forked from TrueCloudLab/certificates
Remove unused import /provisioners/jwk-set-by-issuer
This commit is contained in:
parent
0ccf775f2e
commit
99cab73360
3 changed files with 0 additions and 169 deletions
28
api/api.go
28
api/api.go
|
@ -14,7 +14,6 @@ import (
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/ca-component/authority"
|
"github.com/smallstep/ca-component/authority"
|
||||||
"github.com/smallstep/cli/crypto/tlsutil"
|
"github.com/smallstep/cli/crypto/tlsutil"
|
||||||
"github.com/smallstep/cli/jose"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Authority is the interface implemented by a CA authority.
|
// Authority is the interface implemented by a CA authority.
|
||||||
|
@ -157,12 +156,6 @@ type ProvisionersResponse struct {
|
||||||
NextCursor string `json:"nextCursor"`
|
NextCursor string `json:"nextCursor"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// JWKSetByIssuerResponse is the response object that returns the map of
|
|
||||||
// provisioners.
|
|
||||||
type JWKSetByIssuerResponse struct {
|
|
||||||
Map map[string]*jose.JSONWebKeySet `json:"map"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ProvisionerKeyResponse is the response object that returns the encryptoed key
|
// ProvisionerKeyResponse is the response object that returns the encryptoed key
|
||||||
// of a provisioner.
|
// of a provisioner.
|
||||||
type ProvisionerKeyResponse struct {
|
type ProvisionerKeyResponse struct {
|
||||||
|
@ -212,7 +205,6 @@ func (h *caHandler) Route(r Router) {
|
||||||
r.MethodFunc("POST", "/renew", h.Renew)
|
r.MethodFunc("POST", "/renew", h.Renew)
|
||||||
r.MethodFunc("GET", "/provisioners", h.Provisioners)
|
r.MethodFunc("GET", "/provisioners", h.Provisioners)
|
||||||
r.MethodFunc("GET", "/provisioners/{kid}/encrypted-key", h.ProvisionerKey)
|
r.MethodFunc("GET", "/provisioners/{kid}/encrypted-key", h.ProvisionerKey)
|
||||||
r.MethodFunc("GET", "/provisioners/jwk-set-by-issuer", h.JWKSetByIssuer)
|
|
||||||
// For compatibility with old code:
|
// For compatibility with old code:
|
||||||
r.MethodFunc("POST", "/re-sign", h.Renew)
|
r.MethodFunc("POST", "/re-sign", h.Renew)
|
||||||
}
|
}
|
||||||
|
@ -328,26 +320,6 @@ func (h *caHandler) ProvisionerKey(w http.ResponseWriter, r *http.Request) {
|
||||||
JSON(w, &ProvisionerKeyResponse{key})
|
JSON(w, &ProvisionerKeyResponse{key})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *caHandler) JWKSetByIssuer(w http.ResponseWriter, r *http.Request) {
|
|
||||||
m := map[string]*jose.JSONWebKeySet{}
|
|
||||||
ps, _, err := h.Authority.GetProvisioners("", 0)
|
|
||||||
if err != nil {
|
|
||||||
WriteError(w, InternalServerError(err))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
for _, p := range ps {
|
|
||||||
ks, found := m[p.Issuer]
|
|
||||||
if found {
|
|
||||||
ks.Keys = append(ks.Keys, *p.Key)
|
|
||||||
} else {
|
|
||||||
ks = new(jose.JSONWebKeySet)
|
|
||||||
ks.Keys = []jose.JSONWebKey{*p.Key}
|
|
||||||
m[p.Issuer] = ks
|
|
||||||
}
|
|
||||||
}
|
|
||||||
JSON(w, &JWKSetByIssuerResponse{m})
|
|
||||||
}
|
|
||||||
|
|
||||||
func parseCursor(r *http.Request) (cursor string, limit int, err error) {
|
func parseCursor(r *http.Request) (cursor string, limit int, err error) {
|
||||||
q := r.URL.Query()
|
q := r.URL.Query()
|
||||||
cursor = q.Get("cursor")
|
cursor = q.Get("cursor")
|
||||||
|
|
|
@ -655,83 +655,6 @@ func Test_caHandler_Renew(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func Test_caHandler_JWKSetByIssuer(t *testing.T) {
|
|
||||||
t.SkipNow()
|
|
||||||
type fields struct {
|
|
||||||
Authority Authority
|
|
||||||
}
|
|
||||||
type args struct {
|
|
||||||
w http.ResponseWriter
|
|
||||||
r *http.Request
|
|
||||||
}
|
|
||||||
|
|
||||||
req, err := http.NewRequest("GET", "http://example.com/provisioners/jwk-set-by-issuer", nil)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
var key jose.JSONWebKey
|
|
||||||
if err := json.Unmarshal([]byte(pubKey), &key); err != nil {
|
|
||||||
t.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
p := []*authority.Provisioner{
|
|
||||||
{
|
|
||||||
Issuer: "p1",
|
|
||||||
Key: &key,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Issuer: "p2",
|
|
||||||
Key: &key,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
tests := []struct {
|
|
||||||
name string
|
|
||||||
fields fields
|
|
||||||
args args
|
|
||||||
statusCode int
|
|
||||||
}{
|
|
||||||
{"ok", fields{&mockAuthority{ret1: p}}, args{httptest.NewRecorder(), req}, 200},
|
|
||||||
{"fail", fields{&mockAuthority{ret1: p, err: fmt.Errorf("the error")}}, args{httptest.NewRecorder(), req}, 500},
|
|
||||||
}
|
|
||||||
|
|
||||||
expectedKey, err := json.Marshal(key)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatal(err)
|
|
||||||
}
|
|
||||||
expected := []byte(`{"map":{"p1":{"keys":[` + string(expectedKey) + `]},"p2":{"keys":[` + string(expectedKey) + `]}}}`)
|
|
||||||
expectedError := []byte(`{"status":500,"message":"Internal Server Error"}`)
|
|
||||||
for _, tt := range tests {
|
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
|
||||||
h := &caHandler{
|
|
||||||
Authority: tt.fields.Authority,
|
|
||||||
}
|
|
||||||
h.JWKSetByIssuer(tt.args.w, tt.args.r)
|
|
||||||
|
|
||||||
rec := tt.args.w.(*httptest.ResponseRecorder)
|
|
||||||
res := rec.Result()
|
|
||||||
if res.StatusCode != tt.statusCode {
|
|
||||||
t.Errorf("caHandler.JWKSetByIssuer StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
||||||
}
|
|
||||||
body, err := ioutil.ReadAll(res.Body)
|
|
||||||
res.Body.Close()
|
|
||||||
if err != nil {
|
|
||||||
t.Errorf("caHandler.JWKSetByIssuer unexpected error = %v", err)
|
|
||||||
}
|
|
||||||
if tt.statusCode < http.StatusBadRequest {
|
|
||||||
if !bytes.Equal(bytes.TrimSpace(body), expected) {
|
|
||||||
t.Errorf("caHandler.JWKSetByIssuer Body = %s, wants %s", body, expected)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if !bytes.Equal(bytes.TrimSpace(body), expectedError) {
|
|
||||||
t.Errorf("caHandler.JWKSetByIssuer Body = %s, wants %s", body, expectedError)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_caHandler_Provisioners(t *testing.T) {
|
func Test_caHandler_Provisioners(t *testing.T) {
|
||||||
type fields struct {
|
type fields struct {
|
||||||
Authority Authority
|
Authority Authority
|
||||||
|
|
|
@ -321,70 +321,6 @@ func TestCAProvisioners(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCAJWKSetByIssuer(t *testing.T) {
|
|
||||||
config, err := authority.LoadConfiguration("testdata/ca.json")
|
|
||||||
assert.FatalError(t, err)
|
|
||||||
ca, err := New(config)
|
|
||||||
assert.FatalError(t, err)
|
|
||||||
|
|
||||||
type ekt struct {
|
|
||||||
ca *CA
|
|
||||||
status int
|
|
||||||
errMsg string
|
|
||||||
}
|
|
||||||
tests := map[string]func(t *testing.T) *ekt{
|
|
||||||
"ok": func(t *testing.T) *ekt {
|
|
||||||
return &ekt{
|
|
||||||
ca: ca,
|
|
||||||
status: http.StatusOK,
|
|
||||||
}
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for name, genTestCase := range tests {
|
|
||||||
t.Run(name, func(t *testing.T) {
|
|
||||||
tc := genTestCase(t)
|
|
||||||
|
|
||||||
rq, err := http.NewRequest("GET", fmt.Sprintf("/provisioners/jwk-set-by-issuer"), strings.NewReader(""))
|
|
||||||
assert.FatalError(t, err)
|
|
||||||
rr := httptest.NewRecorder()
|
|
||||||
|
|
||||||
tc.ca.srv.Handler.ServeHTTP(rr, rq)
|
|
||||||
|
|
||||||
if assert.Equals(t, rr.Code, tc.status) {
|
|
||||||
body := &ClosingBuffer{rr.Body}
|
|
||||||
if rr.Code < http.StatusBadRequest {
|
|
||||||
var (
|
|
||||||
resp api.JWKSetByIssuerResponse
|
|
||||||
psList = config.AuthorityConfig.Provisioners
|
|
||||||
)
|
|
||||||
|
|
||||||
assert.FatalError(t, readJSON(body, &resp))
|
|
||||||
psMap := resp.Map
|
|
||||||
|
|
||||||
maxks, found := psMap["max"]
|
|
||||||
assert.Fatal(t, found)
|
|
||||||
assert.Equals(t, maxks.Keys, []jose.JSONWebKey{*psList[0].Key, *psList[1].Key})
|
|
||||||
|
|
||||||
marianoks, found := psMap["mariano"]
|
|
||||||
assert.Fatal(t, found)
|
|
||||||
assert.Equals(t, marianoks.Keys, []jose.JSONWebKey{*psList[3].Key, *psList[4].Key})
|
|
||||||
|
|
||||||
stepcliks, found := psMap["step-cli"]
|
|
||||||
assert.Fatal(t, found)
|
|
||||||
assert.Equals(t, stepcliks.Keys, []jose.JSONWebKey{*psList[2].Key})
|
|
||||||
} else {
|
|
||||||
err := readError(body)
|
|
||||||
if len(tc.errMsg) == 0 {
|
|
||||||
assert.FatalError(t, errors.New("must validate response error"))
|
|
||||||
}
|
|
||||||
assert.HasPrefix(t, err.Error(), tc.errMsg)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCAProvisionerEncryptedKey(t *testing.T) {
|
func TestCAProvisionerEncryptedKey(t *testing.T) {
|
||||||
config, err := authority.LoadConfiguration("testdata/ca.json")
|
config, err := authority.LoadConfiguration("testdata/ca.json")
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
Loading…
Reference in a new issue