github.com/Venafi/vcert/v5@v5.10.2/pkg/venafi/tpp/tpp_test.go (about) 1 /* 2 * Copyright 2018 Venafi, Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package tpp 18 19 import ( 20 "crypto/x509" 21 "net/http" 22 "strings" 23 "testing" 24 25 "github.com/Venafi/vcert/v5/pkg/certificate" 26 "github.com/Venafi/vcert/v5/pkg/endpoint" 27 ) 28 29 const ( 30 expectedURL = "https://localhost/" 31 ) 32 33 func TestParseConfigFindPolicyData(t *testing.T) { 34 data := []byte("{\"Locked\":false,\"PolicyDN\":\"\\\\VED\\\\Policy\\\\Web SDK Testing\",\"Result\":1,\"Values\":[\"Engineering\",\"Quality Assurance\"]}") 35 tppData, err := parseConfigResult(http.StatusOK, "", data) 36 if err != nil { 37 t.Fatalf("err is not nil, err: %s", err) 38 } 39 if len(tppData.Values) != 2 { 40 t.Fatalf("Values count was not expected count of 2 actual count is %d", len(tppData.Values)) 41 } 42 43 tppData, err = parseConfigResult(http.StatusBadRequest, "Bad Request", data) 44 if err == nil { 45 t.Fatalf("err is nil when expected to not be") 46 } 47 48 if !strings.Contains(err.Error(), "Bad Request") { 49 t.Fatalf("Parse Certificate error response did not include expected string: Bad Request -- Actual: %s", err) 50 } 51 52 data = []byte("bad data") 53 tppData, err = parseConfigData(data) 54 if err == nil { 55 t.Fatalf("ParseConfigData with bad data did not return an error") 56 } 57 } 58 59 func TestParseCertificateRequestData(t *testing.T) { 60 data := []byte("{\"CertificateDN\":\"\\\\VED\\\\Policy\\\\Web SDK Testing\\\\bonjoTest 33\"}") 61 62 requestDN, err := parseRequestResult(http.StatusOK, "", data) 63 if err != nil { 64 t.Fatalf("err is not nil, err: %s", err) 65 } 66 67 if !strings.EqualFold(requestDN, "\\VED\\Policy\\Web SDK Testing\\bonjoTest 33") { 68 t.Fatalf("Parse Certificate retrieve response did not include expected CertificateDN: \\VED\\Policy\\Web SDK Testing\\bonjoTest 33 -- Actual: %s", requestDN) 69 } 70 71 requestDN, err = parseRequestResult(http.StatusBadRequest, "Bad Request", data) 72 if err == nil { 73 t.Fatalf("err is nil when expected to not be") 74 } 75 76 if !strings.Contains(err.Error(), "Bad Request") { 77 t.Fatalf("Parse Certificate error response did not include expected string: Bad Request -- Actual: %s", err) 78 } 79 80 data = []byte("bad data") 81 _, err = parseRequestData(data) 82 if err == nil { 83 t.Fatalf("ParseRequestData with bad data did not return an error") 84 } 85 } 86 87 func TestParseCertificateRetrieveData(t *testing.T) { 88 data := []byte("{\"CertificateData\":\"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlHYWpDQ0JWS2dBd0lCQWdJS0hyT1Z5d0FBQUNxNHp6QU5CZ2txaGtpRzl3MEJBUVVGQURCWE1STXdFUVlLDQpDWkltaVpQeUxHUUJHUllEWTI5dE1SWXdGQVlLQ1pJbWlaUHlMR1FCR1JZR2RtVnVZV1pwTVJVd0V3WUtDWkltDQppWlB5TEdRQkdSWUZkbVZ1Y1dFeEVUQVBCZ05WQkFNVENGWmxibEZCSUVOQk1CNFhEVEUyTURJeE9ESXlNRFl3DQpNMW9YRFRFM01URXdPVEl5TlRnek1sb3dnWXd4Q3pBSkJnTlZCQVlUQWxWVE1RMHdDd1lEVlFRSUV3UlZkR0ZvDQpNUXd3Q2dZRFZRUUhFd05UVEVNeEZUQVRCZ05WQkFvVERGWmxibUZtYVN3Z1NXNWpMakVVTUJJR0ExVUVDeE1MDQpSVzVuYVc1bFpYSnBibWN4R2pBWUJnTlZCQXNURVZGMVlXeHBkSGtnUVhOemRYSmhibU5sTVJjd0ZRWURWUVFEDQpFdzUwWlhOMExtSnZibXB2TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCDQpBTXcwR2RrNm1CeUt0WHJBcXpQQ3pmVzV0V2lTZFFDTzhycHJadStRQXZwYXlUSjBJbFBBbE5QZEt5M3JlRUM1DQowMWxjUlpvYSt0aUpuazVKNWRqcU9oaXErdkhNKzRJYkJWb3lPODNPdmxYd045a1gyc0NuTGJ1MkFTeUJGZmVwDQpVWDJuNmJ5aGVKS3FJSUw1ZXd3TFlMWndYYUhHa1pZL2Q0ZXFSVmM5UTN3Nzh4SkJSbXdCNzhad1lQeVdYd0ZXDQpRTUVyRitMdkRZTnhQeGRtWXVSdFRWRTkvUHBpaWNKUnpVWWUzV25KcEhNRzQ0cDJDR3gvVHJQcDZkUHVoNlUxDQpET2J2UEt0UHAyR25JZy9aaWovL3ZDMU94eFNKMXdFdzdXMFE1N3JpMWl0QkxmTFg3MS9WOEpHMUFEN0t6cFQwDQp6ZGM1OERvVWxHTHg0cXd4dWFmaDR0c0NBd0VBQWFPQ0F3QXdnZ0w4TUIwR0ExVWREZ1FXQkJTTU5XK2Z4ZDZFDQphQ0tkaHk3dG11WS9YSnh4UmpBZkJnTlZIU01FR0RBV2dCUkdWbzIzMkxKRzA5OGg2RVFTUEZBVFFTdzdBVENDDQpBVnNHQTFVZEh3U0NBVkl3Z2dGT01JSUJTcUNDQVVhZ2dnRkNoajlvZEhSd09pOHZNbXM0TFhabGJuRmhMWEJrDQpZeTUyWlc1eFlTNTJaVzVoWm1rdVkyOXRMME5sY25SRmJuSnZiR3d2Vm1WdVVVRWxNakJEUVM1amNteUdnYjlzDQpaR0Z3T2k4dkwwTk9QVlpsYmxGQkpUSXdRMEVzUTA0OU1tczRMWFpsYm5GaExYQmtZeXhEVGoxRFJGQXNRMDQ5DQpVSFZpYkdsakpUSXdTMlY1SlRJd1UyVnlkbWxqWlhNc1EwNDlVMlZ5ZG1salpYTXNRMDQ5UTI5dVptbG5kWEpoDQpkR2x2Yml4RVF6MTJaVzV4WVN4RVF6MTJaVzVoWm1rc1JFTTlZMjl0UDJObGNuUnBabWxqWVhSbFVtVjJiMk5oDQpkR2x2Ymt4cGMzUS9ZbUZ6WlQ5dlltcGxZM1JEYkdGemN6MWpVa3hFYVhOMGNtbGlkWFJwYjI1UWIybHVkSVk5DQpabWxzWlRvdkx6SnJPQzEyWlc1eFlTMXdaR011ZG1WdWNXRXVkbVZ1WVdacExtTnZiUzlEWlhKMFJXNXliMnhzDQpMMVpsYmxGQklFTkJMbU55YkRDQnhBWUlLd1lCQlFVSEFRRUVnYmN3Z2JRd2diRUdDQ3NHQVFVRkJ6QUNob0drDQpiR1JoY0Rvdkx5OURUajFXWlc1UlFTVXlNRU5CTEVOT1BVRkpRU3hEVGoxUWRXSnNhV01sTWpCTFpYa2xNakJUDQpaWEoyYVdObGN5eERUajFUWlhKMmFXTmxjeXhEVGoxRGIyNW1hV2QxY21GMGFXOXVMRVJEUFhabGJuRmhMRVJEDQpQWFpsYm1GbWFTeEVRejFqYjIwL1kwRkRaWEowYVdacFkyRjBaVDlpWVhObFAyOWlhbVZqZEVOc1lYTnpQV05sDQpjblJwWm1sallYUnBiMjVCZFhSb2IzSnBkSGt3Q3dZRFZSMFBCQVFEQWdXZ01Eb0dDU3NHQVFRQmdqY1ZCd1F0DQpNQ3NHSXlzR0FRUUJnamNWQ0lHUGlYS0VoTEJxOVowUWg1Yi9mTVNKRldDYzZFT0Z1NlJkQWdGa0FnRUpNQk1HDQpBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQnNHQ1NzR0FRUUJnamNWQ2dRT01Bd3dDZ1lJS3dZQkJRVUhBd0V3DQpHUVlEVlIwUkJCSXdFSUlPZEdWemRDNWliMjVxYnk1amIyMHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBSFhSDQpIZXZSTnZhL3l3YVU3VHJTMUlTb2ZqcUVtT1MwVDB2ZWlDenVFZkhwTitZWGg2SzhZVXViODFWTHF2aTJxSmJUDQp0bExwSmNVTytBVHBrYWV5K2RQU1B2WVNUejVKY3BaWjU3MCsrUTg0RFFPcnEvcmJjamFHMHBsNDk1Sk1nQzVRDQo4VUlZa0JTMndEWWhJRVdpYmZZVU91S2c3Y3RVRTV2eVI3eFkvU1JhaFBwUUNVS1o0QmJqNnhnV2VmOW5IVjVVDQpuVWZqQzVjdXJ3TUE5RGVweFBHWGtwVm5FK1RzK1k4ZlFwSmdVUUtmNHRoWklwbVB1d044NU1BVXJxTW9YbkNyDQpIM0Y4NzJJNnF4RlkzUzhyNk1TZUdMdUtyb3h4TEErQk9scDV2cXRqRlo0SWlDcUNmLzA1UzZFbFhaa1V1K1ZpDQpZaUkyQ1VValVEWkdVU2lrMUFBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K\",\"Filename\":\"test.bonjo.com.cer\",\"Format\":\"base64\"}") 89 90 resp, err := parseRetrieveResult(http.StatusOK, "", data) 91 if err != nil { 92 t.Fatalf("err is not nil, err: %s", err) 93 } 94 95 if !strings.EqualFold(resp.Filename, "test.bonjo.com.cer") { 96 t.Fatalf("Parse Certificate retrieve response did not include expected filename: test.bonjo.com.cer -- Actual: %s", resp.Filename) 97 } 98 99 resp, err = parseRetrieveResult(http.StatusBadRequest, "Bad Request", data) 100 if err == nil { 101 t.Fatalf("err is nil when expected to not be") 102 } 103 104 if !strings.Contains(err.Error(), "Bad Request") { 105 t.Fatalf("Parse Certificate error response did not include expected string: Bad Request -- Actual: %s", err) 106 } 107 108 data = []byte("bad data") 109 _, err = parseRetrieveData(data) 110 if err == nil { 111 t.Fatalf("ParseRetrieveData with bad data did not return an error") 112 } 113 } 114 115 func getBaseZoneConfiguration() *endpoint.ZoneConfiguration { 116 z := endpoint.NewZoneConfiguration() 117 z.Organization = "Venafi" 118 z.OrganizationalUnit = []string{"Engineering", "Automated Tests"} 119 z.Country = "US" 120 z.Province = "Utah" 121 z.Locality = "SLC" 122 z.AllowedKeyConfigurations = []endpoint.AllowedKeyConfiguration{endpoint.AllowedKeyConfiguration{KeyType: certificate.KeyTypeRSA, KeySizes: []int{4096}}} 123 z.HashAlgorithm = x509.SHA512WithRSA 124 return z 125 } 126 127 func TestGetPolicyDN(t *testing.T) { 128 const expectedPolicy = "\\VED\\Policy\\One\\Level 2\\This is level Three" 129 130 actualPolicy := getPolicyDN("One\\Level 2\\This is level Three") 131 if len(expectedPolicy) != len(actualPolicy) { 132 t.Fatalf("getPolicyDN did not return the expected value of %s -- Actual value %s", expectedPolicy, actualPolicy) 133 } 134 for i := 0; i < len(expectedPolicy); i++ { 135 if expectedPolicy[i] != actualPolicy[i] { 136 t.Fatalf("getPolicyDN did not return the expected value of %s -- Actual value %s", expectedPolicy, actualPolicy) 137 } 138 } 139 140 actualPolicy = getPolicyDN("\\One\\Level 2\\This is level Three") 141 if len(expectedPolicy) != len(actualPolicy) { 142 t.Fatalf("getPolicyDN did not return the expected value of %s -- Actual value %s", expectedPolicy, actualPolicy) 143 } 144 for i := 0; i < len(expectedPolicy); i++ { 145 if expectedPolicy[i] != actualPolicy[i] { 146 t.Fatalf("getPolicyDN did not return the expected value of %s -- Actual value %s", expectedPolicy, actualPolicy) 147 } 148 } 149 150 actualPolicy = getPolicyDN(expectedPolicy) 151 if len(expectedPolicy) != len(actualPolicy) { 152 t.Fatalf("getPolicyDN did not return the expected value of %s -- Actual value %s", expectedPolicy, actualPolicy) 153 } 154 for i := 0; i < len(expectedPolicy); i++ { 155 if expectedPolicy[i] != actualPolicy[i] { 156 t.Fatalf("getPolicyDN did not return the expected value of %s -- Actual value %s", expectedPolicy, actualPolicy) 157 } 158 } 159 } 160 161 func TestRetrieveChainOptionFromString(t *testing.T) { 162 co := retrieveChainOptionFromString("RoOt-fIrSt") 163 if co != retrieveChainOptionRootFirst { 164 t.Fatalf("retrieveChainOptionFromString did not return the expected value of %v -- Actual value %v", retrieveChainOptionRootFirst, co) 165 } 166 co = retrieveChainOptionFromString("IGNORE") 167 if co != retrieveChainOptionIgnore { 168 t.Fatalf("retrieveChainOptionFromString did not return the expected value of %v -- Actual value %v", retrieveChainOptionIgnore, co) 169 } 170 co = retrieveChainOptionFromString("RoOt-LaSt") 171 if co != retrieveChainOptionRootLast { 172 t.Fatalf("retrieveChainOptionFromString did not return the expected value of %v -- Actual value %v", retrieveChainOptionRootLast, co) 173 } 174 co = retrieveChainOptionFromString("some value") 175 if co != retrieveChainOptionRootLast { 176 t.Fatalf("retrieveChainOptionFromString did not return the expected value of %v -- Actual value %v", retrieveChainOptionRootLast, co) 177 } 178 } 179 180 func TestNewPEMCertificateCollectionFromResponse(t *testing.T) { 181 var ( 182 tppResponse = "c3ViamVjdD1DTj1jZXJ0YWZpLWJvbmpvLnZlbmFmaS5jb20sIE9VPVF1YWxpdHkgQXNzdXJhbmNlLCBPVT1FbmdpbmVlcmluZywgTz0iVmVuYWZpLCBJbmMuIiwgTD1TTEMsIFM9VXRhaCwgQz1VUw0KaXNzdWVyPUNOPVZlblFBIENsYXNzIEcgQ0EsIERDPXZlbnFhLCBEQz12ZW5hZmksIERDPWNvbQ0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlHbWpDQ0JZS2dBd0lCQWdJS1ZPQkRWQUFCQUFCUXl6QU5CZ2txaGtpRzl3MEJBUVVGQURCZk1STXdFUVlLDQpDWkltaVpQeUxHUUJHUllEWTI5dE1SWXdGQVlLQ1pJbWlaUHlMR1FCR1JZR2RtVnVZV1pwTVJVd0V3WUtDWkltDQppWlB5TEdRQkdSWUZkbVZ1Y1dFeEdUQVhCZ05WQkFNVEVGWmxibEZCSUVOc1lYTnpJRWNnUTBFd0hoY05NVFl3DQpNakkyTWpFek56TXpXaGNOTVRZd016QXlNakV6TnpNeldqQ0JsakVMTUFrR0ExVUVCaE1DVlZNeERUQUxCZ05WDQpCQWdUQkZWMFlXZ3hEREFLQmdOVkJBY1RBMU5NUXpFVk1CTUdBMVVFQ2hNTVZtVnVZV1pwTENCSmJtTXVNUlF3DQpFZ1lEVlFRTEV3dEZibWRwYm1WbGNtbHVaekVhTUJnR0ExVUVDeE1SVVhWaGJHbDBlU0JCYzNOMWNtRnVZMlV4DQpJVEFmQmdOVkJBTVRHR05sY25SaFpta3RZbTl1YW04dWRtVnVZV1pwTG1OdmJUQ0NBU0l3RFFZSktvWklodmNODQpBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBUEZnbVl1LzRBV0p3SHNtdTRFS3c5Z3Y2bXZweU9DdG5UbjAxNEp2DQpyanV3MStybVJpOXZIUGFoM3hmL255aUZpaFlvSEl5aEZ1RXIrVGZLSE5QQTRiTkE4ZkFvN2lBK012aFRpaU0zDQpDakZJenZYVTlZT3IydmU5MmRKMjM3TDF0Z3FUeGhiZXdOQ0hBdEFrWW00V2RVbUlFZlhMclplUk9oQ1QvQkJSDQpiUDYraTQzWTFxRkw3VnhxWjE0WjBudXhHdDYzdkg4TUx0VitHeWR5T05kdVk2eldOM3FpRmhjeWlValJDMjJyDQprTWlQaWEwQ0dlS0lOWDRNc2lWQ0JmRVdYYTZTVjViSE1ZeE5vUzNkdVRtTUdoQmdsdi9uVlVlR0pKL2tjWkNQDQo5VFREU25qc3BjZFI5SStFVUtYTTBObEs4Z084b1NGZ2lGdWlKdnlQeXFtZjNlTUNBd0VBQWFPQ0F4NHdnZ01hDQpNQjBHQTFVZERnUVdCQlF5UmR3MVZmWU5wMVNZV2ZoRlBqaEw0UjE0b2pBZkJnTlZIU01FR0RBV2dCVHpmaUpXDQp4SGsrNUZJN1JjaCtvcFZjb2xoYWVEQ0JzQVlEVlIwZkJJR29NSUdsTUlHaW9JR2ZvSUdjaGs5b2RIUndPaTh2DQpkbVZ1Y1dFdE1tczRMV2xqWVRFdWRtVnVjV0V1ZG1WdVlXWnBMbU52YlM5RFpYSjBSVzV5YjJ4c0wxWmxibEZCDQpKVEl3UTJ4aGMzTWxNakJISlRJd1EwRW9NU2t1WTNKc2hrbG1hV3hsT2k4dlZtVnVVVUV0TW1zNExVbERRVEV1DQpkbVZ1Y1dFdWRtVnVZV1pwTG1OdmJTOURaWEowUlc1eWIyeHNMMVpsYmxGQklFTnNZWE56SUVjZ1EwRW9NU2t1DQpZM0pzTUlJQmdnWUlLd1lCQlFVSEFRRUVnZ0YwTUlJQmNEQ0J2UVlJS3dZQkJRVUhNQUtHZ2JCc1pHRndPaTh2DQpMME5PUFZabGJsRkJKVEl3UTJ4aGMzTWxNakJISlRJd1EwRXNRMDQ5UVVsQkxFTk9QVkIxWW14cFl5VXlNRXRsDQplU1V5TUZObGNuWnBZMlZ6TEVOT1BWTmxjblpwWTJWekxFTk9QVU52Ym1acFozVnlZWFJwYjI0c1JFTTlkbVZ1DQpjV0VzUkVNOWRtVnVZV1pwTEVSRFBXTnZiVDlqUVVObGNuUnBabWxqWVhSbFAySmhjMlUvYjJKcVpXTjBRMnhoDQpjM005WTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQjFCZ2dyQmdFRkJRY3dBb1pwWm1sc1pUb3ZMMVpsDQpibEZCTFRKck9DMUpRMEV4TG5abGJuRmhMblpsYm1GbWFTNWpiMjB2UTJWeWRFVnVjbTlzYkM5V1pXNVJRUzB5DQphemd0U1VOQk1TNTJaVzV4WVM1MlpXNWhabWt1WTI5dFgxWmxibEZCSUVOc1lYTnpJRWNnUTBFb01Ta3VZM0owDQpNRGNHQ0NzR0FRVUZCekFCaGl0b2RIUndPaTh2ZG1WdWNXRXRNbXM0TFdsallURXVkbVZ1Y1dFdWRtVnVZV1pwDQpMbU52YlM5dlkzTndNQXNHQTFVZER3UUVBd0lGb0RBN0Jna3JCZ0VFQVlJM0ZRY0VMakFzQmlRckJnRUVBWUkzDQpGUWlCajRseWhJU3dhdldkRUllVy8zekVpUlZnZ3FUSFJvZjd2eXNDQVdRQ0FSY3dFd1lEVlIwbEJBd3dDZ1lJDQpLd1lCQlFVSEF3RXdHd1lKS3dZQkJBR0NOeFVLQkE0d0REQUtCZ2dyQmdFRkJRY0RBVEFqQmdOVkhSRUVIREFhDQpnaGhqWlhKMFlXWnBMV0p2Ym1wdkxuWmxibUZtYVM1amIyMHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRHNKDQpCaG1hTE5CbnZ0dWNHSHFJbXQ5dUhlSDBWUngwVHF5cEh2N21LTE10YTZubG1iTEMvVzdFV3hrenFlanFPall1DQp1eUIxSU1DOENyNUliTFo0elc3eW5QN1E0ZmNJMldPbFdWQVJTYkRzSVhXaml2SmV0dTBjL2xIMzBuaFNLQWk4DQpDV1JVZVBSckdsT3RZY1BrQnM1RlNxbzdMQjdoNmtXak9wRGR2bVpaK015OTdDSURNOTdTUjRjaGpQUFZxNkhDDQpCc3NoWTk3Y05rekxYbjBsTTRtZTBYZzNkMzM5SVBQam5qYm9FeWFoNjVqa2FpeGtVNVRIbUt5ei9JYlZjTjB2DQpjWWNBZVBFZ2FFdm9WdU1oNzgzS1R3K1ZrTERQQ0Z3Z3F5d0h3aEdxNVBkWmdXazZJbk9CTDQzciszNjNiVlFFDQpjSG92SFQ5Z0hIUUFmdGo5TVdjPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0KDQpzdWJqZWN0PUNOPVZlblFBIENsYXNzIEcgQ0EsIERDPXZlbnFhLCBEQz12ZW5hZmksIERDPWNvbQ0KaXNzdWVyPUNOPVZlblFBIENBLCBEQz12ZW5xYSwgREM9dmVuYWZpLCBEQz1jb20NCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQ0KTUlJR0d6Q0NCUU9nQXdJQkFnSUtLMGtqSFFBQUFDYUhXakFOQmdrcWhraUc5dzBCQVFVRkFEQlhNUk13RVFZSw0KQ1pJbWlaUHlMR1FCR1JZRFkyOXRNUll3RkFZS0NaSW1pWlB5TEdRQkdSWUdkbVZ1WVdacE1SVXdFd1lLQ1pJbQ0KaVpQeUxHUUJHUllGZG1WdWNXRXhFVEFQQmdOVkJBTVRDRlpsYmxGQklFTkJNQjRYRFRFME1ETXdPVEEzTXpJdw0KTjFvWERURTJNRE13T1RBM05ESXdOMW93WHpFVE1CRUdDZ21TSm9tVDhpeGtBUmtXQTJOdmJURVdNQlFHQ2dtUw0KSm9tVDhpeGtBUmtXQm5abGJtRm1hVEVWTUJNR0NnbVNKb21UOGl4a0FSa1dCWFpsYm5GaE1Sa3dGd1lEVlFRRA0KRXhCV1pXNVJRU0JEYkdGemN5QkhJRU5CTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQw0KQVFFQXJSTVBUcndYUmFENzFTenkwNzBKUUMxbHcrazlMZmhEN3RMcW43bHI4T2cyNDIrbHhGRVJGb2xRZFlXNg0KdjB1dmNuWnJKeEdqK2MzQkp2N0pMU2RMdW1ONCtOOXorQ09sSGoyaElFbVp1SC8vYTNpS0E1K1krNDZ3c1dxTQ0KTU5GeG9uTVVZRFJ0SC9jb2N4L1ltN3lFKzhEeXVUWGM0elozOGhnRml1c0RyQ0g5ZDR6S0VkUXJQaUxjNUVnSQ0Kb2V3YTBKRml1ZG03S3BoMnRoNzVvK0t3eVVYRW1mQVVqSW9HbENDN0YvMEdSRVBpajd0T2ZnWEtvZE5WWHozSw0KemZ1Y2cwcDh2ZjN3ZDVLNnhuekcxRm8vMG8zR2xIWm1NNVRmTER1cngvbWdtZGU4TGZ0QzZCSHRkQkMrcHdwMA0KcHZ5TVVKYWIwQnI2QWxaZVpHMDRJclZQQndJREFRQUJvNElDM3pDQ0F0c3dFZ1lKS3dZQkJBR0NOeFVCQkFVQw0KQXdFQUFUQWpCZ2tyQmdFRUFZSTNGUUlFRmdRVWpSL1VHc3lCeWlZYlVSZWIxSnpyOVRrNURtY3dIUVlEVlIwTw0KQkJZRUZQTitJbGJFZVQ3a1VqdEZ5SDZpbFZ5aVdGcDRNQmtHQ1NzR0FRUUJnamNVQWdRTUhnb0FVd0IxQUdJQQ0KUXdCQk1Bc0dBMVVkRHdRRUF3SUJoakFTQmdOVkhSTUJBZjhFQ0RBR0FRSC9BZ0VBTUI4R0ExVWRJd1FZTUJhQQ0KRkVaV2piZllza2JUM3lIb1JCSThVQk5CTERzQk1JSUJXd1lEVlIwZkJJSUJVakNDQVU0d2dnRktvSUlCUnFDQw0KQVVLR1AyaDBkSEE2THk4eWF6Z3RkbVZ1Y1dFdGNHUmpMblpsYm5GaExuWmxibUZtYVM1amIyMHZRMlZ5ZEVWdQ0KY205c2JDOVdaVzVSUVNVeU1FTkJMbU55YklhQnYyeGtZWEE2THk4dlEwNDlWbVZ1VVVFbE1qQkRRU3hEVGoweQ0KYXpndGRtVnVjV0V0Y0dSakxFTk9QVU5FVUN4RFRqMVFkV0pzYVdNbE1qQkxaWGtsTWpCVFpYSjJhV05sY3l4RA0KVGoxVFpYSjJhV05sY3l4RFRqMURiMjVtYVdkMWNtRjBhVzl1TEVSRFBYWmxibkZoTEVSRFBYWmxibUZtYVN4RQ0KUXoxamIyMC9ZMlZ5ZEdsbWFXTmhkR1ZTWlhadlkyRjBhVzl1VEdsemREOWlZWE5sUDI5aWFtVmpkRU5zWVhOeg0KUFdOU1RFUnBjM1J5YVdKMWRHbHZibEJ2YVc1MGhqMW1hV3hsT2k4dk1tczRMWFpsYm5GaExYQmtZeTUyWlc1eA0KWVM1MlpXNWhabWt1WTI5dEwwTmxjblJGYm5KdmJHd3ZWbVZ1VVVFZ1EwRXVZM0pzTUlIRUJnZ3JCZ0VGQlFjQg0KQVFTQnR6Q0J0RENCc1FZSUt3WUJCUVVITUFLR2dhUnNaR0Z3T2k4dkwwTk9QVlpsYmxGQkpUSXdRMEVzUTA0OQ0KUVVsQkxFTk9QVkIxWW14cFl5VXlNRXRsZVNVeU1GTmxjblpwWTJWekxFTk9QVk5sY25acFkyVnpMRU5PUFVOdg0KYm1acFozVnlZWFJwYjI0c1JFTTlkbVZ1Y1dFc1JFTTlkbVZ1WVdacExFUkRQV052YlQ5alFVTmxjblJwWm1sag0KWVhSbFAySmhjMlUvYjJKcVpXTjBRMnhoYzNNOVkyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcQ0KaGtpRzl3MEJBUVVGQUFPQ0FRRUFUTkE4Q3d1bDFVQlFKSGQrNTBiOWc0am5YWDdLZitiVVVtRTlpSkdPcjJhQg0KRTcvTUFIR2RqZnR2ZEpZMFgrbDFoOFhTM09hcXVvOHRyZEdseGg5ZEJyUUVZUDJZbFhuSGdtWTJ4ckk5MmJ6ZA0KaWkzQjlaekxOS2JNTVBqb3d1alplQjNHbXl0ZE5adksrZ2hXWlJaOUEyd05nWUs0T1RWSmpsTURkOUw4NTU4VA0KeURuRXhlaW5JMjRYK3o4Q0YxYllSNWRYMU5KVGhjd0x3UlBRZDdFT1FxWXJmSlYvN2hza2xiQXlwTEFxZVBYdA0KUDlCK0RRNWJ3RmFqZ2VMNWVuOVVPZmtKdjM0WTZ4aVp3NXVaRnVKRDNRRnF3cGM1VTZTdGFGZmt0WXNLZFluSw0KMnlrdE5IQ2l1UmpGanpZMjdUMlNzMmtuRUliTGpPSlJaK0dSVnhQbTBRPT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg0Kc3ViamVjdD1DTj1WZW5RQSBDQSwgREM9dmVucWEsIERDPXZlbmFmaSwgREM9Y29tDQppc3N1ZXI9Q049VmVuUUEgQ0EsIERDPXZlbnFhLCBEQz12ZW5hZmksIERDPWNvbQ0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEbmpDQ0FvYWdBd0lCQWdJUVNUSEl5LzVKdEo1RDJJb3BHell1MnpBTkJna3Foa2lHOXcwQkFRVUZBREJYDQpNUk13RVFZS0NaSW1pWlB5TEdRQkdSWURZMjl0TVJZd0ZBWUtDWkltaVpQeUxHUUJHUllHZG1WdVlXWnBNUlV3DQpFd1lLQ1pJbWlaUHlMR1FCR1JZRmRtVnVjV0V4RVRBUEJnTlZCQU1UQ0ZabGJsRkJJRU5CTUI0WERURXlNVEV3DQpPVEl5TkRrd00xb1hEVEUzTVRFd09USXlOVGd6TWxvd1Z6RVRNQkVHQ2dtU0pvbVQ4aXhrQVJrV0EyTnZiVEVXDQpNQlFHQ2dtU0pvbVQ4aXhrQVJrV0JuWmxibUZtYVRFVk1CTUdDZ21TSm9tVDhpeGtBUmtXQlhabGJuRmhNUkV3DQpEd1lEVlFRREV3aFdaVzVSUVNCRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCDQpBSmJyUlUwYUp3cGRpdGx3NGM4UGxMRWM0dmh0TXVUSVZDRTJlR21RM296U0J5by9yZ2ZibnlYalRJWFI5T3lmDQpmYkwvMXdNUTN3aWVaNitvUG1yZCs2NXJEK3lLWmMralpQU3p1WkNrbExnVG1uNVBoS3EzcUc2QS9nOUFrNnY4DQpVYmhoZjVvaGNkdjhneldvMjJoMEtYK1BMMFJCWlMrWm8rSGZDOGRWdUIzdWxUQkFjeG9PSmNWVzJCTTBBNUI2DQpWZkF6K0hhZjJXM2lxM3FPcTY4WGFSSmgxL3VsN2VjZXVmSC9XSElUTldYT0xuZXVkcldFbG00aVU4MkRiS1ZSDQp4VkNrY2tUT3RQM01ZNkY3aUcxTnhZYURDbXY0MTJhclpUd3FhR09hVnQ2YTBmdkY5Uy9mczRVK1M1QThxUmtODQo4QUY4dktGM3RXQXJGbk9maVorckhoc0NBd0VBQWFObU1HUXdFd1lKS3dZQkJBR0NOeFFDQkFZZUJBQkRBRUV3DQpDd1lEVlIwUEJBUURBZ0dHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkVaV2piZllza2JUDQozeUhvUkJJOFVCTkJMRHNCTUJBR0NTc0dBUVFCZ2pjVkFRUURBZ0VBTUEwR0NTcUdTSWIzRFFFQkJRVUFBNElCDQpBUUFWdXkyemR1Qkc2WFhVVHg1Z25aUWxBYStmdVB2LzdHMzMyWE9VcWN0NkQ1UmRVTjlVZDlRM2MxR2NVcmR4DQp0NzFvbS9xV3cxSmhnbnZIWTJJbG9wcTFFdHdZY3JwZitWcThGR0swZVpLa1Q3MEFLRWdTTTYrODZhczdzcVFzDQozbklvSkZCWU9CTG0xRHo0em1zNTFWZ2k3NXFDbDRzVzBUa3NJUHFGNlpGUnNIVHlmYU5wKzZ0RG5jaXZoZkowDQovNzJvdHVyZzdUMlgyVm9qMkY3NG1PMyt1bHpkWEgwNnhiZDFORlJvemFZZ0VCMjFVNVMwc2hTcmRPR0hCMVI4DQp0Z0tidU1XUGplVnZqR3k0NU5LNVhUSURRTHpyOWZiTE0zKzdPRGZiajBxdHZ2dnBxclV3bGhLbjMwNTJSZ05MDQoycERqY1NyazBZTVU1L1ZYNElXcjd2cloNCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg0K" 183 ) 184 185 col, err := newPEMCollectionFromResponse(tppResponse, certificate.ChainOptionRootLast) 186 if err != nil { 187 t.Fatalf("Error: %s", err) 188 } 189 if len(col.Chain) != 2 { 190 t.Fatalf("PEM Chain did not contain the expected number of elements 2, actual count %d", len(col.Chain)) 191 } 192 } 193 194 func TestGenerateRequest(t *testing.T) { 195 tpp := Connector{} 196 zoneConfig := getBaseZoneConfiguration() 197 req := certificate.Request{} 198 req.Subject.CommonName = "vcert.test.vfidev.com" 199 req.Subject.Organization = []string{"Venafi, Inc."} 200 req.Subject.OrganizationalUnit = []string{"Automated Tests"} 201 req.Subject.Locality = []string{"Las Vegas"} 202 req.Subject.Province = []string{"Nevada"} 203 req.Subject.Country = []string{"US"} 204 zoneConfig.UpdateCertificateRequest(&req) 205 err := tpp.GenerateRequest(zoneConfig, &req) 206 if err != nil { 207 t.Fatalf("Error: %s", err) 208 } 209 } 210 211 func TestGenerateRequestWithLockedMgmtType(t *testing.T) { 212 tpp := Connector{} 213 zoneConfig := getBaseZoneConfiguration() 214 zoneConfig.CustomAttributeValues[tppAttributeManagementType] = "Monitoring" 215 req := certificate.Request{} 216 req.Subject.CommonName = "vcert.test.vfidev.com" 217 req.Subject.Organization = []string{"Venafi, Inc."} 218 req.Subject.OrganizationalUnit = []string{"Automated Tests"} 219 req.Subject.Locality = []string{"Las Vegas"} 220 req.Subject.Province = []string{"Nevada"} 221 req.Subject.Country = []string{"US"} 222 zoneConfig.UpdateCertificateRequest(&req) 223 err := tpp.GenerateRequest(zoneConfig, &req) 224 if err == nil { 225 t.Fatalf("Error expected, request should not be generated with mgmt type set to Monitoring") 226 } 227 } 228 229 func TestGenerateRequestWithNoUserProvidedCSRAllowed(t *testing.T) { 230 tpp := Connector{} 231 zoneConfig := getBaseZoneConfiguration() 232 zoneConfig.CustomAttributeValues[tppAttributeManualCSR] = "0" 233 req := certificate.Request{} 234 req.Subject.CommonName = "vcert.test.vfidev.com" 235 req.Subject.Organization = []string{"Venafi, Inc."} 236 req.Subject.OrganizationalUnit = []string{"Automated Tests"} 237 req.Subject.Locality = []string{"Las Vegas"} 238 req.Subject.Province = []string{"Nevada"} 239 req.Subject.Country = []string{"US"} 240 zoneConfig.UpdateCertificateRequest(&req) 241 err := tpp.GenerateRequest(zoneConfig, &req) 242 if err == nil { 243 t.Fatalf("Error expected, request should not be generated with Manual CSR set to 0") 244 } 245 } 246 247 func TestGenerateRequestWithLockedKeyConfiguration(t *testing.T) { 248 tpp := Connector{} 249 zoneConfig := getBaseZoneConfiguration() 250 zoneConfig.AllowedKeyConfigurations = []endpoint.AllowedKeyConfiguration{{KeyType: certificate.KeyTypeECDSA, KeyCurves: []certificate.EllipticCurve{certificate.EllipticCurveP384}}} 251 req := certificate.Request{} 252 req.Subject.CommonName = "vcert.test.vfidev.com" 253 req.Subject.Organization = []string{"Venafi, Inc."} 254 req.Subject.OrganizationalUnit = []string{"Automated Tests"} 255 req.Subject.Locality = []string{"Las Vegas"} 256 req.Subject.Province = []string{"Nevada"} 257 req.Subject.Country = []string{"US"} 258 req.KeyType = certificate.KeyTypeRSA 259 zoneConfig.UpdateCertificateRequest(&req) 260 err := tpp.GenerateRequest(zoneConfig, &req) 261 if err != nil { 262 t.Fatalf("Error expected, request should be update with key type goten from zone") 263 } 264 } 265 266 func TestGetHttpClient(t *testing.T) { 267 tpp := Connector{} 268 if tpp.getHTTPClient() == nil { 269 t.Fatalf("Failed to get http client") 270 } 271 } 272 273 func TestConvertServerPolicyToInternalPolicy(t *testing.T) { 274 sp := serverPolicy{ 275 KeyPair: struct { 276 KeyAlgorithm _strValue 277 KeySize struct { 278 Locked bool 279 Value int 280 } 281 EllipticCurve struct { 282 Locked bool 283 Value string 284 } 285 }{ 286 KeyAlgorithm: _strValue{ 287 Locked: true, 288 Value: "rsa", 289 }, 290 KeySize: struct { 291 Locked bool 292 Value int 293 }{ 294 Locked: true, 295 Value: 2048, 296 }, 297 EllipticCurve: struct { 298 Locked bool 299 Value string 300 }{ 301 Locked: false, 302 Value: "", 303 }, 304 }, 305 } 306 p := sp.toPolicy() 307 if len(p.AllowedKeyConfigurations) != 1 { 308 t.Fatal("invalid configurations values") 309 } 310 k := p.AllowedKeyConfigurations[0] 311 if k.KeyType != certificate.KeyTypeRSA { 312 t.Fatal("invalid key type") 313 } 314 if len(k.KeySizes) != 4 || k.KeySizes[0] != 2048 || k.KeySizes[1] != 3072 || k.KeySizes[2] != 4096 || k.KeySizes[3] != 8192 { 315 t.Fatal("bad key lengths") 316 } 317 318 sp = serverPolicy{ 319 KeyPair: struct { 320 KeyAlgorithm _strValue 321 KeySize struct { 322 Locked bool 323 Value int 324 } 325 EllipticCurve struct { 326 Locked bool 327 Value string 328 } 329 }{ 330 KeyAlgorithm: _strValue{ 331 Locked: true, 332 Value: "ec", 333 }, 334 KeySize: struct { 335 Locked bool 336 Value int 337 }{ 338 Locked: true, 339 Value: 2048, 340 }, 341 EllipticCurve: struct { 342 Locked bool 343 Value string 344 }{ 345 Locked: true, 346 Value: "p521", 347 }, 348 }, 349 } 350 p = sp.toPolicy() 351 if len(p.AllowedKeyConfigurations) != 1 { 352 t.Fatal("invalid configurations values") 353 } 354 k = p.AllowedKeyConfigurations[0] 355 if k.KeyType != certificate.KeyTypeECDSA { 356 t.Fatal("invalid key type") 357 } 358 if len(k.KeyCurves) != 1 || k.KeyCurves[0] != certificate.EllipticCurveP521 { 359 t.Fatal("bad key curve") 360 } 361 362 sp = serverPolicy{ 363 KeyPair: struct { 364 KeyAlgorithm _strValue 365 KeySize struct { 366 Locked bool 367 Value int 368 } 369 EllipticCurve struct { 370 Locked bool 371 Value string 372 } 373 }{ 374 KeyAlgorithm: _strValue{ 375 Locked: false, 376 Value: "ec", 377 }, 378 KeySize: struct { 379 Locked bool 380 Value int 381 }{ 382 Locked: true, 383 Value: 2048, 384 }, 385 EllipticCurve: struct { 386 Locked bool 387 Value string 388 }{ 389 Locked: true, 390 Value: "p384", 391 }, 392 }, 393 } 394 p = sp.toPolicy() 395 if len(p.AllowedKeyConfigurations) != 2 { 396 t.Fatal("invalid configurations values") 397 } 398 k = p.AllowedKeyConfigurations[0] 399 if k.KeyType != certificate.KeyTypeRSA { 400 t.Fatal("invalid key type") 401 } 402 if len(k.KeySizes) != 4 || k.KeySizes[0] != 2048 || k.KeySizes[1] != 3072 || k.KeySizes[2] != 4096 || k.KeySizes[3] != 8192 { 403 t.Fatal("bad key lengths") 404 } 405 k = p.AllowedKeyConfigurations[1] 406 if k.KeyType != certificate.KeyTypeECDSA { 407 t.Fatal("invalid key type") 408 } 409 if len(k.KeyCurves) != 1 || k.KeyCurves[0] != certificate.EllipticCurveP384 { 410 t.Fatal("bad key curve") 411 } 412 413 sp = serverPolicy{ 414 WhitelistedDomains: []string{ 415 "test1.com", 416 "test2.com", 417 ".test3.com", 418 }, 419 } 420 p = sp.toPolicy() 421 if len(p.SubjectCNRegexes) != 3 { 422 t.Fatalf("invalid SubjectCNRegexes length, expected 3, got %d", len(p.SubjectCNRegexes)) 423 } 424 if p.SubjectCNRegexes[0] != "^([\\p{L}\\p{N}-]+\\.)*test1\\.com$" { 425 t.Fatalf("invalid SubjectCNRegexes[0], expected ^([\\p{L}\\p{N}-*]+\\.)*test1\\.com$, got %s", p.SubjectCNRegexes[0]) 426 } 427 if p.SubjectCNRegexes[1] != "^([\\p{L}\\p{N}-]+\\.)*test2\\.com$" { 428 t.Fatalf("invalid SubjectCNRegexes[1], expected ^([\\p{L}\\p{N}-*]+\\.)*test2\\.com$, got %s", p.SubjectCNRegexes[1]) 429 } 430 if p.SubjectCNRegexes[2] != "^([\\p{L}\\p{N}-]+\\.)+test3\\.com$" { 431 t.Fatalf("invalid SubjectCNRegexes[2], expected ^([\\p{L}\\p{N}-*]+\\.)+test3\\.com$, got %s", p.SubjectCNRegexes[2]) 432 } 433 }