2021-03-23 23:14:49 +00:00
|
|
|
package stepcas
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/url"
|
|
|
|
"reflect"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
2021-03-25 02:05:56 +00:00
|
|
|
"github.com/smallstep/certificates/ca"
|
2021-03-23 23:14:49 +00:00
|
|
|
"github.com/smallstep/certificates/cas/apiv1"
|
2021-03-25 02:05:56 +00:00
|
|
|
"go.step.sm/crypto/jose"
|
2021-03-23 23:14:49 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type mockErrIssuer struct{}
|
|
|
|
|
|
|
|
func (m mockErrIssuer) SignToken(subject string, sans []string) (string, error) {
|
|
|
|
return "", apiv1.ErrNotImplemented{}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m mockErrIssuer) RevokeToken(subject string) (string, error) {
|
|
|
|
return "", apiv1.ErrNotImplemented{}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m mockErrIssuer) Lifetime(d time.Duration) time.Duration {
|
|
|
|
return d
|
|
|
|
}
|
|
|
|
|
2021-03-25 02:05:56 +00:00
|
|
|
type mockErrSigner struct{}
|
|
|
|
|
|
|
|
func (s *mockErrSigner) Sign(payload []byte) (*jose.JSONWebSignature, error) {
|
|
|
|
return nil, apiv1.ErrNotImplemented{}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *mockErrSigner) Options() jose.SignerOptions {
|
|
|
|
return jose.SignerOptions{}
|
|
|
|
}
|
|
|
|
|
2021-03-23 23:14:49 +00:00
|
|
|
func Test_newStepIssuer(t *testing.T) {
|
2021-03-25 02:05:56 +00:00
|
|
|
caURL, client := testCAHelper(t)
|
|
|
|
signer, err := newJWKSignerFromEncryptedKey(testKeyID, testEncryptedJWKKey, testPassword)
|
2021-03-23 23:14:49 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
type args struct {
|
2021-03-25 02:05:56 +00:00
|
|
|
caURL *url.URL
|
|
|
|
client *ca.Client
|
|
|
|
iss *apiv1.CertificateIssuer
|
2021-03-23 23:14:49 +00:00
|
|
|
}
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
args args
|
|
|
|
want stepIssuer
|
|
|
|
wantErr bool
|
|
|
|
}{
|
2021-03-25 02:05:56 +00:00
|
|
|
{"x5c", args{caURL, client, &apiv1.CertificateIssuer{
|
2021-03-23 23:14:49 +00:00
|
|
|
Type: "x5c",
|
|
|
|
Provisioner: "X5C",
|
|
|
|
Certificate: testX5CPath,
|
|
|
|
Key: testX5CKeyPath,
|
|
|
|
}}, &x5cIssuer{
|
|
|
|
caURL: caURL,
|
|
|
|
certFile: testX5CPath,
|
|
|
|
keyFile: testX5CKeyPath,
|
|
|
|
issuer: "X5C",
|
|
|
|
}, false},
|
2021-03-25 02:05:56 +00:00
|
|
|
{"jwk", args{caURL, client, &apiv1.CertificateIssuer{
|
2021-03-23 23:14:49 +00:00
|
|
|
Type: "jwk",
|
|
|
|
Provisioner: "ra@doe.org",
|
|
|
|
Key: testX5CKeyPath,
|
|
|
|
}}, &jwkIssuer{
|
2021-03-25 02:05:56 +00:00
|
|
|
caURL: caURL,
|
|
|
|
issuer: "ra@doe.org",
|
|
|
|
signer: signer,
|
2021-03-23 23:14:49 +00:00
|
|
|
}, false},
|
2021-03-25 02:05:56 +00:00
|
|
|
{"fail", args{caURL, client, &apiv1.CertificateIssuer{
|
2021-03-23 23:14:49 +00:00
|
|
|
Type: "unknown",
|
|
|
|
Provisioner: "ra@doe.org",
|
|
|
|
Key: testX5CKeyPath,
|
|
|
|
}}, nil, true},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
2021-03-25 02:05:56 +00:00
|
|
|
got, err := newStepIssuer(tt.args.caURL, tt.args.client, tt.args.iss)
|
2021-03-23 23:14:49 +00:00
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
t.Errorf("newStepIssuer() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
return
|
|
|
|
}
|
2021-03-25 02:05:56 +00:00
|
|
|
if tt.args.iss.Type == "jwk" && got != nil && tt.want != nil {
|
|
|
|
got.(*jwkIssuer).signer = tt.want.(*jwkIssuer).signer
|
|
|
|
}
|
2021-03-23 23:14:49 +00:00
|
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
|
|
t.Errorf("newStepIssuer() = %v, want %v", got, tt.want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|