|
|
|
@ -7,6 +7,7 @@ import (
|
|
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
"github.com/smallstep/assert"
|
|
|
|
|
"github.com/smallstep/certificates/authority/provisioner"
|
|
|
|
|
stepJOSE "github.com/smallstep/cli/jose"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
@ -16,25 +17,25 @@ func testAuthority(t *testing.T) *Authority {
|
|
|
|
|
clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_pub.jwk")
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
disableRenewal := true
|
|
|
|
|
p := []*Provisioner{
|
|
|
|
|
{
|
|
|
|
|
p := []*provisioner.Provisioner{
|
|
|
|
|
provisioner.New(&provisioner.JWK{
|
|
|
|
|
Name: "Max",
|
|
|
|
|
Type: "JWK",
|
|
|
|
|
Key: maxjwk,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
}),
|
|
|
|
|
provisioner.New(&provisioner.JWK{
|
|
|
|
|
Name: "step-cli",
|
|
|
|
|
Type: "JWK",
|
|
|
|
|
Key: clijwk,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
}),
|
|
|
|
|
provisioner.New(&provisioner.JWK{
|
|
|
|
|
Name: "dev",
|
|
|
|
|
Type: "JWK",
|
|
|
|
|
Key: maxjwk,
|
|
|
|
|
Claims: &ProvisionerClaims{
|
|
|
|
|
Claims: &provisioner.Claims{
|
|
|
|
|
DisableRenewal: &disableRenewal,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
}
|
|
|
|
|
c := &Config{
|
|
|
|
|
Address: "127.0.0.1:443",
|
|
|
|
@ -113,11 +114,11 @@ func TestAuthorityNew(t *testing.T) {
|
|
|
|
|
assert.True(t, auth.initOnce)
|
|
|
|
|
assert.NotNil(t, auth.intermediateIdentity)
|
|
|
|
|
for _, p := range tc.config.AuthorityConfig.Provisioners {
|
|
|
|
|
_p, ok := auth.provisionerIDIndex.Load(p.ID())
|
|
|
|
|
_p, ok := auth.provisioners.Load(p.ID())
|
|
|
|
|
assert.True(t, ok)
|
|
|
|
|
assert.Equals(t, p, _p)
|
|
|
|
|
if len(p.EncryptedKey) > 0 {
|
|
|
|
|
key, ok := auth.encryptedKeyIndex.Load(p.Key.KeyID)
|
|
|
|
|
key, ok := auth.provisioners.LoadEncryptedKey(p.Key.KeyID)
|
|
|
|
|
assert.True(t, ok)
|
|
|
|
|
assert.Equals(t, p.EncryptedKey, key)
|
|
|
|
|
}
|
|
|
|
|