Add authority.Sign test with custom templates.

2020-07-22 19:18:45 -07:00 · 2020-07-22 19:18:45 -07:00 · a7b65f1e1e
commit a7b65f1e1e
parent 6c64fb3ed2
2 changed files with 66 additions and 1 deletions
--- a/authority/tls.go
+++ b/authority/tls.go
@ -109,7 +109,11 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
 	cert, err := x509util.NewCertificate(csr, certOptions...)
 	if err != nil {
 		if _, ok := err.(*x509util.TemplateError); ok {
-			return nil, errs.NewErr(http.StatusBadRequest, err, errs.WithMessage(err.Error()))
+			return nil, errs.NewErr(http.StatusBadRequest, err,
 				errs.WithMessage(err.Error()),
 				errs.WithKeyVal("csr", csr),
 				errs.WithKeyVal("signOptions", signOpts),
 			)
 		}
 		return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Sign", opts...)
 	}
--- a/authority/tls_test.go
+++ b/authority/tls_test.go
@ -135,6 +135,7 @@ func TestAuthority_Sign(t *testing.T) {
 	signOpts := provisioner.SignOptions{
 		NotBefore: provisioner.NewTimeDuration(nb),
 		NotAfter:  provisioner.NewTimeDuration(nb.Add(time.Minute * 5)),
 		Backdate:  1 * time.Minute,
 	}
 	// Create a token to get test extra opts.
@ -279,6 +280,33 @@ ZYtQ9Ot36qc=
 				code:      http.StatusInternalServerError,
 			}
 		},
 		"fail custom template": func(t *testing.T) *signTest {
 			csr := getCSR(t, priv)
 			testAuthority := testAuthority(t)
 			p, ok := testAuthority.provisioners.Load("step-cli:4UELJx8e0aS9m0CH3fZ0EB7D5aUPICb759zALHFejvc")
 			if !ok {
 				t.Fatal("provisioner not found")
 			}
 			p.(*provisioner.JWK).Options = &provisioner.Options{
 				Template: `{{ fail "fail message" }}`,
 			}
 			testExtraOpts, err := testAuthority.Authorize(ctx, token)
 			assert.FatalError(t, err)
 			testAuthority.db = &db.MockAuthDB{
 				MStoreCertificate: func(crt *x509.Certificate) error {
 					assert.Equals(t, crt.Subject.CommonName, "smallstep test")
 					return nil
 				},
 			}
 			return &signTest{
 				auth:      testAuthority,
 				csr:       csr,
 				extraOpts: testExtraOpts,
 				signOpts:  signOpts,
 				err:       errors.New("fail message"),
 				code:      http.StatusBadRequest,
 			}
 		},
 		"ok": func(t *testing.T) *signTest {
 			csr := getCSR(t, priv)
 			_a := testAuthority(t)
@ -329,6 +357,39 @@ ZYtQ9Ot36qc=
 				notAfter:  now.Add(365 * 24 * time.Hour).Truncate(time.Second),
 			}
 		},
 		"ok with custom template": func(t *testing.T) *signTest {
 			csr := getCSR(t, priv)
 			testAuthority := testAuthority(t)
 			testAuthority.config.AuthorityConfig.Template = a.config.AuthorityConfig.Template
 			p, ok := testAuthority.provisioners.Load("step-cli:4UELJx8e0aS9m0CH3fZ0EB7D5aUPICb759zALHFejvc")
 			if !ok {
 				t.Fatal("provisioner not found")
 			}
 			p.(*provisioner.JWK).Options = &provisioner.Options{
 				Template: `{
 					"subject": {{toJson .Subject}},
 					"dnsNames": {{ toJson .Insecure.CR.DNSNames }},
 					"keyUsage": ["digitalSignature"],
 					"extKeyUsage": ["serverAuth","clientAuth"]
 				}`,
 			}
 			testExtraOpts, err := testAuthority.Authorize(ctx, token)
 			assert.FatalError(t, err)
 			testAuthority.db = &db.MockAuthDB{
 				MStoreCertificate: func(crt *x509.Certificate) error {
 					assert.Equals(t, crt.Subject.CommonName, "smallstep test")
 					return nil
 				},
 			}
 			return &signTest{
 				auth:      testAuthority,
 				csr:       csr,
 				extraOpts: testExtraOpts,
 				signOpts:  signOpts,
 				notBefore: signOpts.NotBefore.Time().Truncate(time.Second),
 				notAfter:  signOpts.NotAfter.Time().Truncate(time.Second),
 			}
 		},
 	}
 	for name, genTestCase := range tests {