diff --git a/cas/cas.go b/cas/cas.go index 0592fed5..8f385fb2 100644 --- a/cas/cas.go +++ b/cas/cas.go @@ -6,7 +6,6 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/cas/apiv1" - "github.com/smallstep/certificates/cas/softcas" ) // CertificateAuthorityService is the interface implemented by all the CAS. @@ -35,15 +34,12 @@ func New(ctx context.Context, opts apiv1.Options) (CertificateAuthorityService, // NewCreator creates a new CertificateAuthorityCreator using the given options. func NewCreator(ctx context.Context, opts apiv1.Options) (CertificateAuthorityCreator, error) { + opts.IsCreator = true + t := apiv1.Type(strings.ToLower(opts.Type)) if t == apiv1.DefaultCAS { t = apiv1.SoftCAS } - if t == apiv1.SoftCAS { - return &softcas.SoftCAS{ - KeyManager: opts.KeyManager, - }, nil - } svc, err := New(ctx, opts) if err != nil { @@ -52,7 +48,6 @@ func NewCreator(ctx context.Context, opts apiv1.Options) (CertificateAuthorityCr creator, ok := svc.(CertificateAuthorityCreator) if !ok { - return nil, errors.Errorf("cas type '%s' does not implements CertificateAuthorityCreator", t) } diff --git a/cas/cas_test.go b/cas/cas_test.go index a01e8dab..6c4c5c41 100644 --- a/cas/cas_test.go +++ b/cas/cas_test.go @@ -5,19 +5,40 @@ import ( "crypto/ed25519" "crypto/x509" "crypto/x509/pkix" + "fmt" "reflect" "testing" - "github.com/smallstep/certificates/cas/softcas" - "github.com/smallstep/certificates/cas/apiv1" + "github.com/smallstep/certificates/cas/softcas" + "github.com/smallstep/certificates/kms" + kmsapi "github.com/smallstep/certificates/kms/apiv1" ) +type mockCAS struct{} + +func (m *mockCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv1.CreateCertificateResponse, error) { + panic("not implemented") +} + +func (m *mockCAS) RenewCertificate(req *apiv1.RenewCertificateRequest) (*apiv1.RenewCertificateResponse, error) { + panic("not implemented") +} + +func (m *mockCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv1.RevokeCertificateResponse, error) { + panic("not implemented") +} + func TestNew(t *testing.T) { expected := &softcas.SoftCAS{ Issuer: &x509.Certificate{Subject: pkix.Name{CommonName: "Test Issuer"}}, Signer: ed25519.PrivateKey{}, } + + apiv1.Register(apiv1.Type("nockCAS"), func(ctx context.Context, opts apiv1.Options) (apiv1.CertificateAuthorityService, error) { + return nil, fmt.Errorf("an error") + }) + type args struct { ctx context.Context opts apiv1.Options @@ -44,6 +65,7 @@ func TestNew(t *testing.T) { }}, expected, false}, {"fail empty", args{context.Background(), apiv1.Options{}}, (*softcas.SoftCAS)(nil), true}, {"fail type", args{context.Background(), apiv1.Options{Type: "FailCAS"}}, nil, true}, + {"fail load", args{context.Background(), apiv1.Options{Type: "nockCAS"}}, nil, true}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -58,3 +80,48 @@ func TestNew(t *testing.T) { }) } } + +func TestNewCreator(t *testing.T) { + keyManager, err := kms.New(context.Background(), kmsapi.Options{}) + if err != nil { + t.Fatal(err) + } + + apiv1.Register(apiv1.Type("nockCAS"), func(ctx context.Context, opts apiv1.Options) (apiv1.CertificateAuthorityService, error) { + return &mockCAS{}, nil + }) + + type args struct { + ctx context.Context + opts apiv1.Options + } + tests := []struct { + name string + args args + want CertificateAuthorityCreator + wantErr bool + }{ + {"ok empty", args{context.Background(), apiv1.Options{}}, &softcas.SoftCAS{}, false}, + {"ok softcas", args{context.Background(), apiv1.Options{ + Type: "softcas", + }}, &softcas.SoftCAS{}, false}, + {"ok SoftCAS", args{context.Background(), apiv1.Options{ + Type: "SoftCAS", + KeyManager: keyManager, + }}, &softcas.SoftCAS{KeyManager: keyManager}, false}, + {"fail type", args{context.Background(), apiv1.Options{Type: "FailCAS"}}, nil, true}, + {"fail no creator", args{context.Background(), apiv1.Options{Type: "nockCAS"}}, nil, true}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := NewCreator(tt.args.ctx, tt.args.opts) + if (err != nil) != tt.wantErr { + t.Errorf("NewCreator() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("NewCreator() = %v, want %v", got, tt.want) + } + }) + } +}