cloudflare
/
cfssl
kopia lustrzana https://github.com/cloudflare/cfssl


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232
							package gencert

import (
	"os"
	"strings"
	"testing"

	"github.com/cloudflare/cfssl/cli"
)

func TestGencertMain(t *testing.T) {

	c := cli.Config{
		IsCA: true,
	}

	err := gencertMain([]string{"../testdata/csr.json"}, c)
	if err != nil {
		t.Fatal(err)
	}

	c = cli.Config{
		IsCA:      true,
		CAKeyFile: "../testdata/ca-key.pem",
	}

	err = gencertMain([]string{"../testdata/csr.json"}, c)
	if err != nil {
		t.Fatal(err)
	}

	c = cli.Config{
		CAFile:    "../testdata/ca.pem",
		CAKeyFile: "../testdata/ca-key.pem",
	}

	err = gencertMain([]string{"../testdata/csr.json"}, c)
	if err != nil {
		t.Fatal(err)
	}

	c = cli.Config{
		RenewCA:   true,
		CAFile:    "../testdata/ca.pem",
		CAKeyFile: "../testdata/ca-key.pem",
	}
	err = gencertMain([]string{}, c)

	if err != nil {
		t.Fatal(err)
	}
}

func TestGencertFile(t *testing.T) {
	c := cli.Config{
		IsCA:      true,
		CAKeyFile: "file:../testdata/ca-key.pem",
	}

	err := gencertMain([]string{"../testdata/csr.json"}, c)
	if err != nil {
		t.Fatal(err)
	}

	c = cli.Config{
		CAFile:    "file:../testdata/ca.pem",
		CAKeyFile: "file:../testdata/ca-key.pem",
	}

	err = gencertMain([]string{"../testdata/csr.json"}, c)
	if err != nil {
		t.Fatal(err)
	}

	c = cli.Config{
		RenewCA:   true,
		CAFile:    "file:../testdata/ca.pem",
		CAKeyFile: "file:../testdata/ca-key.pem",
	}
	err = gencertMain([]string{}, c)

	if err != nil {
		t.Fatal(err)
	}
}

func TestGencertEnv(t *testing.T) {
	tempCaCert, _ := os.ReadFile("../testdata/ca.pem")
	tempCaKey, _ := os.ReadFile("../testdata/ca-key.pem")
	os.Setenv("ca", string(tempCaCert))
	os.Setenv("ca_key", string(tempCaKey))

	c := cli.Config{
		IsCA:      true,
		CAKeyFile: "env:ca_key",
	}

	err := gencertMain([]string{"../testdata/csr.json"}, c)
	if err != nil {
		t.Fatal(err)
	}

	c = cli.Config{
		CAFile:    "env:ca",
		CAKeyFile: "env:ca_key",
	}

	err = gencertMain([]string{"../testdata/csr.json"}, c)
	if err != nil {
		t.Fatal(err)
	}

	c = cli.Config{
		RenewCA:   true,
		CAFile:    "env:ca",
		CAKeyFile: "env:ca_key",
	}
	err = gencertMain([]string{}, c)

	if err != nil {
		t.Fatal(err)
	}
}

func TestBadGencertEnv(t *testing.T) {
	tempCaCert, _ := os.ReadFile("../testdata/ca.pem")
	tempCaKey, _ := os.ReadFile("../testdata/ca-key.pem")
	os.Setenv("ca", string(tempCaCert))
	os.Setenv("ca_key", string(tempCaKey))

	c := cli.Config{
		RenewCA:   true,
		CAFile:    "ca",
		CAKeyFile: "env:ca_key",
	}
	err := gencertMain([]string{}, c)

	if err == nil {
		t.Fatal("No prefix provided, should report an error")
	}

	c = cli.Config{
		RenewCA:   true,
		CAFile:    "env:ca",
		CAKeyFile: "ca_key",
	}
	err = gencertMain([]string{}, c)

	if err == nil {
		t.Fatal("No prefix provided, should report an error")
	}

	c = cli.Config{
		RenewCA:   true,
		CAFile:    "env:ca",
		CAKeyFile: "en:ca_key",
	}
	err = gencertMain([]string{}, c)

	if err == nil {
		t.Fatal("Unsupported prefix, should report error")
	}

	c = cli.Config{
		RenewCA:   true,
		CAFile:    "env:ca",
		CAKeyFile: "env:file:ca_key",
	}
	err = gencertMain([]string{}, c)

	if err == nil {
		t.Fatal("Multiple prefixes, should report error")
	}
}

func TestBadGencertMain(t *testing.T) {
	err := gencertMain([]string{"../testdata/csr.json"}, cli.Config{})
	if err != nil {
		t.Fatal(err)
	}

	err = gencertMain([]string{"../testdata/csr.json"}, cli.Config{CAFile: "../testdata/ca.pem"})
	if err != nil {
		t.Fatal(err)
	}

	err = gencertMain([]string{}, cli.Config{RenewCA: true})
	if err == nil {
		t.Fatal("No CA or Key provided, should report error")
	}

	err = gencertMain([]string{}, cli.Config{})
	if err == nil {
		t.Fatal("Not enough argument, should report error")
	}

	err = gencertMain([]string{"../testdata/bad_csr.json"}, cli.Config{})
	if err == nil {
		t.Fatal("Bad CSR JSON, should report error")
	}

	err = gencertMain([]string{"../testdata/nothing"}, cli.Config{})
	if err == nil {
		t.Fatal("Trying to read a non-existence file, should report error")
	}

	err = gencertMain([]string{"../testdata/csr.json"}, cli.Config{IsCA: true, CAKeyFile: "../../testdata/garbage.crt"})
	if err == nil {
		t.Fatal("Bad CA, should report error")
	}

	err = gencertMain([]string{"../testdata/csr.json"}, cli.Config{CAFile: "../testdata/ca.pem", Remote: "123::::123"})
	if err == nil {
		t.Fatal("Invalid remote, should reort error")
	}

}

func TestOidMain(t *testing.T) {
	c := cli.Config{
		CAFile:    "../testdata/ca.pem",
		CAKeyFile: "../testdata/ca-key.pem",
	}
	err := gencertMain([]string{"../testdata/bad_oid_csr.json"}, c)
	if err == nil {
		t.Fatal("Expected error")
	}
	if !strings.Contains(err.Error(), "invalid OID part abc") {
		t.Fatalf("Unexpected error: %s", err.Error())
	}
}