You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
103 lines
3.0 KiB
Go
103 lines
3.0 KiB
Go
package e2e
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net"
|
|
"path/filepath"
|
|
"sync"
|
|
"testing"
|
|
|
|
"github.com/smallstep/certificates/authority/config"
|
|
"github.com/smallstep/certificates/ca"
|
|
"github.com/smallstep/certificates/errs"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"go.step.sm/crypto/minica"
|
|
"go.step.sm/crypto/pemutil"
|
|
)
|
|
|
|
func TestXxx(t *testing.T) {
|
|
dir := t.TempDir()
|
|
m, err := minica.New(minica.WithName("Step E2E"))
|
|
require.NoError(t, err)
|
|
|
|
rootFilepath := filepath.Join(dir, "root.crt")
|
|
_, err = pemutil.Serialize(m.Root, pemutil.WithFilename(rootFilepath))
|
|
require.NoError(t, err)
|
|
|
|
intermediateCertFilepath := filepath.Join(dir, "intermediate.crt")
|
|
_, err = pemutil.Serialize(m.Intermediate, pemutil.WithFilename(intermediateCertFilepath))
|
|
require.NoError(t, err)
|
|
|
|
intermediateKeyFilepath := filepath.Join(dir, "intermediate.key")
|
|
_, err = pemutil.Serialize(m.Signer, pemutil.WithFilename(intermediateKeyFilepath))
|
|
require.NoError(t, err)
|
|
|
|
// get a random address to listen on and connect to; currently no nicer way to get one before starting the server
|
|
l, err := net.Listen("tcp", "127.0.0.1:0")
|
|
require.NoError(t, err)
|
|
randomAddress := l.Addr().String()
|
|
err = l.Close()
|
|
require.NoError(t, err)
|
|
|
|
cfg := &config.Config{
|
|
Root: []string{rootFilepath},
|
|
IntermediateCert: intermediateCertFilepath,
|
|
IntermediateKey: intermediateKeyFilepath,
|
|
Address: randomAddress, // reuse the address that was just "reserved"
|
|
DNSNames: []string{"127.0.0.1", "stepca.localhost"},
|
|
AuthorityConfig: &config.AuthConfig{
|
|
AuthorityID: "stepca-test",
|
|
DeploymentType: "standalone-test",
|
|
},
|
|
Logger: json.RawMessage(`{"format": "text"}`),
|
|
}
|
|
c, err := ca.New(cfg)
|
|
require.NoError(t, err)
|
|
|
|
// instantiate a client for the CA
|
|
client, err := ca.NewClient(
|
|
fmt.Sprintf("https://%s", randomAddress),
|
|
ca.WithRootFile(rootFilepath),
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
var wg sync.WaitGroup
|
|
wg.Add(1)
|
|
|
|
go func() {
|
|
defer wg.Done()
|
|
err = c.Run()
|
|
require.Error(t, err) // expect error when server is stopped
|
|
}()
|
|
|
|
// require OK health response as the baseline
|
|
ctx := context.Background()
|
|
healthResponse, err := client.HealthWithContext(ctx)
|
|
assert.NoError(t, err)
|
|
require.Equal(t, "ok", healthResponse.Status)
|
|
|
|
// expect an error when retrieving an invalid root
|
|
rootResponse, err := client.RootWithContext(ctx, "invalid")
|
|
if assert.Error(t, err) {
|
|
apiErr := &errs.Error{}
|
|
if assert.ErrorAs(t, err, &apiErr) {
|
|
assert.Equal(t, 404, apiErr.StatusCode())
|
|
assert.Equal(t, "The requested resource could not be found. Please see the certificate authority logs for more info.", apiErr.Err.Error())
|
|
assert.NotEmpty(t, apiErr.RequestID)
|
|
|
|
// TODO: include the below error in the JSON? It's currently only output to the CA logs
|
|
//assert.Equal(t, "/root/invalid was not found: certificate with fingerprint invalid was not found", apiErr.Msg)
|
|
}
|
|
}
|
|
assert.Nil(t, rootResponse)
|
|
|
|
// done testing; stop and wait for the server to quit
|
|
err = c.Stop()
|
|
require.NoError(t, err)
|
|
|
|
wg.Wait()
|
|
}
|