Skip to content

Commit

Permalink
Add test coverage for recently-added PKIX fields. (#4002)
Browse files Browse the repository at this point in the history
  • Loading branch information
robison authored and jefferai committed Feb 18, 2018
1 parent fbcad15 commit 45a90a9
Showing 1 changed file with 145 additions and 0 deletions.
145 changes: 145 additions & 0 deletions builtin/logical/pki/backend_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1555,6 +1555,27 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
ret = append(ret, issueTestStep)
}

getCountryCheck := func(role roleEntry) logicaltest.TestCheckFunc {
var certBundle certutil.CertBundle
return func(resp *logical.Response) error {
err := mapstructure.Decode(resp.Data, &certBundle)
if err != nil {
return err
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate

expected := strutil.RemoveDuplicates(role.Country, true)
if !reflect.DeepEqual(cert.Subject.Country, expected) {
return fmt.Errorf("Error: returned certificate has Country of %s but %s was specified in the role.", cert.Subject.Country, expected)
}
return nil
}
}

getOuCheck := func(role roleEntry) logicaltest.TestCheckFunc {
var certBundle certutil.CertBundle
return func(resp *logical.Response) error {
Expand Down Expand Up @@ -1597,6 +1618,90 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
}
}

getLocalityCheck := func(role roleEntry) logicaltest.TestCheckFunc {
var certBundle certutil.CertBundle
return func(resp *logical.Response) error {
err := mapstructure.Decode(resp.Data, &certBundle)
if err != nil {
return err
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate

expected := strutil.RemoveDuplicates(role.Locality, true)
if !reflect.DeepEqual(cert.Subject.Locality, expected) {
return fmt.Errorf("Error: returned certificate has Locality of %s but %s was specified in the role.", cert.Subject.Locality, expected)
}
return nil
}
}

getProvinceCheck := func(role roleEntry) logicaltest.TestCheckFunc {
var certBundle certutil.CertBundle
return func(resp *logical.Response) error {
err := mapstructure.Decode(resp.Data, &certBundle)
if err != nil {
return err
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate

expected := strutil.RemoveDuplicates(role.Province, true)
if !reflect.DeepEqual(cert.Subject.Province, expected) {
return fmt.Errorf("Error: returned certificate has Province of %s but %s was specified in the role.", cert.Subject.Province, expected)
}
return nil
}
}

getStreetAddressCheck := func(role roleEntry) logicaltest.TestCheckFunc {
var certBundle certutil.CertBundle
return func(resp *logical.Response) error {
err := mapstructure.Decode(resp.Data, &certBundle)
if err != nil {
return err
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate

expected := strutil.RemoveDuplicates(role.StreetAddress, true)
if !reflect.DeepEqual(cert.Subject.StreetAddress, expected) {
return fmt.Errorf("Error: returned certificate has StreetAddress of %s but %s was specified in the role.", cert.Subject.StreetAddress, expected)
}
return nil
}
}

getPostalCodeCheck := func(role roleEntry) logicaltest.TestCheckFunc {
var certBundle certutil.CertBundle
return func(resp *logical.Response) error {
err := mapstructure.Decode(resp.Data, &certBundle)
if err != nil {
return err
}
parsedCertBundle, err := certBundle.ToParsedCertBundle()
if err != nil {
return fmt.Errorf("Error checking generated certificate: %s", err)
}
cert := parsedCertBundle.Certificate

expected := strutil.RemoveDuplicates(role.PostalCode, true)
if !reflect.DeepEqual(cert.Subject.PostalCode, expected) {
return fmt.Errorf("Error: returned certificate has PostalCode of %s but %s was specified in the role.", cert.Subject.PostalCode, expected)
}
return nil
}
}

// Returns a TestCheckFunc that performs various validity checks on the
// returned certificate information, mostly within checkCertsAndPrivateKey
getCnCheck := func(name string, role roleEntry, key crypto.Signer, usage x509.KeyUsage, extUsage x509.ExtKeyUsage, validity time.Duration) logicaltest.TestCheckFunc {
Expand Down Expand Up @@ -1883,6 +1988,14 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
keybitSizeRandOff = true
addCnTests()
}
// Country tests
{
roleVals.Country = []string{"foo"}
addTests(getCountryCheck(roleVals))

roleVals.Country = []string{"foo", "bar"}
addTests(getCountryCheck(roleVals))
}
// OU tests
{
roleVals.OU = []string{"foo"}
Expand All @@ -1899,6 +2012,38 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
roleVals.Organization = []string{"foo", "bar"}
addTests(getOrganizationCheck(roleVals))
}
// Locality tests
{
roleVals.Locality = []string{"foo"}
addTests(getLocalityCheck(roleVals))

roleVals.Locality = []string{"foo", "bar"}
addTests(getLocalityCheck(roleVals))
}
// Province tests
{
roleVals.Province = []string{"foo"}
addTests(getProvinceCheck(roleVals))

roleVals.Province = []string{"foo", "bar"}
addTests(getProvinceCheck(roleVals))
}
// StreetAddress tests
{
roleVals.StreetAddress = []string{"123 foo street"}
addTests(getStreetAddressCheck(roleVals))

roleVals.StreetAddress = []string{"123 foo street", "456 bar avenue"}
addTests(getStreetAddressCheck(roleVals))
}
// PostalCode tests
{
roleVals.PostalCode = []string{"f00"}
addTests(getPostalCodeCheck(roleVals))

roleVals.PostalCode = []string{"f00", "b4r"}
addTests(getPostalCodeCheck(roleVals))
}
// IP SAN tests
{
roleVals.UseCSRSANs = true
Expand Down

0 comments on commit 45a90a9

Please sign in to comment.