2020-09-16 19:34:42 +00:00
|
|
|
package cas
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"crypto/ed25519"
|
|
|
|
"crypto/x509"
|
|
|
|
"crypto/x509/pkix"
|
2020-10-28 02:23:56 +00:00
|
|
|
"fmt"
|
2020-09-16 19:34:42 +00:00
|
|
|
"reflect"
|
|
|
|
"testing"
|
|
|
|
|
2022-08-09 00:58:18 +00:00
|
|
|
"go.step.sm/crypto/kms"
|
|
|
|
kmsapi "go.step.sm/crypto/kms/apiv1"
|
|
|
|
|
2020-09-16 19:34:42 +00:00
|
|
|
"github.com/smallstep/certificates/cas/apiv1"
|
2020-10-28 02:23:56 +00:00
|
|
|
"github.com/smallstep/certificates/cas/softcas"
|
2020-09-16 19:34:42 +00:00
|
|
|
)
|
|
|
|
|
2020-10-28 02:23:56 +00:00
|
|
|
type mockCAS struct{}
|
|
|
|
|
|
|
|
func (m *mockCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv1.CreateCertificateResponse, error) {
|
|
|
|
panic("not implemented")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *mockCAS) RenewCertificate(req *apiv1.RenewCertificateRequest) (*apiv1.RenewCertificateResponse, error) {
|
|
|
|
panic("not implemented")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *mockCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv1.RevokeCertificateResponse, error) {
|
|
|
|
panic("not implemented")
|
|
|
|
}
|
|
|
|
|
2020-09-16 19:34:42 +00:00
|
|
|
func TestNew(t *testing.T) {
|
|
|
|
expected := &softcas.SoftCAS{
|
2020-12-24 04:41:10 +00:00
|
|
|
CertificateChain: []*x509.Certificate{{Subject: pkix.Name{CommonName: "Test Issuer"}}},
|
|
|
|
Signer: ed25519.PrivateKey{},
|
2020-09-16 19:34:42 +00:00
|
|
|
}
|
2020-10-28 02:23:56 +00:00
|
|
|
|
|
|
|
apiv1.Register(apiv1.Type("nockCAS"), func(ctx context.Context, opts apiv1.Options) (apiv1.CertificateAuthorityService, error) {
|
|
|
|
return nil, fmt.Errorf("an error")
|
|
|
|
})
|
|
|
|
|
2020-09-16 19:34:42 +00:00
|
|
|
type args struct {
|
|
|
|
ctx context.Context
|
|
|
|
opts apiv1.Options
|
|
|
|
}
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
args args
|
|
|
|
want CertificateAuthorityService
|
|
|
|
wantErr bool
|
|
|
|
}{
|
|
|
|
{"ok default", args{context.Background(), apiv1.Options{
|
2020-12-24 04:41:10 +00:00
|
|
|
CertificateChain: []*x509.Certificate{{Subject: pkix.Name{CommonName: "Test Issuer"}}},
|
|
|
|
Signer: ed25519.PrivateKey{},
|
2020-09-16 19:34:42 +00:00
|
|
|
}}, expected, false},
|
|
|
|
{"ok softcas", args{context.Background(), apiv1.Options{
|
2020-12-24 04:41:10 +00:00
|
|
|
Type: "softcas",
|
|
|
|
CertificateChain: []*x509.Certificate{{Subject: pkix.Name{CommonName: "Test Issuer"}}},
|
|
|
|
Signer: ed25519.PrivateKey{},
|
2020-09-16 19:34:42 +00:00
|
|
|
}}, expected, false},
|
|
|
|
{"ok SoftCAS", args{context.Background(), apiv1.Options{
|
2020-12-24 04:41:10 +00:00
|
|
|
Type: "SoftCAS",
|
|
|
|
CertificateChain: []*x509.Certificate{{Subject: pkix.Name{CommonName: "Test Issuer"}}},
|
|
|
|
Signer: ed25519.PrivateKey{},
|
2020-09-16 19:34:42 +00:00
|
|
|
}}, expected, false},
|
|
|
|
{"fail empty", args{context.Background(), apiv1.Options{}}, (*softcas.SoftCAS)(nil), true},
|
|
|
|
{"fail type", args{context.Background(), apiv1.Options{Type: "FailCAS"}}, nil, true},
|
2020-10-28 02:23:56 +00:00
|
|
|
{"fail load", args{context.Background(), apiv1.Options{Type: "nockCAS"}}, nil, true},
|
2020-09-16 19:34:42 +00:00
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
got, err := New(tt.args.ctx, tt.args.opts)
|
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
t.Errorf("New() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
|
|
t.Errorf("New() = %#v, want %v", got, tt.want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2020-10-28 02:23:56 +00:00
|
|
|
|
|
|
|
func TestNewCreator(t *testing.T) {
|
|
|
|
keyManager, err := kms.New(context.Background(), kmsapi.Options{})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
apiv1.Register(apiv1.Type("nockCAS"), func(ctx context.Context, opts apiv1.Options) (apiv1.CertificateAuthorityService, error) {
|
|
|
|
return &mockCAS{}, nil
|
|
|
|
})
|
|
|
|
|
|
|
|
type args struct {
|
|
|
|
ctx context.Context
|
|
|
|
opts apiv1.Options
|
|
|
|
}
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
args args
|
|
|
|
want CertificateAuthorityCreator
|
|
|
|
wantErr bool
|
|
|
|
}{
|
|
|
|
{"ok empty", args{context.Background(), apiv1.Options{}}, &softcas.SoftCAS{}, false},
|
|
|
|
{"ok softcas", args{context.Background(), apiv1.Options{
|
|
|
|
Type: "softcas",
|
|
|
|
}}, &softcas.SoftCAS{}, false},
|
|
|
|
{"ok SoftCAS", args{context.Background(), apiv1.Options{
|
|
|
|
Type: "SoftCAS",
|
|
|
|
KeyManager: keyManager,
|
|
|
|
}}, &softcas.SoftCAS{KeyManager: keyManager}, false},
|
|
|
|
{"fail type", args{context.Background(), apiv1.Options{Type: "FailCAS"}}, nil, true},
|
|
|
|
{"fail no creator", args{context.Background(), apiv1.Options{Type: "nockCAS"}}, nil, true},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
got, err := NewCreator(tt.args.ctx, tt.args.opts)
|
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
t.Errorf("NewCreator() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
|
|
t.Errorf("NewCreator() = %v, want %v", got, tt.want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|