/scep/intermediate.crt",
|
||||
IntermediateKey: "testdata/scep/intermediate.key",
|
||||
DNSNames: []string{"example.com"},
|
||||
Password: "wrongpass",
|
||||
AuthorityConfig: &AuthConfig{
|
||||
Provisioners: p,
|
||||
},
|
||||
},
|
||||
},
|
||||
wantService: false,
|
||||
wantErr: true,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
// a := &Authority{
|
||||
// config: tt.fields.config,
|
||||
// keyManager: tt.fields.keyManager,
|
||||
// provisioners: tt.fields.provisioners,
|
||||
// db: tt.fields.db,
|
||||
// templates: tt.fields.templates,
|
||||
// x509CAService: tt.fields.x509CAService,
|
||||
// rootX509Certs: tt.fields.rootX509Certs,
|
||||
// federatedX509Certs: tt.fields.federatedX509Certs,
|
||||
// certificates: tt.fields.certificates,
|
||||
// scepService: tt.fields.scepService,
|
||||
// sshCAUserCertSignKey: tt.fields.sshCAUserCertSignKey,
|
||||
// sshCAHostCertSignKey: tt.fields.sshCAHostCertSignKey,
|
||||
// sshCAUserCerts: tt.fields.sshCAUserCerts,
|
||||
// sshCAHostCerts: tt.fields.sshCAHostCerts,
|
||||
// sshCAUserFederatedCerts: tt.fields.sshCAUserFederatedCerts,
|
||||
// sshCAHostFederatedCerts: tt.fields.sshCAHostFederatedCerts,
|
||||
// initOnce: tt.fields.initOnce,
|
||||
// startTime: tt.fields.startTime,
|
||||
// sshBastionFunc: tt.fields.sshBastionFunc,
|
||||
// sshCheckHostFunc: tt.fields.sshCheckHostFunc,
|
||||
// sshGetHostsFunc: tt.fields.sshGetHostsFunc,
|
||||
// getIdentityFunc: tt.fields.getIdentityFunc,
|
||||
// }
|
||||
a, err := New(tt.fields.config)
|
||||
fmt.Println(err)
|
||||
fmt.Println(a)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("Authority.New(), error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
}
|
||||
if tt.wantService {
|
||||
if got := a.GetSCEPService(); (got != nil) != tt.wantService {
|
||||
t.Errorf("Authority.GetSCEPService() = %v, wantService %v", got, tt.wantService)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
15
authority/testdata/scep/intermediate.crt
vendored
Normal file
15
authority/testdata/scep/intermediate.crt
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICZTCCAgugAwIBAgIQDPpOQXW7OLMFNR/+iOUdQjAKBggqhkjOPQQDAjAXMRUw
|
||||
EwYDVQQDEwxzY2VwdGVzdHJvb3QwHhcNMjEwNTA3MTUyMjU2WhcNMzEwNTA1MTUy
|
||||
MjU2WjAfMR0wGwYDVQQDExRzY2VwdGVzdGludGVybWVkaWF0ZTCCASIwDQYJKoZI
|
||||
hvcNAQEBBQADggEPADCCAQoCggEBAJTw49z9/MeZ/YeRO89ylMV3HnYpw52/Vs2G
|
||||
NsgYZRKiPz2RjixUp1iWRPoDONdlEOIAo0TALNOqz4EqJHB+FpBPBA1ZfwG/PlP/
|
||||
eWFubNXLXIhZPSQOiHmL4dIw0FS/VFGZm1eqc9JPG/V2G6UaKvOa8+W9/nhi4eeL
|
||||
+/9nTwG4cTav9ltaVxQ55kcoJtMcvouYQ4oPSZ6yNuVYbFAoaqZnJqNQhxDvKsFH
|
||||
lHmvl28FAVM+otmEQNTm91uPwXuVusxEGn9N/d7M4iojCiMGg0S3luBS8IrGRI1Y
|
||||
bSKZvGsFnqUjHh2cLL1lqqo5+QvhvP9ut6+g8QGoq8NTc2yCRy8CAwEAAaNmMGQw
|
||||
DgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGfO
|
||||
jTNTKTAyra+rAd/NL2ydarSFMB8GA1UdIwQYMBaAFKJr1p5QRfkHzewG3YEhPAtv
|
||||
FQNrMAoGCCqGSM49BAMCA0gAMEUCIEYK76FN9a/hWkMZcQ+NXyzGtfW+bnwsX3oN
|
||||
wT6jfyO0AiEAojTeSwf/H2l/E1lvsWJfNr8nOokWz+ZsbmMm5PU0Y+g=
|
||||
-----END CERTIFICATE-----
|
30
authority/testdata/scep/intermediate.key
vendored
Normal file
30
authority/testdata/scep/intermediate.key
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,a54ae9388ce050f0a479a258d105fbb7
|
||||
|
||||
VkJp9kKZQ7O9Gy9orvXaO+klt4Lrqp9oSABSBy8yFcc3neniLixqcyZZ4+CC/OG2
|
||||
TGTm4TiB9RBucrUyPwoxBraWbtTLHvS4nfPwr2feSTKoHDhSIr4Z1VMDF8PWiOSg
|
||||
vD3iYs5F1lz78hcB/SNdSZ2jm0ze84DFC2E49agWeiFLwezcLhXKQ2HHRJ6PmJv7
|
||||
IYB7+aLw8cUis/eJquWv7vrmlnshXBXLOrDekNq/mGhdpUmguDNEGX/3yT+8QYRv
|
||||
yeCqLVWcfkQ7KkXAeet0tVPNGQQF0+yS80Hv2/LBcskhL467qa79Xm+QPbBbhsEB
|
||||
aa4rettMLEdxk3IB1dgXdWhdJ4zBD+RFjczJbQlZRfmPb8sR20V/xp3x9i+SLqKp
|
||||
seVoNF+LhLhEwJdMF23t2KpuiOShzC60ApjALN6/O2/XGCl0KQ+NzucX+wpirS6z
|
||||
d2XfEYpsUaUFEFraOwfGXxLmluRtS6Q3+0+NPgwVQuH7EE7KuoTDUoSrUG4OFjaq
|
||||
CeUeZv1IVf0sYqZQVRiMxxdoFBKUSgcaR1gzzLZgHeoZCGP0PewmZDfJMQ5rWe0D
|
||||
zYYIKXUg8+oytHsz+5pQ277psXsl7iApZu56s6w3rD45w/zBeEyBhyL5JMBP8Y6y
|
||||
7ReaUGsoFu3WEvrMcOsN+0Vag/SdQsvEH0PGA/ltlrlhaHKq+4t/ZwP6WxUmnaVV
|
||||
JNtTWB8IqxtO0zbwK1owxjrO7t42K2isSryg/y2sQb4wgokoOzg1PqEaM8PIUvjl
|
||||
qkGhwrOz4lNNQ9b6Hgy81DpnXnJkRNY7B5yKi62TCc6K/DHrFs0fHKb9Qxac5KKf
|
||||
paasGWuEC5IP0lUyn81BmAVlfByBvnGmYiDmmGXLmfsyqtGFL9fpOl1Txq3/URfT
|
||||
f705lzeUt9r2BT5FJtV5lkTntRzjpi5QeRiJsvfXA7nCPZj2hoLWgIm/D/HRgfVR
|
||||
PIX1M7nxefRgES+T6UJNsBbGjSTgEVIPqVnyWs0JUyg4+KQ5VMU8g8SGA0dtnJyF
|
||||
9JrZHy2OA/AYt/c96vJj4WdFvqw3kodIKOipBbKjBBGokaOTsLADFEYgOr51BfvO
|
||||
QmxGZoXsRpD4sBOAwW039Ka5uCfuBETa+XQPtlHailaRZLlK9cZaDlzQr/K9jAgM
|
||||
qOmZIKr3L8YPK3mQV+mWVYchPXTf+UyTFiWIt30z1JlyrTw1H+h62pV9f1QXDB6P
|
||||
FIlfWHUK2mohWqzBnv4zFRBTVUnUDC9ONT+cVLh0cvlbRt2yy2ZgR4+d6IGH6mRH
|
||||
VLgWAFpS3KS1/4NfwWRBaMvIBfqfXCzXSqVJsq7RlBSW/EBwe9TDXhcTzOLHjx4E
|
||||
vdp+hqyXT62cTd7oWe78BBw3xOgpQwQ8bUdhye0kXMLNpU9j70pA7CjLVoVsdzH6
|
||||
n1EG7Mz/5NmXLy7LP8RuVU90mNQzNu8PFWtfjZ/jr3/OxoOc0Wx6mFykXkZbxKXI
|
||||
xOlaOnUHKnEmsCLnZUkIxEqwKo+RYWBRtKxYsS8x8TLXyFGEfHidI75ulZM7eAS8
|
||||
jWtVNKbPIyal+nQMpqa/lKW6fiGGUVp0u2x3Pnd8luRCs2htBmXSB7W7mJ2SMCui
|
||||
-----END RSA PRIVATE KEY-----
|
10
authority/testdata/scep/root.crt
vendored
Normal file
10
authority/testdata/scep/root.crt
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBczCCARigAwIBAgIRAImbSwfqrrI6p72t0b9f6l4wCgYIKoZIzj0EAwIwFzEV
|
||||
MBMGA1UEAxMMc2NlcHRlc3Ryb290MB4XDTIxMDUwNzE1MjEzMFoXDTMxMDUwNTE1
|
||||
MjEzMFowFzEVMBMGA1UEAxMMc2NlcHRlc3Ryb290MFkwEwYHKoZIzj0CAQYIKoZI
|
||||
zj0DAQcDQgAE3fyAgJsDICrnXhhoxHKmXMHLoW0EM9bYiBmx1xRyol0Qa3SZMW43
|
||||
rtTykqVP3HUA3rIrLdX106s9IFcA3eIYiaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIG
|
||||
A1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFKJr1p5QRfkHzewG3YEhPAtvFQNr
|
||||
MAoGCCqGSM49BAMCA0kAMEYCIQDlXU695zKmSSfVPaPbM2cx7OlKr2n6NSyifatH
|
||||
9zDITwIhAJUbbHzRJVgscxx+VSMqC2TkFvug6ryNu6kQIKNRwolr
|
||||
-----END CERTIFICATE-----
|
8
authority/testdata/scep/root.key
vendored
Normal file
8
authority/testdata/scep/root.key
vendored
Normal file
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN EC PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,0ea78864d21de199d3a737e4337589c2
|
||||
|
||||
ZD3ggzw3eDYJp8NovTWgTxk6MagLutgU2UfwbYliAl7wKvVyzwkPytwRkyAXPBM6
|
||||
jMfiAdq6wY2wEpc8OSfrvAXrGuYqlCakDhdMaFDPcS3K29VLl4BaO2X2Rfk55nBd
|
||||
ASBNREKVb+hg2HV22DO7r6t+EYXTSD6iO7EB90bvKdE=
|
||||
-----END EC PRIVATE KEY-----
|
Loading…
Reference in a new issue