alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fix and extend stepcas unit tests

Browse source
This commit is contained in:
Mariano Cano 2022-08-03 11:57:42 -07:00
parent 9408d0f24b
commit 7a1e6a0e1f
4 changed files with 46 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cas/stepcas/issuer_test.go
View file

@ -13,7 +13,7 @@ import (
type mockErrIssuer struct{} type mockErrIssuer struct{}
func (m mockErrIssuer) SignToken(subject string, sans []string) (string, error) { func (m mockErrIssuer) SignToken(subject string, sans []string, info *raInfo) (string, error) {
return "", apiv1.ErrNotImplemented{} return "", apiv1.ErrNotImplemented{}
} }

17
cas/stepcas/jwk_issuer_test.go
View file

@ -27,11 +27,16 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
type args struct { type args struct {
subject string subject string
sans []string sans []string
info *raInfo
}
type stepClaims struct {
RA *raInfo `json:"ra"`
} }
type claims struct { type claims struct {
Aud []string `json:"aud"` Aud []string `json:"aud"`
Sub string `json:"sub"` Sub string `json:"sub"`
Sans []string `json:"sans"` Sans []string `json:"sans"`
Step stepClaims `json:"step"`
} }
tests := []struct { tests := []struct {
name string name string
@ -39,8 +44,11 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
args args args args
wantErr bool wantErr bool
}{ }{
{"ok", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}}, false}, {"ok", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}, nil}, false},
{"fail", fields{caURL, "ra@doe.org", &mockErrSigner{}}, args{"doe", []string{"doe.org"}}, true}, {"ok ra", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}, &raInfo{
AuthorityID: "authority-id", ProvisionerID: "provisioner-id", ProvisionerType: "provisioner-type",
}}, false},
{"fail", fields{caURL, "ra@doe.org", &mockErrSigner{}}, args{"doe", []string{"doe.org"}, nil}, true},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
@ -49,7 +57,7 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
issuer: tt.fields.issuer, issuer: tt.fields.issuer,
signer: tt.fields.signer, signer: tt.fields.signer,
} }
got, err := i.SignToken(tt.args.subject, tt.args.sans) got, err := i.SignToken(tt.args.subject, tt.args.sans, tt.args.info)
if (err != nil) != tt.wantErr { if (err != nil) != tt.wantErr {
t.Errorf("jwkIssuer.SignToken() error = %v, wantErr %v", err, tt.wantErr) t.Errorf("jwkIssuer.SignToken() error = %v, wantErr %v", err, tt.wantErr)
return return
@ -65,6 +73,9 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
Sub: tt.args.subject, Sub: tt.args.subject,
Sans: tt.args.sans, Sans: tt.args.sans,
} }
if tt.args.info != nil {
want.Step.RA = tt.args.info
}
if err := jwt.Claims(testX5CKey.Public(), &c); err != nil { if err := jwt.Claims(testX5CKey.Public(), &c); err != nil {
t.Errorf("jwt.Claims() error = %v", err) t.Errorf("jwt.Claims() error = %v", err)
} }

9
cas/stepcas/stepcas_test.go
View file

@ -665,6 +665,14 @@ func TestStepCAS_CreateCertificate(t *testing.T) {
Certificate: testCrt, Certificate: testCrt,
CertificateChain: []*x509.Certificate{testIssCrt}, CertificateChain: []*x509.Certificate{testIssCrt},
}, false}, }, false},
{"ok with provisioner", fields{jwk, client, testRootFingerprint}, args{&apiv1.CreateCertificateRequest{
CSR: testCR,
Lifetime: time.Hour,
Provisioner: &apiv1.ProvisionerInfo{ProvisionerID: "provisioner-id", ProvisionerType: "ACME"},
}}, &apiv1.CreateCertificateResponse{
Certificate: testCrt,
CertificateChain: []*x509.Certificate{testIssCrt},
}, false},
{"fail CSR", fields{x5c, client, testRootFingerprint}, args{&apiv1.CreateCertificateRequest{ {"fail CSR", fields{x5c, client, testRootFingerprint}, args{&apiv1.CreateCertificateRequest{
CSR: nil, CSR: nil,
Lifetime: time.Hour, Lifetime: time.Hour,
@ -691,6 +699,7 @@ func TestStepCAS_CreateCertificate(t *testing.T) {
s := &StepCAS{ s := &StepCAS{
iss: tt.fields.iss, iss: tt.fields.iss,
client: tt.fields.client, client: tt.fields.client,
authorityID: "authority-id",
fingerprint: tt.fields.fingerprint, fingerprint: tt.fields.fingerprint,
} }
got, err := s.CreateCertificate(tt.args.req) got, err := s.CreateCertificate(tt.args.req)

21
cas/stepcas/x5c_issuer_test.go
View file

@ -51,11 +51,16 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
type args struct { type args struct {
subject string subject string
sans []string sans []string
info *raInfo
}
type stepClaims struct {
RA *raInfo `json:"ra"`
} }
type claims struct { type claims struct {
Aud []string `json:"aud"` Aud []string `json:"aud"`
Sub string `json:"sub"` Sub string `json:"sub"`
Sans []string `json:"sans"` Sans []string `json:"sans"`
Step stepClaims `json:"step"`
} }
tests := []struct { tests := []struct {
name string name string
@ -63,10 +68,13 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
args args args args
wantErr bool wantErr bool
}{ }{
{"ok", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}}, false}, {"ok", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, false},
{"fail crt", fields{caURL, "", testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}}, true}, {"ok ra", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, &raInfo{
{"fail key", fields{caURL, testX5CPath, "", "X5C"}, args{"doe", []string{"doe.org"}}, true}, AuthorityID: "authority-id", ProvisionerID: "provisioner-id", ProvisionerType: "provisioner-type",
{"fail no signer", fields{caURL, testIssKeyPath, testIssPath, "X5C"}, args{"doe", []string{"doe.org"}}, true}, }}, false},
{"fail crt", fields{caURL, "", testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
{"fail key", fields{caURL, testX5CPath, "", "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
{"fail no signer", fields{caURL, testIssKeyPath, testIssPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
@ -76,7 +84,7 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
keyFile: tt.fields.keyFile, keyFile: tt.fields.keyFile,
issuer: tt.fields.issuer, issuer: tt.fields.issuer,
} }
got, err := i.SignToken(tt.args.subject, tt.args.sans) got, err := i.SignToken(tt.args.subject, tt.args.sans, tt.args.info)
if (err != nil) != tt.wantErr { if (err != nil) != tt.wantErr {
t.Errorf("x5cIssuer.SignToken() error = %v, wantErr %v", err, tt.wantErr) t.Errorf("x5cIssuer.SignToken() error = %v, wantErr %v", err, tt.wantErr)
} }
@ -91,6 +99,9 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
Sub: tt.args.subject, Sub: tt.args.subject,
Sans: tt.args.sans, Sans: tt.args.sans,
} }
if tt.args.info != nil {
want.Step.RA = tt.args.info
}
if err := jwt.Claims(testX5CKey.Public(), &c); err != nil { if err := jwt.Claims(testX5CKey.Public(), &c); err != nil {
t.Errorf("jwt.Claims() error = %v", err) t.Errorf("jwt.Claims() error = %v", err)
} }