|
|
@ -2,6 +2,7 @@ package provisioner
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"context"
|
|
|
|
|
|
|
|
"crypto/x509"
|
|
|
|
"encoding/json"
|
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
|
|
|
"errors"
|
|
|
|
"net/http"
|
|
|
|
"net/http"
|
|
|
@ -12,12 +13,18 @@ import (
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
|
|
|
|
"go.step.sm/linkedca"
|
|
|
|
"go.step.sm/linkedca"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
"github.com/smallstep/certificates/webhook"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
func Test_challengeValidationController_Validate(t *testing.T) {
|
|
|
|
func Test_challengeValidationController_Validate(t *testing.T) {
|
|
|
|
|
|
|
|
dummyCSR := &x509.CertificateRequest{
|
|
|
|
|
|
|
|
Raw: []byte{1},
|
|
|
|
|
|
|
|
}
|
|
|
|
type request struct {
|
|
|
|
type request struct {
|
|
|
|
Challenge string `json:"scepChallenge"`
|
|
|
|
Request *webhook.X509CertificateRequest `json:"x509CertificateRequest,omitempty"`
|
|
|
|
TransactionID string `json:"scepTransactionID"`
|
|
|
|
Challenge string `json:"scepChallenge"`
|
|
|
|
|
|
|
|
TransactionID string `json:"scepTransactionID"`
|
|
|
|
}
|
|
|
|
}
|
|
|
|
type response struct {
|
|
|
|
type response struct {
|
|
|
|
Allow bool `json:"allow"`
|
|
|
|
Allow bool `json:"allow"`
|
|
|
@ -39,6 +46,9 @@ func Test_challengeValidationController_Validate(t *testing.T) {
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, "challenge", req.Challenge)
|
|
|
|
assert.Equal(t, "challenge", req.Challenge)
|
|
|
|
assert.Equal(t, "transaction-1", req.TransactionID)
|
|
|
|
assert.Equal(t, "transaction-1", req.TransactionID)
|
|
|
|
|
|
|
|
if assert.NotNil(t, req.Request) {
|
|
|
|
|
|
|
|
assert.Equal(t, []byte{1}, req.Request.Raw)
|
|
|
|
|
|
|
|
}
|
|
|
|
b, err := json.Marshal(response{Allow: true})
|
|
|
|
b, err := json.Marshal(response{Allow: true})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
w.WriteHeader(200)
|
|
|
|
w.WriteHeader(200)
|
|
|
@ -141,7 +151,7 @@ func Test_challengeValidationController_Validate(t *testing.T) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ctx := context.Background()
|
|
|
|
ctx := context.Background()
|
|
|
|
err := c.Validate(ctx, tt.args.challenge, tt.args.transactionID)
|
|
|
|
err := c.Validate(ctx, dummyCSR, tt.args.challenge, tt.args.transactionID)
|
|
|
|
|
|
|
|
|
|
|
|
if tt.expErr != nil {
|
|
|
|
if tt.expErr != nil {
|
|
|
|
assert.EqualError(t, err, tt.expErr.Error())
|
|
|
|
assert.EqualError(t, err, tt.expErr.Error())
|
|
|
@ -221,9 +231,13 @@ func Test_selectValidationMethod(t *testing.T) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func TestSCEP_ValidateChallenge(t *testing.T) {
|
|
|
|
func TestSCEP_ValidateChallenge(t *testing.T) {
|
|
|
|
|
|
|
|
dummyCSR := &x509.CertificateRequest{
|
|
|
|
|
|
|
|
Raw: []byte{1},
|
|
|
|
|
|
|
|
}
|
|
|
|
type request struct {
|
|
|
|
type request struct {
|
|
|
|
Challenge string `json:"scepChallenge"`
|
|
|
|
Request *webhook.X509CertificateRequest `json:"x509CertificateRequest,omitempty"`
|
|
|
|
TransactionID string `json:"scepTransactionID"`
|
|
|
|
Challenge string `json:"scepChallenge"`
|
|
|
|
|
|
|
|
TransactionID string `json:"scepTransactionID"`
|
|
|
|
}
|
|
|
|
}
|
|
|
|
type response struct {
|
|
|
|
type response struct {
|
|
|
|
Allow bool `json:"allow"`
|
|
|
|
Allow bool `json:"allow"`
|
|
|
@ -234,6 +248,9 @@ func TestSCEP_ValidateChallenge(t *testing.T) {
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, "webhook-challenge", req.Challenge)
|
|
|
|
assert.Equal(t, "webhook-challenge", req.Challenge)
|
|
|
|
assert.Equal(t, "webhook-transaction-1", req.TransactionID)
|
|
|
|
assert.Equal(t, "webhook-transaction-1", req.TransactionID)
|
|
|
|
|
|
|
|
if assert.NotNil(t, req.Request) {
|
|
|
|
|
|
|
|
assert.Equal(t, []byte{1}, req.Request.Raw)
|
|
|
|
|
|
|
|
}
|
|
|
|
b, err := json.Marshal(response{Allow: true})
|
|
|
|
b, err := json.Marshal(response{Allow: true})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
w.WriteHeader(200)
|
|
|
|
w.WriteHeader(200)
|
|
|
@ -330,7 +347,7 @@ func TestSCEP_ValidateChallenge(t *testing.T) {
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
ctx := context.Background()
|
|
|
|
ctx := context.Background()
|
|
|
|
|
|
|
|
|
|
|
|
err = tt.p.ValidateChallenge(ctx, tt.args.challenge, tt.args.transactionID)
|
|
|
|
err = tt.p.ValidateChallenge(ctx, dummyCSR, tt.args.challenge, tt.args.transactionID)
|
|
|
|
if tt.expErr != nil {
|
|
|
|
if tt.expErr != nil {
|
|
|
|
assert.EqualError(t, err, tt.expErr.Error())
|
|
|
|
assert.EqualError(t, err, tt.expErr.Error())
|
|
|
|
return
|
|
|
|
return
|
|
|
|