forked from TrueCloudLab/certificates
Fix and extend stepcas unit tests
This commit is contained in:
parent
9408d0f24b
commit
7a1e6a0e1f
4 changed files with 46 additions and 15 deletions
|
@ -13,7 +13,7 @@ import (
|
|||
|
||||
type mockErrIssuer struct{}
|
||||
|
||||
func (m mockErrIssuer) SignToken(subject string, sans []string) (string, error) {
|
||||
func (m mockErrIssuer) SignToken(subject string, sans []string, info *raInfo) (string, error) {
|
||||
return "", apiv1.ErrNotImplemented{}
|
||||
}
|
||||
|
||||
|
|
|
@ -27,11 +27,16 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
|
|||
type args struct {
|
||||
subject string
|
||||
sans []string
|
||||
info *raInfo
|
||||
}
|
||||
type stepClaims struct {
|
||||
RA *raInfo `json:"ra"`
|
||||
}
|
||||
type claims struct {
|
||||
Aud []string `json:"aud"`
|
||||
Sub string `json:"sub"`
|
||||
Sans []string `json:"sans"`
|
||||
Aud []string `json:"aud"`
|
||||
Sub string `json:"sub"`
|
||||
Sans []string `json:"sans"`
|
||||
Step stepClaims `json:"step"`
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
|
@ -39,8 +44,11 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
|
|||
args args
|
||||
wantErr bool
|
||||
}{
|
||||
{"ok", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}}, false},
|
||||
{"fail", fields{caURL, "ra@doe.org", &mockErrSigner{}}, args{"doe", []string{"doe.org"}}, true},
|
||||
{"ok", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}, nil}, false},
|
||||
{"ok ra", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}, &raInfo{
|
||||
AuthorityID: "authority-id", ProvisionerID: "provisioner-id", ProvisionerType: "provisioner-type",
|
||||
}}, false},
|
||||
{"fail", fields{caURL, "ra@doe.org", &mockErrSigner{}}, args{"doe", []string{"doe.org"}, nil}, true},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
|
@ -49,7 +57,7 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
|
|||
issuer: tt.fields.issuer,
|
||||
signer: tt.fields.signer,
|
||||
}
|
||||
got, err := i.SignToken(tt.args.subject, tt.args.sans)
|
||||
got, err := i.SignToken(tt.args.subject, tt.args.sans, tt.args.info)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("jwkIssuer.SignToken() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
|
@ -65,6 +73,9 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
|
|||
Sub: tt.args.subject,
|
||||
Sans: tt.args.sans,
|
||||
}
|
||||
if tt.args.info != nil {
|
||||
want.Step.RA = tt.args.info
|
||||
}
|
||||
if err := jwt.Claims(testX5CKey.Public(), &c); err != nil {
|
||||
t.Errorf("jwt.Claims() error = %v", err)
|
||||
}
|
||||
|
|
|
@ -665,6 +665,14 @@ func TestStepCAS_CreateCertificate(t *testing.T) {
|
|||
Certificate: testCrt,
|
||||
CertificateChain: []*x509.Certificate{testIssCrt},
|
||||
}, false},
|
||||
{"ok with provisioner", fields{jwk, client, testRootFingerprint}, args{&apiv1.CreateCertificateRequest{
|
||||
CSR: testCR,
|
||||
Lifetime: time.Hour,
|
||||
Provisioner: &apiv1.ProvisionerInfo{ProvisionerID: "provisioner-id", ProvisionerType: "ACME"},
|
||||
}}, &apiv1.CreateCertificateResponse{
|
||||
Certificate: testCrt,
|
||||
CertificateChain: []*x509.Certificate{testIssCrt},
|
||||
}, false},
|
||||
{"fail CSR", fields{x5c, client, testRootFingerprint}, args{&apiv1.CreateCertificateRequest{
|
||||
CSR: nil,
|
||||
Lifetime: time.Hour,
|
||||
|
@ -691,6 +699,7 @@ func TestStepCAS_CreateCertificate(t *testing.T) {
|
|||
s := &StepCAS{
|
||||
iss: tt.fields.iss,
|
||||
client: tt.fields.client,
|
||||
authorityID: "authority-id",
|
||||
fingerprint: tt.fields.fingerprint,
|
||||
}
|
||||
got, err := s.CreateCertificate(tt.args.req)
|
||||
|
|
|
@ -51,11 +51,16 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
|
|||
type args struct {
|
||||
subject string
|
||||
sans []string
|
||||
info *raInfo
|
||||
}
|
||||
type stepClaims struct {
|
||||
RA *raInfo `json:"ra"`
|
||||
}
|
||||
type claims struct {
|
||||
Aud []string `json:"aud"`
|
||||
Sub string `json:"sub"`
|
||||
Sans []string `json:"sans"`
|
||||
Aud []string `json:"aud"`
|
||||
Sub string `json:"sub"`
|
||||
Sans []string `json:"sans"`
|
||||
Step stepClaims `json:"step"`
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
|
@ -63,10 +68,13 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
|
|||
args args
|
||||
wantErr bool
|
||||
}{
|
||||
{"ok", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}}, false},
|
||||
{"fail crt", fields{caURL, "", testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}}, true},
|
||||
{"fail key", fields{caURL, testX5CPath, "", "X5C"}, args{"doe", []string{"doe.org"}}, true},
|
||||
{"fail no signer", fields{caURL, testIssKeyPath, testIssPath, "X5C"}, args{"doe", []string{"doe.org"}}, true},
|
||||
{"ok", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, false},
|
||||
{"ok ra", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, &raInfo{
|
||||
AuthorityID: "authority-id", ProvisionerID: "provisioner-id", ProvisionerType: "provisioner-type",
|
||||
}}, false},
|
||||
{"fail crt", fields{caURL, "", testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
|
||||
{"fail key", fields{caURL, testX5CPath, "", "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
|
||||
{"fail no signer", fields{caURL, testIssKeyPath, testIssPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
|
@ -76,7 +84,7 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
|
|||
keyFile: tt.fields.keyFile,
|
||||
issuer: tt.fields.issuer,
|
||||
}
|
||||
got, err := i.SignToken(tt.args.subject, tt.args.sans)
|
||||
got, err := i.SignToken(tt.args.subject, tt.args.sans, tt.args.info)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("x5cIssuer.SignToken() error = %v, wantErr %v", err, tt.wantErr)
|
||||
}
|
||||
|
@ -91,6 +99,9 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
|
|||
Sub: tt.args.subject,
|
||||
Sans: tt.args.sans,
|
||||
}
|
||||
if tt.args.info != nil {
|
||||
want.Step.RA = tt.args.info
|
||||
}
|
||||
if err := jwt.Claims(testX5CKey.Public(), &c); err != nil {
|
||||
t.Errorf("jwt.Claims() error = %v", err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue