func signCSRFile(s signer.Signer, csrFile string, t *testing.T) []byte {
csrBytes, err := ioutil.ReadFile(csrFile)
if err != nil {
t.Fatal(err)
}
signingRequest := signer.SignRequest{Request: string(csrBytes)}
certBytes, err := s.Sign(signingRequest)
if err != nil {
t.Fatal(err)
}
return certBytes
}
// NewHandlerFromSigner generates a new Handler directly from
// an existing signer.
func NewHandlerFromSigner(signer signer.Signer) (h *api.HTTPHandler, err error) {
policy := signer.Policy()
if policy == nil {
err = errors.New(errors.PolicyError, errors.InvalidPolicy)
return
}
// Sign will only respond for profiles that have no auth provider.
// So if all of the profiles require authentication, we return an error.
haveUnauth := (policy.Default.Provider == nil)
for _, profile := range policy.Profiles {
haveUnauth = haveUnauth || (profile.Provider == nil)
}
if !haveUnauth {
err = errors.New(errors.PolicyError, errors.InvalidPolicy)
return
}
return &api.HTTPHandler{
Handler: &Handler{
signer: signer,
},
Methods: []string{"POST"},
}, nil
}
// NewAuthHandlerFromSigner creates a new AuthHandler from the signer
// that is passed in.
func NewAuthHandlerFromSigner(signer signer.Signer) (http.Handler, error) {
policy := signer.Policy()
if policy == nil {
return nil, errors.New(errors.PolicyError, errors.InvalidPolicy)
}
if policy.Default == nil && policy.Profiles == nil {
return nil, errors.New(errors.PolicyError, errors.InvalidPolicy)
}
// AuthSign will not respond for profiles that have no auth provider.
// So if there are no profiles with auth providers in this policy,
// we return an error.
haveAuth := (policy.Default.Provider != nil)
for _, profile := range policy.Profiles {
if haveAuth {
break
}
haveAuth = (profile.Provider != nil)
}
if !haveAuth {
return nil, errors.New(errors.PolicyError, errors.InvalidPolicy)
}
return &api.HTTPHandler{
Handler: &AuthHandler{
signer: signer,
},
Methods: []string{"POST"},
}, nil
}
func checkInfo(t *testing.T, s signer.Signer, name string, profile *config.SigningProfile) {
req := info.Req{
Profile: name,
}
resp, err := s.Info(req)
if err != nil {
t.Fatal("remote info failed:", err)
}
if strings.Join(profile.Usage, ",") != strings.Join(resp.Usage, ",") {
t.Fatalf("Expected usage for profile %s to be %+v, got %+v", name, profile.Usage, resp.Usage)
}
caBytes, err := ioutil.ReadFile(testCaFile)
caBytes = bytes.TrimSpace(caBytes)
if err != nil {
t.Fatal("fail to read test CA cert:", err)
}
if bytes.Compare(caBytes, []byte(resp.Certificate)) != 0 {
t.Fatal("Get a different CA cert through info api.", len(resp.Certificate), len(caBytes))
}
}