open-vault/builtin/logical/pki/cert_util_test.go

126 lines
2.9 KiB
Go
Raw Normal View History

2017-04-26 06:46:01 +00:00
package pki
import (
"context"
2017-04-27 21:09:59 +00:00
"fmt"
2017-04-26 06:46:01 +00:00
"testing"
2017-04-27 21:09:59 +00:00
"strings"
"github.com/hashicorp/vault/sdk/logical"
2017-04-26 06:46:01 +00:00
)
func TestPki_FetchCertBySerial(t *testing.T) {
2017-04-26 06:46:01 +00:00
storage := &logical.InmemStorage{}
cases := map[string]struct {
2017-04-27 21:09:59 +00:00
Req *logical.Request
Prefix string
Serial string
2017-04-26 06:46:01 +00:00
}{
2017-04-27 21:09:59 +00:00
"valid cert": {
2017-04-26 06:46:01 +00:00
&logical.Request{
2017-04-28 12:55:28 +00:00
Storage: storage,
2017-04-26 06:46:01 +00:00
},
2017-04-27 21:09:59 +00:00
"certs/",
"00:00:00:00:00:00:00:00",
2017-04-26 06:46:01 +00:00
},
2017-04-27 21:09:59 +00:00
"revoked cert": {
2017-04-26 06:46:01 +00:00
&logical.Request{
2017-04-28 12:55:28 +00:00
Storage: storage,
2017-04-26 06:46:01 +00:00
},
2017-04-27 21:09:59 +00:00
"revoked/",
"11:11:11:11:11:11:11:11",
2017-04-26 06:46:01 +00:00
},
}
2017-04-27 21:09:59 +00:00
// Test for colon-based paths in storage
for name, tc := range cases {
storageKey := fmt.Sprintf("%s%s", tc.Prefix, tc.Serial)
err := storage.Put(context.Background(), &logical.StorageEntry{
2017-04-27 21:09:59 +00:00
Key: storageKey,
Value: []byte("some data"),
})
if err != nil {
t.Fatalf("error writing to storage on %s colon-based storage path: %s", name, err)
}
certEntry, err := fetchCertBySerial(context.Background(), tc.Req, tc.Prefix, tc.Serial)
2017-04-27 21:09:59 +00:00
if err != nil {
t.Fatalf("error on %s for colon-based storage path: %s", name, err)
}
// Check for non-nil on valid/revoked certs
if certEntry == nil {
t.Fatalf("nil on %s for colon-based storage path", name)
}
// Ensure that cert serials are converted/updated after fetch
2017-05-03 14:12:58 +00:00
expectedKey := tc.Prefix + normalizeSerial(tc.Serial)
se, err := storage.Get(context.Background(), expectedKey)
2017-04-27 21:09:59 +00:00
if err != nil {
t.Fatalf("error on %s for colon-based storage path:%s", name, err)
}
if strings.Compare(expectedKey, se.Key) != 0 {
t.Fatalf("expected: %s, got: %s", expectedKey, certEntry.Key)
}
}
// Reset storage
storage = &logical.InmemStorage{}
// Test for hyphen-base paths in storage
2017-04-26 06:46:01 +00:00
for name, tc := range cases {
2017-05-03 14:12:58 +00:00
storageKey := tc.Prefix + normalizeSerial(tc.Serial)
err := storage.Put(context.Background(), &logical.StorageEntry{
2017-04-27 21:09:59 +00:00
Key: storageKey,
2017-04-26 06:46:01 +00:00
Value: []byte("some data"),
})
if err != nil {
2017-04-27 21:09:59 +00:00
t.Fatalf("error writing to storage on %s hyphen-based storage path: %s", name, err)
2017-04-26 06:46:01 +00:00
}
certEntry, err := fetchCertBySerial(context.Background(), tc.Req, tc.Prefix, tc.Serial)
2017-04-28 12:55:28 +00:00
if err != nil || certEntry == nil {
t.Fatalf("error on %s for hyphen-based storage path: err: %v, entry: %v", name, err, certEntry)
}
}
noConvCases := map[string]struct {
Req *logical.Request
Prefix string
Serial string
}{
"ca": {
&logical.Request{
Storage: storage,
},
"",
"ca",
},
"crl": {
&logical.Request{
Storage: storage,
},
"",
"crl",
},
}
// Test for ca and crl case
for name, tc := range noConvCases {
err := storage.Put(context.Background(), &logical.StorageEntry{
2017-04-28 12:55:28 +00:00
Key: tc.Serial,
Value: []byte("some data"),
})
2017-04-26 06:46:01 +00:00
if err != nil {
2017-04-28 12:55:28 +00:00
t.Fatalf("error writing to storage on %s: %s", name, err)
2017-04-26 06:46:01 +00:00
}
certEntry, err := fetchCertBySerial(context.Background(), tc.Req, tc.Prefix, tc.Serial)
2017-04-28 12:55:28 +00:00
if err != nil || certEntry == nil {
t.Fatalf("error on %s: err: %v, entry: %v", name, err, certEntry)
2017-04-26 06:46:01 +00:00
}
}
}