mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Add tests for new methods.

Browse source
This commit is contained in:
Mariano Cano 2019-01-10 13:19:51 -08:00
parent 6116523055
commit 1763ede99d
2 changed files with 163 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
authority/root.go
View file

@ -34,7 +34,7 @@ func (a *Authority) GetRootCertificates() []*x509.Certificate {
} }
// GetRoots returns all the root certificates for this CA. // GetRoots returns all the root certificates for this CA.
func (a *Authority) GetRoots(peer *x509.Certificate) (federation []*x509.Certificate, err error) { func (a *Authority) GetRoots(peer *x509.Certificate) ([]*x509.Certificate, error) {
// Check step provisioner extensions // Check step provisioner extensions
if err := a.authorizeRenewal(peer); err != nil { if err := a.authorizeRenewal(peer); err != nil {
return nil, err return nil, err

162
authority/root_test.go
View file

@ -1,11 +1,16 @@
package authority package authority
import ( import (
"crypto/x509"
"net/http" "net/http"
"reflect"
"testing" "testing"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/smallstep/assert" "github.com/smallstep/assert"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/crypto/x509util"
) )
func TestRoot(t *testing.T) { func TestRoot(t *testing.T) {
@ -43,3 +48,160 @@ func TestRoot(t *testing.T) {
}) })
} }
} }
func TestAuthority_GetRootCertificate(t *testing.T) {
cert, err := pemutil.ReadCertificate("testdata/secrets/root_ca.crt")
if err != nil {
t.Fatal(err)
}
tests := []struct {
name string
want *x509.Certificate
}{
{"ok", cert},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := testAuthority(t)
if got := a.GetRootCertificate(); !reflect.DeepEqual(got, tt.want) {
t.Errorf("Authority.GetRootCertificate() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthority_GetRootCertificates(t *testing.T) {
cert, err := pemutil.ReadCertificate("testdata/secrets/root_ca.crt")
if err != nil {
t.Fatal(err)
}
tests := []struct {
name string
want []*x509.Certificate
}{
{"ok", []*x509.Certificate{cert}},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := testAuthority(t)
if got := a.GetRootCertificates(); !reflect.DeepEqual(got, tt.want) {
t.Errorf("Authority.GetRootCertificates() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthority_GetRoots(t *testing.T) {
cert, err := pemutil.ReadCertificate("testdata/secrets/root_ca.crt")
if err != nil {
t.Fatal(err)
}
a := testAuthority(t)
pub, _, err := keys.GenerateDefaultKeyPair()
assert.FatalError(t, err)
leaf, err := x509util.NewLeafProfile("test", a.intermediateIdentity.Crt, a.intermediateIdentity.Key,
withDefaultASN1DN(a.config.AuthorityConfig.Template), x509util.WithPublicKey(pub), x509util.WithHosts("test"))
assert.FatalError(t, err)
crtBytes, err := leaf.CreateCertificate()
assert.FatalError(t, err)
crt, err := x509.ParseCertificate(crtBytes)
assert.FatalError(t, err)
leafFail, err := x509util.NewLeafProfile("test", a.intermediateIdentity.Crt, a.intermediateIdentity.Key,
withDefaultASN1DN(a.config.AuthorityConfig.Template), x509util.WithPublicKey(pub), x509util.WithHosts("test"),
withProvisionerOID("dev", a.config.AuthorityConfig.Provisioners[2].Key.KeyID),
)
assert.FatalError(t, err)
crtFailBytes, err := leafFail.CreateCertificate()
assert.FatalError(t, err)
crtFail, err := x509.ParseCertificate(crtFailBytes)
assert.FatalError(t, err)
type args struct {
peer *x509.Certificate
}
tests := []struct {
name string
args args
want []*x509.Certificate
wantErr bool
}{
{"ok", args{crt}, []*x509.Certificate{cert}, false},
{"fail", args{crtFail}, nil, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := a.GetRoots(tt.args.peer)
if (err != nil) != tt.wantErr {
t.Errorf("Authority.GetRoots() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("Authority.GetRoots() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthority_GetFederation(t *testing.T) {
cert, err := pemutil.ReadCertificate("testdata/secrets/root_ca.crt")
if err != nil {
t.Fatal(err)
}
a := testAuthority(t)
pub, _, err := keys.GenerateDefaultKeyPair()
assert.FatalError(t, err)
leaf, err := x509util.NewLeafProfile("test", a.intermediateIdentity.Crt, a.intermediateIdentity.Key,
withDefaultASN1DN(a.config.AuthorityConfig.Template), x509util.WithPublicKey(pub), x509util.WithHosts("test"))
assert.FatalError(t, err)
crtBytes, err := leaf.CreateCertificate()
assert.FatalError(t, err)
crt, err := x509.ParseCertificate(crtBytes)
assert.FatalError(t, err)
leafFail, err := x509util.NewLeafProfile("test", a.intermediateIdentity.Crt, a.intermediateIdentity.Key,
withDefaultASN1DN(a.config.AuthorityConfig.Template), x509util.WithPublicKey(pub), x509util.WithHosts("test"),
withProvisionerOID("dev", a.config.AuthorityConfig.Provisioners[2].Key.KeyID),
)
assert.FatalError(t, err)
crtFailBytes, err := leafFail.CreateCertificate()
assert.FatalError(t, err)
crtFail, err := x509.ParseCertificate(crtFailBytes)
assert.FatalError(t, err)
type args struct {
peer *x509.Certificate
}
tests := []struct {
name string
args args
wantFederation []*x509.Certificate
wantErr bool
fn func()
}{
{"ok", args{crt}, []*x509.Certificate{cert}, false, nil},
{"fail", args{crtFail}, nil, true, nil},
{"fail not a certificate", args{crt}, nil, true, func() {
a.certificates.Store("foo", "bar")
}},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.fn != nil {
tt.fn()
}
gotFederation, err := a.GetFederation(tt.args.peer)
if (err != nil) != tt.wantErr {
t.Errorf("Authority.GetFederation() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(gotFederation, tt.wantFederation) {
t.Errorf("Authority.GetFederation() = %v, want %v", gotFederation, tt.wantFederation)
}
})
}
}