From b54cb9966c4bc340fb289369fe776bbd47df267e Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 15 Oct 2015 13:04:54 -0400 Subject: [PATCH] Add tests for the crls path, and fix a couple bugs --- builtin/credential/cert/backend_test.go | 78 +++++++++++++++++++++++++ builtin/credential/cert/path_crls.go | 5 +- test/ca/myca.conf | 1 + test/ca/root.crl | 13 +++++ 4 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 test/ca/root.crl diff --git a/builtin/credential/cert/backend_test.go b/builtin/credential/cert/backend_test.go index 623c2f9e5d..8a1a75cf90 100644 --- a/builtin/credential/cert/backend_test.go +++ b/builtin/credential/cert/backend_test.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/vault/logical" logicaltest "github.com/hashicorp/vault/logical/testing" + "github.com/mitchellh/mapstructure" ) func testFactory(t *testing.T) logical.Backend { @@ -17,6 +18,7 @@ func testFactory(t *testing.T) logical.Backend { DefaultLeaseTTLVal: 300 * time.Second, MaxLeaseTTLVal: 1800 * time.Second, }, + StorageView: &logical.InmemStorage{}, }) if err != nil { t.Fatal("error: %s", err) @@ -32,6 +34,10 @@ func TestBackend_basic_CA(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } + crl, err := ioutil.ReadFile("../../../test/ca/root.crl") + if err != nil { + t.Fatalf("err: %v", err) + } logicaltest.Test(t, logicaltest.TestCase{ Backend: testFactory(t), Steps: []logicaltest.TestStep{ @@ -42,6 +48,12 @@ func TestBackend_basic_CA(t *testing.T) { testAccStepLogin(t, connState), testAccStepCertNoLease(t, "web", ca, "foo"), testAccStepLoginDefaultLease(t, connState), + testAccStepAddCRL(t, crl, connState), + testAccStepReadCRL(t, connState), + testAccStepReadCRLSerial(t, connState), + testAccStepLoginInvalid(t, connState), + testAccStepDeleteCRL(t, connState), + testAccStepLoginDefaultLease(t, connState), }, }) } @@ -75,6 +87,72 @@ func TestBackend_untrusted(t *testing.T) { }) } +func testAccStepAddCRL(t *testing.T, crl []byte, connState tls.ConnectionState) logicaltest.TestStep { + return logicaltest.TestStep{ + Operation: logical.WriteOperation, + Path: "crls/test", + ConnState: &connState, + Data: map[string]interface{}{ + "crl": crl, + }, + } +} + +func testAccStepReadCRL(t *testing.T, connState tls.ConnectionState) logicaltest.TestStep { + return logicaltest.TestStep{ + Operation: logical.ReadOperation, + Path: "crls/test", + ConnState: &connState, + Check: func(resp *logical.Response) error { + crlInfo := CRLInfo{} + err := mapstructure.Decode(resp.Data, &crlInfo) + if err != nil { + t.Fatalf("err: %v", err) + } + if len(crlInfo.Serials) != 1 { + t.Fatalf("bad: expected CRL with length 1, got %d", len(crlInfo.Serials)) + } + if _, ok := crlInfo.Serials["13"]; !ok { + t.Fatalf("bad: serial number 13 not found in CRL") + } + return nil + }, + } +} + +func testAccStepReadCRLSerial(t *testing.T, connState tls.ConnectionState) logicaltest.TestStep { + return logicaltest.TestStep{ + Operation: logical.ReadOperation, + Path: "crls/test", + ConnState: &connState, + Data: map[string]interface{}{ + "serial": "13", + }, + Check: func(resp *logical.Response) error { + serialInfo := map[string]RevokedSerialInfo{} + err := mapstructure.Decode(resp.Data, &serialInfo) + if err != nil { + t.Fatalf("err: %v", err) + } + if len(serialInfo) != 1 { + t.Fatalf("bad: expected info with length 1, got %d", len(serialInfo)) + } + if _, ok := serialInfo["test"]; !ok { + t.Fatalf("bad: CRL \"test\" not found in info") + } + return nil + }, + } +} + +func testAccStepDeleteCRL(t *testing.T, connState tls.ConnectionState) logicaltest.TestStep { + return logicaltest.TestStep{ + Operation: logical.DeleteOperation, + Path: "crls/test", + ConnState: &connState, + } +} + func testAccStepLogin(t *testing.T, connState tls.ConnectionState) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.WriteOperation, diff --git a/builtin/credential/cert/path_crls.go b/builtin/credential/cert/path_crls.go index 9ec34916e1..cbae35bde5 100644 --- a/builtin/credential/cert/path_crls.go +++ b/builtin/credential/cert/path_crls.go @@ -179,7 +179,10 @@ func (b *backend) pathCRLRead( } ret := findSerialInCRLs(serial) - retData = structs.New(&ret).Map() + retData = map[string]interface{}{} + for k, v := range ret { + retData[k] = v + } } else { crl, ok := crls[name] if !ok { diff --git a/test/ca/myca.conf b/test/ca/myca.conf index 922660decb..ea23e2a697 100644 --- a/test/ca/myca.conf +++ b/test/ca/myca.conf @@ -16,6 +16,7 @@ default_days = 365 default_md = sha1 policy = myca_policy x509_extensions = myca_extensions +default_crl_days = 30 [ myca_policy ] commonName = supplied diff --git a/test/ca/root.crl b/test/ca/root.crl new file mode 100644 index 0000000000..faf32a9893 --- /dev/null +++ b/test/ca/root.crl @@ -0,0 +1,13 @@ +-----BEGIN X509 CRL----- +MIIB9TCB3jANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT +AkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNIYXNoaUNvcnAg +VGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRlc3QuaW50ZXJuYWwx +IDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tFw0xNTEwMTUxNjIzNTha +Fw0xNTExMTQxNjIzNThaMBQwEgIBDRcNMTUxMDE1MTYyMTUwWjANBgkqhkiG9w0B +AQUFAAOCAQEAlFacjfVE/izigwJdGwieW7ieOfr4aA8AUuasFlzz/DkJFROKJcbX +nm5Xjrp+rsOYCZb3V562+QAucFjUrkjjyOGKpl4VFddcaAj6KChFnpBRWEeCoqtQ +fkpa7pAaM/k9zaHhQaO+InPDC08VOYO3AtU/v44CXDDO3c8HdahN1XJF/cEHA0l5 +6wUpr17RlN50RYNAEWb6tKX7sOBbHr0qhJuqHw2yyOudwAQsoFiTghUQROnUPECU +Se+7NA0E3YF3RXZQDfvTSPrpPxzxMogVWlj8O6unjxq62e+FlEyBAxi38xLyOXLb +b6ieqj4zm+9LGOxA39rjeknhygxSNiA/Ww== +-----END X509 CRL-----