|
|
|
@ -1301,8 +1301,11 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
a := testAuthority(t)
|
|
|
|
|
|
|
|
|
|
tlsRevokeCtx := provisioner.NewContextWithMethod(context.Background(), provisioner.RevokeMethod)
|
|
|
|
|
|
|
|
|
|
type test struct {
|
|
|
|
|
auth *Authority
|
|
|
|
|
ctx context.Context
|
|
|
|
|
opts *RevokeOptions
|
|
|
|
|
err error
|
|
|
|
|
code int
|
|
|
|
@ -1312,6 +1315,7 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
"fail/token/authorizeRevoke error": func() test {
|
|
|
|
|
return test{
|
|
|
|
|
auth: a,
|
|
|
|
|
ctx: tlsRevokeCtx,
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
OTT: "foo",
|
|
|
|
|
Serial: "sn",
|
|
|
|
@ -1336,6 +1340,7 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
return test{
|
|
|
|
|
auth: a,
|
|
|
|
|
ctx: tlsRevokeCtx,
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
Serial: "sn",
|
|
|
|
|
ReasonCode: reasonCode,
|
|
|
|
@ -1375,6 +1380,7 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
return test{
|
|
|
|
|
auth: _a,
|
|
|
|
|
ctx: tlsRevokeCtx,
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
Serial: "sn",
|
|
|
|
|
ReasonCode: reasonCode,
|
|
|
|
@ -1414,6 +1420,7 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
return test{
|
|
|
|
|
auth: _a,
|
|
|
|
|
ctx: tlsRevokeCtx,
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
Serial: "sn",
|
|
|
|
|
ReasonCode: reasonCode,
|
|
|
|
@ -1451,6 +1458,7 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
return test{
|
|
|
|
|
auth: _a,
|
|
|
|
|
ctx: tlsRevokeCtx,
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
Serial: "sn",
|
|
|
|
|
ReasonCode: reasonCode,
|
|
|
|
@ -1467,6 +1475,7 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
return test{
|
|
|
|
|
auth: _a,
|
|
|
|
|
ctx: tlsRevokeCtx,
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
Crt: crt,
|
|
|
|
|
Serial: "102012593071130646873265215610956555026",
|
|
|
|
@ -1491,6 +1500,7 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
return test{
|
|
|
|
|
auth: _a,
|
|
|
|
|
ctx: tlsRevokeCtx,
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
Crt: crt,
|
|
|
|
|
Serial: "102012593071130646873265215610956555026",
|
|
|
|
@ -1508,6 +1518,7 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
return test{
|
|
|
|
|
auth: _a,
|
|
|
|
|
ctx: tlsRevokeCtx,
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
Crt: crt,
|
|
|
|
|
Serial: "102012593071130646873265215610956555026",
|
|
|
|
@ -1517,12 +1528,42 @@ func TestAuthority_Revoke(t *testing.T) {
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"ok/ssh": func() test {
|
|
|
|
|
a := testAuthority(t, WithDatabase(&db.MockAuthDB{
|
|
|
|
|
MRevoke: func(rci *db.RevokedCertificateInfo) error {
|
|
|
|
|
return errors.New("Revoke was called")
|
|
|
|
|
},
|
|
|
|
|
MRevokeSSH: func(rci *db.RevokedCertificateInfo) error {
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
}))
|
|
|
|
|
|
|
|
|
|
cl := jwt.Claims{
|
|
|
|
|
Subject: "sn",
|
|
|
|
|
Issuer: validIssuer,
|
|
|
|
|
NotBefore: jwt.NewNumericDate(now),
|
|
|
|
|
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
|
|
|
|
|
Audience: validAudience,
|
|
|
|
|
ID: "44",
|
|
|
|
|
}
|
|
|
|
|
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
return test{
|
|
|
|
|
auth: a,
|
|
|
|
|
ctx: provisioner.NewContextWithMethod(context.Background(), provisioner.SSHRevokeMethod),
|
|
|
|
|
opts: &RevokeOptions{
|
|
|
|
|
Serial: "sn",
|
|
|
|
|
ReasonCode: reasonCode,
|
|
|
|
|
Reason: reason,
|
|
|
|
|
OTT: raw,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for name, f := range tests {
|
|
|
|
|
tc := f()
|
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
|
ctx := provisioner.NewContextWithMethod(context.Background(), provisioner.RevokeMethod)
|
|
|
|
|
if err := tc.auth.Revoke(ctx, tc.opts); err != nil {
|
|
|
|
|
if err := tc.auth.Revoke(tc.ctx, tc.opts); err != nil {
|
|
|
|
|
if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
|
|
|
|
|
sc, ok := err.(render.StatusCodedError)
|
|
|
|
|
assert.Fatal(t, ok, "error does not implement StatusCodedError interface")
|
|
|
|
|