|
|
|
@ -906,9 +906,9 @@ func TestOrderFinalize(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "foo",
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"bar", "baz"},
|
|
|
|
|
DNSNames: []string{"acme.example.com", "fail.smallstep.com"},
|
|
|
|
|
}
|
|
|
|
|
return test{
|
|
|
|
|
o: o,
|
|
|
|
@ -923,9 +923,9 @@ func TestOrderFinalize(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
CommonName: "",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"step.example.com"},
|
|
|
|
|
DNSNames: []string{"acme.example.com"},
|
|
|
|
|
}
|
|
|
|
|
return test{
|
|
|
|
|
o: o,
|
|
|
|
@ -940,7 +940,7 @@ func TestOrderFinalize(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "foo",
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"step.example.com", "acme.example.com"},
|
|
|
|
|
}
|
|
|
|
@ -962,7 +962,7 @@ func TestOrderFinalize(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "foo",
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"step.example.com", "acme.example.com"},
|
|
|
|
|
}
|
|
|
|
@ -982,7 +982,7 @@ func TestOrderFinalize(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "foo",
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"step.example.com", "acme.example.com"},
|
|
|
|
|
}
|
|
|
|
@ -1017,7 +1017,7 @@ func TestOrderFinalize(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "acme",
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"acme.example.com", "step.example.com"},
|
|
|
|
|
}
|
|
|
|
@ -1057,7 +1057,7 @@ func TestOrderFinalize(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "foo",
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"acme.example.com", "step.example.com"},
|
|
|
|
|
}
|
|
|
|
@ -1098,6 +1098,102 @@ func TestOrderFinalize(t *testing.T) {
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"ok/ready/no-sans": func(t *testing.T) test {
|
|
|
|
|
o, err := newO()
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
o.Status = StatusReady
|
|
|
|
|
o.Identifiers = []Identifier{
|
|
|
|
|
{Type: "dns", Value: "step.example.com"},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "step.example.com",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
crt := &x509.Certificate{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "step.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"step.example.com"},
|
|
|
|
|
}
|
|
|
|
|
inter := &x509.Certificate{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "intermediate",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
clone := *o
|
|
|
|
|
clone.Status = StatusValid
|
|
|
|
|
count := 0
|
|
|
|
|
return test{
|
|
|
|
|
o: o,
|
|
|
|
|
res: &clone,
|
|
|
|
|
csr: csr,
|
|
|
|
|
sa: &mockSignAuth{
|
|
|
|
|
sign: func(csr *x509.CertificateRequest, pops provisioner.Options, signOps ...provisioner.SignOption) ([]*x509.Certificate, error) {
|
|
|
|
|
assert.Equals(t, len(signOps), 4)
|
|
|
|
|
return []*x509.Certificate{crt, inter}, nil
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
db: &db.MockNoSQLDB{
|
|
|
|
|
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
|
|
|
|
if count == 0 {
|
|
|
|
|
clone.Certificate = string(key)
|
|
|
|
|
}
|
|
|
|
|
count++
|
|
|
|
|
return nil, true, nil
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"ok/ready/sans-and-name": func(t *testing.T) test {
|
|
|
|
|
o, err := newO()
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
o.Status = StatusReady
|
|
|
|
|
|
|
|
|
|
csr := &x509.CertificateRequest{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"step.example.com"},
|
|
|
|
|
}
|
|
|
|
|
crt := &x509.Certificate{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "acme.example.com",
|
|
|
|
|
},
|
|
|
|
|
DNSNames: []string{"acme.example.com", "step.example.com"},
|
|
|
|
|
}
|
|
|
|
|
inter := &x509.Certificate{
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
CommonName: "intermediate",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
clone := *o
|
|
|
|
|
clone.Status = StatusValid
|
|
|
|
|
count := 0
|
|
|
|
|
return test{
|
|
|
|
|
o: o,
|
|
|
|
|
res: &clone,
|
|
|
|
|
csr: csr,
|
|
|
|
|
sa: &mockSignAuth{
|
|
|
|
|
sign: func(csr *x509.CertificateRequest, pops provisioner.Options, signOps ...provisioner.SignOption) ([]*x509.Certificate, error) {
|
|
|
|
|
assert.Equals(t, len(signOps), 4)
|
|
|
|
|
return []*x509.Certificate{crt, inter}, nil
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
db: &db.MockNoSQLDB{
|
|
|
|
|
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
|
|
|
|
if count == 0 {
|
|
|
|
|
clone.Certificate = string(key)
|
|
|
|
|
}
|
|
|
|
|
count++
|
|
|
|
|
return nil, true, nil
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for name, run := range tests {
|
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
|