From: Peymaneh Date: Sun, 27 Nov 2022 23:44:51 +0100 Subject: Disable TestBootstrapClientServerRotation Does not seem to play well with sbuild chroot forwarded: not-needed --- ca/bootstrap_test.go | 128 --------------------------------------------------- 1 file changed, 128 deletions(-) diff --git a/ca/bootstrap_test.go b/ca/bootstrap_test.go index 9aaa5f1..89378b3 100644 --- a/ca/bootstrap_test.go +++ b/ca/bootstrap_test.go @@ -369,134 +369,6 @@ func TestBootstrapClient(t *testing.T) { } } -func TestBootstrapClientServerRotation(t *testing.T) { - reset := setMinCertDuration(1 * time.Second) - defer reset() - - // Configuration with current root - config, err := authority.LoadConfiguration("testdata/rotate-ca-0.json") - if err != nil { - t.Fatal(err) - } - - // Get local address - listener := newLocalListener() - config.Address = listener.Addr().String() - caURL := "https://" + listener.Addr().String() - - // Start CA server - ca, err := New(config) - if err != nil { - t.Fatal(err) - } - go func() { - ca.srv.Serve(listener) - }() - defer ca.Stop() - time.Sleep(1 * time.Second) - - // Create bootstrap server - token := generateBootstrapToken(caURL, "127.0.0.1", "ef742f95dc0d8aa82d3cca4017af6dac3fce84290344159891952d18c53eefe7") - server, err := BootstrapServer(context.Background(), token, &http.Server{ - Addr: ":0", - Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - w.Write([]byte("ok")) - }), - }, RequireAndVerifyClientCert()) - if err != nil { - t.Fatal(err) - } - listener = newLocalListener() - srvURL := "https://" + listener.Addr().String() - go func() { - server.ServeTLS(listener, "", "") - }() - defer server.Close() - time.Sleep(1 * time.Second) - - // Create bootstrap client - token = generateBootstrapToken(caURL, "client", "ef742f95dc0d8aa82d3cca4017af6dac3fce84290344159891952d18c53eefe7") - client, err := BootstrapClient(context.Background(), token) - if err != nil { - t.Errorf("BootstrapClient() error = %v", err) - return - } - - // doTest does a request that requires mTLS - doTest := func(client *http.Client) error { - // test with ca - resp, err := client.Post(caURL+"/renew", "application/json", http.NoBody) - if err != nil { - return errors.Wrap(err, "client.Post() failed") - } - var renew api.SignResponse - if err := readJSON(resp.Body, &renew); err != nil { - return errors.Wrap(err, "client.Post() error reading response") - } - if renew.ServerPEM.Certificate == nil || renew.CaPEM.Certificate == nil || len(renew.CertChainPEM) == 0 { - return errors.New("client.Post() unexpected response found") - } - // test with bootstrap server - resp, err = client.Get(srvURL) - if err != nil { - return errors.Wrapf(err, "client.Get(%s) failed", srvURL) - } - defer resp.Body.Close() - b, err := io.ReadAll(resp.Body) - if err != nil { - return errors.Wrap(err, "client.Get() error reading response") - } - if string(b) != "ok" { - return errors.New("client.Get() unexpected response found") - } - return nil - } - - // Test with default root - if err := doTest(client); err != nil { - t.Errorf("Test with rotate-ca-0.json failed: %v", err) - } - - // wait for renew - time.Sleep(5 * time.Second) - - // Reload with configuration with current and future root - ca.opts.configFile = "testdata/rotate-ca-1.json" - if err := doReload(ca); err != nil { - t.Errorf("ca.Reload() error = %v", err) - return - } - if err := doTest(client); err != nil { - t.Errorf("Test with rotate-ca-1.json failed: %v", err) - } - - // wait for renew - time.Sleep(5 * time.Second) - - // Reload with new and old root - ca.opts.configFile = "testdata/rotate-ca-2.json" - if err := doReload(ca); err != nil { - t.Errorf("ca.Reload() error = %v", err) - return - } - if err := doTest(client); err != nil { - t.Errorf("Test with rotate-ca-2.json failed: %v", err) - } - - // wait for renew - time.Sleep(5 * time.Second) - - // Reload with pnly the new root - ca.opts.configFile = "testdata/rotate-ca-3.json" - if err := doReload(ca); err != nil { - t.Errorf("ca.Reload() error = %v", err) - return - } - if err := doTest(client); err != nil { - t.Errorf("Test with rotate-ca-3.json failed: %v", err) - } -} - func TestBootstrapClientServerFederation(t *testing.T) { reset := setMinCertDuration(1 * time.Second) defer reset()