2018-10-05 21:48:36 +00:00
|
|
|
package authority
|
|
|
|
|
|
|
|
import (
|
2019-01-10 21:19:51 +00:00
|
|
|
"crypto/x509"
|
2022-03-30 08:22:22 +00:00
|
|
|
"errors"
|
2018-10-05 21:48:36 +00:00
|
|
|
"net/http"
|
2019-01-10 21:19:51 +00:00
|
|
|
"reflect"
|
2018-10-05 21:48:36 +00:00
|
|
|
"testing"
|
|
|
|
|
2020-08-14 22:33:50 +00:00
|
|
|
"go.step.sm/crypto/pemutil"
|
2022-03-30 08:22:22 +00:00
|
|
|
|
|
|
|
"github.com/smallstep/assert"
|
|
|
|
"github.com/smallstep/certificates/api/render"
|
2018-10-05 21:48:36 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestRoot(t *testing.T) {
|
|
|
|
a := testAuthority(t)
|
|
|
|
a.certificates.Store("invaliddata", "a string") // invalid cert for testing
|
|
|
|
|
|
|
|
tests := map[string]struct {
|
2020-01-24 06:04:34 +00:00
|
|
|
sum string
|
|
|
|
err error
|
|
|
|
code int
|
2018-10-05 21:48:36 +00:00
|
|
|
}{
|
2020-01-24 06:04:34 +00:00
|
|
|
"not-found": {"foo", errors.New("certificate with fingerprint foo was not found"), http.StatusNotFound},
|
|
|
|
"invalid-stored-certificate": {"invaliddata", errors.New("stored value is not a *x509.Certificate"), http.StatusInternalServerError},
|
|
|
|
"success": {"189f573cfa159251e445530847ef80b1b62a3a380ee670dcb49e33ed34da0616", nil, http.StatusOK},
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range tests {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
crt, err := a.Root(tc.sum)
|
|
|
|
if err != nil {
|
|
|
|
if assert.NotNil(t, tc.err) {
|
2022-09-22 07:04:31 +00:00
|
|
|
var sc render.StatusCodedError
|
|
|
|
assert.Fatal(t, errors.As(err, &sc), "error does not implement StatusCodedError interface")
|
2020-01-24 06:04:34 +00:00
|
|
|
assert.Equals(t, sc.StatusCode(), tc.code)
|
|
|
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if assert.Nil(t, tc.err) {
|
2019-01-07 23:30:28 +00:00
|
|
|
assert.Equals(t, crt, a.rootX509Certs[0])
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2019-01-10 21:19:51 +00:00
|
|
|
|
|
|
|
func TestAuthority_GetRootCertificate(t *testing.T) {
|
2019-03-05 08:07:13 +00:00
|
|
|
cert, err := pemutil.ReadCertificate("testdata/certs/root_ca.crt")
|
2019-01-10 21:19:51 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
want *x509.Certificate
|
|
|
|
}{
|
|
|
|
{"ok", cert},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
a := testAuthority(t)
|
|
|
|
if got := a.GetRootCertificate(); !reflect.DeepEqual(got, tt.want) {
|
|
|
|
t.Errorf("Authority.GetRootCertificate() = %v, want %v", got, tt.want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthority_GetRootCertificates(t *testing.T) {
|
2019-03-05 08:07:13 +00:00
|
|
|
cert, err := pemutil.ReadCertificate("testdata/certs/root_ca.crt")
|
2019-01-10 21:19:51 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
want []*x509.Certificate
|
|
|
|
}{
|
|
|
|
{"ok", []*x509.Certificate{cert}},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
a := testAuthority(t)
|
|
|
|
if got := a.GetRootCertificates(); !reflect.DeepEqual(got, tt.want) {
|
|
|
|
t.Errorf("Authority.GetRootCertificates() = %v, want %v", got, tt.want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthority_GetRoots(t *testing.T) {
|
2019-03-05 08:07:13 +00:00
|
|
|
cert, err := pemutil.ReadCertificate("testdata/certs/root_ca.crt")
|
2019-01-10 21:19:51 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
want []*x509.Certificate
|
|
|
|
wantErr bool
|
|
|
|
}{
|
2019-01-12 03:08:08 +00:00
|
|
|
{"ok", []*x509.Certificate{cert}, false},
|
2019-01-10 21:19:51 +00:00
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
2019-01-12 03:08:08 +00:00
|
|
|
a := testAuthority(t)
|
2019-01-10 21:19:51 +00:00
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
2019-01-12 03:08:08 +00:00
|
|
|
got, err := a.GetRoots()
|
2019-01-10 21:19:51 +00:00
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
t.Errorf("Authority.GetRoots() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
|
|
t.Errorf("Authority.GetRoots() = %v, want %v", got, tt.want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthority_GetFederation(t *testing.T) {
|
2019-03-05 08:07:13 +00:00
|
|
|
cert, err := pemutil.ReadCertificate("testdata/certs/root_ca.crt")
|
2019-01-10 21:19:51 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
wantFederation []*x509.Certificate
|
|
|
|
wantErr bool
|
2019-01-12 03:08:08 +00:00
|
|
|
fn func(a *Authority)
|
2019-01-10 21:19:51 +00:00
|
|
|
}{
|
2019-01-12 03:08:08 +00:00
|
|
|
{"ok", []*x509.Certificate{cert}, false, nil},
|
|
|
|
{"fail", nil, true, func(a *Authority) {
|
2019-01-10 21:19:51 +00:00
|
|
|
a.certificates.Store("foo", "bar")
|
|
|
|
}},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
2019-01-12 03:08:08 +00:00
|
|
|
a := testAuthority(t)
|
2019-01-10 21:19:51 +00:00
|
|
|
if tt.fn != nil {
|
2019-01-12 03:08:08 +00:00
|
|
|
tt.fn(a)
|
2019-01-10 21:19:51 +00:00
|
|
|
}
|
2019-01-12 03:08:08 +00:00
|
|
|
gotFederation, err := a.GetFederation()
|
2019-01-10 21:19:51 +00:00
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
t.Errorf("Authority.GetFederation() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !reflect.DeepEqual(gotFederation, tt.wantFederation) {
|
|
|
|
t.Errorf("Authority.GetFederation() = %v, want %v", gotFederation, tt.wantFederation)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|