cacert-gosigner/pkg/config/config_test.go

247 lines
4 KiB
Go
Raw Normal View History

package config
import (
"crypto/elliptic"
"crypto/x509"
2022-04-21 19:12:34 +00:00
"strings"
"testing"
"github.com/stretchr/testify/assert"
2022-04-21 19:12:34 +00:00
"github.com/stretchr/testify/require"
"gopkg.in/yaml.v3"
)
func TestPrivateKeyInfo_MarshalYAML(t *testing.T) {
testData := []struct {
name string
pkInfo *PrivateKeyInfo
expected string
}{
{
"RSA",
&PrivateKeyInfo{
Algorithm: x509.RSA,
RSABits: 3072,
},
`algorithm: RSA
rsa-bits: 3072
`,
},
{
"ECDSA",
&PrivateKeyInfo{
Algorithm: x509.ECDSA,
EccCurve: elliptic.P224(),
},
`algorithm: EC
ecc-curve: P-224
`,
},
}
for _, item := range testData {
t.Run(item.name, func(t *testing.T) {
data, err := yaml.Marshal(item.pkInfo)
2022-04-21 19:12:34 +00:00
require.NoError(t, err)
2022-04-21 19:12:34 +00:00
assert.YAMLEq(t, item.expected, string(data))
})
}
}
func TestPrivateKeyInfo_UnmarshalYAML(t *testing.T) {
testData := []struct {
name string
yaml string
expected *PrivateKeyInfo
expectErr bool
}{
{
"RSA",
`label: "mykey"
algorithm: "RSA"
rsa-bits: 2048`,
&PrivateKeyInfo{
Algorithm: x509.RSA,
RSABits: 2048,
},
false,
},
{
"ECDSA",
`label: "mykey"
algorithm: "EC"
ecc-curve: "P-521"`,
&PrivateKeyInfo{
Algorithm: x509.ECDSA,
EccCurve: elliptic.P521(),
},
false,
},
{
"no-algorithm",
`label: "mykey"`,
nil,
true,
},
{
"RSA-no-rsa-bits",
`label: "mykey"
algorithm: "RSA"`,
nil,
true,
},
{
"ECDSA-no-curve",
`label: "mykey"
algorithm: "EC"`,
nil,
true,
},
}
for _, item := range testData {
t.Run(item.name, func(t *testing.T) {
pkInfo := &PrivateKeyInfo{}
err := yaml.Unmarshal([]byte(item.yaml), pkInfo)
2022-04-21 19:12:34 +00:00
if err != nil && !item.expectErr {
require.NoError(t, err)
}
if item.expectErr {
assert.Error(t, err)
}
if !item.expectErr {
assert.Equal(t, item.expected, pkInfo)
}
})
}
}
func TestCaCertificateEntry_UnmarshalYAML(t *testing.T) {
data := `{
"key-info": {
"algorithm":"EC",
"ecc-curve":"P-521"
},
"certificate-file":"test.crt",
"common-name":"My Little Test Root CA"
}`
entry := CaCertificateEntry{}
err := yaml.Unmarshal([]byte(data), &entry)
2022-04-21 19:12:34 +00:00
require.NoError(t, err)
assert.Equal(t, CaCertificateEntry{
KeyInfo: &PrivateKeyInfo{
Algorithm: x509.ECDSA,
EccCurve: elliptic.P521(),
},
CommonName: "My Little Test Root CA",
2022-04-20 07:03:00 +00:00
Storage: "default",
}, entry)
}
2022-04-21 19:12:34 +00:00
func TestLoadConfiguration(t *testing.T) {
testData := []struct {
name, yaml string
err bool
}{
{
name: "Good",
yaml: `---
Settings:
organization:
validity-years:
root: 20
intermediary: 5
url-patterns:
KeyStorage:
default:
type: softhsm
CAs:
root:
common-name: "Root CA"
key-info:
algorithm: EC
ecc-curve: P-384
sub1:
common-name: "Sub CA 1"
key-info:
algorithm: EC
ecc-curve: P-256
parent: root
sub2:
common-name: "Sub CA 2"
key-info:
algorithm: EC
ecc-curve: P-256
parent: root
`,
err: false,
},
{
name: "Bad",
yaml: `noyamlforyou: ]`,
err: true,
},
}
for _, item := range testData {
t.Run(item.name, func(t *testing.T) {
r := strings.NewReader(item.yaml)
sc, err := LoadConfiguration(r)
if item.err {
assert.Error(t, err)
assert.Nil(t, sc)
} else {
assert.NoError(t, err)
assert.NotNil(t, sc)
}
})
}
}
func TestSignerConfig_RootCAs(t *testing.T) {
yamlData := `---
Settings:
organization:
validity-years:
root: 20
intermediary: 5
url-patterns:
KeyStorage:
default:
type: softhsm
CAs:
root:
common-name: "Root CA"
key-info:
algorithm: EC
ecc-curve: P-384
sub1:
common-name: "Sub CA 1"
key-info:
algorithm: EC
ecc-curve: P-256
parent: root
sub2:
common-name: "Sub CA 2"
key-info:
algorithm: EC
ecc-curve: P-256
parent: root
`
r := strings.NewReader(yamlData)
sc, err := LoadConfiguration(r)
require.NoError(t, err)
require.NotNil(t, sc)
roots := sc.RootCAs()
assert.Equal(t, roots, []string{"root"})
}