generator_test.go 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. package generator
  2. import (
  3. "bytes"
  4. "encoding/json"
  5. "net/http"
  6. "net/http/httptest"
  7. "testing"
  8. "time"
  9. "github.com/cloudflare/cfssl/api"
  10. "github.com/cloudflare/cfssl/config"
  11. "github.com/cloudflare/cfssl/csr"
  12. "github.com/cloudflare/cfssl/signer/local"
  13. )
  14. const (
  15. testCaFile = "testdata/ca.pem"
  16. testCaKeyFile = "testdata/ca_key.pem"
  17. testCABundle = "../../bundler/testdata/ca-bundle.pem"
  18. testIntBundle = "../../bundler/testdata/int-bundle.pem"
  19. )
  20. func csrData(t *testing.T) *bytes.Reader {
  21. req := &csr.CertificateRequest{
  22. Names: []csr.Name{
  23. {
  24. C: "US",
  25. ST: "California",
  26. L: "San Francisco",
  27. O: "CloudFlare",
  28. OU: "Systems Engineering",
  29. },
  30. },
  31. CN: "cloudflare.com",
  32. Hosts: []string{"cloudflare.com"},
  33. KeyRequest: csr.NewBasicKeyRequest(),
  34. }
  35. csrBytes, err := json.Marshal(req)
  36. if err != nil {
  37. t.Fatal(err)
  38. }
  39. return bytes.NewReader(csrBytes)
  40. }
  41. func TestGeneratorRESTfulVerbs(t *testing.T) {
  42. handler, _ := NewHandler(CSRValidate)
  43. ts := httptest.NewServer(handler)
  44. data := csrData(t)
  45. // POST should work.
  46. req, _ := http.NewRequest("POST", ts.URL, data)
  47. resp, _ := http.DefaultClient.Do(req)
  48. if resp.StatusCode != http.StatusOK {
  49. t.Fatal(resp.Status)
  50. }
  51. // Test GET, PUT, DELETE and whatever, expect 400 errors.
  52. req, _ = http.NewRequest("GET", ts.URL, data)
  53. resp, _ = http.DefaultClient.Do(req)
  54. if resp.StatusCode != http.StatusMethodNotAllowed {
  55. t.Fatal(resp.Status)
  56. }
  57. req, _ = http.NewRequest("PUT", ts.URL, data)
  58. resp, _ = http.DefaultClient.Do(req)
  59. if resp.StatusCode != http.StatusMethodNotAllowed {
  60. t.Fatal(resp.Status)
  61. }
  62. req, _ = http.NewRequest("DELETE", ts.URL, data)
  63. resp, _ = http.DefaultClient.Do(req)
  64. if resp.StatusCode != http.StatusMethodNotAllowed {
  65. t.Fatal(resp.Status)
  66. }
  67. req, _ = http.NewRequest("WHATEVER", ts.URL, data)
  68. resp, _ = http.DefaultClient.Do(req)
  69. if resp.StatusCode != http.StatusMethodNotAllowed {
  70. t.Fatal(resp.Status)
  71. }
  72. }
  73. func TestCSRValidate(t *testing.T) {
  74. req := &csr.CertificateRequest{
  75. Names: []csr.Name{
  76. {
  77. C: "US",
  78. ST: "California",
  79. L: "San Francisco",
  80. O: "CloudFlare",
  81. OU: "Systems Engineering",
  82. },
  83. },
  84. CN: "cloudflare.com",
  85. Hosts: []string{},
  86. KeyRequest: csr.NewBasicKeyRequest(),
  87. }
  88. err := CSRValidate(req)
  89. if err != nil {
  90. t.Fatal("There should be not an error for missing Hosts parameter")
  91. }
  92. }
  93. func TestNewCertGeneratorHandlerFromSigner(t *testing.T) {
  94. var expiry = 1 * time.Minute
  95. var CAConfig = &config.Config{
  96. Signing: &config.Signing{
  97. Profiles: map[string]*config.SigningProfile{
  98. "signature": {
  99. Usage: []string{"digital signature"},
  100. Expiry: expiry,
  101. },
  102. },
  103. Default: &config.SigningProfile{
  104. Usage: []string{"cert sign", "crl sign"},
  105. ExpiryString: "43800h",
  106. Expiry: expiry,
  107. CAConstraint: config.CAConstraint{IsCA: true},
  108. ClientProvidesSerialNumbers: true,
  109. },
  110. },
  111. }
  112. s, err := local.NewSignerFromFile(testCaFile, testCaKeyFile, CAConfig.Signing)
  113. if err != nil {
  114. t.Fatal(err)
  115. }
  116. h := NewCertGeneratorHandlerFromSigner(CSRValidate, s)
  117. _, ok := h.(http.Handler)
  118. if !ok {
  119. t.Fatal("A HTTP handler has not been returned")
  120. }
  121. apiH, ok := h.(api.HTTPHandler)
  122. if !ok {
  123. t.Fatal("An api.HTTPHandler has not been returned")
  124. }
  125. cg, ok := apiH.Handler.(*CertGeneratorHandler)
  126. if !ok {
  127. t.Fatal("A CertGeneratorHandler has not been set")
  128. }
  129. if err := cg.SetBundler(testCABundle, testIntBundle); err != nil {
  130. t.Fatal(err)
  131. }
  132. }