Remove unnecessary parse and improve tests.

This commit is contained in:
Mariano Cano 2019-03-20 18:11:45 -07:00
parent da7360e445
commit 8c8547bf65
2 changed files with 16 additions and 11 deletions

View file

@ -116,24 +116,15 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
// Renew creates a new Certificate identical to the old certificate, except
// with a validity window that begins 'now'.
func (a *Authority) Renew(ocx *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) {
func (a *Authority) Renew(oldCert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) {
// Check step provisioner extensions
if err := a.authorizeRenewal(ocx); err != nil {
if err := a.authorizeRenewal(oldCert); err != nil {
return nil, nil, err
}
// Issuer
issIdentity := a.intermediateIdentity
// Convert a realx509.Certificate to the step x509 Certificate.
oldCert, err := x509.ParseCertificate(ocx.Raw)
if err != nil {
return nil, nil, &apiError{
errors.Wrap(err, "error converting x509.Certificate to stepx509.Certificate"),
http.StatusInternalServerError, context{},
}
}
now := time.Now().UTC()
duration := oldCert.NotAfter.Sub(oldCert.NotBefore)
newCert := &x509.Certificate{

View file

@ -109,6 +109,20 @@ func TestSign(t *testing.T) {
err *apiError
}
tests := map[string]func(*testing.T) *signTest{
"fail invalid signature": func(t *testing.T) *signTest {
csr := getCSR(t, priv)
csr.Signature = []byte("foo")
return &signTest{
auth: a,
csr: csr,
extraOpts: extraOpts,
signOpts: signOpts,
err: &apiError{errors.New("sign: invalid certificate request"),
http.StatusBadRequest,
context{"csr": csr, "signOptions": signOpts},
},
}
},
"fail invalid extra option": func(t *testing.T) *signTest {
csr := getCSR(t, priv)
csr.Raw = []byte("foo")