(t *testing.T)
| 24 | ) |
| 25 | |
| 26 | func TestOptions(t *testing.T) { |
| 27 | empty := new(Claims) |
| 28 | now := time.Now() |
| 29 | |
| 30 | c25519CACert, c25519CAKey := mustNebulaCurve25519CA(t) |
| 31 | p256CACert, p256CAKey := mustNebulaP256CA(t) |
| 32 | c25519Cert, c25519Signer := mustNebulaCurve25519Cert(t, "test.lan", mustNebulaIPNet(t, "10.1.0.1/16"), []string{"test"}, c25519CACert, c25519CAKey) |
| 33 | p256Cert, p256Signer := mustNebulaP256Cert(t, "test.lan", mustNebulaIPNet(t, "10.1.0.1/16"), []string{"test"}, p256CACert, p256CAKey) |
| 34 | |
| 35 | tempDir := t.TempDir() |
| 36 | c25519CACertFilename, c25519CACertData := serializeAndWriteNebulaCert(t, tempDir, c25519CACert) |
| 37 | c25519CertFilename, c25519CertData := serializeAndWriteNebulaCert(t, tempDir, c25519Cert) |
| 38 | p256CertFilename, p256CertData := serializeAndWriteNebulaCert(t, tempDir, p256Cert) |
| 39 | |
| 40 | p256ECDHSigner, err := p256Signer.ECDH() |
| 41 | require.NoError(t, err) |
| 42 | |
| 43 | testCSR, err := pemutil.ReadCertificateRequest("testdata/test.csr") |
| 44 | require.NoError(t, err) |
| 45 | |
| 46 | testSSH := mustReadSSHPublicKey(t, "testdata/ssh-key.pub") |
| 47 | |
| 48 | wrongNebulaContentsFilename := "testdata/ca.crt" |
| 49 | |
| 50 | emptyFile, err := os.CreateTemp(tempDir, "empty-file") |
| 51 | require.NoError(t, err) |
| 52 | emptyFile.Close() |
| 53 | |
| 54 | tests := []struct { |
| 55 | name string |
| 56 | option Options |
| 57 | want *Claims |
| 58 | wantErr bool |
| 59 | }{ |
| 60 | {"WithClaim ok", WithClaim("name", "foo"), &Claims{ExtraClaims: map[string]interface{}{"name": "foo"}}, false}, |
| 61 | {"WithClaim fail", WithClaim("", "foo"), empty, true}, |
| 62 | {"WithRootCA ok", WithRootCA("testdata/ca.crt"), &Claims{ExtraClaims: map[string]interface{}{"sha": "6908751f68290d4573ae0be39a98c8b9b7b7d4e8b2a6694b7509946626adfe98"}}, false}, |
| 63 | {"WithRootCA fail", WithRootCA("not-exists"), empty, true}, |
| 64 | {"WithValidity ok", WithValidity(now, now.Add(5*time.Minute)), &Claims{Claims: jose.Claims{NotBefore: jose.NewNumericDate(now), Expiry: jose.NewNumericDate(now.Add(5 * time.Minute))}}, false}, |
| 65 | {"WithRootCA expired", WithValidity(now, now.Add(-1*time.Second)), empty, true}, |
| 66 | {"WithRootCA long delay", WithValidity(now.Add(MaxValidityDelay+time.Minute), now.Add(MaxValidityDelay+10*time.Minute)), empty, true}, |
| 67 | {"WithRootCA min validity ok", WithValidity(now, now.Add(MinValidity)), &Claims{Claims: jose.Claims{NotBefore: jose.NewNumericDate(now), Expiry: jose.NewNumericDate(now.Add(MinValidity))}}, false}, |
| 68 | {"WithRootCA min validity fail", WithValidity(now, now.Add(MinValidity-time.Second)), empty, true}, |
| 69 | {"WithRootCA max validity ok", WithValidity(now, now.Add(MaxValidity)), &Claims{Claims: jose.Claims{NotBefore: jose.NewNumericDate(now), Expiry: jose.NewNumericDate(now.Add(MaxValidity))}}, false}, |
| 70 | {"WithRootCA max validity fail", WithValidity(now, now.Add(MaxValidity+time.Second)), empty, true}, |
| 71 | {"WithIssuer ok", WithIssuer("value"), &Claims{Claims: jose.Claims{Issuer: "value"}}, false}, |
| 72 | {"WithIssuer fail", WithIssuer(""), empty, true}, |
| 73 | {"WithSubject ok", WithSubject("value"), &Claims{Claims: jose.Claims{Subject: "value"}}, false}, |
| 74 | {"WithSubject fail", WithSubject(""), empty, true}, |
| 75 | {"WithAudience ok", WithAudience("value"), &Claims{Claims: jose.Claims{Audience: jose.Audience{"value"}}}, false}, |
| 76 | {"WithAudience fail", WithAudience(""), empty, true}, |
| 77 | {"WithJWTID ok", WithJWTID("value"), &Claims{Claims: jose.Claims{ID: "value"}}, false}, |
| 78 | {"WithJWTID fail", WithJWTID(""), empty, true}, |
| 79 | {"WithKid ok", WithKid("value"), &Claims{ExtraHeaders: map[string]interface{}{"kid": "value"}}, false}, |
| 80 | {"WithKid fail", WithKid(""), empty, true}, |
| 81 | {"WithSHA ok", WithSHA("6908751f68290d4573ae0be39a98c8b9b7b7d4e8b2a6694b7509946626adfe98"), &Claims{ExtraClaims: map[string]interface{}{"sha": "6908751f68290d4573ae0be39a98c8b9b7b7d4e8b2a6694b7509946626adfe98"}}, false}, |
| 82 | {"WithNebulaCurve25519Cert ok", WithNebulaCert(c25519CertFilename, c25519Signer), &Claims{ExtraHeaders: map[string]interface{}{"nebula": c25519CertData}}, false}, |
| 83 | {"WithNebulaCurve25519CACert ok", WithNebulaCert(c25519CACertFilename, c25519CAKey), &Claims{ExtraHeaders: map[string]interface{}{"nebula": c25519CACertData}}, false}, |
nothing calls this directly
no test coverage detected
searching dependent graphs…