Add setup for Authority tests

authority/authority_test.go

@@ -6,6 +6,7 @@ import (
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/hex"
+	"fmt"
 	"io/ioutil"
 	"net"
 	"reflect"
@@ -320,3 +321,150 @@ func TestAuthority_CloseForReload(t *testing.T) {
 		})
 	}
 }
+
+func testScepAuthority(t *testing.T, opts ...Option) *Authority {
+
+	p := provisioner.List{
+		&provisioner.SCEP{
+			Name: "scep1",
+			Type: "SCEP",
+		},
+	}
+	c := &Config{
+		Address:          "127.0.0.1:8443",
+		InsecureAddress:  "127.0.0.1:8080",
+		Root:             []string{"testdata/scep/root.crt"},
+		IntermediateCert: "testdata/scep/intermediate.crt",
+		IntermediateKey:  "testdata/scep/intermediate.key",
+		DNSNames:         []string{"example.com"},
+		Password:         "pass",
+		AuthorityConfig: &AuthConfig{
+			Provisioners: p,
+		},
+	}
+	a, err := New(c, opts...)
+	assert.FatalError(t, err)
+	return a
+}
+
+func TestAuthority_GetSCEPService(t *testing.T) {
+	auth := testScepAuthority(t)
+	fmt.Println(auth)
+
+	p := provisioner.List{
+		&provisioner.SCEP{
+			Name: "scep1",
+			Type: "SCEP",
+		},
+	}
+
+	type fields struct {
+		config *Config
+		// keyManager              kms.KeyManager
+		// provisioners            *provisioner.Collection
+		// db                      db.AuthDB
+		// templates               *templates.Templates
+		// x509CAService           cas.CertificateAuthorityService
+		// rootX509Certs           []*x509.Certificate
+		// federatedX509Certs      []*x509.Certificate
+		// certificates            *sync.Map
+		// scepService             *scep.Service
+		// sshCAUserCertSignKey    ssh.Signer
+		// sshCAHostCertSignKey    ssh.Signer
+		// sshCAUserCerts          []ssh.PublicKey
+		// sshCAHostCerts          []ssh.PublicKey
+		// sshCAUserFederatedCerts []ssh.PublicKey
+		// sshCAHostFederatedCerts []ssh.PublicKey
+		// initOnce                bool
+		// startTime               time.Time
+		// sshBastionFunc          func(ctx context.Context, user, hostname string) (*Bastion, error)
+		// sshCheckHostFunc        func(ctx context.Context, principal string, tok string, roots []*x509.Certificate) (bool, error)
+		// sshGetHostsFunc         func(ctx context.Context, cert *x509.Certificate) ([]Host, error)
+		// getIdentityFunc         provisioner.GetIdentityFunc
+	}
+	tests := []struct {
+		name        string
+		fields      fields
+		wantService bool
+		wantErr     bool
+	}{
+		{
+			name: "ok",
+			fields: fields{
+				config: &Config{
+					Address:          "127.0.0.1:8443",
+					InsecureAddress:  "127.0.0.1:8080",
+					Root:             []string{"testdata/scep/root.crt"},
+					IntermediateCert: "testdata/scep/intermediate.crt",
+					IntermediateKey:  "testdata/scep/intermediate.key",
+					DNSNames:         []string{"example.com"},
+					Password:         "pass",
+					AuthorityConfig: &AuthConfig{
+						Provisioners: p,
+					},
+				},
+			},
+			wantService: true,
+			wantErr:     false,
+		},
+		{
+			name: "wrong password",
+			fields: fields{
+				config: &Config{
+					Address:          "127.0.0.1:8443",
+					InsecureAddress:  "127.0.0.1:8080",
+					Root:             []string{"testdata/scep/root.crt"},
+					IntermediateCert: "testdata/scep/intermediate.crt",
+					IntermediateKey:  "testdata/scep/intermediate.key",
+					DNSNames:         []string{"example.com"},
+					Password:         "wrongpass",
+					AuthorityConfig: &AuthConfig{
+						Provisioners: p,
+					},
+				},
+			},
+			wantService: false,
+			wantErr:     true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// a := &Authority{
+			// 	config:                  tt.fields.config,
+			// 	keyManager:              tt.fields.keyManager,
+			// 	provisioners:            tt.fields.provisioners,
+			// 	db:                      tt.fields.db,
+			// 	templates:               tt.fields.templates,
+			// 	x509CAService:           tt.fields.x509CAService,
+			// 	rootX509Certs:           tt.fields.rootX509Certs,
+			// 	federatedX509Certs:      tt.fields.federatedX509Certs,
+			// 	certificates:            tt.fields.certificates,
+			// 	scepService:             tt.fields.scepService,
+			// 	sshCAUserCertSignKey:    tt.fields.sshCAUserCertSignKey,
+			// 	sshCAHostCertSignKey:    tt.fields.sshCAHostCertSignKey,
+			// 	sshCAUserCerts:          tt.fields.sshCAUserCerts,
+			// 	sshCAHostCerts:          tt.fields.sshCAHostCerts,
+			// 	sshCAUserFederatedCerts: tt.fields.sshCAUserFederatedCerts,
+			// 	sshCAHostFederatedCerts: tt.fields.sshCAHostFederatedCerts,
+			// 	initOnce:                tt.fields.initOnce,
+			// 	startTime:               tt.fields.startTime,
+			// 	sshBastionFunc:          tt.fields.sshBastionFunc,
+			// 	sshCheckHostFunc:        tt.fields.sshCheckHostFunc,
+			// 	sshGetHostsFunc:         tt.fields.sshGetHostsFunc,
+			// 	getIdentityFunc:         tt.fields.getIdentityFunc,
+			// }
+			a, err := New(tt.fields.config)
+			fmt.Println(err)
+			fmt.Println(a)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Authority.New(), error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if tt.wantService {
+				if got := a.GetSCEPService(); (got != nil) != tt.wantService {
+					t.Errorf("Authority.GetSCEPService() = %v, wantService %v", got, tt.wantService)
+				}
+			}
+		})
+	}
+}

authority/testdata/scep/intermediate.crt

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZTCCAgugAwIBAgIQDPpOQXW7OLMFNR/+iOUdQjAKBggqhkjOPQQDAjAXMRUw
+EwYDVQQDEwxzY2VwdGVzdHJvb3QwHhcNMjEwNTA3MTUyMjU2WhcNMzEwNTA1MTUy
+MjU2WjAfMR0wGwYDVQQDExRzY2VwdGVzdGludGVybWVkaWF0ZTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJTw49z9/MeZ/YeRO89ylMV3HnYpw52/Vs2G
+NsgYZRKiPz2RjixUp1iWRPoDONdlEOIAo0TALNOqz4EqJHB+FpBPBA1ZfwG/PlP/
+eWFubNXLXIhZPSQOiHmL4dIw0FS/VFGZm1eqc9JPG/V2G6UaKvOa8+W9/nhi4eeL
++/9nTwG4cTav9ltaVxQ55kcoJtMcvouYQ4oPSZ6yNuVYbFAoaqZnJqNQhxDvKsFH
+lHmvl28FAVM+otmEQNTm91uPwXuVusxEGn9N/d7M4iojCiMGg0S3luBS8IrGRI1Y
+bSKZvGsFnqUjHh2cLL1lqqo5+QvhvP9ut6+g8QGoq8NTc2yCRy8CAwEAAaNmMGQw
+DgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGfO
+jTNTKTAyra+rAd/NL2ydarSFMB8GA1UdIwQYMBaAFKJr1p5QRfkHzewG3YEhPAtv
+FQNrMAoGCCqGSM49BAMCA0gAMEUCIEYK76FN9a/hWkMZcQ+NXyzGtfW+bnwsX3oN
+wT6jfyO0AiEAojTeSwf/H2l/E1lvsWJfNr8nOokWz+ZsbmMm5PU0Y+g=
+-----END CERTIFICATE-----

authority/testdata/scep/intermediate.key

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,a54ae9388ce050f0a479a258d105fbb7
+
+VkJp9kKZQ7O9Gy9orvXaO+klt4Lrqp9oSABSBy8yFcc3neniLixqcyZZ4+CC/OG2
+TGTm4TiB9RBucrUyPwoxBraWbtTLHvS4nfPwr2feSTKoHDhSIr4Z1VMDF8PWiOSg
+vD3iYs5F1lz78hcB/SNdSZ2jm0ze84DFC2E49agWeiFLwezcLhXKQ2HHRJ6PmJv7
+IYB7+aLw8cUis/eJquWv7vrmlnshXBXLOrDekNq/mGhdpUmguDNEGX/3yT+8QYRv
+yeCqLVWcfkQ7KkXAeet0tVPNGQQF0+yS80Hv2/LBcskhL467qa79Xm+QPbBbhsEB
+aa4rettMLEdxk3IB1dgXdWhdJ4zBD+RFjczJbQlZRfmPb8sR20V/xp3x9i+SLqKp
+seVoNF+LhLhEwJdMF23t2KpuiOShzC60ApjALN6/O2/XGCl0KQ+NzucX+wpirS6z
+d2XfEYpsUaUFEFraOwfGXxLmluRtS6Q3+0+NPgwVQuH7EE7KuoTDUoSrUG4OFjaq
+CeUeZv1IVf0sYqZQVRiMxxdoFBKUSgcaR1gzzLZgHeoZCGP0PewmZDfJMQ5rWe0D
+zYYIKXUg8+oytHsz+5pQ277psXsl7iApZu56s6w3rD45w/zBeEyBhyL5JMBP8Y6y
+7ReaUGsoFu3WEvrMcOsN+0Vag/SdQsvEH0PGA/ltlrlhaHKq+4t/ZwP6WxUmnaVV
+JNtTWB8IqxtO0zbwK1owxjrO7t42K2isSryg/y2sQb4wgokoOzg1PqEaM8PIUvjl
+qkGhwrOz4lNNQ9b6Hgy81DpnXnJkRNY7B5yKi62TCc6K/DHrFs0fHKb9Qxac5KKf
+paasGWuEC5IP0lUyn81BmAVlfByBvnGmYiDmmGXLmfsyqtGFL9fpOl1Txq3/URfT
+f705lzeUt9r2BT5FJtV5lkTntRzjpi5QeRiJsvfXA7nCPZj2hoLWgIm/D/HRgfVR
+PIX1M7nxefRgES+T6UJNsBbGjSTgEVIPqVnyWs0JUyg4+KQ5VMU8g8SGA0dtnJyF
+9JrZHy2OA/AYt/c96vJj4WdFvqw3kodIKOipBbKjBBGokaOTsLADFEYgOr51BfvO
+QmxGZoXsRpD4sBOAwW039Ka5uCfuBETa+XQPtlHailaRZLlK9cZaDlzQr/K9jAgM
+qOmZIKr3L8YPK3mQV+mWVYchPXTf+UyTFiWIt30z1JlyrTw1H+h62pV9f1QXDB6P
+FIlfWHUK2mohWqzBnv4zFRBTVUnUDC9ONT+cVLh0cvlbRt2yy2ZgR4+d6IGH6mRH
+VLgWAFpS3KS1/4NfwWRBaMvIBfqfXCzXSqVJsq7RlBSW/EBwe9TDXhcTzOLHjx4E
+vdp+hqyXT62cTd7oWe78BBw3xOgpQwQ8bUdhye0kXMLNpU9j70pA7CjLVoVsdzH6
+n1EG7Mz/5NmXLy7LP8RuVU90mNQzNu8PFWtfjZ/jr3/OxoOc0Wx6mFykXkZbxKXI
+xOlaOnUHKnEmsCLnZUkIxEqwKo+RYWBRtKxYsS8x8TLXyFGEfHidI75ulZM7eAS8
+jWtVNKbPIyal+nQMpqa/lKW6fiGGUVp0u2x3Pnd8luRCs2htBmXSB7W7mJ2SMCui
+-----END RSA PRIVATE KEY-----

authority/testdata/scep/root.crt

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBczCCARigAwIBAgIRAImbSwfqrrI6p72t0b9f6l4wCgYIKoZIzj0EAwIwFzEV
+MBMGA1UEAxMMc2NlcHRlc3Ryb290MB4XDTIxMDUwNzE1MjEzMFoXDTMxMDUwNTE1
+MjEzMFowFzEVMBMGA1UEAxMMc2NlcHRlc3Ryb290MFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAE3fyAgJsDICrnXhhoxHKmXMHLoW0EM9bYiBmx1xRyol0Qa3SZMW43
+rtTykqVP3HUA3rIrLdX106s9IFcA3eIYiaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIG
+A1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFKJr1p5QRfkHzewG3YEhPAtvFQNr
+MAoGCCqGSM49BAMCA0kAMEYCIQDlXU695zKmSSfVPaPbM2cx7OlKr2n6NSyifatH
+9zDITwIhAJUbbHzRJVgscxx+VSMqC2TkFvug6ryNu6kQIKNRwolr
+-----END CERTIFICATE-----

authority/testdata/scep/root.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,0ea78864d21de199d3a737e4337589c2
+
+ZD3ggzw3eDYJp8NovTWgTxk6MagLutgU2UfwbYliAl7wKvVyzwkPytwRkyAXPBM6
+jMfiAdq6wY2wEpc8OSfrvAXrGuYqlCakDhdMaFDPcS3K29VLl4BaO2X2Rfk55nBd
+ASBNREKVb+hg2HV22DO7r6t+EYXTSD6iO7EB90bvKdE=
+-----END EC PRIVATE KEY-----