Add ssh api tests.

maraino · maraino · commit ca74bb1de52d · 2019-08-05T16:06:05.000-07:00
diff --git a/api/api_test.go b/api/api_test.go
@@ -23,14 +23,13 @@ import (
 	"testing"
 	"time"
 
-	"golang.org/x/crypto/ssh"
-
 	"github.com/go-chi/chi"
 	"github.com/smallstep/certificates/authority"
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/logging"
 	"github.com/smallstep/cli/crypto/tlsutil"
 	"github.com/smallstep/cli/jose"
+	"golang.org/x/crypto/ssh"
 )
 
 const (
@@ -498,6 +497,7 @@ type mockAuthority struct {
 	root                         func(shasum string) (*x509.Certificate, error)
 	sign                         func(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)
 	singSSH                      func(key ssh.PublicKey, opts provisioner.SSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
+	singSSHAddUser               func(key ssh.PublicKey, cert *ssh.Certificate) (*ssh.Certificate, error)
 	renew                        func(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)
 	loadProvisionerByCertificate func(cert *x509.Certificate) (provisioner.Interface, error)
 	getProvisioners              func(nextCursor string, limit int) (provisioner.List, string, error)
@@ -547,6 +547,13 @@ func (m *mockAuthority) SignSSH(key ssh.PublicKey, opts provisioner.SSHOptions,
 	return m.ret1.(*ssh.Certificate), m.err
 }
 
+func (m *mockAuthority) SignSSHAddUser(key ssh.PublicKey, cert *ssh.Certificate) (*ssh.Certificate, error) {
+	if m.singSSHAddUser != nil {
+		return m.singSSHAddUser(key, cert)
+	}
+	return m.ret1.(*ssh.Certificate), m.err
+}
+
 func (m *mockAuthority) Renew(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error) {
 	if m.renew != nil {
 		return m.renew(cert)
diff --git a/api/ssh.go b/api/ssh.go
@@ -30,13 +30,13 @@ type SignSSHRequest struct {
 
 // SignSSHResponse is the response object that returns the SSH certificate.
 type SignSSHResponse struct {
-	Certificate        SSHCertificate `json:"crt"`
-	AddUserCertificate SSHCertificate `json:"addUserCrt"`
+	Certificate        SSHCertificate  `json:"crt"`
+	AddUserCertificate *SSHCertificate `json:"addUserCrt,omitempty"`
 }
 
 // SSHCertificate represents the response SSH certificate.
 type SSHCertificate struct {
-	*ssh.Certificate
+	*ssh.Certificate `json:"omitempty"`
 }
 
 // MarshalJSON implements the json.Marshaler interface. The certificate is
@@ -102,7 +102,7 @@ func (h *caHandler) SignSSH(w http.ResponseWriter, r *http.Request) {
 
 	logOtt(w, body.OTT)
 	if err := body.Validate(); err != nil {
-		WriteError(w, err)
+		WriteError(w, BadRequest(err))
 		return
 	}
 
@@ -141,19 +141,19 @@ func (h *caHandler) SignSSH(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var addUserCert *ssh.Certificate
+	var addUserCertificate *SSHCertificate
 	if addUserPublicKey != nil && cert.CertType == ssh.UserCert && len(cert.ValidPrincipals) == 1 {
-		addUserCert, err = h.Authority.SignSSHAddUser(addUserPublicKey, cert)
+		addUserCert, err := h.Authority.SignSSHAddUser(addUserPublicKey, cert)
 		if err != nil {
 			WriteError(w, Forbidden(err))
 			return
 		}
+		addUserCertificate = &SSHCertificate{addUserCert}
 	}
 
 	w.WriteHeader(http.StatusCreated)
-	// logCertificate(w, cert)
 	JSON(w, &SignSSHResponse{
 		Certificate:        SSHCertificate{cert},
-		AddUserCertificate: SSHCertificate{addUserCert},
+		AddUserCertificate: addUserCertificate,
 	})
 }
diff --git a/api/ssh_test.go b/api/ssh_test.go
