forked from TrueCloudLab/certificates
00634fb648
* api/render: initial implementation of the package * acme/api: refactored to support api/render * authority/admin: refactored to support api/render * ca: refactored to support api/render * api: refactored to support api/render * api/render: implemented Error * api: refactored to support api/render.Error * acme/api: refactored to support api/render.Error * authority/admin: refactored to support api/render.Error * ca: refactored to support api/render.Error * ca: fixed broken tests * api/render, api/log: moved error logging to this package * acme: refactored Error so that it implements render.RenderableError * authority/admin: refactored Error so that it implements render.RenderableError * api/render: implemented RenderableError * api/render: added test coverage for Error * api/render: implemented statusCodeFromError * api: refactored RootsPEM to work with render.Error * acme, authority/admin: fixed pointer receiver name for consistency * api/render, errs: moved StatusCoder & StackTracer to the render package
106 lines
2.5 KiB
Go
106 lines
2.5 KiB
Go
package authority
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/smallstep/assert"
|
|
"github.com/smallstep/certificates/api/render"
|
|
"github.com/smallstep/certificates/authority/provisioner"
|
|
)
|
|
|
|
func TestGetEncryptedKey(t *testing.T) {
|
|
type ek struct {
|
|
a *Authority
|
|
kid string
|
|
err error
|
|
code int
|
|
}
|
|
tests := map[string]func(t *testing.T) *ek{
|
|
"ok": func(t *testing.T) *ek {
|
|
c, err := LoadConfiguration("../ca/testdata/ca.json")
|
|
assert.FatalError(t, err)
|
|
a, err := New(c)
|
|
assert.FatalError(t, err)
|
|
return &ek{
|
|
a: a,
|
|
kid: c.AuthorityConfig.Provisioners[1].(*provisioner.JWK).Key.KeyID,
|
|
}
|
|
},
|
|
"fail-not-found": func(t *testing.T) *ek {
|
|
c, err := LoadConfiguration("../ca/testdata/ca.json")
|
|
assert.FatalError(t, err)
|
|
a, err := New(c)
|
|
assert.FatalError(t, err)
|
|
return &ek{
|
|
a: a,
|
|
kid: "foo",
|
|
err: errors.New("encrypted key with kid foo was not found"),
|
|
code: http.StatusNotFound,
|
|
}
|
|
},
|
|
}
|
|
|
|
for name, genTestCase := range tests {
|
|
t.Run(name, func(t *testing.T) {
|
|
tc := genTestCase(t)
|
|
|
|
ek, err := tc.a.GetEncryptedKey(tc.kid)
|
|
if err != nil {
|
|
if assert.NotNil(t, tc.err) {
|
|
sc, ok := err.(render.StatusCodedError)
|
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
|
}
|
|
} else {
|
|
if assert.Nil(t, tc.err) {
|
|
val, ok := tc.a.provisioners.Load("mike:" + tc.kid)
|
|
assert.Fatal(t, ok)
|
|
p, ok := val.(*provisioner.JWK)
|
|
assert.Fatal(t, ok)
|
|
assert.Equals(t, p.EncryptedKey, ek)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestGetProvisioners(t *testing.T) {
|
|
type gp struct {
|
|
a *Authority
|
|
err error
|
|
code int
|
|
}
|
|
tests := map[string]func(t *testing.T) *gp{
|
|
"ok": func(t *testing.T) *gp {
|
|
c, err := LoadConfiguration("../ca/testdata/ca.json")
|
|
assert.FatalError(t, err)
|
|
a, err := New(c)
|
|
assert.FatalError(t, err)
|
|
return &gp{a: a}
|
|
},
|
|
}
|
|
|
|
for name, genTestCase := range tests {
|
|
t.Run(name, func(t *testing.T) {
|
|
tc := genTestCase(t)
|
|
|
|
ps, next, err := tc.a.GetProvisioners("", 0)
|
|
if err != nil {
|
|
if assert.NotNil(t, tc.err) {
|
|
sc, ok := err.(render.StatusCodedError)
|
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
|
}
|
|
} else {
|
|
if assert.Nil(t, tc.err) {
|
|
assert.Equals(t, ps, tc.a.config.AuthorityConfig.Provisioners)
|
|
assert.Equals(t, "", next)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|