forked from TrueCloudLab/certificates
add authority.New unit tests
This commit is contained in:
parent
ff67c17893
commit
d773770a44
5 changed files with 89 additions and 9 deletions
6
Gopkg.lock
generated
6
Gopkg.lock
generated
|
@ -143,8 +143,8 @@
|
|||
revision = "de77670473b5492f5d0bce155b5c01534c2d13f7"
|
||||
|
||||
[[projects]]
|
||||
branch = "ca-commands-wip"
|
||||
digest = "1:723d56910291478edfd50fa2146e52fc6d8f5b5e67ddd6e5b8e89291313256a2"
|
||||
branch = "ca-commands"
|
||||
digest = "1:e81a129363c3570e218497e61c2c71c66e99b8f05be45eb8e8a32612f3ad1d7b"
|
||||
name = "github.com/smallstep/cli"
|
||||
packages = [
|
||||
"crypto/keys",
|
||||
|
@ -158,7 +158,7 @@
|
|||
"utils",
|
||||
]
|
||||
pruneopts = "UT"
|
||||
revision = "75ee5a0262bdbb305c75dcb98e7f806540537678"
|
||||
revision = "802214a46ad6aad96b741acebc85de63d03d00b5"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
|
|
|
@ -46,7 +46,7 @@ required = [
|
|||
name = "github.com/go-chi/chi"
|
||||
|
||||
[[constraint]]
|
||||
branch = "ca-commands-wip"
|
||||
branch = "ca-commands"
|
||||
name = "github.com/smallstep/cli"
|
||||
|
||||
[prune]
|
||||
|
|
|
@ -66,7 +66,6 @@ func (a *Authority) init() error {
|
|||
|
||||
// Decrypt and load intermediate public / private key pair.
|
||||
if len(a.config.Password) > 0 {
|
||||
//fmt.Printf("Decrypting intermediate... ")
|
||||
a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(
|
||||
a.config.IntermediateCert,
|
||||
a.config.IntermediateKey,
|
||||
|
@ -75,7 +74,6 @@ func (a *Authority) init() error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
//fmt.Printf("all done.\n")
|
||||
} else {
|
||||
a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(a.config.IntermediateCert, a.config.IntermediateKey)
|
||||
if err != nil {
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
package authority
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"testing"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/smallstep/assert"
|
||||
stepJOSE "github.com/smallstep/cli/jose"
|
||||
)
|
||||
|
@ -39,3 +42,82 @@ func testAuthority(t *testing.T) *Authority {
|
|||
assert.FatalError(t, err)
|
||||
return a
|
||||
}
|
||||
|
||||
func TestAuthorityNew(t *testing.T) {
|
||||
type newTest struct {
|
||||
config *Config
|
||||
err error
|
||||
}
|
||||
tests := map[string]func(t *testing.T) *newTest{
|
||||
"ok": func(t *testing.T) *newTest {
|
||||
c, err := LoadConfiguration("../ca/testdata/ca.json")
|
||||
assert.FatalError(t, err)
|
||||
return &newTest{
|
||||
config: c,
|
||||
}
|
||||
},
|
||||
"fail-bad-root": func(t *testing.T) *newTest {
|
||||
c, err := LoadConfiguration("../ca/testdata/ca.json")
|
||||
assert.FatalError(t, err)
|
||||
c.Root = "foo"
|
||||
return &newTest{
|
||||
config: c,
|
||||
err: errors.New("open foo failed: no such file or directory"),
|
||||
}
|
||||
},
|
||||
"fail-bad-password": func(t *testing.T) *newTest {
|
||||
c, err := LoadConfiguration("../ca/testdata/ca.json")
|
||||
assert.FatalError(t, err)
|
||||
c.Password = "wrong"
|
||||
return &newTest{
|
||||
config: c,
|
||||
err: errors.New("error decrypting ../ca/testdata/secrets/intermediate_ca_key: x509: decryption password incorrect"),
|
||||
}
|
||||
},
|
||||
"fail-loading-ca-cert": func(t *testing.T) *newTest {
|
||||
c, err := LoadConfiguration("../ca/testdata/ca.json")
|
||||
assert.FatalError(t, err)
|
||||
c.IntermediateCert = "wrong"
|
||||
return &newTest{
|
||||
config: c,
|
||||
err: errors.New("open wrong failed: no such file or directory"),
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
for name, genTestCase := range tests {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
tc := genTestCase(t)
|
||||
|
||||
auth, err := New(tc.config)
|
||||
if err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
} else {
|
||||
if assert.Nil(t, tc.err) {
|
||||
sum := sha256.Sum256(auth.rootX509Crt.Raw)
|
||||
root, ok := auth.certificates.Load(hex.EncodeToString(sum[:]))
|
||||
assert.Fatal(t, ok)
|
||||
assert.Equals(t, auth.rootX509Crt, root)
|
||||
|
||||
assert.True(t, auth.initOnce)
|
||||
assert.NotNil(t, auth.intermediateIdentity)
|
||||
for _, p := range tc.config.AuthorityConfig.Provisioners {
|
||||
_p, ok := auth.provisionerIDIndex.Load(p.Key.KeyID)
|
||||
assert.True(t, ok)
|
||||
assert.Equals(t, p, _p)
|
||||
if len(p.EncryptedKey) > 0 {
|
||||
key, ok := auth.encryptedKeyIndex.Load(p.Key.KeyID)
|
||||
assert.True(t, ok)
|
||||
assert.Equals(t, p.EncryptedKey, key)
|
||||
}
|
||||
}
|
||||
// sanity check
|
||||
_, ok = auth.provisionerIDIndex.Load("fooo")
|
||||
assert.False(t, ok)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
6
ca/testdata/ca.json
vendored
6
ca/testdata/ca.json
vendored
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"root": "testdata/secrets/root_ca.crt",
|
||||
"crt": "testdata/secrets/intermediate_ca.crt",
|
||||
"key": "testdata/secrets/intermediate_ca_key",
|
||||
"root": "../ca/testdata/secrets/root_ca.crt",
|
||||
"crt": "../ca/testdata/secrets/intermediate_ca.crt",
|
||||
"key": "../ca/testdata/secrets/intermediate_ca_key",
|
||||
"password": "password",
|
||||
"address": "127.0.0.1:0",
|
||||
"dnsNames": ["127.0.0.1"],
|
||||
|
|
Loading…
Reference in a new issue