mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

add authority.New unit tests

Browse source
This commit is contained in:
max furman 2018-10-08 21:48:44 -07:00
parent ff67c17893
commit d773770a44
5 changed files with 89 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Gopkg.lock generated
View file

@ -143,8 +143,8 @@
revision = "de77670473b5492f5d0bce155b5c01534c2d13f7" revision = "de77670473b5492f5d0bce155b5c01534c2d13f7"
[[projects]] [[projects]]
branch = "ca-commands-wip" branch = "ca-commands"
digest = "1:723d56910291478edfd50fa2146e52fc6d8f5b5e67ddd6e5b8e89291313256a2" digest = "1:e81a129363c3570e218497e61c2c71c66e99b8f05be45eb8e8a32612f3ad1d7b"
name = "github.com/smallstep/cli" name = "github.com/smallstep/cli"
packages = [ packages = [
"crypto/keys", "crypto/keys",
@ -158,7 +158,7 @@
"utils", "utils",
] ]
pruneopts = "UT" pruneopts = "UT"
revision = "75ee5a0262bdbb305c75dcb98e7f806540537678" revision = "802214a46ad6aad96b741acebc85de63d03d00b5"
[[projects]] [[projects]]
branch = "master" branch = "master"

2
Gopkg.toml
View file

@ -46,7 +46,7 @@ required = [
name = "github.com/go-chi/chi" name = "github.com/go-chi/chi"
[[constraint]] [[constraint]]
branch = "ca-commands-wip" branch = "ca-commands"
name = "github.com/smallstep/cli" name = "github.com/smallstep/cli"
[prune] [prune]

2
authority/authority.go
View file

@ -66,7 +66,6 @@ func (a *Authority) init() error {
// Decrypt and load intermediate public / private key pair. // Decrypt and load intermediate public / private key pair.
if len(a.config.Password) > 0 { if len(a.config.Password) > 0 {
//fmt.Printf("Decrypting intermediate... ")
a.intermediateIdentity, err = x509util.LoadIdentityFromDisk( a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(
a.config.IntermediateCert, a.config.IntermediateCert,
a.config.IntermediateKey, a.config.IntermediateKey,
@ -75,7 +74,6 @@ func (a *Authority) init() error {
if err != nil { if err != nil {
return err return err
} }
//fmt.Printf("all done.\n")
} else { } else {
a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(a.config.IntermediateCert, a.config.IntermediateKey) a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(a.config.IntermediateCert, a.config.IntermediateKey)
if err != nil { if err != nil {

82
authority/authority_test.go
View file

@ -1,8 +1,11 @@
package authority package authority
import ( import (
"crypto/sha256"
"encoding/hex"
"testing" "testing"
"github.com/pkg/errors"
"github.com/smallstep/assert" "github.com/smallstep/assert"
stepJOSE "github.com/smallstep/cli/jose" stepJOSE "github.com/smallstep/cli/jose"
) )
@ -39,3 +42,82 @@ func testAuthority(t *testing.T) *Authority {
assert.FatalError(t, err) assert.FatalError(t, err)
return a return a
} }
func TestAuthorityNew(t *testing.T) {
type newTest struct {
config *Config
err error
}
tests := map[string]func(t *testing.T) *newTest{
"ok": func(t *testing.T) *newTest {
c, err := LoadConfiguration("../ca/testdata/ca.json")
assert.FatalError(t, err)
return &newTest{
config: c,
}
},
"fail-bad-root": func(t *testing.T) *newTest {
c, err := LoadConfiguration("../ca/testdata/ca.json")
assert.FatalError(t, err)
c.Root = "foo"
return &newTest{
config: c,
err: errors.New("open foo failed: no such file or directory"),
}
},
"fail-bad-password": func(t *testing.T) *newTest {
c, err := LoadConfiguration("../ca/testdata/ca.json")
assert.FatalError(t, err)
c.Password = "wrong"
return &newTest{
config: c,
err: errors.New("error decrypting ../ca/testdata/secrets/intermediate_ca_key: x509: decryption password incorrect"),
}
},
"fail-loading-ca-cert": func(t *testing.T) *newTest {
c, err := LoadConfiguration("../ca/testdata/ca.json")
assert.FatalError(t, err)
c.IntermediateCert = "wrong"
return &newTest{
config: c,
err: errors.New("open wrong failed: no such file or directory"),
}
},
}
for name, genTestCase := range tests {
t.Run(name, func(t *testing.T) {
tc := genTestCase(t)
auth, err := New(tc.config)
if err != nil {
if assert.NotNil(t, tc.err) {
assert.HasPrefix(t, err.Error(), tc.err.Error())
}
} else {
if assert.Nil(t, tc.err) {
sum := sha256.Sum256(auth.rootX509Crt.Raw)
root, ok := auth.certificates.Load(hex.EncodeToString(sum[:]))
assert.Fatal(t, ok)
assert.Equals(t, auth.rootX509Crt, root)
assert.True(t, auth.initOnce)
assert.NotNil(t, auth.intermediateIdentity)
for _, p := range tc.config.AuthorityConfig.Provisioners {
_p, ok := auth.provisionerIDIndex.Load(p.Key.KeyID)
assert.True(t, ok)
assert.Equals(t, p, _p)
if len(p.EncryptedKey) > 0 {
key, ok := auth.encryptedKeyIndex.Load(p.Key.KeyID)
assert.True(t, ok)
assert.Equals(t, p.EncryptedKey, key)
}
}
// sanity check
_, ok = auth.provisionerIDIndex.Load("fooo")
assert.False(t, ok)
}
}
})
}
}

6
ca/testdata/ca.json vendored
View file

@ -1,7 +1,7 @@
{ {
"root": "testdata/secrets/root_ca.crt", "root": "../ca/testdata/secrets/root_ca.crt",
"crt": "testdata/secrets/intermediate_ca.crt", "crt": "../ca/testdata/secrets/intermediate_ca.crt",
"key": "testdata/secrets/intermediate_ca_key", "key": "../ca/testdata/secrets/intermediate_ca_key",
"password": "password", "password": "password",
"address": "127.0.0.1:0", "address": "127.0.0.1:0",
"dnsNames": ["127.0.0.1"], "dnsNames": ["127.0.0.1"],