Modified TestAuthority_Renew to TestAuthority_RenewOrRekey

4 years ago · b368a53149
parent c8c3581e2f
commit b368a53149
1 changed files with 16 additions and 6 deletions
--- a/authority/tls_test.go
+++ b/authority/tls_test.go
@ -370,8 +370,9 @@ ZYtQ9Ot36qc=
 	}
 }

-func TestAuthority_Renew(t *testing.T) {
+func TestAuthority_RenewOrRekey(t *testing.T) {
 	pub, _, err := keys.GenerateDefaultKeyPair()
+	pub1, _, err := keys.GenerateDefaultKeyPair()
 	assert.FatalError(t, err)

 	a := testAuthority(t)
@ -428,14 +429,14 @@ func TestAuthority_Renew(t *testing.T) {
 			return &renewTest{
 				auth: _a,
 				cert: cert,
-				err:  errors.New("authority.Renew; error renewing certificate from existing server certificate"),
+				err:  errors.New("authority.RenewOrRekey; error renewing certificate from existing server certificate"),
 				code: http.StatusInternalServerError,
 			}, nil
 		},
 		"fail-unauthorized": func() (*renewTest, error) {
 			return &renewTest{
 				cert: certNoRenew,
-				err:  errors.New("authority.Renew: authority.authorizeRenew: jwk.AuthorizeRenew; renew is disabled for jwk provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"),
+				err:  errors.New("authority.RenewOrRekey: authority.authorizeRenew: jwk.AuthorizeRenew; renew is disabled for jwk provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"),
 				code: http.StatusUnauthorized,
 			}, nil
 		},
@ -478,9 +479,9 @@ func TestAuthority_Renew(t *testing.T) {

 			var certChain []*x509.Certificate
 			if tc.auth != nil {
-				certChain, err = tc.auth.Renew(tc.cert)
+				certChain, err = tc.auth.RenewOrRekey(tc.cert,pub1)
 			} else {
-				certChain, err = a.Renew(tc.cert)
+				certChain, err = a.RenewOrRekey(tc.cert,pub1)
 			}
 			if err != nil {
 				if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
@ -524,8 +525,9 @@ func TestAuthority_Renew(t *testing.T) {
 					assert.Equals(t, leaf.ExtKeyUsage,
 						[]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth})
 					assert.Equals(t, leaf.DNSNames, []string{"test.smallstep.com", "test"})
+                                        assert.Equals(t, leaf.PublicKey, pub1)

-					pubBytes, err := x509.MarshalPKIXPublicKey(pub)
+					pubBytes, err := x509.MarshalPKIXPublicKey(pub1)
 					assert.FatalError(t, err)
 					hash := sha1.Sum(pubBytes)
 					assert.Equals(t, leaf.SubjectKeyId, hash[:])
@ -535,6 +537,10 @@ func TestAuthority_Renew(t *testing.T) {
 						assert.Equals(t, leaf.AuthorityKeyId, a.x509Issuer.SubjectKeyId)
 						// Compare extensions: they can be in a different order
 						for _, ext1 := range tc.cert.Extensions {
+							//skip SubjectKeyIdentifier
+							if ext1.Id.Equal(oidSubjectKeyIdentifier) {
+								continue
+							}
 							found := false
 							for _, ext2 := range leaf.Extensions {
 								if reflect.DeepEqual(ext1, ext2) {
@ -551,6 +557,10 @@ func TestAuthority_Renew(t *testing.T) {
 						assert.Equals(t, leaf.AuthorityKeyId, tc.auth.x509Issuer.SubjectKeyId)
 						// Compare extensions: they can be in a different order
 						for _, ext1 := range tc.cert.Extensions {
+							//skip SubjectKeyIdentifier
+							if ext1.Id.Equal(oidSubjectKeyIdentifier) {
+								continue
+							}
 							// The authority key id extension should be different b/c the intermediates are different.
 							if ext1.Id.Equal(oidAuthorityKeyIdentifier) {
 								for _, ext2 := range leaf.Extensions {