diff --git a/authority/authority_test.go b/authority/authority_test.go index e6625d6a..618e7939 100644 --- a/authority/authority_test.go +++ b/authority/authority_test.go @@ -6,6 +6,7 @@ import ( "crypto/sha256" "crypto/x509" "encoding/hex" + "fmt" "io/ioutil" "net" "reflect" @@ -320,3 +321,150 @@ func TestAuthority_CloseForReload(t *testing.T) { }) } } + +func testScepAuthority(t *testing.T, opts ...Option) *Authority { + + p := provisioner.List{ + &provisioner.SCEP{ + Name: "scep1", + Type: "SCEP", + }, + } + c := &Config{ + Address: "127.0.0.1:8443", + InsecureAddress: "127.0.0.1:8080", + Root: []string{"testdata/scep/root.crt"}, + IntermediateCert: "testdata/scep/intermediate.crt", + IntermediateKey: "testdata/scep/intermediate.key", + DNSNames: []string{"example.com"}, + Password: "pass", + AuthorityConfig: &AuthConfig{ + Provisioners: p, + }, + } + a, err := New(c, opts...) + assert.FatalError(t, err) + return a +} + +func TestAuthority_GetSCEPService(t *testing.T) { + auth := testScepAuthority(t) + fmt.Println(auth) + + p := provisioner.List{ + &provisioner.SCEP{ + Name: "scep1", + Type: "SCEP", + }, + } + + type fields struct { + config *Config + // keyManager kms.KeyManager + // provisioners *provisioner.Collection + // db db.AuthDB + // templates *templates.Templates + // x509CAService cas.CertificateAuthorityService + // rootX509Certs []*x509.Certificate + // federatedX509Certs []*x509.Certificate + // certificates *sync.Map + // scepService *scep.Service + // sshCAUserCertSignKey ssh.Signer + // sshCAHostCertSignKey ssh.Signer + // sshCAUserCerts []ssh.PublicKey + // sshCAHostCerts []ssh.PublicKey + // sshCAUserFederatedCerts []ssh.PublicKey + // sshCAHostFederatedCerts []ssh.PublicKey + // initOnce bool + // startTime time.Time + // sshBastionFunc func(ctx context.Context, user, hostname string) (*Bastion, error) + // sshCheckHostFunc func(ctx context.Context, principal string, tok string, roots []*x509.Certificate) (bool, error) + // sshGetHostsFunc func(ctx context.Context, cert *x509.Certificate) ([]Host, error) + // getIdentityFunc provisioner.GetIdentityFunc + } + tests := []struct { + name string + fields fields + wantService bool + wantErr bool + }{ + { + name: "ok", + fields: fields{ + config: &Config{ + Address: "127.0.0.1:8443", + InsecureAddress: "127.0.0.1:8080", + Root: []string{"testdata/scep/root.crt"}, + IntermediateCert: "testdata/scep/intermediate.crt", + IntermediateKey: "testdata/scep/intermediate.key", + DNSNames: []string{"example.com"}, + Password: "pass", + AuthorityConfig: &AuthConfig{ + Provisioners: p, + }, + }, + }, + wantService: true, + wantErr: false, + }, + { + name: "wrong password", + fields: fields{ + config: &Config{ + Address: "127.0.0.1:8443", + InsecureAddress: "127.0.0.1:8080", + Root: []string{"testdata/scep/root.crt"}, + IntermediateCert: "testdata/scep/intermediate.crt", + IntermediateKey: "testdata/scep/intermediate.key", + DNSNames: []string{"example.com"}, + Password: "wrongpass", + AuthorityConfig: &AuthConfig{ + Provisioners: p, + }, + }, + }, + wantService: false, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // a := &Authority{ + // config: tt.fields.config, + // keyManager: tt.fields.keyManager, + // provisioners: tt.fields.provisioners, + // db: tt.fields.db, + // templates: tt.fields.templates, + // x509CAService: tt.fields.x509CAService, + // rootX509Certs: tt.fields.rootX509Certs, + // federatedX509Certs: tt.fields.federatedX509Certs, + // certificates: tt.fields.certificates, + // scepService: tt.fields.scepService, + // sshCAUserCertSignKey: tt.fields.sshCAUserCertSignKey, + // sshCAHostCertSignKey: tt.fields.sshCAHostCertSignKey, + // sshCAUserCerts: tt.fields.sshCAUserCerts, + // sshCAHostCerts: tt.fields.sshCAHostCerts, + // sshCAUserFederatedCerts: tt.fields.sshCAUserFederatedCerts, + // sshCAHostFederatedCerts: tt.fields.sshCAHostFederatedCerts, + // initOnce: tt.fields.initOnce, + // startTime: tt.fields.startTime, + // sshBastionFunc: tt.fields.sshBastionFunc, + // sshCheckHostFunc: tt.fields.sshCheckHostFunc, + // sshGetHostsFunc: tt.fields.sshGetHostsFunc, + // getIdentityFunc: tt.fields.getIdentityFunc, + // } + a, err := New(tt.fields.config) + fmt.Println(err) + fmt.Println(a) + if (err != nil) != tt.wantErr { + t.Errorf("Authority.New(), error = %v, wantErr %v", err, tt.wantErr) + return + } + if tt.wantService { + if got := a.GetSCEPService(); (got != nil) != tt.wantService { + t.Errorf("Authority.GetSCEPService() = %v, wantService %v", got, tt.wantService) + } + } + }) + } +} diff --git a/authority/testdata/scep/intermediate.crt b/authority/testdata/scep/intermediate.crt new file mode 100644 index 00000000..42ac4867 --- /dev/null +++ b/authority/testdata/scep/intermediate.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICZTCCAgugAwIBAgIQDPpOQXW7OLMFNR/+iOUdQjAKBggqhkjOPQQDAjAXMRUw +EwYDVQQDEwxzY2VwdGVzdHJvb3QwHhcNMjEwNTA3MTUyMjU2WhcNMzEwNTA1MTUy +MjU2WjAfMR0wGwYDVQQDExRzY2VwdGVzdGludGVybWVkaWF0ZTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJTw49z9/MeZ/YeRO89ylMV3HnYpw52/Vs2G +NsgYZRKiPz2RjixUp1iWRPoDONdlEOIAo0TALNOqz4EqJHB+FpBPBA1ZfwG/PlP/ +eWFubNXLXIhZPSQOiHmL4dIw0FS/VFGZm1eqc9JPG/V2G6UaKvOa8+W9/nhi4eeL ++/9nTwG4cTav9ltaVxQ55kcoJtMcvouYQ4oPSZ6yNuVYbFAoaqZnJqNQhxDvKsFH +lHmvl28FAVM+otmEQNTm91uPwXuVusxEGn9N/d7M4iojCiMGg0S3luBS8IrGRI1Y +bSKZvGsFnqUjHh2cLL1lqqo5+QvhvP9ut6+g8QGoq8NTc2yCRy8CAwEAAaNmMGQw +DgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGfO +jTNTKTAyra+rAd/NL2ydarSFMB8GA1UdIwQYMBaAFKJr1p5QRfkHzewG3YEhPAtv +FQNrMAoGCCqGSM49BAMCA0gAMEUCIEYK76FN9a/hWkMZcQ+NXyzGtfW+bnwsX3oN +wT6jfyO0AiEAojTeSwf/H2l/E1lvsWJfNr8nOokWz+ZsbmMm5PU0Y+g= +-----END CERTIFICATE----- diff --git a/authority/testdata/scep/intermediate.key b/authority/testdata/scep/intermediate.key new file mode 100644 index 00000000..ae564056 --- /dev/null +++ b/authority/testdata/scep/intermediate.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,a54ae9388ce050f0a479a258d105fbb7 + +VkJp9kKZQ7O9Gy9orvXaO+klt4Lrqp9oSABSBy8yFcc3neniLixqcyZZ4+CC/OG2 +TGTm4TiB9RBucrUyPwoxBraWbtTLHvS4nfPwr2feSTKoHDhSIr4Z1VMDF8PWiOSg +vD3iYs5F1lz78hcB/SNdSZ2jm0ze84DFC2E49agWeiFLwezcLhXKQ2HHRJ6PmJv7 +IYB7+aLw8cUis/eJquWv7vrmlnshXBXLOrDekNq/mGhdpUmguDNEGX/3yT+8QYRv +yeCqLVWcfkQ7KkXAeet0tVPNGQQF0+yS80Hv2/LBcskhL467qa79Xm+QPbBbhsEB +aa4rettMLEdxk3IB1dgXdWhdJ4zBD+RFjczJbQlZRfmPb8sR20V/xp3x9i+SLqKp +seVoNF+LhLhEwJdMF23t2KpuiOShzC60ApjALN6/O2/XGCl0KQ+NzucX+wpirS6z +d2XfEYpsUaUFEFraOwfGXxLmluRtS6Q3+0+NPgwVQuH7EE7KuoTDUoSrUG4OFjaq +CeUeZv1IVf0sYqZQVRiMxxdoFBKUSgcaR1gzzLZgHeoZCGP0PewmZDfJMQ5rWe0D +zYYIKXUg8+oytHsz+5pQ277psXsl7iApZu56s6w3rD45w/zBeEyBhyL5JMBP8Y6y +7ReaUGsoFu3WEvrMcOsN+0Vag/SdQsvEH0PGA/ltlrlhaHKq+4t/ZwP6WxUmnaVV +JNtTWB8IqxtO0zbwK1owxjrO7t42K2isSryg/y2sQb4wgokoOzg1PqEaM8PIUvjl +qkGhwrOz4lNNQ9b6Hgy81DpnXnJkRNY7B5yKi62TCc6K/DHrFs0fHKb9Qxac5KKf +paasGWuEC5IP0lUyn81BmAVlfByBvnGmYiDmmGXLmfsyqtGFL9fpOl1Txq3/URfT +f705lzeUt9r2BT5FJtV5lkTntRzjpi5QeRiJsvfXA7nCPZj2hoLWgIm/D/HRgfVR +PIX1M7nxefRgES+T6UJNsBbGjSTgEVIPqVnyWs0JUyg4+KQ5VMU8g8SGA0dtnJyF +9JrZHy2OA/AYt/c96vJj4WdFvqw3kodIKOipBbKjBBGokaOTsLADFEYgOr51BfvO +QmxGZoXsRpD4sBOAwW039Ka5uCfuBETa+XQPtlHailaRZLlK9cZaDlzQr/K9jAgM +qOmZIKr3L8YPK3mQV+mWVYchPXTf+UyTFiWIt30z1JlyrTw1H+h62pV9f1QXDB6P +FIlfWHUK2mohWqzBnv4zFRBTVUnUDC9ONT+cVLh0cvlbRt2yy2ZgR4+d6IGH6mRH +VLgWAFpS3KS1/4NfwWRBaMvIBfqfXCzXSqVJsq7RlBSW/EBwe9TDXhcTzOLHjx4E +vdp+hqyXT62cTd7oWe78BBw3xOgpQwQ8bUdhye0kXMLNpU9j70pA7CjLVoVsdzH6 +n1EG7Mz/5NmXLy7LP8RuVU90mNQzNu8PFWtfjZ/jr3/OxoOc0Wx6mFykXkZbxKXI +xOlaOnUHKnEmsCLnZUkIxEqwKo+RYWBRtKxYsS8x8TLXyFGEfHidI75ulZM7eAS8 +jWtVNKbPIyal+nQMpqa/lKW6fiGGUVp0u2x3Pnd8luRCs2htBmXSB7W7mJ2SMCui +-----END RSA PRIVATE KEY----- diff --git a/authority/testdata/scep/root.crt b/authority/testdata/scep/root.crt new file mode 100644 index 00000000..58f9820d --- /dev/null +++ b/authority/testdata/scep/root.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBczCCARigAwIBAgIRAImbSwfqrrI6p72t0b9f6l4wCgYIKoZIzj0EAwIwFzEV +MBMGA1UEAxMMc2NlcHRlc3Ryb290MB4XDTIxMDUwNzE1MjEzMFoXDTMxMDUwNTE1 +MjEzMFowFzEVMBMGA1UEAxMMc2NlcHRlc3Ryb290MFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAE3fyAgJsDICrnXhhoxHKmXMHLoW0EM9bYiBmx1xRyol0Qa3SZMW43 +rtTykqVP3HUA3rIrLdX106s9IFcA3eIYiaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIG +A1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFKJr1p5QRfkHzewG3YEhPAtvFQNr +MAoGCCqGSM49BAMCA0kAMEYCIQDlXU695zKmSSfVPaPbM2cx7OlKr2n6NSyifatH +9zDITwIhAJUbbHzRJVgscxx+VSMqC2TkFvug6ryNu6kQIKNRwolr +-----END CERTIFICATE----- diff --git a/authority/testdata/scep/root.key b/authority/testdata/scep/root.key new file mode 100644 index 00000000..7dd4582b --- /dev/null +++ b/authority/testdata/scep/root.key @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,0ea78864d21de199d3a737e4337589c2 + +ZD3ggzw3eDYJp8NovTWgTxk6MagLutgU2UfwbYliAl7wKvVyzwkPytwRkyAXPBM6 +jMfiAdq6wY2wEpc8OSfrvAXrGuYqlCakDhdMaFDPcS3K29VLl4BaO2X2Rfk55nBd +ASBNREKVb+hg2HV22DO7r6t+EYXTSD6iO7EB90bvKdE= +-----END EC PRIVATE KEY-----