|
|
|
@ -199,6 +199,7 @@ type mockAuthority struct {
|
|
|
|
|
getEncryptedKey func(kid string) (string, error)
|
|
|
|
|
getRoots func() ([]*x509.Certificate, error)
|
|
|
|
|
getFederation func() ([]*x509.Certificate, error)
|
|
|
|
|
getCRL func() ([]byte, error)
|
|
|
|
|
signSSH func(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
|
|
|
|
|
signSSHAddUser func(ctx context.Context, key ssh.PublicKey, cert *ssh.Certificate) (*ssh.Certificate, error)
|
|
|
|
|
renewSSH func(ctx context.Context, cert *ssh.Certificate) (*ssh.Certificate, error)
|
|
|
|
@ -213,7 +214,11 @@ type mockAuthority struct {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *mockAuthority) GetCertificateRevocationList() ([]byte, error) {
|
|
|
|
|
panic("implement me")
|
|
|
|
|
if m.getCRL != nil {
|
|
|
|
|
return m.getCRL()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return m.ret1.([]byte), m.err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO: remove once Authorize is deprecated.
|
|
|
|
@ -776,6 +781,45 @@ func (m *mockProvisioner) AuthorizeSSHRekey(ctx context.Context, token string) (
|
|
|
|
|
return m.ret1.(*ssh.Certificate), m.ret2.([]provisioner.SignOption), m.err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_CRLGeneration(t *testing.T) {
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
err error
|
|
|
|
|
statusCode int
|
|
|
|
|
expected []byte
|
|
|
|
|
}{
|
|
|
|
|
{"empty", nil, http.StatusOK, nil},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
chiCtx := chi.NewRouteContext()
|
|
|
|
|
req := httptest.NewRequest("GET", "http://example.com/crl", nil)
|
|
|
|
|
req = req.WithContext(context.WithValue(context.Background(), chi.RouteCtxKey, chiCtx))
|
|
|
|
|
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
mockMustAuthority(t, &mockAuthority{ret1: tt.expected, err: tt.err})
|
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
|
CRL(w, req)
|
|
|
|
|
res := w.Result()
|
|
|
|
|
|
|
|
|
|
if res.StatusCode != tt.statusCode {
|
|
|
|
|
t.Errorf("caHandler.CRL StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
|
res.Body.Close()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Errorf("caHandler.Root unexpected error = %v", err)
|
|
|
|
|
}
|
|
|
|
|
if tt.statusCode == 200 {
|
|
|
|
|
if !bytes.Equal(bytes.TrimSpace(body), tt.expected) {
|
|
|
|
|
t.Errorf("caHandler.Root CRL = %s, wants %s", body, tt.expected)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_caHandler_Route(t *testing.T) {
|
|
|
|
|
type fields struct {
|
|
|
|
|
Authority Authority
|
|
|
|
|