Move matchesAudience and stripPort tests to provisioner package.

authority/authorize.go

@@ -3,7 +3,6 @@ package authority
 import (
 	"crypto/x509"
 	"net/http"
-	"net/url"
 	"time"
 
 	"github.com/pkg/errors"
@@ -24,33 +23,6 @@ type Claims struct {
 	Nonce string   `json:"nonce,omitempty"`
 }
 
-// matchesAudience returns true if A and B share at least one element.
-func matchesAudience(as, bs []string) bool {
-	if len(bs) == 0 || len(as) == 0 {
-		return false
-	}
-
-	for _, b := range bs {
-		for _, a := range as {
-			if b == a || stripPort(a) == stripPort(b) {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-// stripPort attempts to strip the port from the given url. If parsing the url
-// produces errors it will just return the passed argument.
-func stripPort(rawurl string) string {
-	u, err := url.Parse(rawurl)
-	if err != nil {
-		return rawurl
-	}
-	u.Host = u.Hostname()
-	return u.String()
-}
-
 // Authorize authorizes a signature request by validating and authenticating
 // a OTT that must be sent w/ the request.
 // TODO(mariano): protection against reuse for oidc

authority/authorize_test.go

@@ -13,82 +13,6 @@ import (
 	"gopkg.in/square/go-jose.v2/jwt"
 )
 
-func TestMatchesAudience(t *testing.T) {
-	type matchesTest struct {
-		a, b []string
-		exp  bool
-	}
-	tests := map[string]matchesTest{
-		"false arg1 empty": {
-			a:   []string{},
-			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
-			exp: false,
-		},
-		"false arg2 empty": {
-			a:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
-			b:   []string{},
-			exp: false,
-		},
-		"false arg1,arg2 empty": {
-			a:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
-			b:   []string{"step-gateway", "step-cli"},
-			exp: false,
-		},
-		"false": {
-			a:   []string{"step-gateway", "step-cli"},
-			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
-			exp: false,
-		},
-		"true": {
-			a:   []string{"step-gateway", "https://test.ca.smallstep.com/sign"},
-			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
-			exp: true,
-		},
-		"true,portsA": {
-			a:   []string{"step-gateway", "https://test.ca.smallstep.com:9000/sign"},
-			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
-			exp: true,
-		},
-		"true,portsB": {
-			a:   []string{"step-gateway", "https://test.ca.smallstep.com/sign"},
-			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com:9000/sign"},
-			exp: true,
-		},
-		"true,portsAB": {
-			a:   []string{"step-gateway", "https://test.ca.smallstep.com:9000/sign"},
-			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com:8000/sign"},
-			exp: true,
-		},
-	}
-	for name, tc := range tests {
-		t.Run(name, func(t *testing.T) {
-			assert.Equals(t, tc.exp, matchesAudience(tc.a, tc.b))
-		})
-	}
-}
-
-func TestStripPort(t *testing.T) {
-	type args struct {
-		rawurl string
-	}
-	tests := []struct {
-		name string
-		args args
-		want string
-	}{
-		{"with port", args{"https://ca.smallstep.com:9000/sign"}, "https://ca.smallstep.com/sign"},
-		{"with no port", args{"https://ca.smallstep.com/sign/"}, "https://ca.smallstep.com/sign/"},
-		{"bad url", args{"https://a bad url:9000"}, "https://a bad url:9000"},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := stripPort(tt.args.rawurl); got != tt.want {
-				t.Errorf("stripPort() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
 func TestAuthorize(t *testing.T) {
 	a := testAuthority(t)
 	jwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk",

authority/provisioner/collection_test.go

@@ -311,3 +311,79 @@ func TestCollection_Find(t *testing.T) {
 		})
 	}
 }
+
+func Test_matchesAudience(t *testing.T) {
+	type matchesTest struct {
+		a, b []string
+		exp  bool
+	}
+	tests := map[string]matchesTest{
+		"false arg1 empty": {
+			a:   []string{},
+			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
+			exp: false,
+		},
+		"false arg2 empty": {
+			a:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
+			b:   []string{},
+			exp: false,
+		},
+		"false arg1,arg2 empty": {
+			a:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
+			b:   []string{"step-gateway", "step-cli"},
+			exp: false,
+		},
+		"false": {
+			a:   []string{"step-gateway", "step-cli"},
+			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
+			exp: false,
+		},
+		"true": {
+			a:   []string{"step-gateway", "https://test.ca.smallstep.com/sign"},
+			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
+			exp: true,
+		},
+		"true,portsA": {
+			a:   []string{"step-gateway", "https://test.ca.smallstep.com:9000/sign"},
+			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com/sign"},
+			exp: true,
+		},
+		"true,portsB": {
+			a:   []string{"step-gateway", "https://test.ca.smallstep.com/sign"},
+			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com:9000/sign"},
+			exp: true,
+		},
+		"true,portsAB": {
+			a:   []string{"step-gateway", "https://test.ca.smallstep.com:9000/sign"},
+			b:   []string{"https://127.0.0.1:0/sign", "https://test.ca.smallstep.com:8000/sign"},
+			exp: true,
+		},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			assert.Equals(t, tc.exp, matchesAudience(tc.a, tc.b))
+		})
+	}
+}
+
+func Test_stripPort(t *testing.T) {
+	type args struct {
+		rawurl string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{"with port", args{"https://ca.smallstep.com:9000/sign"}, "https://ca.smallstep.com/sign"},
+		{"with no port", args{"https://ca.smallstep.com/sign/"}, "https://ca.smallstep.com/sign/"},
+		{"bad url", args{"https://a bad url:9000"}, "https://a bad url:9000"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := stripPort(tt.args.rawurl); got != tt.want {
+				t.Errorf("stripPort() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}