|
|
@ -23,12 +23,12 @@ import (
|
|
|
|
"github.com/smallstep/certificates/ca"
|
|
|
|
"github.com/smallstep/certificates/ca"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
func TestIssuesCertificateUsingRegularSCEPWithUpstreamCAS(t *testing.T) {
|
|
|
|
func TestIssuesCertificateUsingRegularSCEPConfiguration(t *testing.T) {
|
|
|
|
signer, err := keyutil.GenerateSigner("RSA", "", 2048)
|
|
|
|
signer, err := keyutil.GenerateSigner("RSA", "", 2048)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
|
|
dir := t.TempDir()
|
|
|
|
dir := t.TempDir()
|
|
|
|
m, err := minica.New(minica.WithName("Step E2E | SCEP Regular w/ Upstream CAS"), minica.WithGetSignerFunc(func() (crypto.Signer, error) {
|
|
|
|
m, err := minica.New(minica.WithName("Step E2E | SCEP Regular"), minica.WithGetSignerFunc(func() (crypto.Signer, error) {
|
|
|
|
return signer, nil
|
|
|
|
return signer, nil
|
|
|
|
}))
|
|
|
|
}))
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
@ -48,7 +48,6 @@ func TestIssuesCertificateUsingRegularSCEPWithUpstreamCAS(t *testing.T) {
|
|
|
|
// get a random address to listen on and connect to; currently no nicer way to get one before starting the server
|
|
|
|
// get a random address to listen on and connect to; currently no nicer way to get one before starting the server
|
|
|
|
// TODO(hs): find/implement a nicer way to expose the CA URL, similar to how e.g. httptest.Server exposes it?
|
|
|
|
// TODO(hs): find/implement a nicer way to expose the CA URL, similar to how e.g. httptest.Server exposes it?
|
|
|
|
host, port := reservePort(t)
|
|
|
|
host, port := reservePort(t)
|
|
|
|
insecureHost, insecurePort := reservePort(t)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
prov := &provisioner.SCEP{
|
|
|
|
prov := &provisioner.SCEP{
|
|
|
|
ID: "scep",
|
|
|
|
ID: "scep",
|
|
|
@ -68,8 +67,7 @@ func TestIssuesCertificateUsingRegularSCEPWithUpstreamCAS(t *testing.T) {
|
|
|
|
Root: []string{rootFilepath},
|
|
|
|
Root: []string{rootFilepath},
|
|
|
|
IntermediateCert: intermediateCertFilepath,
|
|
|
|
IntermediateCert: intermediateCertFilepath,
|
|
|
|
IntermediateKey: intermediateKeyFilepath,
|
|
|
|
IntermediateKey: intermediateKeyFilepath,
|
|
|
|
Address: net.JoinHostPort(host, port), // reuse the address that was just "reserved"
|
|
|
|
Address: net.JoinHostPort(host, port), // reuse the address that was just "reserved"
|
|
|
|
InsecureAddress: net.JoinHostPort(insecureHost, insecurePort), // reuse the address that was just "reserved"
|
|
|
|
|
|
|
|
DNSNames: []string{"127.0.0.1", "[::1]", "localhost"},
|
|
|
|
DNSNames: []string{"127.0.0.1", "[::1]", "localhost"},
|
|
|
|
AuthorityConfig: &config.AuthConfig{
|
|
|
|
AuthorityConfig: &config.AuthConfig{
|
|
|
|
AuthorityID: "stepca-test-scep",
|
|
|
|
AuthorityID: "stepca-test-scep",
|
|
|
@ -105,7 +103,7 @@ func TestIssuesCertificateUsingRegularSCEPWithUpstreamCAS(t *testing.T) {
|
|
|
|
require.Equal(t, "ok", healthResponse.Status)
|
|
|
|
require.Equal(t, "ok", healthResponse.Status)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
scepClient, err := createSCEPClient(t, fmt.Sprintf("http://localhost:%s/scep/scep", insecurePort))
|
|
|
|
scepClient, err := createSCEPClient(t, fmt.Sprintf("https://localhost:%s/scep/scep", port), m.Root)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
|
|
cert, err := scepClient.requestCertificate(t, "test.localhost", []string{"test.localhost"})
|
|
|
|
cert, err := scepClient.requestCertificate(t, "test.localhost", []string{"test.localhost"})
|
|
|
|