|
|
@ -10,7 +10,7 @@ import (
|
|
|
|
"encoding/base64"
|
|
|
|
"encoding/base64"
|
|
|
|
"encoding/json"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"net/http/httptest"
|
|
|
|
"reflect"
|
|
|
|
"reflect"
|
|
|
@ -299,14 +299,14 @@ func Test_caHandler_SSHSign(t *testing.T) {
|
|
|
|
body []byte
|
|
|
|
body []byte
|
|
|
|
statusCode int
|
|
|
|
statusCode int
|
|
|
|
}{
|
|
|
|
}{
|
|
|
|
{"ok-user", userReq, nil, user, nil, nil, nil, nil, nil, []byte(fmt.Sprintf(`{"crt":"%s"}`, userB64)), http.StatusCreated},
|
|
|
|
{"ok-user", userReq, nil, user, nil, nil, nil, nil, nil, []byte(fmt.Sprintf(`{"crt":%q}`, userB64)), http.StatusCreated},
|
|
|
|
{"ok-host", hostReq, nil, host, nil, nil, nil, nil, nil, []byte(fmt.Sprintf(`{"crt":"%s"}`, hostB64)), http.StatusCreated},
|
|
|
|
{"ok-host", hostReq, nil, host, nil, nil, nil, nil, nil, []byte(fmt.Sprintf(`{"crt":%q}`, hostB64)), http.StatusCreated},
|
|
|
|
{"ok-user-add", userAddReq, nil, user, nil, user, nil, nil, nil, []byte(fmt.Sprintf(`{"crt":"%s","addUserCrt":"%s"}`, userB64, userB64)), http.StatusCreated},
|
|
|
|
{"ok-user-add", userAddReq, nil, user, nil, user, nil, nil, nil, []byte(fmt.Sprintf(`{"crt":%q,"addUserCrt":%q}`, userB64, userB64)), http.StatusCreated},
|
|
|
|
{"ok-user-identity", userIdentityReq, nil, user, nil, user, nil, identityCerts, nil, []byte(fmt.Sprintf(`{"crt":"%s","identityCrt":[%s]}`, userB64, identityCertsPEM)), http.StatusCreated},
|
|
|
|
{"ok-user-identity", userIdentityReq, nil, user, nil, user, nil, identityCerts, nil, []byte(fmt.Sprintf(`{"crt":%q,"identityCrt":[%s]}`, userB64, identityCertsPEM)), http.StatusCreated},
|
|
|
|
{"fail-body", []byte("bad-json"), nil, nil, nil, nil, nil, nil, nil, nil, http.StatusBadRequest},
|
|
|
|
{"fail-body", []byte("bad-json"), nil, nil, nil, nil, nil, nil, nil, nil, http.StatusBadRequest},
|
|
|
|
{"fail-validate", []byte("{}"), nil, nil, nil, nil, nil, nil, nil, nil, http.StatusBadRequest},
|
|
|
|
{"fail-validate", []byte("{}"), nil, nil, nil, nil, nil, nil, nil, nil, http.StatusBadRequest},
|
|
|
|
{"fail-publicKey", []byte(`{"publicKey":"Zm9v","ott":"ott"}`), nil, nil, nil, nil, nil, nil, nil, nil, http.StatusBadRequest},
|
|
|
|
{"fail-publicKey", []byte(`{"publicKey":"Zm9v","ott":"ott"}`), nil, nil, nil, nil, nil, nil, nil, nil, http.StatusBadRequest},
|
|
|
|
{"fail-publicKey", []byte(fmt.Sprintf(`{"publicKey":"%s","ott":"ott","addUserPublicKey":"Zm9v"}`, base64.StdEncoding.EncodeToString(user.Key.Marshal()))), nil, nil, nil, nil, nil, nil, nil, nil, http.StatusBadRequest},
|
|
|
|
{"fail-publicKey", []byte(fmt.Sprintf(`{"publicKey":%q,"ott":"ott","addUserPublicKey":"Zm9v"}`, base64.StdEncoding.EncodeToString(user.Key.Marshal()))), nil, nil, nil, nil, nil, nil, nil, nil, http.StatusBadRequest},
|
|
|
|
{"fail-authorize", userReq, fmt.Errorf("an-error"), nil, nil, nil, nil, nil, nil, nil, http.StatusUnauthorized},
|
|
|
|
{"fail-authorize", userReq, fmt.Errorf("an-error"), nil, nil, nil, nil, nil, nil, nil, http.StatusUnauthorized},
|
|
|
|
{"fail-signSSH", userReq, nil, nil, fmt.Errorf("an-error"), nil, nil, nil, nil, nil, http.StatusForbidden},
|
|
|
|
{"fail-signSSH", userReq, nil, nil, fmt.Errorf("an-error"), nil, nil, nil, nil, nil, http.StatusForbidden},
|
|
|
|
{"fail-SignSSHAddUser", userAddReq, nil, user, nil, nil, fmt.Errorf("an-error"), nil, nil, nil, http.StatusForbidden},
|
|
|
|
{"fail-SignSSHAddUser", userAddReq, nil, user, nil, nil, fmt.Errorf("an-error"), nil, nil, nil, http.StatusForbidden},
|
|
|
@ -338,7 +338,7 @@ func Test_caHandler_SSHSign(t *testing.T) {
|
|
|
|
t.Errorf("caHandler.SignSSH StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
t.Errorf("caHandler.SignSSH StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
body, err := ioutil.ReadAll(res.Body)
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
res.Body.Close()
|
|
|
|
res.Body.Close()
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("caHandler.SignSSH unexpected error = %v", err)
|
|
|
|
t.Errorf("caHandler.SignSSH unexpected error = %v", err)
|
|
|
@ -368,10 +368,10 @@ func Test_caHandler_SSHRoots(t *testing.T) {
|
|
|
|
body []byte
|
|
|
|
body []byte
|
|
|
|
statusCode int
|
|
|
|
statusCode int
|
|
|
|
}{
|
|
|
|
}{
|
|
|
|
{"ok", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host}, UserKeys: []ssh.PublicKey{user}}, nil, []byte(fmt.Sprintf(`{"userKey":["%s"],"hostKey":["%s"]}`, userB64, hostB64)), http.StatusOK},
|
|
|
|
{"ok", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host}, UserKeys: []ssh.PublicKey{user}}, nil, []byte(fmt.Sprintf(`{"userKey":[%q],"hostKey":[%q]}`, userB64, hostB64)), http.StatusOK},
|
|
|
|
{"many", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host, host}, UserKeys: []ssh.PublicKey{user, user}}, nil, []byte(fmt.Sprintf(`{"userKey":["%s","%s"],"hostKey":["%s","%s"]}`, userB64, userB64, hostB64, hostB64)), http.StatusOK},
|
|
|
|
{"many", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host, host}, UserKeys: []ssh.PublicKey{user, user}}, nil, []byte(fmt.Sprintf(`{"userKey":[%q,%q],"hostKey":[%q,%q]}`, userB64, userB64, hostB64, hostB64)), http.StatusOK},
|
|
|
|
{"user", &authority.SSHKeys{UserKeys: []ssh.PublicKey{user}}, nil, []byte(fmt.Sprintf(`{"userKey":["%s"]}`, userB64)), http.StatusOK},
|
|
|
|
{"user", &authority.SSHKeys{UserKeys: []ssh.PublicKey{user}}, nil, []byte(fmt.Sprintf(`{"userKey":[%q]}`, userB64)), http.StatusOK},
|
|
|
|
{"host", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host}}, nil, []byte(fmt.Sprintf(`{"hostKey":["%s"]}`, hostB64)), http.StatusOK},
|
|
|
|
{"host", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host}}, nil, []byte(fmt.Sprintf(`{"hostKey":[%q]}`, hostB64)), http.StatusOK},
|
|
|
|
{"empty", &authority.SSHKeys{}, nil, nil, http.StatusNotFound},
|
|
|
|
{"empty", &authority.SSHKeys{}, nil, nil, http.StatusNotFound},
|
|
|
|
{"error", nil, fmt.Errorf("an error"), nil, http.StatusInternalServerError},
|
|
|
|
{"error", nil, fmt.Errorf("an error"), nil, http.StatusInternalServerError},
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -392,7 +392,7 @@ func Test_caHandler_SSHRoots(t *testing.T) {
|
|
|
|
t.Errorf("caHandler.SSHRoots StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
t.Errorf("caHandler.SSHRoots StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
body, err := ioutil.ReadAll(res.Body)
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
res.Body.Close()
|
|
|
|
res.Body.Close()
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("caHandler.SSHRoots unexpected error = %v", err)
|
|
|
|
t.Errorf("caHandler.SSHRoots unexpected error = %v", err)
|
|
|
@ -422,10 +422,10 @@ func Test_caHandler_SSHFederation(t *testing.T) {
|
|
|
|
body []byte
|
|
|
|
body []byte
|
|
|
|
statusCode int
|
|
|
|
statusCode int
|
|
|
|
}{
|
|
|
|
}{
|
|
|
|
{"ok", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host}, UserKeys: []ssh.PublicKey{user}}, nil, []byte(fmt.Sprintf(`{"userKey":["%s"],"hostKey":["%s"]}`, userB64, hostB64)), http.StatusOK},
|
|
|
|
{"ok", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host}, UserKeys: []ssh.PublicKey{user}}, nil, []byte(fmt.Sprintf(`{"userKey":[%q],"hostKey":[%q]}`, userB64, hostB64)), http.StatusOK},
|
|
|
|
{"many", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host, host}, UserKeys: []ssh.PublicKey{user, user}}, nil, []byte(fmt.Sprintf(`{"userKey":["%s","%s"],"hostKey":["%s","%s"]}`, userB64, userB64, hostB64, hostB64)), http.StatusOK},
|
|
|
|
{"many", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host, host}, UserKeys: []ssh.PublicKey{user, user}}, nil, []byte(fmt.Sprintf(`{"userKey":[%q,%q],"hostKey":[%q,%q]}`, userB64, userB64, hostB64, hostB64)), http.StatusOK},
|
|
|
|
{"user", &authority.SSHKeys{UserKeys: []ssh.PublicKey{user}}, nil, []byte(fmt.Sprintf(`{"userKey":["%s"]}`, userB64)), http.StatusOK},
|
|
|
|
{"user", &authority.SSHKeys{UserKeys: []ssh.PublicKey{user}}, nil, []byte(fmt.Sprintf(`{"userKey":[%q]}`, userB64)), http.StatusOK},
|
|
|
|
{"host", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host}}, nil, []byte(fmt.Sprintf(`{"hostKey":["%s"]}`, hostB64)), http.StatusOK},
|
|
|
|
{"host", &authority.SSHKeys{HostKeys: []ssh.PublicKey{host}}, nil, []byte(fmt.Sprintf(`{"hostKey":[%q]}`, hostB64)), http.StatusOK},
|
|
|
|
{"empty", &authority.SSHKeys{}, nil, nil, http.StatusNotFound},
|
|
|
|
{"empty", &authority.SSHKeys{}, nil, nil, http.StatusNotFound},
|
|
|
|
{"error", nil, fmt.Errorf("an error"), nil, http.StatusInternalServerError},
|
|
|
|
{"error", nil, fmt.Errorf("an error"), nil, http.StatusInternalServerError},
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -446,7 +446,7 @@ func Test_caHandler_SSHFederation(t *testing.T) {
|
|
|
|
t.Errorf("caHandler.SSHFederation StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
t.Errorf("caHandler.SSHFederation StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
body, err := ioutil.ReadAll(res.Body)
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
res.Body.Close()
|
|
|
|
res.Body.Close()
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("caHandler.SSHFederation unexpected error = %v", err)
|
|
|
|
t.Errorf("caHandler.SSHFederation unexpected error = %v", err)
|
|
|
@ -506,7 +506,7 @@ func Test_caHandler_SSHConfig(t *testing.T) {
|
|
|
|
t.Errorf("caHandler.SSHConfig StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
t.Errorf("caHandler.SSHConfig StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
body, err := ioutil.ReadAll(res.Body)
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
res.Body.Close()
|
|
|
|
res.Body.Close()
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("caHandler.SSHConfig unexpected error = %v", err)
|
|
|
|
t.Errorf("caHandler.SSHConfig unexpected error = %v", err)
|
|
|
@ -553,7 +553,7 @@ func Test_caHandler_SSHCheckHost(t *testing.T) {
|
|
|
|
t.Errorf("caHandler.SSHCheckHost StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
t.Errorf("caHandler.SSHCheckHost StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
body, err := ioutil.ReadAll(res.Body)
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
res.Body.Close()
|
|
|
|
res.Body.Close()
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("caHandler.SSHCheckHost unexpected error = %v", err)
|
|
|
|
t.Errorf("caHandler.SSHCheckHost unexpected error = %v", err)
|
|
|
@ -604,7 +604,7 @@ func Test_caHandler_SSHGetHosts(t *testing.T) {
|
|
|
|
t.Errorf("caHandler.SSHGetHosts StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
t.Errorf("caHandler.SSHGetHosts StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
body, err := ioutil.ReadAll(res.Body)
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
res.Body.Close()
|
|
|
|
res.Body.Close()
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("caHandler.SSHGetHosts unexpected error = %v", err)
|
|
|
|
t.Errorf("caHandler.SSHGetHosts unexpected error = %v", err)
|
|
|
@ -659,7 +659,7 @@ func Test_caHandler_SSHBastion(t *testing.T) {
|
|
|
|
t.Errorf("caHandler.SSHBastion StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
t.Errorf("caHandler.SSHBastion StatusCode = %d, wants %d", res.StatusCode, tt.statusCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
body, err := ioutil.ReadAll(res.Body)
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
res.Body.Close()
|
|
|
|
res.Body.Close()
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("caHandler.SSHBastion unexpected error = %v", err)
|
|
|
|
t.Errorf("caHandler.SSHBastion unexpected error = %v", err)
|
|
|
|