From 459bfc4c4fa71fd413d747689b7dfbf5d9b7b59e Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Fri, 14 Oct 2022 01:45:07 +0200
Subject: [PATCH] Add gibberish test key bytes to Helm tests

---
 pki/helm_test.go                       | 23 +++++++++++++++++++++--
 pki/testdata/helm/simple.yml           |  4 ++--
 pki/testdata/helm/with-acme.yml        |  4 ++--
 pki/testdata/helm/with-admin.yml       |  4 ++--
 pki/testdata/helm/with-provisioner.yml |  4 ++--
 pki/testdata/helm/with-ssh.yml         | 12 ++++++------
 6 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/pki/helm_test.go b/pki/helm_test.go
index 6d684c29..aeffb5ca 100644
--- a/pki/helm_test.go
+++ b/pki/helm_test.go
@@ -129,6 +129,10 @@ func TestPKI_WriteHelmTemplate(t *testing.T) {
 			// and `p.GenerateIntermediateCertificate`.
 			setFiles(t, p)
 
+			// setSSHSigningKeys sets predefined SSH user and host certificate and key bytes.
+			// This replaces the logic in `p.GenerateSSHSigningKeys`
+			setSSHSigningKeys(t, p)
+
 			w := &bytes.Buffer{}
 			if err := p.WriteHelmTemplate(w); (err != nil) != tt.wantErr {
 				t.Errorf("PKI.WriteHelmTemplate() error = %v, wantErr %v", err, tt.wantErr)
@@ -197,6 +201,21 @@ func setKeyPair(t *testing.T, p *PKI) {
 
 // setFiles sets some static, gibberish intermediate and root CA certificate bytes.
 func setFiles(t *testing.T, p *PKI) {
-	p.Files["/home/step/certs/root_ca.crt"] = encodeCertificate(&x509.Certificate{Raw: []byte("these are just some fake root CA cert bytes")})
-	p.Files["/home/step/certs/intermediate_ca.crt"] = encodeCertificate(&x509.Certificate{Raw: []byte("these are just some fake intermediate CA cert bytes")})
+	p.Files[p.Root[0]] = encodeCertificate(&x509.Certificate{Raw: []byte("these are just some fake root CA cert bytes")})
+	p.Files[p.RootKey[0]] = []byte("these are just some fake root CA key bytes")
+	p.Files[p.Intermediate] = encodeCertificate(&x509.Certificate{Raw: []byte("these are just some fake intermediate CA cert bytes")})
+	p.Files[p.IntermediateKey] = []byte("these are just some fake intermediate CA key bytes")
+}
+
+// setSSHSigningKeys sets some static, gibberish ssh user and host CA certificate and key bytes.
+func setSSHSigningKeys(t *testing.T, p *PKI) {
+
+	if !p.options.enableSSH {
+		return
+	}
+
+	p.Files[p.Ssh.HostKey] = []byte("fake ssh host key bytes")
+	p.Files[p.Ssh.HostPublicKey] = []byte("fake ssh host cert bytes")
+	p.Files[p.Ssh.UserKey] = []byte("fake ssh user key bytes")
+	p.Files[p.Ssh.UserPublicKey] = []byte("fake ssh user cert bytes")
 }
diff --git a/pki/testdata/helm/simple.yml b/pki/testdata/helm/simple.yml
index c0f5f993..9cc82806 100644
--- a/pki/testdata/helm/simple.yml
+++ b/pki/testdata/helm/simple.yml
@@ -64,11 +64,11 @@ inject:
     x509:
       # intermediate_ca_key contains the contents of your encrypted intermediate CA key
       intermediate_ca_key: |
-        
+        these are just some fake intermediate CA key bytes
 
       # root_ca_key contains the contents of your encrypted root CA key
       # Note that this value can be omitted without impacting the functionality of step-certificates
       # If supplied, this should be encrypted using a unique password that is not used for encrypting
       # the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key.
       root_ca_key: |
-        
+        these are just some fake root CA key bytes
diff --git a/pki/testdata/helm/with-acme.yml b/pki/testdata/helm/with-acme.yml
index 393a7a01..4f9d5761 100644
--- a/pki/testdata/helm/with-acme.yml
+++ b/pki/testdata/helm/with-acme.yml
@@ -65,11 +65,11 @@ inject:
     x509:
       # intermediate_ca_key contains the contents of your encrypted intermediate CA key
       intermediate_ca_key: |
-        
+        these are just some fake intermediate CA key bytes
 
       # root_ca_key contains the contents of your encrypted root CA key
       # Note that this value can be omitted without impacting the functionality of step-certificates
       # If supplied, this should be encrypted using a unique password that is not used for encrypting
       # the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key.
       root_ca_key: |
-        
+        these are just some fake root CA key bytes
diff --git a/pki/testdata/helm/with-admin.yml b/pki/testdata/helm/with-admin.yml
index 28896e73..b90647ea 100644
--- a/pki/testdata/helm/with-admin.yml
+++ b/pki/testdata/helm/with-admin.yml
@@ -64,11 +64,11 @@ inject:
     x509:
       # intermediate_ca_key contains the contents of your encrypted intermediate CA key
       intermediate_ca_key: |
-        
+        these are just some fake intermediate CA key bytes
 
       # root_ca_key contains the contents of your encrypted root CA key
       # Note that this value can be omitted without impacting the functionality of step-certificates
       # If supplied, this should be encrypted using a unique password that is not used for encrypting
       # the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key.
       root_ca_key: |
-        
+        these are just some fake root CA key bytes
diff --git a/pki/testdata/helm/with-provisioner.yml b/pki/testdata/helm/with-provisioner.yml
index 9095aa27..75788acc 100644
--- a/pki/testdata/helm/with-provisioner.yml
+++ b/pki/testdata/helm/with-provisioner.yml
@@ -64,11 +64,11 @@ inject:
     x509:
       # intermediate_ca_key contains the contents of your encrypted intermediate CA key
       intermediate_ca_key: |
-        
+        these are just some fake intermediate CA key bytes
 
       # root_ca_key contains the contents of your encrypted root CA key
       # Note that this value can be omitted without impacting the functionality of step-certificates
       # If supplied, this should be encrypted using a unique password that is not used for encrypting
       # the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key.
       root_ca_key: |
-        
+        these are just some fake root CA key bytes
diff --git a/pki/testdata/helm/with-ssh.yml b/pki/testdata/helm/with-ssh.yml
index 770da794..1f922994 100644
--- a/pki/testdata/helm/with-ssh.yml
+++ b/pki/testdata/helm/with-ssh.yml
@@ -56,10 +56,10 @@ inject:
       -----END CERTIFICATE-----
       
     # ssh_host_ca contains the text of the public ssh key for the SSH root CA
-    ssh_host_ca: 
+    ssh_host_ca: fake ssh host cert bytes
 
     # ssh_user_ca contains the text of the public ssh key for the SSH root CA
-    ssh_user_ca: 
+    ssh_user_ca: fake ssh user cert bytes
 
   # Secrets contains the root and intermediate keys and optionally the SSH
   # private keys
@@ -72,19 +72,19 @@ inject:
     x509:
       # intermediate_ca_key contains the contents of your encrypted intermediate CA key
       intermediate_ca_key: |
-        
+        these are just some fake intermediate CA key bytes
 
       # root_ca_key contains the contents of your encrypted root CA key
       # Note that this value can be omitted without impacting the functionality of step-certificates
       # If supplied, this should be encrypted using a unique password that is not used for encrypting
       # the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key.
       root_ca_key: |
-        
+        these are just some fake root CA key bytes
     ssh:
       # ssh_host_ca_key contains the contents of your encrypted SSH Host CA key
       host_ca_key: |
-        
+        fake ssh host key bytes
 
       # ssh_user_ca_key contains the contents of your encrypted SSH User CA key
       user_ca_key: |
-        
+        fake ssh user key bytes