2022-04-16 20:24:32 +00:00
|
|
|
package config
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/elliptic"
|
|
|
|
"crypto/x509"
|
2022-04-21 19:12:34 +00:00
|
|
|
"strings"
|
2022-04-16 20:24:32 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2022-04-21 19:12:34 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2022-04-19 14:48:32 +00:00
|
|
|
"gopkg.in/yaml.v3"
|
2022-04-16 20:24:32 +00:00
|
|
|
)
|
|
|
|
|
2022-04-19 14:48:32 +00:00
|
|
|
func TestPrivateKeyInfo_MarshalYAML(t *testing.T) {
|
2022-04-16 20:24:32 +00:00
|
|
|
testData := []struct {
|
|
|
|
name string
|
|
|
|
pkInfo *PrivateKeyInfo
|
|
|
|
expected string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
"RSA",
|
|
|
|
&PrivateKeyInfo{
|
|
|
|
Algorithm: x509.RSA,
|
|
|
|
RSABits: 3072,
|
|
|
|
},
|
2022-04-19 14:48:32 +00:00
|
|
|
`algorithm: RSA
|
|
|
|
rsa-bits: 3072
|
|
|
|
`,
|
2022-04-16 20:24:32 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"ECDSA",
|
|
|
|
&PrivateKeyInfo{
|
|
|
|
Algorithm: x509.ECDSA,
|
|
|
|
EccCurve: elliptic.P224(),
|
|
|
|
},
|
2022-04-19 14:48:32 +00:00
|
|
|
`algorithm: EC
|
|
|
|
ecc-curve: P-224
|
|
|
|
`,
|
2022-04-16 20:24:32 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, item := range testData {
|
|
|
|
t.Run(item.name, func(t *testing.T) {
|
2022-04-19 14:48:32 +00:00
|
|
|
data, err := yaml.Marshal(item.pkInfo)
|
2022-04-21 19:12:34 +00:00
|
|
|
require.NoError(t, err)
|
2022-04-16 20:24:32 +00:00
|
|
|
|
2022-04-21 19:12:34 +00:00
|
|
|
assert.YAMLEq(t, item.expected, string(data))
|
2022-04-16 20:24:32 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-19 14:48:32 +00:00
|
|
|
func TestPrivateKeyInfo_UnmarshalYAML(t *testing.T) {
|
2022-04-16 20:24:32 +00:00
|
|
|
testData := []struct {
|
|
|
|
name string
|
2022-04-19 14:48:32 +00:00
|
|
|
yaml string
|
2022-04-16 20:24:32 +00:00
|
|
|
expected *PrivateKeyInfo
|
|
|
|
expectErr bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
"RSA",
|
2022-04-19 14:48:32 +00:00
|
|
|
`label: "mykey"
|
|
|
|
algorithm: "RSA"
|
|
|
|
rsa-bits: 2048`,
|
2022-04-16 20:24:32 +00:00
|
|
|
&PrivateKeyInfo{
|
|
|
|
Algorithm: x509.RSA,
|
|
|
|
RSABits: 2048,
|
|
|
|
},
|
|
|
|
false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"ECDSA",
|
2022-04-19 14:48:32 +00:00
|
|
|
`label: "mykey"
|
|
|
|
algorithm: "EC"
|
|
|
|
ecc-curve: "P-521"`,
|
2022-04-16 20:24:32 +00:00
|
|
|
&PrivateKeyInfo{
|
|
|
|
Algorithm: x509.ECDSA,
|
|
|
|
EccCurve: elliptic.P521(),
|
|
|
|
},
|
|
|
|
false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"no-algorithm",
|
2022-04-19 14:48:32 +00:00
|
|
|
`label: "mykey"`,
|
2022-04-16 20:24:32 +00:00
|
|
|
nil,
|
|
|
|
true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"RSA-no-rsa-bits",
|
2022-04-19 14:48:32 +00:00
|
|
|
`label: "mykey"
|
|
|
|
algorithm: "RSA"`,
|
2022-04-16 20:24:32 +00:00
|
|
|
nil,
|
|
|
|
true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"ECDSA-no-curve",
|
2022-04-19 14:48:32 +00:00
|
|
|
`label: "mykey"
|
|
|
|
algorithm: "EC"`,
|
2022-04-16 20:24:32 +00:00
|
|
|
nil,
|
|
|
|
true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, item := range testData {
|
|
|
|
t.Run(item.name, func(t *testing.T) {
|
|
|
|
pkInfo := &PrivateKeyInfo{}
|
2022-04-19 14:48:32 +00:00
|
|
|
err := yaml.Unmarshal([]byte(item.yaml), pkInfo)
|
2022-04-21 19:12:34 +00:00
|
|
|
if err != nil && !item.expectErr {
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if item.expectErr {
|
|
|
|
assert.Error(t, err)
|
2022-04-16 20:24:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if !item.expectErr {
|
|
|
|
assert.Equal(t, item.expected, pkInfo)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-19 14:48:32 +00:00
|
|
|
func TestCaCertificateEntry_UnmarshalYAML(t *testing.T) {
|
2022-04-16 20:24:32 +00:00
|
|
|
data := `{
|
|
|
|
"key-info": {
|
|
|
|
"algorithm":"EC",
|
|
|
|
"ecc-curve":"P-521"
|
|
|
|
},
|
|
|
|
"certificate-file":"test.crt",
|
|
|
|
"common-name":"My Little Test Root CA"
|
|
|
|
}`
|
|
|
|
|
|
|
|
entry := CaCertificateEntry{}
|
|
|
|
|
2022-04-19 14:48:32 +00:00
|
|
|
err := yaml.Unmarshal([]byte(data), &entry)
|
2022-04-21 19:12:34 +00:00
|
|
|
require.NoError(t, err)
|
2022-04-16 20:24:32 +00:00
|
|
|
|
|
|
|
assert.Equal(t, CaCertificateEntry{
|
|
|
|
KeyInfo: &PrivateKeyInfo{
|
|
|
|
Algorithm: x509.ECDSA,
|
|
|
|
EccCurve: elliptic.P521(),
|
|
|
|
},
|
|
|
|
CommonName: "My Little Test Root CA",
|
2022-04-20 07:03:00 +00:00
|
|
|
Storage: "default",
|
2022-04-16 20:24:32 +00:00
|
|
|
}, entry)
|
|
|
|
}
|
2022-04-21 19:12:34 +00:00
|
|
|
|
|
|
|
func TestLoadConfiguration(t *testing.T) {
|
|
|
|
testData := []struct {
|
|
|
|
name, yaml string
|
|
|
|
err bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "Good",
|
|
|
|
yaml: `---
|
|
|
|
Settings:
|
|
|
|
organization:
|
|
|
|
validity-years:
|
|
|
|
root: 20
|
|
|
|
intermediary: 5
|
|
|
|
url-patterns:
|
|
|
|
KeyStorage:
|
|
|
|
default:
|
|
|
|
type: softhsm
|
|
|
|
CAs:
|
|
|
|
root:
|
|
|
|
common-name: "Root CA"
|
|
|
|
key-info:
|
|
|
|
algorithm: EC
|
|
|
|
ecc-curve: P-384
|
|
|
|
sub1:
|
|
|
|
common-name: "Sub CA 1"
|
|
|
|
key-info:
|
|
|
|
algorithm: EC
|
|
|
|
ecc-curve: P-256
|
|
|
|
parent: root
|
|
|
|
sub2:
|
|
|
|
common-name: "Sub CA 2"
|
|
|
|
key-info:
|
|
|
|
algorithm: EC
|
|
|
|
ecc-curve: P-256
|
|
|
|
parent: root
|
|
|
|
`,
|
|
|
|
err: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Bad",
|
|
|
|
yaml: `noyamlforyou: ]`,
|
|
|
|
err: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, item := range testData {
|
|
|
|
t.Run(item.name, func(t *testing.T) {
|
|
|
|
r := strings.NewReader(item.yaml)
|
|
|
|
sc, err := LoadConfiguration(r)
|
|
|
|
|
|
|
|
if item.err {
|
|
|
|
assert.Error(t, err)
|
|
|
|
assert.Nil(t, sc)
|
|
|
|
} else {
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.NotNil(t, sc)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestSignerConfig_RootCAs(t *testing.T) {
|
|
|
|
yamlData := `---
|
|
|
|
Settings:
|
|
|
|
organization:
|
|
|
|
validity-years:
|
|
|
|
root: 20
|
|
|
|
intermediary: 5
|
|
|
|
url-patterns:
|
|
|
|
KeyStorage:
|
|
|
|
default:
|
|
|
|
type: softhsm
|
|
|
|
CAs:
|
|
|
|
root:
|
|
|
|
common-name: "Root CA"
|
|
|
|
key-info:
|
|
|
|
algorithm: EC
|
|
|
|
ecc-curve: P-384
|
|
|
|
sub1:
|
|
|
|
common-name: "Sub CA 1"
|
|
|
|
key-info:
|
|
|
|
algorithm: EC
|
|
|
|
ecc-curve: P-256
|
|
|
|
parent: root
|
|
|
|
sub2:
|
|
|
|
common-name: "Sub CA 2"
|
|
|
|
key-info:
|
|
|
|
algorithm: EC
|
|
|
|
ecc-curve: P-256
|
|
|
|
parent: root
|
|
|
|
`
|
|
|
|
r := strings.NewReader(yamlData)
|
|
|
|
sc, err := LoadConfiguration(r)
|
|
|
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, sc)
|
|
|
|
|
|
|
|
roots := sc.RootCAs()
|
|
|
|
assert.Equal(t, roots, []string{"root"})
|
|
|
|
}
|