Fix sign and renew tests.

5 years ago · 1f5ff5c899
parent 2fb77b8a4d
commit 1f5ff5c899
3 changed files with 14 additions and 13 deletions
--- a/authority/authorize_test.go
+++ b/authority/authorize_test.go
@ -45,8 +45,6 @@ func generateToken(sub, iss, aud string, sans []string, iat time.Time, jwk *jose

 func TestAuthorize(t *testing.T) {
 	a := testAuthority(t)
-	time.Sleep(time.Second)
-	now := time.Now()

 	key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
 	assert.FatalError(t, err)
@ -54,6 +52,7 @@ func TestAuthorize(t *testing.T) {
 	keyNoKid := &jose.JSONWebKey{Key: key.Key, KeyID: ""}
 	keyBadKid := &jose.JSONWebKey{Key: key.Key, KeyID: "foo"}

+	now := time.Now()
 	validIssuer := "step-cli"
 	validAudience := []string{"https://test.ca.smallstep.com/sign"}

--- a/authority/tls.go
+++ b/authority/tls.go
@ -102,7 +102,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
 			certValidators = append(certValidators, k)
 		case provisioner.CertificateRequestValidator:
 			if err := k.Valid(csr); err != nil {
-				return nil, nil, &apiError{err, http.StatusUnauthorized, errContext}
+				return nil, nil, &apiError{errors.Wrap(err, "sign"), http.StatusUnauthorized, errContext}
 			}
 		case provisioner.ProfileModifier:
 			mods = append(mods, k.Option(signOpts))
@ -140,7 +140,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
 	// FIXME: This should be before creating the certificate.
 	for _, v := range certValidators {
 		if err := v.Valid(serverCert); err != nil {
-			return nil, nil, &apiError{err, http.StatusUnauthorized, errContext}
+			return nil, nil, &apiError{errors.Wrap(err, "sign"), http.StatusUnauthorized, errContext}
 		}
 	}

--- a/authority/tls_test.go
+++ b/authority/tls_test.go
@ -18,6 +18,7 @@ import (
 	"github.com/smallstep/cli/crypto/keys"
 	"github.com/smallstep/cli/crypto/tlsutil"
 	"github.com/smallstep/cli/crypto/x509util"
+	"github.com/smallstep/cli/jose"
 	stepx509 "github.com/smallstep/cli/pkg/x509"
 )

@ -57,13 +58,14 @@ func TestSign(t *testing.T) {
 		NotAfter:  nb.Add(time.Minute * 5),
 	}

+	// Create a token to get test extra opts.
 	p := a.config.AuthorityConfig.Provisioners[1].(*provisioner.JWK)
-	extraOpts := []provisioner.SignOption{
-		// &commonNameClaim{"smallstep test"},
-		// &dnsNamesClaim{[]string{"test.smallstep.com"}},
-		// &ipAddressesClaim{[]net.IP{}},
-		// p,
-	}
+	key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
+	assert.FatalError(t, err)
+	token, err := generateToken("smallstep test", "step-cli", "https://test.ca.smallstep.com/sign", []string{"test.smallstep.com"}, time.Now(), key)
+	assert.FatalError(t, err)
+	extraOpts, err := a.Authorize(token)
+	assert.FatalError(t, err)

 	type signTest struct {
 		auth      *Authority
@ -123,7 +125,7 @@ func TestSign(t *testing.T) {
 			return &signTest{
 				auth:      _a,
 				csr:       csr,
-				extraOpts: []provisioner.SignOption{p},
+				extraOpts: extraOpts,
 				signOpts:  signOpts,
 				err: &apiError{errors.New("sign: error creating new leaf certificate"),
 					http.StatusInternalServerError,
@ -157,7 +159,7 @@ func TestSign(t *testing.T) {
 				csr:       csr,
 				extraOpts: extraOpts,
 				signOpts:  signOpts,
-				err: &apiError{errors.New("sign: DNS names claim failed - got [test.smallstep.com smallstep test], want [test.smallstep.com]"),
+				err: &apiError{errors.New("sign: certificate request does not contain the valid DNS names - got [test.smallstep.com smallstep test], want [test.smallstep.com]"),
 					http.StatusUnauthorized,
 					context{"csr": csr, "signOptions": signOpts},
 				},
@ -321,7 +323,7 @@ func TestRenew(t *testing.T) {
 			}
 			return &renewTest{
 				crt: crtNoRenew,
-				err: &apiError{errors.New("renew disabled"),
+				err: &apiError{errors.New("renew is disabled for provisioner dev:IMi94WBNI6gP5cNHXlZYNUzvMjGdHyBRmFoo-lCEaqk"),
 					http.StatusUnauthorized, ctx},
 			}, nil
 		},