diff --git a/api/api.go b/api/api.go index 98ec601a..2bc3c41c 100644 --- a/api/api.go +++ b/api/api.go @@ -14,7 +14,6 @@ import ( "github.com/pkg/errors" "github.com/smallstep/ca-component/authority" "github.com/smallstep/cli/crypto/tlsutil" - "github.com/smallstep/cli/jose" ) // Authority is the interface implemented by a CA authority. @@ -157,12 +156,6 @@ type ProvisionersResponse struct { NextCursor string `json:"nextCursor"` } -// JWKSetByIssuerResponse is the response object that returns the map of -// provisioners. -type JWKSetByIssuerResponse struct { - Map map[string]*jose.JSONWebKeySet `json:"map"` -} - // ProvisionerKeyResponse is the response object that returns the encryptoed key // of a provisioner. type ProvisionerKeyResponse struct { @@ -212,7 +205,6 @@ func (h *caHandler) Route(r Router) { r.MethodFunc("POST", "/renew", h.Renew) r.MethodFunc("GET", "/provisioners", h.Provisioners) r.MethodFunc("GET", "/provisioners/{kid}/encrypted-key", h.ProvisionerKey) - r.MethodFunc("GET", "/provisioners/jwk-set-by-issuer", h.JWKSetByIssuer) // For compatibility with old code: r.MethodFunc("POST", "/re-sign", h.Renew) } @@ -328,26 +320,6 @@ func (h *caHandler) ProvisionerKey(w http.ResponseWriter, r *http.Request) { JSON(w, &ProvisionerKeyResponse{key}) } -func (h *caHandler) JWKSetByIssuer(w http.ResponseWriter, r *http.Request) { - m := map[string]*jose.JSONWebKeySet{} - ps, _, err := h.Authority.GetProvisioners("", 0) - if err != nil { - WriteError(w, InternalServerError(err)) - return - } - for _, p := range ps { - ks, found := m[p.Issuer] - if found { - ks.Keys = append(ks.Keys, *p.Key) - } else { - ks = new(jose.JSONWebKeySet) - ks.Keys = []jose.JSONWebKey{*p.Key} - m[p.Issuer] = ks - } - } - JSON(w, &JWKSetByIssuerResponse{m}) -} - func parseCursor(r *http.Request) (cursor string, limit int, err error) { q := r.URL.Query() cursor = q.Get("cursor") diff --git a/api/api_test.go b/api/api_test.go index 3bd5b1ec..7bfc262c 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -655,83 +655,6 @@ func Test_caHandler_Renew(t *testing.T) { } } -func Test_caHandler_JWKSetByIssuer(t *testing.T) { - t.SkipNow() - type fields struct { - Authority Authority - } - type args struct { - w http.ResponseWriter - r *http.Request - } - - req, err := http.NewRequest("GET", "http://example.com/provisioners/jwk-set-by-issuer", nil) - if err != nil { - t.Fatal(err) - } - - var key jose.JSONWebKey - if err := json.Unmarshal([]byte(pubKey), &key); err != nil { - t.Fatal(err) - } - - p := []*authority.Provisioner{ - { - Issuer: "p1", - Key: &key, - }, - { - Issuer: "p2", - Key: &key, - }, - } - - tests := []struct { - name string - fields fields - args args - statusCode int - }{ - {"ok", fields{&mockAuthority{ret1: p}}, args{httptest.NewRecorder(), req}, 200}, - {"fail", fields{&mockAuthority{ret1: p, err: fmt.Errorf("the error")}}, args{httptest.NewRecorder(), req}, 500}, - } - - expectedKey, err := json.Marshal(key) - if err != nil { - t.Fatal(err) - } - expected := []byte(`{"map":{"p1":{"keys":[` + string(expectedKey) + `]},"p2":{"keys":[` + string(expectedKey) + `]}}}`) - expectedError := []byte(`{"status":500,"message":"Internal Server Error"}`) - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - h := &caHandler{ - Authority: tt.fields.Authority, - } - h.JWKSetByIssuer(tt.args.w, tt.args.r) - - rec := tt.args.w.(*httptest.ResponseRecorder) - res := rec.Result() - if res.StatusCode != tt.statusCode { - t.Errorf("caHandler.JWKSetByIssuer StatusCode = %d, wants %d", res.StatusCode, tt.statusCode) - } - body, err := ioutil.ReadAll(res.Body) - res.Body.Close() - if err != nil { - t.Errorf("caHandler.JWKSetByIssuer unexpected error = %v", err) - } - if tt.statusCode < http.StatusBadRequest { - if !bytes.Equal(bytes.TrimSpace(body), expected) { - t.Errorf("caHandler.JWKSetByIssuer Body = %s, wants %s", body, expected) - } - } else { - if !bytes.Equal(bytes.TrimSpace(body), expectedError) { - t.Errorf("caHandler.JWKSetByIssuer Body = %s, wants %s", body, expectedError) - } - } - }) - } -} - func Test_caHandler_Provisioners(t *testing.T) { type fields struct { Authority Authority diff --git a/ca/ca_test.go b/ca/ca_test.go index ac7fcd6f..ceaad15d 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -321,70 +321,6 @@ func TestCAProvisioners(t *testing.T) { } } -func TestCAJWKSetByIssuer(t *testing.T) { - config, err := authority.LoadConfiguration("testdata/ca.json") - assert.FatalError(t, err) - ca, err := New(config) - assert.FatalError(t, err) - - type ekt struct { - ca *CA - status int - errMsg string - } - tests := map[string]func(t *testing.T) *ekt{ - "ok": func(t *testing.T) *ekt { - return &ekt{ - ca: ca, - status: http.StatusOK, - } - }, - } - - for name, genTestCase := range tests { - t.Run(name, func(t *testing.T) { - tc := genTestCase(t) - - rq, err := http.NewRequest("GET", fmt.Sprintf("/provisioners/jwk-set-by-issuer"), strings.NewReader("")) - assert.FatalError(t, err) - rr := httptest.NewRecorder() - - tc.ca.srv.Handler.ServeHTTP(rr, rq) - - if assert.Equals(t, rr.Code, tc.status) { - body := &ClosingBuffer{rr.Body} - if rr.Code < http.StatusBadRequest { - var ( - resp api.JWKSetByIssuerResponse - psList = config.AuthorityConfig.Provisioners - ) - - assert.FatalError(t, readJSON(body, &resp)) - psMap := resp.Map - - maxks, found := psMap["max"] - assert.Fatal(t, found) - assert.Equals(t, maxks.Keys, []jose.JSONWebKey{*psList[0].Key, *psList[1].Key}) - - marianoks, found := psMap["mariano"] - assert.Fatal(t, found) - assert.Equals(t, marianoks.Keys, []jose.JSONWebKey{*psList[3].Key, *psList[4].Key}) - - stepcliks, found := psMap["step-cli"] - assert.Fatal(t, found) - assert.Equals(t, stepcliks.Keys, []jose.JSONWebKey{*psList[2].Key}) - } else { - err := readError(body) - if len(tc.errMsg) == 0 { - assert.FatalError(t, errors.New("must validate response error")) - } - assert.HasPrefix(t, err.Error(), tc.errMsg) - } - } - }) - } -} - func TestCAProvisionerEncryptedKey(t *testing.T) { config, err := authority.LoadConfiguration("testdata/ca.json") assert.FatalError(t, err)