cacert-gosigner/pkg/config/config_test.go

package config

import (
	"crypto/elliptic"
	"crypto/x509"
	"strings"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"gopkg.in/yaml.v3"
)

func TestPrivateKeyInfo_MarshalYAML(t *testing.T) {
	testData := []struct {
		name     string
		pkInfo   *PrivateKeyInfo
		expected string
	}{
		{
			"RSA",
			&PrivateKeyInfo{
				Algorithm: x509.RSA,
				RSABits:   3072,
			},
			`algorithm: RSA
rsa-bits: 3072
`,
		},
		{
			"ECDSA",
			&PrivateKeyInfo{
				Algorithm: x509.ECDSA,
				EccCurve:  elliptic.P224(),
			},
			`algorithm: EC
ecc-curve: P-224
`,
		},
	}

	for _, item := range testData {
		t.Run(item.name, func(t *testing.T) {
			data, err := yaml.Marshal(item.pkInfo)
			require.NoError(t, err)

			assert.YAMLEq(t, item.expected, string(data))
		})
	}
}

func TestPrivateKeyInfo_UnmarshalYAML(t *testing.T) {
	testData := []struct {
		name      string
		yaml      string
		expected  *PrivateKeyInfo
		expectErr bool
	}{
		{
			"RSA",
			`label: "mykey"
algorithm: "RSA"
rsa-bits: 2048`,
			&PrivateKeyInfo{
				Algorithm: x509.RSA,
				RSABits:   2048,
			},
			false,
		},
		{
			"ECDSA",
			`label: "mykey"
algorithm: "EC"
ecc-curve: "P-521"`,
			&PrivateKeyInfo{
				Algorithm: x509.ECDSA,
				EccCurve:  elliptic.P521(),
			},
			false,
		},
		{
			"no-algorithm",
			`label: "mykey"`,
			nil,
			true,
		},
		{
			"RSA-no-rsa-bits",
			`label: "mykey"
algorithm: "RSA"`,
			nil,
			true,
		},
		{
			"ECDSA-no-curve",
			`label: "mykey"
algorithm: "EC"`,
			nil,
			true,
		},
	}

	for _, item := range testData {
		t.Run(item.name, func(t *testing.T) {
			pkInfo := &PrivateKeyInfo{}
			err := yaml.Unmarshal([]byte(item.yaml), pkInfo)
			if err != nil && !item.expectErr {
				require.NoError(t, err)
			}

			if item.expectErr {
				assert.Error(t, err)
			}

			if !item.expectErr {
				assert.Equal(t, item.expected, pkInfo)
			}
		})
	}
}

func TestCaCertificateEntry_UnmarshalYAML(t *testing.T) {
	data := `{
	"key-info": {
		"algorithm":"EC",
		"ecc-curve":"P-521"
	},
	"certificate-file":"test.crt",
	"common-name":"My Little Test Root CA"
}`

	entry := CaCertificateEntry{}

	err := yaml.Unmarshal([]byte(data), &entry)
	require.NoError(t, err)

	assert.Equal(t, CaCertificateEntry{
		KeyInfo: &PrivateKeyInfo{
			Algorithm: x509.ECDSA,
			EccCurve:  elliptic.P521(),
		},
		CommonName: "My Little Test Root CA",
		Storage:    "default",
	}, entry)
}

func TestLoadConfiguration(t *testing.T) {
	testData := []struct {
		name, yaml string
		err        bool
	}{
		{
			name: "Good",
			yaml: `---
Settings:
  organization:
  validity-years:
    root: 20
    intermediary: 5
  url-patterns:
KeyStorage:
  default:
    type: softhsm
CAs:
  root:
    common-name: "Root CA"
    key-info:
      algorithm: EC
      ecc-curve: P-384
  sub1:
    common-name: "Sub CA 1"
    key-info:
      algorithm: EC
      ecc-curve: P-256
    parent: root
  sub2:
    common-name: "Sub CA 2"
    key-info:
      algorithm: EC
      ecc-curve: P-256
    parent: root
`,
			err: false,
		},
		{
			name: "Bad",
			yaml: `noyamlforyou: ]`,
			err:  true,
		},
	}

	for _, item := range testData {
		t.Run(item.name, func(t *testing.T) {
			r := strings.NewReader(item.yaml)
			sc, err := LoadConfiguration(r)

			if item.err {
				assert.Error(t, err)
				assert.Nil(t, sc)
			} else {
				assert.NoError(t, err)
				assert.NotNil(t, sc)
			}
		})
	}
}

func TestSignerConfig_RootCAs(t *testing.T) {
	yamlData := `---
Settings:
  organization:
  validity-years:
    root: 20
    intermediary: 5
  url-patterns:
KeyStorage:
  default:
    type: softhsm
CAs:
  root:
    common-name: "Root CA"
    key-info:
      algorithm: EC
      ecc-curve: P-384
  sub1:
    common-name: "Sub CA 1"
    key-info:
      algorithm: EC
      ecc-curve: P-256
    parent: root
  sub2:
    common-name: "Sub CA 2"
    key-info:
      algorithm: EC
      ecc-curve: P-256
    parent: root
`
	r := strings.NewReader(yamlData)
	sc, err := LoadConfiguration(r)

	require.NoError(t, err)
	require.NotNil(t, sc)

	roots := sc.RootCAs()
	assert.Equal(t, roots, []string{"root"})
}
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`package config`

			`import (`
			`"crypto/elliptic"`
			`"crypto/x509"`
Increase coverage for pkg/config 2 years ago			`"strings"`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`"testing"`

			`"github.com/stretchr/testify/assert"`
Increase coverage for pkg/config 2 years ago			`"github.com/stretchr/testify/require"`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`"gopkg.in/yaml.v3"`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`)`

Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`func TestPrivateKeyInfo_MarshalYAML(t *testing.T) {`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`testData := []struct {`
			`name string`
			`pkInfo *PrivateKeyInfo`
			`expected string`
			`}{`
			`{`
			`"RSA",`
			`&PrivateKeyInfo{`
			`Algorithm: x509.RSA,`
			`RSABits: 3072,`
			`},`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`algorithm: RSA
			`rsa-bits: 3072`
			`,
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`},`
			`{`
			`"ECDSA",`
			`&PrivateKeyInfo{`
			`Algorithm: x509.ECDSA,`
			`EccCurve: elliptic.P224(),`
			`},`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`algorithm: EC
			`ecc-curve: P-224`
			`,
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`},`
			`}`

			`for _, item := range testData {`
			`t.Run(item.name, func(t *testing.T) {`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`data, err := yaml.Marshal(item.pkInfo)`
Increase coverage for pkg/config 2 years ago			`require.NoError(t, err)`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago
Increase coverage for pkg/config 2 years ago			`assert.YAMLEq(t, item.expected, string(data))`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`})`
			`}`
			`}`

Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`func TestPrivateKeyInfo_UnmarshalYAML(t *testing.T) {`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`testData := []struct {`
			`name string`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`yaml string`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`expected *PrivateKeyInfo`
			`expectErr bool`
			`}{`
			`{`
			`"RSA",`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`label: "mykey"
			`algorithm: "RSA"`
			rsa-bits: 2048`,
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`&PrivateKeyInfo{`
			`Algorithm: x509.RSA,`
			`RSABits: 2048,`
			`},`
			`false,`
			`},`
			`{`
			`"ECDSA",`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`label: "mykey"
			`algorithm: "EC"`
			ecc-curve: "P-521"`,
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`&PrivateKeyInfo{`
			`Algorithm: x509.ECDSA,`
			`EccCurve: elliptic.P521(),`
			`},`
			`false,`
			`},`
			`{`
			`"no-algorithm",`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`label: "mykey"`,
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`nil,`
			`true,`
			`},`
			`{`
			`"RSA-no-rsa-bits",`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`label: "mykey"
			algorithm: "RSA"`,
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`nil,`
			`true,`
			`},`
			`{`
			`"ECDSA-no-curve",`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`label: "mykey"
			algorithm: "EC"`,
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`nil,`
			`true,`
			`},`
			`}`

			`for _, item := range testData {`
			`t.Run(item.name, func(t *testing.T) {`
			`pkInfo := &PrivateKeyInfo{}`
Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`err := yaml.Unmarshal([]byte(item.yaml), pkInfo)`
Increase coverage for pkg/config 2 years ago			`if err != nil && !item.expectErr {`
			`require.NoError(t, err)`
			`}`

			`if item.expectErr {`
			`assert.Error(t, err)`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`}`

			`if !item.expectErr {`
			`assert.Equal(t, item.expected, pkInfo)`
			`}`
			`})`
			`}`
			`}`

Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`func TestCaCertificateEntry_UnmarshalYAML(t *testing.T) {`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			data := `{
			`"key-info": {`
			`"algorithm":"EC",`
			`"ecc-curve":"P-521"`
			`},`
			`"certificate-file":"test.crt",`
			`"common-name":"My Little Test Root CA"`
			}`

			`entry := CaCertificateEntry{}`

Improve configuration, implement setup mode - implement a dedicated setup mode for creating CA certificates that is triggered by the '-setup' command line flag - switch to YAML configuration for comment support and more human readable syntax. Format documentation is in docs/config.sample.yaml - move HSM related code to pkg/hsm - improve consistency checks in pkg/config 2 years ago			`err := yaml.Unmarshal([]byte(data), &entry)`
Increase coverage for pkg/config 2 years ago			`require.NoError(t, err)`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago
			`assert.Equal(t, CaCertificateEntry{`
			`KeyInfo: &PrivateKeyInfo{`
			`Algorithm: x509.ECDSA,`
			`EccCurve: elliptic.P521(),`
			`},`
			`CommonName: "My Little Test Root CA",`
Fix failing test 2 years ago			`Storage: "default",`
Implement configuration and CA hierarchy setup This commit implements a mechanism to load CA configuration dynamically from JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM or Smartcard. Certificates are stored as PEM encoded .crt files in the filesystem. The default PKCS#11 module (softhsm2) is now loaded from a platform specific path using go:build comments. 2 years ago			`}, entry)`
			`}`
Increase coverage for pkg/config 2 years ago
			`func TestLoadConfiguration(t *testing.T) {`
			`testData := []struct {`
			`name, yaml string`
			`err bool`
			`}{`
			`{`
			`name: "Good",`
			yaml: `---
			`Settings:`
			`organization:`
			`validity-years:`
			`root: 20`
			`intermediary: 5`
			`url-patterns:`
			`KeyStorage:`
			`default:`
			`type: softhsm`
			`CAs:`
			`root:`
			`common-name: "Root CA"`
			`key-info:`
			`algorithm: EC`
			`ecc-curve: P-384`
			`sub1:`
			`common-name: "Sub CA 1"`
			`key-info:`
			`algorithm: EC`
			`ecc-curve: P-256`
			`parent: root`
			`sub2:`
			`common-name: "Sub CA 2"`
			`key-info:`
			`algorithm: EC`
			`ecc-curve: P-256`
			`parent: root`
			`,
			`err: false,`
			`},`
			`{`
			`name: "Bad",`
			yaml: `noyamlforyou: ]`,
			`err: true,`
			`},`
			`}`

			`for _, item := range testData {`
			`t.Run(item.name, func(t *testing.T) {`
			`r := strings.NewReader(item.yaml)`
			`sc, err := LoadConfiguration(r)`

			`if item.err {`
			`assert.Error(t, err)`
			`assert.Nil(t, sc)`
			`} else {`
			`assert.NoError(t, err)`
			`assert.NotNil(t, sc)`
			`}`
			`})`
			`}`
			`}`

			`func TestSignerConfig_RootCAs(t *testing.T) {`
			yamlData := `---
			`Settings:`
			`organization:`
			`validity-years:`
			`root: 20`
			`intermediary: 5`
			`url-patterns:`
			`KeyStorage:`
			`default:`
			`type: softhsm`
			`CAs:`
			`root:`
			`common-name: "Root CA"`
			`key-info:`
			`algorithm: EC`
			`ecc-curve: P-384`
			`sub1:`
			`common-name: "Sub CA 1"`
			`key-info:`
			`algorithm: EC`
			`ecc-curve: P-256`
			`parent: root`
			`sub2:`
			`common-name: "Sub CA 2"`
			`key-info:`
			`algorithm: EC`
			`ecc-curve: P-256`
			`parent: root`
			`
			`r := strings.NewReader(yamlData)`
			`sc, err := LoadConfiguration(r)`

			`require.NoError(t, err)`
			`require.NotNil(t, sc)`

			`roots := sc.RootCAs()`
			`assert.Equal(t, roots, []string{"root"})`
			`}`