@ -4,7 +4,6 @@ import (
"bytes"
"context"
"encoding/json"
"errors"
"io"
"net/http"
"net/http/httptest"
@ -20,7 +19,6 @@ import (
"github.com/smallstep/assert"
"github.com/smallstep/certificates/authority/admin"
"github.com/smallstep/certificates/authority/provisioner"
)
func readProtoJSON ( r io . ReadCloser , m proto . Message ) error {
@ -35,106 +33,76 @@ func readProtoJSON(r io.ReadCloser, m proto.Message) error {
func TestHandler_requireEABEnabled ( t * testing . T ) {
type test struct {
ctx context . Context
adminDB admin . DB
auth adminAuthority
next http . HandlerFunc
err * admin . Error
statusCode int
}
var tests = map [ string ] func ( t * testing . T ) test {
"fail/h.provisionerHasEABEnabled" : func ( t * testing . T ) test {
chiCtx := chi . NewRouteContext ( )
chiCtx . URLParams . Add ( "provisionerName" , "provName" )
ctx := context . WithValue ( context . Background ( ) , chi . RouteCtxKey , chiCtx )
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "provName" , name )
return nil , errors . New ( "force" )
} ,
"fail/prov.GetDetails" : func ( t * testing . T ) test {
prov := & linkedca . Provisioner {
Id : "provID" ,
Name : "provName" ,
}
err := admin . NewErrorISE ( "error loading provisioner provName: force" )
err . Message = "error loading provisioner provName: force"
ctx := linkedca . NewContextWithProvisioner ( context . Background ( ) , prov )
err := admin . NewErrorISE ( "error getting details for provisioner 'provName'" )
err . Message = "error getting details for provisioner 'provName'"
return test {
ctx : ctx ,
auth : auth ,
err : err ,
statusCode : 500 ,
}
} ,
" ok/eab-disabled ": func ( t * testing . T ) test {
chiCtx := chi . NewRouteContext ( )
chiCtx . URLParams . Add ( "provisionerName" , "provName" )
ctx := context . WithValue ( context . Background ( ) , chi . RouteCtxKey , chiCtx )
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "provName" , name )
return & provisioner . MockProvisioner {
MgetID : func ( ) string {
return "provID"
} ,
} , nil
} ,
" fail/details.GetACME ": func ( t * testing . T ) test {
prov := & linkedca . Provisioner {
Id : "provID" ,
Name : "provName" ,
Details : & linkedca . ProvisionerDetails { } ,
}
ctx := linkedca . NewContextWithProvisioner ( context . Background ( ) , prov )
err := admin . NewErrorISE ( "error getting ACME details for provisioner 'provName'" )
err . Message = "error getting ACME details for provisioner 'provName'"
return test {
ctx : ctx ,
err : err ,
statusCode : 500 ,
}
db := & admin . MockDB {
MockGetProvisioner : func ( ctx context . Context , id string ) ( * linkedca . Provisioner , error ) {
assert . Equals ( t , "provID" , id )
return & linkedca . Provisioner {
Id : "provID" ,
Name : "provName" ,
Details : & linkedca . ProvisionerDetails {
Data : & linkedca . ProvisionerDetails_ACME {
ACME : & linkedca . ACMEProvisioner {
RequireEab : false ,
} ,
} ,
} ,
"ok/eab-disabled" : func ( t * testing . T ) test {
prov := & linkedca . Provisioner {
Id : "provID" ,
Name : "provName" ,
Details : & linkedca . ProvisionerDetails {
Data : & linkedca . ProvisionerDetails_ACME {
ACME : & linkedca . ACMEProvisioner {
RequireEab : false ,
} ,
} , nil
} ,
} ,
}
ctx := linkedca . NewContextWithProvisioner ( context . Background ( ) , prov )
err := admin . NewError ( admin . ErrorBadRequestType , "ACME EAB not enabled for provisioner provName" )
err . Message = "ACME EAB not enabled for provisioner provName"
err . Message = "ACME EAB not enabled for provisioner ' provName' "
return test {
ctx : ctx ,
auth : auth ,
adminDB : db ,
err : err ,
statusCode : 400 ,
}
} ,
"ok/eab-enabled" : func ( t * testing . T ) test {
chiCtx := chi . NewRouteContext ( )
chiCtx . URLParams . Add ( "provisionerName" , "provName" )
ctx := context . WithValue ( context . Background ( ) , chi . RouteCtxKey , chiCtx )
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "provName" , name )
return & provisioner . MockProvisioner {
MgetID : func ( ) string {
return "provID"
} ,
} , nil
} ,
}
db := & admin . MockDB {
MockGetProvisioner : func ( ctx context . Context , id string ) ( * linkedca . Provisioner , error ) {
assert . Equals ( t , "provID" , id )
return & linkedca . Provisioner {
Id : "provID" ,
Name : "provName" ,
Details : & linkedca . ProvisionerDetails {
Data : & linkedca . ProvisionerDetails_ACME {
ACME : & linkedca . ACMEProvisioner {
RequireEab : true ,
} ,
} ,
prov := & linkedca . Provisioner {
Id : "provID" ,
Name : "provName" ,
Details : & linkedca . ProvisionerDetails {
Data : & linkedca . ProvisionerDetails_ACME {
ACME : & linkedca . ACMEProvisioner {
RequireEab : true ,
} ,
} , nil
} ,
} ,
}
ctx := linkedca . NewContextWithProvisioner ( context . Background ( ) , prov )
return test {
ctx : ctx ,
auth : auth ,
adminDB : db ,
ctx : ctx ,
next : func ( w http . ResponseWriter , r * http . Request ) {
w . Write ( nil ) // mock response with status 200
} ,
@ -146,13 +114,9 @@ func TestHandler_requireEABEnabled(t *testing.T) {
for name , prep := range tests {
tc := prep ( t )
t . Run ( name , func ( t * testing . T ) {
h := & Handler {
auth : tc . auth ,
adminDB : tc . adminDB ,
acmeDB : nil ,
}
h := & Handler { }
req := httptest . NewRequest ( "GET" , "/foo" , nil ) // chi routing is prepared in test setup
req := httptest . NewRequest ( "GET" , "/foo" , nil )
req = req . WithContext ( tc . ctx )
w := httptest . NewRecorder ( )
h . requireEABEnabled ( tc . next ) ( w , req )
@ -179,216 +143,6 @@ func TestHandler_requireEABEnabled(t *testing.T) {
}
}
func TestHandler_provisionerHasEABEnabled ( t * testing . T ) {
type test struct {
adminDB admin . DB
auth adminAuthority
provisionerName string
want bool
err * admin . Error
}
var tests = map [ string ] func ( t * testing . T ) test {
"fail/auth.LoadProvisionerByName" : func ( t * testing . T ) test {
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "provName" , name )
return nil , errors . New ( "force" )
} ,
}
return test {
auth : auth ,
provisionerName : "provName" ,
want : false ,
err : admin . WrapErrorISE ( errors . New ( "force" ) , "error loading provisioner provName" ) ,
}
} ,
"fail/db.GetProvisioner" : func ( t * testing . T ) test {
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "provName" , name )
return & provisioner . MockProvisioner {
MgetID : func ( ) string {
return "provID"
} ,
} , nil
} ,
}
db := & admin . MockDB {
MockGetProvisioner : func ( ctx context . Context , id string ) ( * linkedca . Provisioner , error ) {
assert . Equals ( t , "provID" , id )
return nil , errors . New ( "force" )
} ,
}
return test {
auth : auth ,
adminDB : db ,
provisionerName : "provName" ,
want : false ,
err : admin . WrapErrorISE ( errors . New ( "force" ) , "error loading provisioner provName" ) ,
}
} ,
"fail/prov.GetDetails" : func ( t * testing . T ) test {
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "provName" , name )
return & provisioner . MockProvisioner {
MgetID : func ( ) string {
return "provID"
} ,
} , nil
} ,
}
db := & admin . MockDB {
MockGetProvisioner : func ( ctx context . Context , id string ) ( * linkedca . Provisioner , error ) {
assert . Equals ( t , "provID" , id )
return & linkedca . Provisioner {
Id : "provID" ,
Name : "provName" ,
Details : nil ,
} , nil
} ,
}
return test {
auth : auth ,
adminDB : db ,
provisionerName : "provName" ,
want : false ,
err : admin . WrapErrorISE ( errors . New ( "force" ) , "error loading provisioner provName" ) ,
}
} ,
"fail/details.GetACME" : func ( t * testing . T ) test {
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "provName" , name )
return & provisioner . MockProvisioner {
MgetID : func ( ) string {
return "provID"
} ,
} , nil
} ,
}
db := & admin . MockDB {
MockGetProvisioner : func ( ctx context . Context , id string ) ( * linkedca . Provisioner , error ) {
assert . Equals ( t , "provID" , id )
return & linkedca . Provisioner {
Id : "provID" ,
Name : "provName" ,
Details : & linkedca . ProvisionerDetails {
Data : & linkedca . ProvisionerDetails_ACME {
ACME : nil ,
} ,
} ,
} , nil
} ,
}
return test {
auth : auth ,
adminDB : db ,
provisionerName : "provName" ,
want : false ,
err : admin . WrapErrorISE ( errors . New ( "force" ) , "error loading provisioner provName" ) ,
}
} ,
"ok/eab-disabled" : func ( t * testing . T ) test {
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "eab-disabled" , name )
return & provisioner . MockProvisioner {
MgetID : func ( ) string {
return "provID"
} ,
} , nil
} ,
}
db := & admin . MockDB {
MockGetProvisioner : func ( ctx context . Context , id string ) ( * linkedca . Provisioner , error ) {
assert . Equals ( t , "provID" , id )
return & linkedca . Provisioner {
Id : "provID" ,
Name : "eab-disabled" ,
Details : & linkedca . ProvisionerDetails {
Data : & linkedca . ProvisionerDetails_ACME {
ACME : & linkedca . ACMEProvisioner {
RequireEab : false ,
} ,
} ,
} ,
} , nil
} ,
}
return test {
adminDB : db ,
auth : auth ,
provisionerName : "eab-disabled" ,
want : false ,
}
} ,
"ok/eab-enabled" : func ( t * testing . T ) test {
auth := & mockAdminAuthority {
MockLoadProvisionerByName : func ( name string ) ( provisioner . Interface , error ) {
assert . Equals ( t , "eab-enabled" , name )
return & provisioner . MockProvisioner {
MgetID : func ( ) string {
return "provID"
} ,
} , nil
} ,
}
db := & admin . MockDB {
MockGetProvisioner : func ( ctx context . Context , id string ) ( * linkedca . Provisioner , error ) {
assert . Equals ( t , "provID" , id )
return & linkedca . Provisioner {
Id : "provID" ,
Name : "eab-enabled" ,
Details : & linkedca . ProvisionerDetails {
Data : & linkedca . ProvisionerDetails_ACME {
ACME : & linkedca . ACMEProvisioner {
RequireEab : true ,
} ,
} ,
} ,
} , nil
} ,
}
return test {
adminDB : db ,
auth : auth ,
provisionerName : "eab-enabled" ,
want : true ,
}
} ,
}
for name , prep := range tests {
tc := prep ( t )
t . Run ( name , func ( t * testing . T ) {
h := & Handler {
auth : tc . auth ,
adminDB : tc . adminDB ,
acmeDB : nil ,
}
got , prov , err := h . provisionerHasEABEnabled ( context . TODO ( ) , tc . provisionerName )
if ( err != nil ) != ( tc . err != nil ) {
t . Errorf ( "Handler.provisionerHasEABEnabled() error = %v, want err %v" , err , tc . err )
return
}
if tc . err != nil {
assert . Type ( t , & linkedca . Provisioner { } , prov )
assert . Type ( t , & admin . Error { } , err )
adminError , _ := err . ( * admin . Error )
assert . Equals ( t , tc . err . Type , adminError . Type )
assert . Equals ( t , tc . err . Status , adminError . Status )
assert . Equals ( t , tc . err . StatusCode ( ) , adminError . StatusCode ( ) )
assert . Equals ( t , tc . err . Message , adminError . Message )
assert . Equals ( t , tc . err . Detail , adminError . Detail )
return
}
if got != tc . want {
t . Errorf ( "Handler.provisionerHasEABEnabled() = %v, want %v" , got , tc . want )
}
} )
}
}
func TestCreateExternalAccountKeyRequest_Validate ( t * testing . T ) {
type fields struct {
Reference string