ca: cleanup a test
Fix the name to match the function it is testing Remove unused code Fix the signature, instead of returning (error, string) which should be (string, error) accept a testing.T to emit errors. Handle the error from encode.
This commit is contained in:
Daniel Nephin
parent
9ec7e07db4
commit
92a054cfa6
|
|
@ -400,7 +400,7 @@ func TestCAManager_UpdateConfigWhileRenewIntermediate(t *testing.T) {
|
||||||
require.EqualValues(t, caStateInitialized, manager.state)
|
require.EqualValues(t, caStateInitialized, manager.state)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCAManager_SignLeafWithExpiredCert(t *testing.T) {
|
func TestCAManager_SignCertificate_WithExpiredCert(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
|
|
@ -423,7 +423,6 @@ func TestCAManager_SignLeafWithExpiredCert(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, arg := range args {
|
for _, arg := range args {
|
||||||
|
|
||||||
t.Run(arg.testName, func(t *testing.T) {
|
t.Run(arg.testName, func(t *testing.T) {
|
||||||
// No parallel execution because we change globals
|
// No parallel execution because we change globals
|
||||||
// Set the interval and drift buffer low for renewing the cert.
|
// Set the interval and drift buffer low for renewing the cert.
|
||||||
|
|
@ -443,10 +442,8 @@ func TestCAManager_SignLeafWithExpiredCert(t *testing.T) {
|
||||||
delegate := NewMockCAServerDelegate(t, conf)
|
delegate := NewMockCAServerDelegate(t, conf)
|
||||||
manager := NewCAManager(delegate, nil, testutil.Logger(t), conf)
|
manager := NewCAManager(delegate, nil, testutil.Logger(t), conf)
|
||||||
|
|
||||||
err, rootPEM := generatePem(arg.notBeforeRoot, arg.notAfterRoot)
|
rootPEM := generateCertPEM(t, arg.notBeforeRoot, arg.notAfterRoot)
|
||||||
require.NoError(t, err)
|
intermediatePEM := generateCertPEM(t, arg.notBeforeIntermediate, arg.notAfterIntermediate)
|
||||||
err, intermediatePEM := generatePem(arg.notBeforeIntermediate, arg.notAfterIntermediate)
|
|
||||||
require.NoError(t, err)
|
|
||||||
manager.providerShim = &mockCAProvider{
|
manager.providerShim = &mockCAProvider{
|
||||||
callbackCh: delegate.callbackCh,
|
callbackCh: delegate.callbackCh,
|
||||||
rootPEM: rootPEM,
|
rootPEM: rootPEM,
|
||||||
|
|
@ -462,7 +459,7 @@ func TestCAManager_SignLeafWithExpiredCert(t *testing.T) {
|
||||||
// Call RenewIntermediate and then confirm the RPCs and provider calls
|
// Call RenewIntermediate and then confirm the RPCs and provider calls
|
||||||
// happen in the expected order.
|
// happen in the expected order.
|
||||||
|
|
||||||
_, err = manager.SignCertificate(&x509.CertificateRequest{}, &connect.SpiffeIDAgent{})
|
_, err := manager.SignCertificate(&x509.CertificateRequest{}, &connect.SpiffeIDAgent{})
|
||||||
|
|
||||||
if arg.isError {
|
if arg.isError {
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
|
|
@ -474,7 +471,8 @@ func TestCAManager_SignLeafWithExpiredCert(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func generatePem(notBefore time.Time, notAfter time.Time) (error, string) {
|
func generateCertPEM(t *testing.T, notBefore time.Time, notAfter time.Time) string {
|
||||||
|
t.Helper()
|
||||||
ca := &x509.Certificate{
|
ca := &x509.Certificate{
|
||||||
SerialNumber: big.NewInt(2019),
|
SerialNumber: big.NewInt(2019),
|
||||||
Subject: pkix.Name{
|
Subject: pkix.Name{
|
||||||
|
|
@ -493,25 +491,18 @@ func generatePem(notBefore time.Time, notAfter time.Time) (error, string) {
|
||||||
BasicConstraintsValid: true,
|
BasicConstraintsValid: true,
|
||||||
}
|
}
|
||||||
caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
|
caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
|
||||||
if err != nil {
|
require.NoError(t, err, "failed to generate key")
|
||||||
return err, ""
|
|
||||||
}
|
|
||||||
caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)
|
caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)
|
||||||
if err != nil {
|
require.NoError(t, err, "failed to create cert")
|
||||||
return err, ""
|
|
||||||
}
|
|
||||||
caPEM := new(bytes.Buffer)
|
caPEM := new(bytes.Buffer)
|
||||||
pem.Encode(caPEM, &pem.Block{
|
err = pem.Encode(caPEM, &pem.Block{
|
||||||
Type: "CERTIFICATE",
|
Type: "CERTIFICATE",
|
||||||
Bytes: caBytes,
|
Bytes: caBytes,
|
||||||
})
|
})
|
||||||
|
require.NoError(t, err, "failed to encode")
|
||||||
caPrivKeyPEM := new(bytes.Buffer)
|
return caPEM.String()
|
||||||
pem.Encode(caPrivKeyPEM, &pem.Block{
|
|
||||||
Type: "RSA PRIVATE KEY",
|
|
||||||
Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
|
|
||||||
})
|
|
||||||
return err, caPEM.String()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCADelegateWithState_GenerateCASignRequest(t *testing.T) {
|
func TestCADelegateWithState_GenerateCASignRequest(t *testing.T) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue