示例#1
0
文件: sign_test.go 项目: kisom/cfssl
func TestAuthSign(t *testing.T) {
	conf, err := config.LoadConfig([]byte(validAuthLocalConfig))
	if err != nil {
		t.Fatal(err)
	}
	for i, test := range signTests {
		resp, body := testAuthSignFile(t, test.Hosts, test.Subject, test.CSRFile, conf.Signing.Default)
		if resp.StatusCode != test.ExpectedHTTPStatus {
			t.Logf("Test %d: expected: %d, have %d", i, test.ExpectedHTTPStatus, resp.StatusCode)
			t.Fatal(resp.Status, test.ExpectedHTTPStatus, string(body))
		}

		message := new(api.Response)
		err := json.Unmarshal(body, message)
		if err != nil {
			t.Logf("failed to read response body: %v", err)
			t.Fatal(resp.Status, test.ExpectedHTTPStatus, message)
		}

		if test.ExpectedSuccess != message.Success {
			t.Fatalf("Test %d: expected: %v, have %v", i, test.ExpectedSuccess, message.Success)
			t.Fatal(resp.Status, test.ExpectedHTTPStatus, message)
		}
		if test.ExpectedSuccess == true {
			continue
		}

		if test.ExpectedErrorCode != message.Errors[0].Code {
			t.Fatalf("Test %d: expected: %v, have %v", i, test.ExpectedErrorCode, message.Errors[0].Code)
			t.Fatal(resp.Status, test.ExpectedHTTPStatus, message)
		}

	}
}
示例#2
0
// NewConfig returns a config object from the data passed.
func NewConfig(t *testing.T, configBytes []byte) *config.Config {
	conf, err := config.LoadConfig([]byte(configBytes))
	if err != nil {
		t.Fatal("config loading error:", err)
	}
	if !conf.Valid() {
		t.Fatal("config is not valid")
	}
	return conf
}
示例#3
0
文件: sign_test.go 项目: kisom/cfssl
func TestNewAuthHandlerWithNonAuthProfile(t *testing.T) {
	conf, err := config.LoadConfig([]byte(validLocalConfig))
	if err != nil {
		t.Fatal(err)
	}

	_, err = NewAuthHandler(testCaFile, testCaKeyFile, conf.Signing)
	if err == nil {
		t.Fatal("No profile have auth keys. Should have failed to create auth sign handler.")
	}
}
示例#4
0
文件: sign_test.go 项目: kisom/cfssl
func TestNewHandlerWithProfile(t *testing.T) {
	conf, err := config.LoadConfig([]byte(validLocalConfig))
	if err != nil {
		t.Fatal(err)
	}

	_, err = NewHandler(testCaFile, testCaKeyFile, conf.Signing)
	if err != nil {
		t.Fatal(err)
	}
}
示例#5
0
文件: sign_test.go 项目: kisom/cfssl
func TestNewAuthHandlerWithNoAuthConfig(t *testing.T) {
	conf, err := config.LoadConfig([]byte(validLocalConfig))
	if err != nil {
		t.Fatal(err)
	}

	_, err = NewAuthHandler(testCaFile, testCaKeyFile, conf.Signing)
	if err == nil {
		t.Fatal("Config doesn't have auth keys. Should have failed.")
	}
	return
}
示例#6
0
文件: sign_test.go 项目: kisom/cfssl
func newTestAuthHandler(t *testing.T) http.Handler {
	conf, err := config.LoadConfig([]byte(validAuthLocalConfig))
	if err != nil {
		t.Fatal(err)
	}

	h, err := NewAuthHandler(testCaFile, testCaKeyFile, conf.Signing)
	if err != nil {
		t.Fatal(err)
	}
	return h
}
示例#7
0
文件: sign_test.go 项目: kisom/cfssl
func TestNewHandlersWithAnotherMixedProfile(t *testing.T) {
	conf, err := config.LoadConfig([]byte(alsoValidMixedLocalConfig))
	if err != nil {
		t.Fatal(err)
	}

	_, err = NewHandler(testCaFile, testCaKeyFile, conf.Signing)
	if err != nil {
		t.Fatal("Should be able to create non-auth sign handler.")
	}

	_, err = NewAuthHandler(testCaFile, testCaKeyFile, conf.Signing)
	if err != nil {
		t.Fatal("Should be able to create auth sign handler.")
	}
}
示例#8
0
func TestSignerDBPersistence(t *testing.T) {
	conf, err := config.LoadConfig([]byte(validLocalConfigLongerExpiry))
	if err != nil {
		t.Fatal(err)
	}

	var s *local.Signer
	s, err = local.NewSignerFromFile(testCaFile, testCaKeyFile, conf.Signing)
	if err != nil {
		t.Fatal(err)
	}

	db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
	if err != nil {
		t.Fatal(err)
	}

	s.SetDB(db)

	var handler *api.HTTPHandler
	handler, err = NewHandlerFromSigner(signer.Signer(s))
	if err != nil {
		t.Fatal(err)
	}

	ts := httptest.NewServer(handler)
	defer ts.Close()

	var csrPEM, body []byte
	csrPEM, err = ioutil.ReadFile(testCSRFile)
	if err != nil {
		t.Fatal(err)
	}

	blob, err := json.Marshal(&map[string]string{"certificate_request": string(csrPEM)})
	if err != nil {
		t.Fatal(err)
	}

	var resp *http.Response
	resp, err = http.Post(ts.URL, "application/json", bytes.NewReader(blob))
	if err != nil {
		t.Fatal(err)
	}

	body, err = ioutil.ReadAll(resp.Body)
	if err != nil {
		t.Fatal(err)
	}

	if resp.StatusCode != http.StatusOK {
		t.Fatal(resp.Status, string(body))
	}

	message := new(api.Response)
	err = json.Unmarshal(body, message)
	if err != nil {
		t.Fatalf("failed to read response body: %v", err)
	}

	if !message.Success {
		t.Fatal("API operation failed")
	}

	var crs []*certdb.CertificateRecord
	crs, err = certdb.GetUnexpiredCertificates(db)
	if err != nil {
		t.Fatal("Failed to get unexpired certificates")
	}

	if len(crs) != 1 {
		t.Fatal("Expected 1 unexpired certificate in the database after signing 1")
	}
}