Increase coverage for pkg/config

This commit is contained in:
Jan Dittberner 2022-04-21 21:12:34 +02:00 committed by Jan Dittberner
parent 3a6127a939
commit 7d415ff181
2 changed files with 143 additions and 14 deletions

View file

@ -177,6 +177,18 @@ func LoadConfiguration(r io.Reader) (*SignerConfig, error) {
return nil, fmt.Errorf("could not parse YAML configuration: %w", err)
}
if config.Global == nil {
return nil, errors.New("configuration entry 'Settings' is missing or empty")
}
if config.CAs == nil {
return nil, errors.New("configuration entry 'CAs' is missing or empty")
}
if config.KeyStorage == nil {
return nil, errors.New("configuration entry 'KeyStorage' is missing or empty")
}
return &SignerConfig{
global: config.Global,
caMap: config.CAs,
@ -192,7 +204,6 @@ type PrivateKeyInfo struct {
func (p *PrivateKeyInfo) UnmarshalYAML(value *yaml.Node) error {
internalStructure := struct {
Label string `yaml:"label"`
Algorithm string `yaml:"algorithm"`
EccCurve string `yaml:"ecc-curve,omitempty"`
RSABits *int `yaml:"rsa-bits,omitempty"`
@ -207,17 +218,25 @@ func (p *PrivateKeyInfo) UnmarshalYAML(value *yaml.Node) error {
case "RSA":
p.Algorithm = x509.RSA
if internalStructure.RSABits == nil {
return errors.New("RSA key length not specified")
return errors.New("element 'rsa-bits' with RSA key length required for algorithm RSA")
}
p.RSABits = *internalStructure.RSABits
case "EC":
p.Algorithm = x509.ECDSA
if internalStructure.EccCurve == "" {
return errors.New("element 'ecc-curve' required for algorithm EC")
}
p.EccCurve, err = nameToCurve(internalStructure.EccCurve)
if err != nil {
return err
}
case "":
return errors.New("element 'algorithm' must be specified as 'EC' or 'RSA'")
default:
return fmt.Errorf("unsupported key algorithm %s", internalStructure.Algorithm)
return fmt.Errorf(
"unsupported key algorithm %s, use either 'EC' or 'RSA'",
internalStructure.Algorithm,
)
}
return nil
@ -302,7 +321,16 @@ func (c *CaCertificateEntry) UnmarshalYAML(value *yaml.Node) error {
return err
}
if m.KeyInfo == nil {
return errors.New("element 'key-info' must be set")
}
c.KeyInfo = m.KeyInfo
if m.CommonName == "" {
return errors.New("element 'common-name' must be set")
}
c.CommonName = m.CommonName
c.MaxPathLen = m.MaxPathLen

View file

@ -3,9 +3,11 @@ package config
import (
"crypto/elliptic"
"crypto/x509"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gopkg.in/yaml.v3"
)
@ -40,11 +42,9 @@ ecc-curve: P-224
for _, item := range testData {
t.Run(item.name, func(t *testing.T) {
data, err := yaml.Marshal(item.pkInfo)
if err != nil {
t.Fatal(err)
}
require.NoError(t, err)
assert.Equal(t, item.expected, string(data))
assert.YAMLEq(t, item.expected, string(data))
})
}
}
@ -104,10 +104,12 @@ algorithm: "EC"`,
t.Run(item.name, func(t *testing.T) {
pkInfo := &PrivateKeyInfo{}
err := yaml.Unmarshal([]byte(item.yaml), pkInfo)
if err != nil {
if !item.expectErr {
t.Fatal(err)
}
if err != nil && !item.expectErr {
require.NoError(t, err)
}
if item.expectErr {
assert.Error(t, err)
}
if !item.expectErr {
@ -130,9 +132,7 @@ func TestCaCertificateEntry_UnmarshalYAML(t *testing.T) {
entry := CaCertificateEntry{}
err := yaml.Unmarshal([]byte(data), &entry)
if err != nil {
t.Fatal(err)
}
require.NoError(t, err)
assert.Equal(t, CaCertificateEntry{
KeyInfo: &PrivateKeyInfo{
@ -143,3 +143,104 @@ func TestCaCertificateEntry_UnmarshalYAML(t *testing.T) {
Storage: "default",
}, entry)
}
func TestLoadConfiguration(t *testing.T) {
testData := []struct {
name, yaml string
err bool
}{
{
name: "Good",
yaml: `---
Settings:
organization:
validity-years:
root: 20
intermediary: 5
url-patterns:
KeyStorage:
default:
type: softhsm
CAs:
root:
common-name: "Root CA"
key-info:
algorithm: EC
ecc-curve: P-384
sub1:
common-name: "Sub CA 1"
key-info:
algorithm: EC
ecc-curve: P-256
parent: root
sub2:
common-name: "Sub CA 2"
key-info:
algorithm: EC
ecc-curve: P-256
parent: root
`,
err: false,
},
{
name: "Bad",
yaml: `noyamlforyou: ]`,
err: true,
},
}
for _, item := range testData {
t.Run(item.name, func(t *testing.T) {
r := strings.NewReader(item.yaml)
sc, err := LoadConfiguration(r)
if item.err {
assert.Error(t, err)
assert.Nil(t, sc)
} else {
assert.NoError(t, err)
assert.NotNil(t, sc)
}
})
}
}
func TestSignerConfig_RootCAs(t *testing.T) {
yamlData := `---
Settings:
organization:
validity-years:
root: 20
intermediary: 5
url-patterns:
KeyStorage:
default:
type: softhsm
CAs:
root:
common-name: "Root CA"
key-info:
algorithm: EC
ecc-curve: P-384
sub1:
common-name: "Sub CA 1"
key-info:
algorithm: EC
ecc-curve: P-256
parent: root
sub2:
common-name: "Sub CA 2"
key-info:
algorithm: EC
ecc-curve: P-256
parent: root
`
r := strings.NewReader(yamlData)
sc, err := LoadConfiguration(r)
require.NoError(t, err)
require.NotNil(t, sc)
roots := sc.RootCAs()
assert.Equal(t, roots, []string{"root"})
}