package store
import (
"crypto/rand"
"crypto/rsa"
"database/sql"
"encoding/json"
"io/ioutil"
"os"
"os/user"
"strings"
"testing"
"time"
"github.com/nsheridan/cashier/server/store/types"
"github.com/nsheridan/cashier/testdata"
"github.com/stretchr/testify/assert"
"golang.org/x/crypto/ssh"
)
func TestParseCertificate(t *testing.T) {
t.Parallel()
a := assert.New(t)
now := uint64(time.Now().Unix())
r, _ := rsa.GenerateKey(rand.Reader, 1024)
pub, _ := ssh.NewPublicKey(r.Public())
c := &ssh.Certificate{
KeyId: "id",
ValidPrincipals: types.StringSlice{"principal"},
ValidBefore: now,
CertType: ssh.UserCert,
Key: pub,
}
s, _ := ssh.NewSignerFromKey(r)
c.SignCert(rand.Reader, s)
rec := parseCertificate(c)
a.Equal(c.KeyId, rec.KeyID)
a.Equal(c.ValidPrincipals, []string(rec.Principals))
a.Equal(c.ValidBefore, uint64(rec.Expires.Unix()))
a.Equal(c.ValidAfter, uint64(rec.CreatedAt.Unix()))
}
func testStore(t *testing.T, db CertStorer) {
defer db.Close()
r := &CertRecord{
KeyID: "a",
Principals: []string{"b"},
CreatedAt: time.Now().UTC(),
Expires: time.Now().UTC().Add(-1 * time.Second),
Raw: "AAAAAA",
}
if err := db.SetRecord(r); err != nil {
t.Error(err)
}
// includeExpired = false should return 0 results
recs, err := db.List(false)
if err != nil {
t.Error(err)
}
if len(recs) > 0 {
t.Errorf("Expected 0 results, got %d", len(recs))
}
// includeExpired = false should return 1 result
recs, err = db.List(true)
if err != nil {
t.Error(err)
}
if recs[0].KeyID != r.KeyID {
t.Error("key mismatch")
}
c, _, _, _, _ := ssh.ParseAuthorizedKey(testdata.Cert)
cert := c.(*ssh.Certificate)
cert.ValidBefore = uint64(time.Now().Add(1 * time.Hour).UTC().Unix())
cert.ValidAfter = uint64(time.Now().Add(-5 * time.Minute).UTC().Unix())
if err := db.SetCert(cert); err != nil {
t.Error(err)
}
ret, err := db.Get("key")
if err != nil {
t.Error(err)
}
if ret.KeyID != cert.KeyId {
t.Error("key mismatch")
}
if err := db.Revoke("key"); err != nil {
t.Error(err)
}
revoked, err := db.GetRevoked()
if err != nil {
t.Error(err)
}
for _, k := range revoked {
if k.KeyID != "key" {
t.Errorf("Unexpected key: %s", k.KeyID)
}
}
}
func TestMemoryStore(t *testing.T) {
t.Parallel()
db := NewMemoryStore()
testStore(t, db)
}
func TestMySQLStore(t *testing.T) {
t.Parallel()
if os.Getenv("MYSQL_TEST") == "" {
t.Skip("No MYSQL_TEST environment variable")
}
u, _ := user.Current()
sqlConfig := map[string]string{
"type": "mysql",
"password": os.Getenv("MYSQL_TEST_PASS"),
"address": os.Getenv("MYSQL_TEST_HOST"),
}
if testUser, ok := os.LookupEnv("MYSQL_TEST_USER"); ok {
sqlConfig["username"] = testUser
} else {
sqlConfig["username"] = u.Username
}
db, err := NewSQLStore(sqlConfig)
if err != nil {
t.Error(err)
}
testStore(t, db)
}
func TestSQLiteStore(t *testing.T) {
t.Parallel()
f, err := ioutil.TempFile("", "sqlite_test_db")
if err != nil {
t.Error(err)
}
defer os.Remove(f.Name())
seed, err := ioutil.ReadFile("../../db/seed.sql")
if err != nil {
t.Error(err)
}
stmts := strings.Split(string(seed), ";")
d, _ := sql.Open("sqlite3", f.Name())
for _, stmt := range stmts {
if !strings.Contains(stmt, "CREATE TABLE") {
continue
}
d.Exec(stmt)
}
d.Close()
config := map[string]string{"type": "sqlite", "filename": f.Name()}
db, err := NewSQLStore(config)
if err != nil {
t.Error(err)
}
testStore(t, db)
}
func TestMarshalCert(t *testing.T) {
a := assert.New(t)
c := &CertRecord{
KeyID: "id",
Principals: []string{"user"},
CreatedAt: time.Date(2017, time.April, 10, 13, 0, 0, 0, time.UTC),
Expires: time.Date(2017, time.April, 11, 10, 0, 0, 0, time.UTC),
Raw: "ABCDEF",
}
b, err := json.Marshal(c)
if err != nil {
t.Error(err)
}
want := `{"key_id":"id","principals":["user"],"revoked":false,"created_at":"2017-04-10 13:00:00 +0000","expires":"2017-04-11 10:00:00 +0000"}`
a.JSONEq(want, string(b))
}