From 7a1e6a0e1f1f351f57e1920a619536a0751bc1f4 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Wed, 3 Aug 2022 11:57:42 -0700
Subject: [PATCH] Fix and extend stepcas unit tests

---
 cas/stepcas/issuer_test.go     |  2 +-
 cas/stepcas/jwk_issuer_test.go | 23 +++++++++++++++++------
 cas/stepcas/stepcas_test.go    |  9 +++++++++
 cas/stepcas/x5c_issuer_test.go | 27 +++++++++++++++++++--------
 4 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/cas/stepcas/issuer_test.go b/cas/stepcas/issuer_test.go
index 6fffd729..726dedbf 100644
--- a/cas/stepcas/issuer_test.go
+++ b/cas/stepcas/issuer_test.go
@@ -13,7 +13,7 @@ import (
 
 type mockErrIssuer struct{}
 
-func (m mockErrIssuer) SignToken(subject string, sans []string) (string, error) {
+func (m mockErrIssuer) SignToken(subject string, sans []string, info *raInfo) (string, error) {
 	return "", apiv1.ErrNotImplemented{}
 }
 
diff --git a/cas/stepcas/jwk_issuer_test.go b/cas/stepcas/jwk_issuer_test.go
index 7ebfcb3f..81a6d900 100644
--- a/cas/stepcas/jwk_issuer_test.go
+++ b/cas/stepcas/jwk_issuer_test.go
@@ -27,11 +27,16 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
 	type args struct {
 		subject string
 		sans    []string
+		info    *raInfo
+	}
+	type stepClaims struct {
+		RA *raInfo `json:"ra"`
 	}
 	type claims struct {
-		Aud  []string `json:"aud"`
-		Sub  string   `json:"sub"`
-		Sans []string `json:"sans"`
+		Aud  []string   `json:"aud"`
+		Sub  string     `json:"sub"`
+		Sans []string   `json:"sans"`
+		Step stepClaims `json:"step"`
 	}
 	tests := []struct {
 		name    string
@@ -39,8 +44,11 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
 		args    args
 		wantErr bool
 	}{
-		{"ok", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}}, false},
-		{"fail", fields{caURL, "ra@doe.org", &mockErrSigner{}}, args{"doe", []string{"doe.org"}}, true},
+		{"ok", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}, nil}, false},
+		{"ok ra", fields{caURL, "ra@doe.org", signer}, args{"doe", []string{"doe.org"}, &raInfo{
+			AuthorityID: "authority-id", ProvisionerID: "provisioner-id", ProvisionerType: "provisioner-type",
+		}}, false},
+		{"fail", fields{caURL, "ra@doe.org", &mockErrSigner{}}, args{"doe", []string{"doe.org"}, nil}, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -49,7 +57,7 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
 				issuer: tt.fields.issuer,
 				signer: tt.fields.signer,
 			}
-			got, err := i.SignToken(tt.args.subject, tt.args.sans)
+			got, err := i.SignToken(tt.args.subject, tt.args.sans, tt.args.info)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("jwkIssuer.SignToken() error = %v, wantErr %v", err, tt.wantErr)
 				return
@@ -65,6 +73,9 @@ func Test_jwkIssuer_SignToken(t *testing.T) {
 					Sub:  tt.args.subject,
 					Sans: tt.args.sans,
 				}
+				if tt.args.info != nil {
+					want.Step.RA = tt.args.info
+				}
 				if err := jwt.Claims(testX5CKey.Public(), &c); err != nil {
 					t.Errorf("jwt.Claims() error = %v", err)
 				}
diff --git a/cas/stepcas/stepcas_test.go b/cas/stepcas/stepcas_test.go
index ad7851bf..4654292d 100644
--- a/cas/stepcas/stepcas_test.go
+++ b/cas/stepcas/stepcas_test.go
@@ -665,6 +665,14 @@ func TestStepCAS_CreateCertificate(t *testing.T) {
 			Certificate:      testCrt,
 			CertificateChain: []*x509.Certificate{testIssCrt},
 		}, false},
+		{"ok with provisioner", fields{jwk, client, testRootFingerprint}, args{&apiv1.CreateCertificateRequest{
+			CSR:         testCR,
+			Lifetime:    time.Hour,
+			Provisioner: &apiv1.ProvisionerInfo{ProvisionerID: "provisioner-id", ProvisionerType: "ACME"},
+		}}, &apiv1.CreateCertificateResponse{
+			Certificate:      testCrt,
+			CertificateChain: []*x509.Certificate{testIssCrt},
+		}, false},
 		{"fail CSR", fields{x5c, client, testRootFingerprint}, args{&apiv1.CreateCertificateRequest{
 			CSR:      nil,
 			Lifetime: time.Hour,
@@ -691,6 +699,7 @@ func TestStepCAS_CreateCertificate(t *testing.T) {
 			s := &StepCAS{
 				iss:         tt.fields.iss,
 				client:      tt.fields.client,
+				authorityID: "authority-id",
 				fingerprint: tt.fields.fingerprint,
 			}
 			got, err := s.CreateCertificate(tt.args.req)
diff --git a/cas/stepcas/x5c_issuer_test.go b/cas/stepcas/x5c_issuer_test.go
index b1bc653d..5b260dda 100644
--- a/cas/stepcas/x5c_issuer_test.go
+++ b/cas/stepcas/x5c_issuer_test.go
@@ -51,11 +51,16 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
 	type args struct {
 		subject string
 		sans    []string
+		info    *raInfo
+	}
+	type stepClaims struct {
+		RA *raInfo `json:"ra"`
 	}
 	type claims struct {
-		Aud  []string `json:"aud"`
-		Sub  string   `json:"sub"`
-		Sans []string `json:"sans"`
+		Aud  []string   `json:"aud"`
+		Sub  string     `json:"sub"`
+		Sans []string   `json:"sans"`
+		Step stepClaims `json:"step"`
 	}
 	tests := []struct {
 		name    string
@@ -63,10 +68,13 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
 		args    args
 		wantErr bool
 	}{
-		{"ok", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}}, false},
-		{"fail crt", fields{caURL, "", testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}}, true},
-		{"fail key", fields{caURL, testX5CPath, "", "X5C"}, args{"doe", []string{"doe.org"}}, true},
-		{"fail no signer", fields{caURL, testIssKeyPath, testIssPath, "X5C"}, args{"doe", []string{"doe.org"}}, true},
+		{"ok", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, false},
+		{"ok ra", fields{caURL, testX5CPath, testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, &raInfo{
+			AuthorityID: "authority-id", ProvisionerID: "provisioner-id", ProvisionerType: "provisioner-type",
+		}}, false},
+		{"fail crt", fields{caURL, "", testX5CKeyPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
+		{"fail key", fields{caURL, testX5CPath, "", "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
+		{"fail no signer", fields{caURL, testIssKeyPath, testIssPath, "X5C"}, args{"doe", []string{"doe.org"}, nil}, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -76,7 +84,7 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
 				keyFile:  tt.fields.keyFile,
 				issuer:   tt.fields.issuer,
 			}
-			got, err := i.SignToken(tt.args.subject, tt.args.sans)
+			got, err := i.SignToken(tt.args.subject, tt.args.sans, tt.args.info)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("x5cIssuer.SignToken() error = %v, wantErr %v", err, tt.wantErr)
 			}
@@ -91,6 +99,9 @@ func Test_x5cIssuer_SignToken(t *testing.T) {
 					Sub:  tt.args.subject,
 					Sans: tt.args.sans,
 				}
+				if tt.args.info != nil {
+					want.Step.RA = tt.args.info
+				}
 				if err := jwt.Claims(testX5CKey.Public(), &c); err != nil {
 					t.Errorf("jwt.Claims() error = %v", err)
 				}