mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
certificates/scep/api/api_test.go
Herman Slatman 668ff9b515
Cleanup some comments and tests
2023-05-01 11:55:05 +02:00

181 lines
4.2 KiB
Go
Raw Blame History

// Package api implements a SCEP HTTP server.
package api
import (
"bytes"
"errors"
"net/http"
"net/http/httptest"
"reflect"
"testing"
"testing/iotest"
"github.com/smallstep/certificates/authority/config"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.step.sm/linkedca"
)
func Test_decodeRequest(t *testing.T) {
type args struct {
r *http.Request
}
tests := []struct {
name string
args args
want request
wantErr bool
}{
{
name: "fail/unsupported-method",
args: args{
r: httptest.NewRequest(http.MethodPatch, "http://scep:8080/?operation=AnUnsupportOperation", nil),
},
want: request{},
wantErr: true,
},
{
name: "fail/get-unsupported-operation",
args: args{
r: httptest.NewRequest(http.MethodGet, "http://scep:8080/?operation=AnUnsupportOperation", nil),
},
want: request{},
wantErr: true,
},
{
name: "fail/get-PKIOperation",
args: args{
r: httptest.NewRequest(http.MethodGet, "http://scep:8080/?operation=PKIOperation&message='somewronginput'", nil),
},
want: request{},
wantErr: true,
},
{
name: "fail/post-PKIOperation",
args: args{
r: httptest.NewRequest(http.MethodPost, "http://scep:8080/?operation=PKIOperation", iotest.ErrReader(errors.New("a read error"))),
},
want: request{},
wantErr: true,
},
{
name: "ok/get-GetCACert",
args: args{
r: httptest.NewRequest(http.MethodGet, "http://scep:8080/?operation=GetCACert", nil),
},
want: request{
Operation: "GetCACert",
Message: []byte{},
},
wantErr: false,
},
{
name: "ok/get-GetCACaps",
args: args{
r: httptest.NewRequest(http.MethodGet, "http://scep:8080/?operation=GetCACaps", nil),
},
want: request{
Operation: "GetCACaps",
Message: []byte{},
},
wantErr: false,
},
{
name: "ok/get-PKIOperation",
args: args{
r: httptest.NewRequest(http.MethodGet, "http://scep:8080/?operation=PKIOperation&message=MTIzNA==", nil),
},
want: request{
Operation: "PKIOperation",
Message: []byte("1234"),
},
wantErr: false,
},
{
name: "ok/post-PKIOperation",
args: args{
r: httptest.NewRequest(http.MethodPost, "http://scep:8080/?operation=PKIOperation", bytes.NewBufferString("1234")),
},
want: request{
Operation: "PKIOperation",
Message: []byte("1234"),
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := decodeRequest(tt.args.r)
if (err != nil) != tt.wantErr {
t.Errorf("decodeRequest() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("decodeRequest() = %v, want %v", got, tt.want)
}
})
}
}
func Test_selectValidationMethod(t *testing.T) {
tests := []struct {
name string
p *provisioner.SCEP
want validationMethod
}{
{"webhooks", &provisioner.SCEP{
Name: "SCEP",
Type: "SCEP",
Options: &provisioner.Options{
Webhooks: []*provisioner.Webhook{
{
Kind: linkedca.Webhook_SCEPCHALLENGE.String(),
},
},
},
}, "webhook"},
{"challenge", &provisioner.SCEP{
Name: "SCEP",
Type: "SCEP",
ChallengePassword: "pass",
}, "static"},
{"challenge-with-different-webhook", &provisioner.SCEP{
Name: "SCEP",
Type: "SCEP",
ChallengePassword: "pass",
Options: &provisioner.Options{
Webhooks: []*provisioner.Webhook{
{
Kind: linkedca.Webhook_AUTHORIZING.String(),
},
},
},
}, "static"},
{"none", &provisioner.SCEP{
Name: "SCEP",
Type: "SCEP",
}, "none"},
{"none-with-different-webhook", &provisioner.SCEP{
Name: "SCEP",
Type: "SCEP",
Options: &provisioner.Options{
Webhooks: []*provisioner.Webhook{
{
Kind: linkedca.Webhook_AUTHORIZING.String(),
},
},
},
}, "none"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.p.Init(provisioner.Config{
Claims: config.GlobalProvisionerClaims,
})
require.NoError(t, err)
got := selectValidationMethod(tt.p)
assert.Equal(t, tt.want, got)
})
}
}
View git blame Copy permalink