func TestGetRemoteSignedCertificate(t *testing.T) {
tc := testutils.NewTestCA(t)
defer tc.Stop()
// Create a new CSR to be signed
csr, _, err := ca.GenerateAndWriteNewKey(tc.Paths.Node)
assert.NoError(t, err)
certs, err := ca.GetRemoteSignedCertificate(context.Background(), csr, tc.ManagerToken, tc.RootCA.Pool, tc.Remotes, nil, nil)
assert.NoError(t, err)
assert.NotNil(t, certs)
// Test the expiration for a manager certificate
parsedCerts, err := helpers.ParseCertificatesPEM(certs)
assert.NoError(t, err)
assert.Len(t, parsedCerts, 2)
assert.True(t, time.Now().Add(ca.DefaultNodeCertExpiration).AddDate(0, 0, -1).Before(parsedCerts[0].NotAfter))
assert.True(t, time.Now().Add(ca.DefaultNodeCertExpiration).AddDate(0, 0, 1).After(parsedCerts[0].NotAfter))
assert.Equal(t, parsedCerts[0].Subject.OrganizationalUnit[0], ca.ManagerRole)
// Test the expiration for an agent certificate
certs, err = ca.GetRemoteSignedCertificate(tc.Context, csr, tc.WorkerToken, tc.RootCA.Pool, tc.Remotes, nil, nil)
assert.NoError(t, err)
assert.NotNil(t, certs)
parsedCerts, err = helpers.ParseCertificatesPEM(certs)
assert.NoError(t, err)
assert.Len(t, parsedCerts, 2)
assert.True(t, time.Now().Add(ca.DefaultNodeCertExpiration).AddDate(0, 0, -1).Before(parsedCerts[0].NotAfter))
assert.True(t, time.Now().Add(ca.DefaultNodeCertExpiration).AddDate(0, 0, 1).After(parsedCerts[0].NotAfter))
assert.Equal(t, parsedCerts[0].Subject.OrganizationalUnit[0], ca.AgentRole)
}
func TestGetRemoteSignedCertificateWithPending(t *testing.T) {
tc := testutils.NewTestCA(t)
defer tc.Stop()
// Create a new CSR to be signed
csr, _, err := ca.GenerateAndWriteNewKey(tc.Paths.Node)
assert.NoError(t, err)
updates, cancel := state.Watch(tc.MemoryStore.WatchQueue(), state.EventCreateNode{})
defer cancel()
completed := make(chan error)
go func() {
_, err := ca.GetRemoteSignedCertificate(context.Background(), csr, tc.WorkerToken, tc.RootCA.Pool, tc.Remotes, nil, nil)
completed <- err
}()
event := <-updates
node := event.(state.EventCreateNode).Node.Copy()
// Directly update the status of the store
err = tc.MemoryStore.Update(func(tx store.Tx) error {
node.Certificate.Status.State = api.IssuanceStateIssued
return store.UpdateNode(tx, node)
})
assert.NoError(t, err)
// Make sure GetRemoteSignedCertificate didn't return an error
assert.NoError(t, <-completed)
}
func TestGetRemoteSignedCertificateNodeInfo(t *testing.T) {
tc := testutils.NewTestCA(t)
defer tc.Stop()
// Create a new CSR to be signed
csr, _, err := ca.GenerateAndWriteNewKey(tc.Paths.Node)
assert.NoError(t, err)
info := make(chan api.IssueNodeCertificateResponse, 1)
cert, err := ca.GetRemoteSignedCertificate(context.Background(), csr, tc.WorkerToken, tc.RootCA.Pool, tc.Remotes, nil, info)
assert.NoError(t, err)
assert.NotNil(t, cert)
assert.NotEmpty(t, <-info)
}
func TestGetRemoteSignedCertificateNodeInfo(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
// Create a new CSR to be signed
csr, _, err := ca.GenerateAndWriteNewKey(tc.Paths.Node)
assert.NoError(t, err)
info := make(chan api.IssueNodeCertificateResponse, 1)
cert, err := ca.GetRemoteSignedCertificate(context.Background(), csr, ca.ManagerRole, "", tc.RootCA.Pool, tc.Picker, nil, info)
assert.NoError(t, err)
assert.NotNil(t, cert)
assert.NotEmpty(t, <-info)
}
func TestGetRemoteSignedCertificateNodeInfo(t *testing.T) {
tc := testutils.NewTestCA(t)
defer tc.Stop()
// Create a new CSR to be signed
csr, _, err := ca.GenerateNewCSR()
assert.NoError(t, err)
cert, err := ca.GetRemoteSignedCertificate(context.Background(), csr, tc.RootCA.Pool,
ca.CertificateRequestConfig{
Token: tc.WorkerToken,
Remotes: tc.Remotes,
})
assert.NoError(t, err)
assert.NotNil(t, cert)
}
