add authority.New unit tests

6 years ago · d773770a44
parent ff67c17893
commit d773770a44
5 changed files with 89 additions and 9 deletions
--- a/Gopkg.lock
+++ b/Gopkg.lock
@ -143,8 +143,8 @@
  revision = "de77670473b5492f5d0bce155b5c01534c2d13f7"

 [[projects]]
-  branch = "ca-commands-wip"
-  digest = "1:723d56910291478edfd50fa2146e52fc6d8f5b5e67ddd6e5b8e89291313256a2"
+  branch = "ca-commands"
+  digest = "1:e81a129363c3570e218497e61c2c71c66e99b8f05be45eb8e8a32612f3ad1d7b"
  name = "github.com/smallstep/cli"
  packages = [
    "crypto/keys",
@ -158,7 +158,7 @@
    "utils",
  ]
  pruneopts = "UT"
-  revision = "75ee5a0262bdbb305c75dcb98e7f806540537678"
+  revision = "802214a46ad6aad96b741acebc85de63d03d00b5"

 [[projects]]
  branch = "master"
--- a/Gopkg.toml
+++ b/Gopkg.toml
@ -46,7 +46,7 @@ required = [
  name = "github.com/go-chi/chi"

 [[constraint]]
-  branch = "ca-commands-wip"
+  branch = "ca-commands"
  name = "github.com/smallstep/cli"

 [prune]
--- a/authority/authority.go
+++ b/authority/authority.go
@ -66,7 +66,6 @@ func (a *Authority) init() error {

 	// Decrypt and load intermediate public / private key pair.
 	if len(a.config.Password) > 0 {
-		//fmt.Printf("Decrypting intermediate... ")
 		a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(
 			a.config.IntermediateCert,
 			a.config.IntermediateKey,
@ -75,7 +74,6 @@ func (a *Authority) init() error {
 		if err != nil {
 			return err
 		}
-		//fmt.Printf("all done.\n")
 	} else {
 		a.intermediateIdentity, err = x509util.LoadIdentityFromDisk(a.config.IntermediateCert, a.config.IntermediateKey)
 		if err != nil {
--- a/authority/authority_test.go
+++ b/authority/authority_test.go
@ -1,8 +1,11 @@
 package authority

 import (
+	"crypto/sha256"
+	"encoding/hex"
 	"testing"

+	"github.com/pkg/errors"
 	"github.com/smallstep/assert"
 	stepJOSE "github.com/smallstep/cli/jose"
 )
@ -39,3 +42,82 @@ func testAuthority(t *testing.T) *Authority {
 	assert.FatalError(t, err)
 	return a
 }
+
+func TestAuthorityNew(t *testing.T) {
+	type newTest struct {
+		config *Config
+		err    error
+	}
+	tests := map[string]func(t *testing.T) *newTest{
+		"ok": func(t *testing.T) *newTest {
+			c, err := LoadConfiguration("../ca/testdata/ca.json")
+			assert.FatalError(t, err)
+			return &newTest{
+				config: c,
+			}
+		},
+		"fail-bad-root": func(t *testing.T) *newTest {
+			c, err := LoadConfiguration("../ca/testdata/ca.json")
+			assert.FatalError(t, err)
+			c.Root = "foo"
+			return &newTest{
+				config: c,
+				err:    errors.New("open foo failed: no such file or directory"),
+			}
+		},
+		"fail-bad-password": func(t *testing.T) *newTest {
+			c, err := LoadConfiguration("../ca/testdata/ca.json")
+			assert.FatalError(t, err)
+			c.Password = "wrong"
+			return &newTest{
+				config: c,
+				err:    errors.New("error decrypting ../ca/testdata/secrets/intermediate_ca_key: x509: decryption password incorrect"),
+			}
+		},
+		"fail-loading-ca-cert": func(t *testing.T) *newTest {
+			c, err := LoadConfiguration("../ca/testdata/ca.json")
+			assert.FatalError(t, err)
+			c.IntermediateCert = "wrong"
+			return &newTest{
+				config: c,
+				err:    errors.New("open wrong failed: no such file or directory"),
+			}
+		},
+	}
+
+	for name, genTestCase := range tests {
+		t.Run(name, func(t *testing.T) {
+			tc := genTestCase(t)
+
+			auth, err := New(tc.config)
+			if err != nil {
+				if assert.NotNil(t, tc.err) {
+					assert.HasPrefix(t, err.Error(), tc.err.Error())
+				}
+			} else {
+				if assert.Nil(t, tc.err) {
+					sum := sha256.Sum256(auth.rootX509Crt.Raw)
+					root, ok := auth.certificates.Load(hex.EncodeToString(sum[:]))
+					assert.Fatal(t, ok)
+					assert.Equals(t, auth.rootX509Crt, root)
+
+					assert.True(t, auth.initOnce)
+					assert.NotNil(t, auth.intermediateIdentity)
+					for _, p := range tc.config.AuthorityConfig.Provisioners {
+						_p, ok := auth.provisionerIDIndex.Load(p.Key.KeyID)
+						assert.True(t, ok)
+						assert.Equals(t, p, _p)
+						if len(p.EncryptedKey) > 0 {
+							key, ok := auth.encryptedKeyIndex.Load(p.Key.KeyID)
+							assert.True(t, ok)
+							assert.Equals(t, p.EncryptedKey, key)
+						}
+					}
+					// sanity check
+					_, ok = auth.provisionerIDIndex.Load("fooo")
+					assert.False(t, ok)
+				}
+			}
+		})
+	}
+}
--- a/ca/testdata/ca.json
+++ b/ca/testdata/ca.json
@ -1,7 +1,7 @@
 {
-    "root": "testdata/secrets/root_ca.crt",
-    "crt": "testdata/secrets/intermediate_ca.crt",
-    "key": "testdata/secrets/intermediate_ca_key",
+    "root": "../ca/testdata/secrets/root_ca.crt",
+    "crt": "../ca/testdata/secrets/intermediate_ca.crt",
+    "key": "../ca/testdata/secrets/intermediate_ca_key",
    "password": "password",
    "address": "127.0.0.1:0",
    "dnsNames": ["127.0.0.1"],