forked from TrueCloudLab/certificates
Fix unit tests.
This commit is contained in:
Mariano Cano
parent
21bd339b86
commit
4eaeede77d
2 changed files with 15 additions and 15 deletions
|
|
@ -137,7 +137,8 @@ func TestAuthorityNew(t *testing.T) {
|
||||||
assert.Equals(t, auth.rootX509Certs[0], root)
|
assert.Equals(t, auth.rootX509Certs[0], root)
|
||||||
|
|
||||||
assert.True(t, auth.initOnce)
|
assert.True(t, auth.initOnce)
|
||||||
assert.NotNil(t, auth.intermediateIdentity)
|
assert.NotNil(t, auth.x509Signer)
|
||||||
|
assert.NotNil(t, auth.x509Issuer)
|
||||||
for _, p := range tc.config.AuthorityConfig.Provisioners {
|
for _, p := range tc.config.AuthorityConfig.Provisioners {
|
||||||
var _p provisioner.Interface
|
var _p provisioner.Interface
|
||||||
_p, ok = auth.provisioners.Load(p.GetID())
|
_p, ok = auth.provisioners.Load(p.GetID())
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package authority
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/sha1"
|
"crypto/sha1"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
|
@ -156,7 +157,7 @@ func TestAuthority_Sign(t *testing.T) {
|
||||||
},
|
},
|
||||||
"fail create cert": func(t *testing.T) *signTest {
|
"fail create cert": func(t *testing.T) *signTest {
|
||||||
_a := testAuthority(t)
|
_a := testAuthority(t)
|
||||||
_a.intermediateIdentity.Key = nil
|
_a.x509Signer = nil
|
||||||
csr := getCSR(t, priv)
|
csr := getCSR(t, priv)
|
||||||
return &signTest{
|
return &signTest{
|
||||||
auth: _a,
|
auth: _a,
|
||||||
|
|
@ -303,7 +304,7 @@ ZYtQ9Ot36qc=
|
||||||
hash := sha1.Sum(pubBytes)
|
hash := sha1.Sum(pubBytes)
|
||||||
assert.Equals(t, leaf.SubjectKeyId, hash[:])
|
assert.Equals(t, leaf.SubjectKeyId, hash[:])
|
||||||
|
|
||||||
assert.Equals(t, leaf.AuthorityKeyId, a.intermediateIdentity.Crt.SubjectKeyId)
|
assert.Equals(t, leaf.AuthorityKeyId, a.x509Issuer.SubjectKeyId)
|
||||||
|
|
||||||
// Verify Provisioner OID
|
// Verify Provisioner OID
|
||||||
found := 0
|
found := 0
|
||||||
|
|
@ -322,7 +323,7 @@ ZYtQ9Ot36qc=
|
||||||
}
|
}
|
||||||
assert.Equals(t, found, 1)
|
assert.Equals(t, found, 1)
|
||||||
|
|
||||||
realIntermediate, err := x509.ParseCertificate(a.intermediateIdentity.Crt.Raw)
|
realIntermediate, err := x509.ParseCertificate(a.x509Issuer.Raw)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
assert.Equals(t, intermediate, realIntermediate)
|
assert.Equals(t, intermediate, realIntermediate)
|
||||||
}
|
}
|
||||||
|
|
@ -353,8 +354,7 @@ func TestAuthority_Renew(t *testing.T) {
|
||||||
NotAfter: provisioner.NewTimeDuration(na1),
|
NotAfter: provisioner.NewTimeDuration(na1),
|
||||||
}
|
}
|
||||||
|
|
||||||
leaf, err := x509util.NewLeafProfile("renew", a.intermediateIdentity.Crt,
|
leaf, err := x509util.NewLeafProfile("renew", a.x509Issuer, a.x509Signer,
|
||||||
a.intermediateIdentity.Key,
|
|
||||||
x509util.WithNotBeforeAfterDuration(so.NotBefore.Time(), so.NotAfter.Time(), 0),
|
x509util.WithNotBeforeAfterDuration(so.NotBefore.Time(), so.NotAfter.Time(), 0),
|
||||||
withDefaultASN1DN(a.config.AuthorityConfig.Template),
|
withDefaultASN1DN(a.config.AuthorityConfig.Template),
|
||||||
x509util.WithPublicKey(pub), x509util.WithHosts("test.smallstep.com,test"),
|
x509util.WithPublicKey(pub), x509util.WithHosts("test.smallstep.com,test"),
|
||||||
|
|
@ -365,8 +365,7 @@ func TestAuthority_Renew(t *testing.T) {
|
||||||
cert, err := x509.ParseCertificate(certBytes)
|
cert, err := x509.ParseCertificate(certBytes)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
||||||
leafNoRenew, err := x509util.NewLeafProfile("norenew", a.intermediateIdentity.Crt,
|
leafNoRenew, err := x509util.NewLeafProfile("norenew", a.x509Issuer, a.x509Signer,
|
||||||
a.intermediateIdentity.Key,
|
|
||||||
x509util.WithNotBeforeAfterDuration(so.NotBefore.Time(), so.NotAfter.Time(), 0),
|
x509util.WithNotBeforeAfterDuration(so.NotBefore.Time(), so.NotAfter.Time(), 0),
|
||||||
withDefaultASN1DN(a.config.AuthorityConfig.Template),
|
withDefaultASN1DN(a.config.AuthorityConfig.Template),
|
||||||
x509util.WithPublicKey(pub), x509util.WithHosts("test.smallstep.com,test"),
|
x509util.WithPublicKey(pub), x509util.WithHosts("test.smallstep.com,test"),
|
||||||
|
|
@ -387,7 +386,7 @@ func TestAuthority_Renew(t *testing.T) {
|
||||||
tests := map[string]func() (*renewTest, error){
|
tests := map[string]func() (*renewTest, error){
|
||||||
"fail-create-cert": func() (*renewTest, error) {
|
"fail-create-cert": func() (*renewTest, error) {
|
||||||
_a := testAuthority(t)
|
_a := testAuthority(t)
|
||||||
_a.intermediateIdentity.Key = nil
|
_a.x509Signer = nil
|
||||||
return &renewTest{
|
return &renewTest{
|
||||||
auth: _a,
|
auth: _a,
|
||||||
cert: cert,
|
cert: cert,
|
||||||
|
|
@ -425,8 +424,8 @@ func TestAuthority_Renew(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
||||||
_a := testAuthority(t)
|
_a := testAuthority(t)
|
||||||
_a.intermediateIdentity.Key = newIntermediateProfile.SubjectPrivateKey()
|
_a.x509Signer = newIntermediateProfile.SubjectPrivateKey().(crypto.Signer)
|
||||||
_a.intermediateIdentity.Crt = newIntermediateCert
|
_a.x509Issuer = newIntermediateCert
|
||||||
return &renewTest{
|
return &renewTest{
|
||||||
auth: _a,
|
auth: _a,
|
||||||
cert: cert,
|
cert: cert,
|
||||||
|
|
@ -494,8 +493,8 @@ func TestAuthority_Renew(t *testing.T) {
|
||||||
assert.Equals(t, leaf.SubjectKeyId, hash[:])
|
assert.Equals(t, leaf.SubjectKeyId, hash[:])
|
||||||
|
|
||||||
// We did not change the intermediate before renewing.
|
// We did not change the intermediate before renewing.
|
||||||
if a.intermediateIdentity.Crt.SerialNumber == tc.auth.intermediateIdentity.Crt.SerialNumber {
|
if a.x509Issuer.SerialNumber == tc.auth.x509Issuer.SerialNumber {
|
||||||
assert.Equals(t, leaf.AuthorityKeyId, a.intermediateIdentity.Crt.SubjectKeyId)
|
assert.Equals(t, leaf.AuthorityKeyId, a.x509Issuer.SubjectKeyId)
|
||||||
// Compare extensions: they can be in a different order
|
// Compare extensions: they can be in a different order
|
||||||
for _, ext1 := range tc.cert.Extensions {
|
for _, ext1 := range tc.cert.Extensions {
|
||||||
found := false
|
found := false
|
||||||
|
|
@ -511,7 +510,7 @@ func TestAuthority_Renew(t *testing.T) {
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// We did change the intermediate before renewing.
|
// We did change the intermediate before renewing.
|
||||||
assert.Equals(t, leaf.AuthorityKeyId, tc.auth.intermediateIdentity.Crt.SubjectKeyId)
|
assert.Equals(t, leaf.AuthorityKeyId, tc.auth.x509Issuer.SubjectKeyId)
|
||||||
// Compare extensions: they can be in a different order
|
// Compare extensions: they can be in a different order
|
||||||
for _, ext1 := range tc.cert.Extensions {
|
for _, ext1 := range tc.cert.Extensions {
|
||||||
// The authority key id extension should be different b/c the intermediates are different.
|
// The authority key id extension should be different b/c the intermediates are different.
|
||||||
|
|
@ -535,7 +534,7 @@ func TestAuthority_Renew(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
realIntermediate, err := x509.ParseCertificate(tc.auth.intermediateIdentity.Crt.Raw)
|
realIntermediate, err := x509.ParseCertificate(tc.auth.x509Issuer.Raw)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
assert.Equals(t, intermediate, realIntermediate)
|
assert.Equals(t, intermediate, realIntermediate)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue