add authority.New unit tests

This commit is contained in:
max furman 2018-10-08 21:48:44 -07:00
parent ff67c17893
commit d773770a44
5 changed files with 89 additions and 9 deletions

6
Gopkg.lock generated
View file

@ -143,8 +143,8 @@
revision = "de77670473b5492f5d0bce155b5c01534c2d13f7"
[[projects]]
branch = "ca-commands-wip"
digest = "1:723d56910291478edfd50fa2146e52fc6d8f5b5e67ddd6e5b8e89291313256a2"
branch = "ca-commands"
digest = "1:e81a129363c3570e218497e61c2c71c66e99b8f05be45eb8e8a32612f3ad1d7b"
name = "github.com/smallstep/cli"
packages = [
"crypto/keys",
@ -158,7 +158,7 @@
"utils",
]
pruneopts = "UT"
revision = "75ee5a0262bdbb305c75dcb98e7f806540537678"
revision = "802214a46ad6aad96b741acebc85de63d03d00b5"
[[projects]]
branch = "master"

View file

@ -46,7 +46,7 @@ required = [
name = "github.com/go-chi/chi"
[[constraint]]
branch = "ca-commands-wip"
branch = "ca-commands"
name = "github.com/smallstep/cli"
[prune]

View file

@ -66,7 +66,6 @@ func (a *Authority) init() error {
// Decrypt and load intermediate public / private key pair.
if len(a.config.Password) > 0 {
//fmt.Printf("Decrypting intermediate... ")
a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(
a.config.IntermediateCert,
a.config.IntermediateKey,
@ -75,7 +74,6 @@ func (a *Authority) init() error {
if err != nil {
return err
}
//fmt.Printf("all done.\n")
} else {
a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(a.config.IntermediateCert, a.config.IntermediateKey)
if err != nil {

View file

@ -1,8 +1,11 @@
package authority
import (
"crypto/sha256"
"encoding/hex"
"testing"
"github.com/pkg/errors"
"github.com/smallstep/assert"
stepJOSE "github.com/smallstep/cli/jose"
)
@ -39,3 +42,82 @@ func testAuthority(t *testing.T) *Authority {
assert.FatalError(t, err)
return a
}
func TestAuthorityNew(t *testing.T) {
type newTest struct {
config *Config
err error
}
tests := map[string]func(t *testing.T) *newTest{
"ok": func(t *testing.T) *newTest {
c, err := LoadConfiguration("../ca/testdata/ca.json")
assert.FatalError(t, err)
return &newTest{
config: c,
}
},
"fail-bad-root": func(t *testing.T) *newTest {
c, err := LoadConfiguration("../ca/testdata/ca.json")
assert.FatalError(t, err)
c.Root = "foo"
return &newTest{
config: c,
err: errors.New("open foo failed: no such file or directory"),
}
},
"fail-bad-password": func(t *testing.T) *newTest {
c, err := LoadConfiguration("../ca/testdata/ca.json")
assert.FatalError(t, err)
c.Password = "wrong"
return &newTest{
config: c,
err: errors.New("error decrypting ../ca/testdata/secrets/intermediate_ca_key: x509: decryption password incorrect"),
}
},
"fail-loading-ca-cert": func(t *testing.T) *newTest {
c, err := LoadConfiguration("../ca/testdata/ca.json")
assert.FatalError(t, err)
c.IntermediateCert = "wrong"
return &newTest{
config: c,
err: errors.New("open wrong failed: no such file or directory"),
}
},
}
for name, genTestCase := range tests {
t.Run(name, func(t *testing.T) {
tc := genTestCase(t)
auth, err := New(tc.config)
if err != nil {
if assert.NotNil(t, tc.err) {
assert.HasPrefix(t, err.Error(), tc.err.Error())
}
} else {
if assert.Nil(t, tc.err) {
sum := sha256.Sum256(auth.rootX509Crt.Raw)
root, ok := auth.certificates.Load(hex.EncodeToString(sum[:]))
assert.Fatal(t, ok)
assert.Equals(t, auth.rootX509Crt, root)
assert.True(t, auth.initOnce)
assert.NotNil(t, auth.intermediateIdentity)
for _, p := range tc.config.AuthorityConfig.Provisioners {
_p, ok := auth.provisionerIDIndex.Load(p.Key.KeyID)
assert.True(t, ok)
assert.Equals(t, p, _p)
if len(p.EncryptedKey) > 0 {
key, ok := auth.encryptedKeyIndex.Load(p.Key.KeyID)
assert.True(t, ok)
assert.Equals(t, p.EncryptedKey, key)
}
}
// sanity check
_, ok = auth.provisionerIDIndex.Load("fooo")
assert.False(t, ok)
}
}
})
}
}

6
ca/testdata/ca.json vendored
View file

@ -1,7 +1,7 @@
{
"root": "testdata/secrets/root_ca.crt",
"crt": "testdata/secrets/intermediate_ca.crt",
"key": "testdata/secrets/intermediate_ca_key",
"root": "../ca/testdata/secrets/root_ca.crt",
"crt": "../ca/testdata/secrets/intermediate_ca.crt",
"key": "../ca/testdata/secrets/intermediate_ca_key",
"password": "password",
"address": "127.0.0.1:0",
"dnsNames": ["127.0.0.1"],