From 8c8547bf652c78f15ff5e9659d4e05c67e1bba59 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 20 Mar 2019 18:11:45 -0700 Subject: [PATCH] Remove unnecessary parse and improve tests. --- authority/tls.go | 13 ++----------- authority/tls_test.go | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/authority/tls.go b/authority/tls.go index 64bd7ebe..0b089194 100644 --- a/authority/tls.go +++ b/authority/tls.go @@ -116,24 +116,15 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti // Renew creates a new Certificate identical to the old certificate, except // with a validity window that begins 'now'. -func (a *Authority) Renew(ocx *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) { +func (a *Authority) Renew(oldCert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) { // Check step provisioner extensions - if err := a.authorizeRenewal(ocx); err != nil { + if err := a.authorizeRenewal(oldCert); err != nil { return nil, nil, err } // Issuer issIdentity := a.intermediateIdentity - // Convert a realx509.Certificate to the step x509 Certificate. - oldCert, err := x509.ParseCertificate(ocx.Raw) - if err != nil { - return nil, nil, &apiError{ - errors.Wrap(err, "error converting x509.Certificate to stepx509.Certificate"), - http.StatusInternalServerError, context{}, - } - } - now := time.Now().UTC() duration := oldCert.NotAfter.Sub(oldCert.NotBefore) newCert := &x509.Certificate{ diff --git a/authority/tls_test.go b/authority/tls_test.go index c9f80aff..43b35237 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -109,6 +109,20 @@ func TestSign(t *testing.T) { err *apiError } tests := map[string]func(*testing.T) *signTest{ + "fail invalid signature": func(t *testing.T) *signTest { + csr := getCSR(t, priv) + csr.Signature = []byte("foo") + return &signTest{ + auth: a, + csr: csr, + extraOpts: extraOpts, + signOpts: signOpts, + err: &apiError{errors.New("sign: invalid certificate request"), + http.StatusBadRequest, + context{"csr": csr, "signOptions": signOpts}, + }, + } + }, "fail invalid extra option": func(t *testing.T) *signTest { csr := getCSR(t, priv) csr.Raw = []byte("foo")