mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
103 lines
3.3 KiB
Go
103 lines
3.3 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestGenerateMDMAppleBM(t *testing.T) {
|
|
outdir, err := os.MkdirTemp("", t.Name())
|
|
require.NoError(t, err)
|
|
defer os.Remove(outdir)
|
|
publicKeyPath := filepath.Join(outdir, "public-key.crt")
|
|
privateKeyPath := filepath.Join(outdir, "private-key.key")
|
|
out := runAppForTest(t, []string{
|
|
"generate", "mdm-apple-bm",
|
|
"--public-key", publicKeyPath,
|
|
"--private-key", privateKeyPath,
|
|
})
|
|
|
|
require.Contains(t, out, fmt.Sprintf("Generated your public key at %s", outdir))
|
|
require.Contains(t, out, fmt.Sprintf("Generated your private key at %s", outdir))
|
|
|
|
// validate that the keypair is valid
|
|
cert, err := tls.LoadX509KeyPair(publicKeyPath, privateKeyPath)
|
|
require.NoError(t, err)
|
|
|
|
parsed, err := x509.ParseCertificate(cert.Certificate[0])
|
|
require.NoError(t, err)
|
|
require.Equal(t, "FleetDM", parsed.Issuer.CommonName)
|
|
}
|
|
|
|
func TestGenerateMDMApple(t *testing.T) {
|
|
t.Run("missing input", func(t *testing.T) {
|
|
runAppCheckErr(t, []string{"generate", "mdm-apple"}, `Required flags "email, org" not set`)
|
|
runAppCheckErr(t, []string{"generate", "mdm-apple", "--email", "user@example.com"}, `Required flag "org" not set`)
|
|
runAppCheckErr(t, []string{"generate", "mdm-apple", "--org", "Acme"}, `Required flag "email" not set`)
|
|
})
|
|
|
|
t.Run("CSR API call fails", func(t *testing.T) {
|
|
_, _ = runServerWithMockedDS(t)
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// fail this call
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
_, _ = w.Write([]byte("bad request"))
|
|
}))
|
|
t.Setenv("TEST_FLEETDM_API_URL", srv.URL)
|
|
t.Cleanup(srv.Close)
|
|
runAppCheckErr(
|
|
t,
|
|
[]string{
|
|
"generate", "mdm-apple",
|
|
"--email", "user@example.com",
|
|
"--org", "Acme",
|
|
},
|
|
`POST /api/latest/fleet/mdm/apple/request_csr received status 422 Validation Failed: this email address is not valid: bad request`,
|
|
)
|
|
})
|
|
|
|
t.Run("successful run", func(t *testing.T) {
|
|
_, _ = runServerWithMockedDS(t)
|
|
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
_, _ = w.Write([]byte("ok"))
|
|
}))
|
|
t.Setenv("TEST_FLEETDM_API_URL", srv.URL)
|
|
t.Cleanup(srv.Close)
|
|
|
|
outdir, err := os.MkdirTemp("", "TestGenerateMDMApple")
|
|
require.NoError(t, err)
|
|
defer os.Remove(outdir)
|
|
apnsKeyPath := filepath.Join(outdir, "apns.key")
|
|
scepCertPath := filepath.Join(outdir, "scep.crt")
|
|
scepKeyPath := filepath.Join(outdir, "scep.key")
|
|
out := runAppForTest(t, []string{
|
|
"generate", "mdm-apple",
|
|
"--email", "user@example.com",
|
|
"--org", "Acme",
|
|
"--apns-key", apnsKeyPath,
|
|
"--scep-cert", scepCertPath,
|
|
"--scep-key", scepKeyPath,
|
|
})
|
|
|
|
require.Contains(t, out, fmt.Sprintf("Generated your APNs key at %s", apnsKeyPath))
|
|
require.Contains(t, out, fmt.Sprintf("Generated your SCEP certificate at %s", scepCertPath))
|
|
require.Contains(t, out, fmt.Sprintf("Generated your SCEP key at %s", scepKeyPath))
|
|
|
|
// validate that the keypair is valid
|
|
scepCrt, err := tls.LoadX509KeyPair(scepCertPath, scepKeyPath)
|
|
require.NoError(t, err)
|
|
parsed, err := x509.ParseCertificate(scepCrt.Certificate[0])
|
|
require.NoError(t, err)
|
|
require.Equal(t, "FleetDM", parsed.Issuer.CommonName)
|
|
})
|
|
}
|