package config import ( "crypto/elliptic" "crypto/x509" "strings" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gopkg.in/yaml.v3" ) func TestPrivateKeyInfo_MarshalYAML(t *testing.T) { testData := []struct { name string pkInfo *PrivateKeyInfo expected string }{ { "RSA", &PrivateKeyInfo{ Algorithm: x509.RSA, RSABits: 3072, }, `algorithm: RSA rsa-bits: 3072 `, }, { "ECDSA", &PrivateKeyInfo{ Algorithm: x509.ECDSA, EccCurve: elliptic.P224(), }, `algorithm: EC ecc-curve: P-224 `, }, } for _, item := range testData { t.Run(item.name, func(t *testing.T) { data, err := yaml.Marshal(item.pkInfo) require.NoError(t, err) assert.YAMLEq(t, item.expected, string(data)) }) } } func TestPrivateKeyInfo_UnmarshalYAML(t *testing.T) { testData := []struct { name string yaml string expected *PrivateKeyInfo expectErr bool }{ { "RSA", `label: "mykey" algorithm: "RSA" rsa-bits: 2048`, &PrivateKeyInfo{ Algorithm: x509.RSA, RSABits: 2048, }, false, }, { "ECDSA", `label: "mykey" algorithm: "EC" ecc-curve: "P-521"`, &PrivateKeyInfo{ Algorithm: x509.ECDSA, EccCurve: elliptic.P521(), }, false, }, { "no-algorithm", `label: "mykey"`, nil, true, }, { "RSA-no-rsa-bits", `label: "mykey" algorithm: "RSA"`, nil, true, }, { "ECDSA-no-curve", `label: "mykey" algorithm: "EC"`, nil, true, }, } for _, item := range testData { t.Run(item.name, func(t *testing.T) { pkInfo := &PrivateKeyInfo{} err := yaml.Unmarshal([]byte(item.yaml), pkInfo) if err != nil && !item.expectErr { require.NoError(t, err) } if item.expectErr { assert.Error(t, err) } if !item.expectErr { assert.Equal(t, item.expected, pkInfo) } }) } } func TestCaCertificateEntry_UnmarshalYAML(t *testing.T) { data := `{ "key-info": { "algorithm":"EC", "ecc-curve":"P-521" }, "certificate-file":"test.crt", "common-name":"My Little Test Root CA" }` entry := CaCertificateEntry{} err := yaml.Unmarshal([]byte(data), &entry) require.NoError(t, err) assert.Equal(t, CaCertificateEntry{ KeyInfo: &PrivateKeyInfo{ Algorithm: x509.ECDSA, EccCurve: elliptic.P521(), }, CommonName: "My Little Test Root CA", Storage: "default", }, entry) } func TestLoadConfiguration(t *testing.T) { testData := []struct { name, yaml string err bool }{ { name: "Good", yaml: `--- Settings: organization: validity-years: root: 20 intermediary: 5 url-patterns: KeyStorage: default: type: softhsm CAs: root: common-name: "Root CA" key-info: algorithm: EC ecc-curve: P-384 sub1: common-name: "Sub CA 1" key-info: algorithm: EC ecc-curve: P-256 parent: root sub2: common-name: "Sub CA 2" key-info: algorithm: EC ecc-curve: P-256 parent: root `, err: false, }, { name: "Bad", yaml: `noyamlforyou: ]`, err: true, }, } for _, item := range testData { t.Run(item.name, func(t *testing.T) { r := strings.NewReader(item.yaml) sc, err := LoadConfiguration(r) if item.err { assert.Error(t, err) assert.Nil(t, sc) } else { assert.NoError(t, err) assert.NotNil(t, sc) } }) } } func TestSignerConfig_RootCAs(t *testing.T) { yamlData := `--- Settings: organization: validity-years: root: 20 intermediary: 5 url-patterns: KeyStorage: default: type: softhsm CAs: root: common-name: "Root CA" key-info: algorithm: EC ecc-curve: P-384 sub1: common-name: "Sub CA 1" key-info: algorithm: EC ecc-curve: P-256 parent: root sub2: common-name: "Sub CA 2" key-info: algorithm: EC ecc-curve: P-256 parent: root ` r := strings.NewReader(yamlData) sc, err := LoadConfiguration(r) require.NoError(t, err) require.NotNil(t, sc) roots := sc.RootCAs() assert.Equal(t, roots, []string{"root"}) }