Expand and refactor helpers/testsuite, add bundler and scan tests

Harry Harpham · Harry Harpham · commit f15a07dfaab7 · 2015-05-14T23:31:39.000-04:00
- Add TestServer to helpers/testsuite for tests requiring a configurable, local TLS server
  - Remove CreateSelfSignedCert from helpers/testsuite due to overlap with initca.New
  - Complete re-do of SignCertificate in helpers/testsuite using internal packages (rather than parsing CLI)
  - Re-factor helpers/testsuite into logical distinct files for maintainability
  - Add tests to helpers/testsuite for TestServer
  - Add tests to bundler to test BundleFromRemote against local testsuite.TestServer (TLS)
  - Add tests to scan to test against local testsuite.TestServer (both TLS and TCP)
diff --git a/.travis.yml b/.travis.yml
@@ -10,13 +10,15 @@ before_script:
   - go get github.com/mattn/goveralls
   - go get -v github.com/GeertJohan/fgt
 script:
-  - go get github.com/cloudflare/cfssl/... 
-  - go test github.com/cloudflare/cfssl/... 
+  - go get github.com/cloudflare/cfssl/...
+  - go test github.com/cloudflare/cfssl/...
   - go vet github.com/cloudflare/cfssl/...
   - fgt golint github.com/cloudflare/cfssl/...
   - go list -f '{{if len .TestGoFiles}}"go test -coverprofile={{.Dir}}/.coverprofile {{.ImportPath}}"{{end}}' ./... | xargs -i sh -c {}
-  - gover 
-  - goveralls -coverprofile=gover.coverprofile -service=travis-ci -repotoken $COVERALLS_TOKEN
+  - gover
+  - if [ $COVERALLS_TOKEN != "" ]; then
+      goveralls -coverprofile=gover.coverprofile -service=travis-ci -repotoken $COVERALLS_TOKEN;
+    fi
 notifications:
   email:
     recipients:
diff --git a/README.md b/README.md
@@ -3,14 +3,14 @@
 [![Build Status](https://travis-ci.org/cloudflare/cfssl.png?branch=master)](https://travis-ci.org/cloudflare/cfssl)
 [![Coverage Status](https://coveralls.io/repos/cloudflare/cfssl/badge.svg?branch=master)](https://coveralls.io/r/cloudflare/cfssl?branch=master)
 [![GoDoc](https://godoc.org/github.com/cloudflare/cfssl?status.png)](https://godoc.org/github.com/cloudflare/cfssl)
-## CloudFlare's SSL tool
+## CloudFlare's PKI/TLS toolkit
 
-CFSSL is CloudFlare's SSL swiss army knife. It is both a command line
-tool and an HTTP API server for signing, verifying, and bundling SSL
+CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line
+tool and an HTTP API server for signing, verifying, and bundling TLS
 certificates. It requires Go 1.4 to build.
 
 Note that certain linux distributions have certain algorithms removed
-(RHEL-based distributions in particular), so the golang from the 
+(RHEL-based distributions in particular), so the golang from the
 official repositories will not work. Users of these distributions should
 [install go manually](golang.org) to install CFSSL.
 
diff --git a/api/api.go b/api/api.go
@@ -16,10 +16,10 @@ type Handler interface {
 }
 
 // HTTPHandler is a wrapper that encapsulates Handler interface as http.Handler.
-// HttpHandler also enforces that the Handler only responds to requests with registered HTTP method.
+// HTTPHandler also enforces that the Handler only responds to requests with registered HTTP methods.
 type HTTPHandler struct {
-	Handler        // CFSSL handler
-	Method  string // The assoicated HTTP method
+	Handler          // CFSSL handler
+	Methods []string // The associated HTTP methods
 }
 
 // HandlerFunc is similar to the http.HandlerFunc type; it serves as
@@ -69,11 +69,17 @@ func handleError(w http.ResponseWriter, err error) (code int) {
 // and return the response with proper HTTP status code
 func (h HTTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	var err error
+	var match bool
 	// Throw 405 when requested with an unsupported verb.
-	if r.Method != h.Method {
-		err = errors.NewMethodNotAllowed(r.Method)
-	} else {
+	for _, m := range h.Methods {
+		if m == r.Method {
+			match = true
+		}
+	}
+	if match {
 		err = h.Handle(w, r)
+	} else {
+		err = errors.NewMethodNotAllowed(r.Method)
 	}
 	status := handleError(w, err)
 	log.Infof("%s - \"%s %s\" %d", r.RemoteAddr, r.Method, r.URL, status)
diff --git a/api/api_test.go b/api/api_test.go
@@ -73,7 +73,7 @@ func get(t *testing.T, ts *httptest.Server) (resp *http.Response, body []byte) {
 }
 
 func TestRigidHandle(t *testing.T) {
-	ts := httptest.NewServer(HTTPHandler{Handler: HandlerFunc(simpleHandle), Method: "POST"})
+	ts := httptest.NewServer(HTTPHandler{Handler: HandlerFunc(simpleHandle), Methods: []string{"POST"}})
 	defer ts.Close()
 
 	// Response to compliment
@@ -143,7 +143,7 @@ func TestRigidHandle(t *testing.T) {
 }
 
 func TestCleverHandle(t *testing.T) {
-	ts := httptest.NewServer(HTTPHandler{Handler: HandlerFunc(cleverHandle), Method: "POST"})
+	ts := httptest.NewServer(HTTPHandler{Handler: HandlerFunc(cleverHandle), Methods: []string{"POST"}})
 	defer ts.Close()
 
 	// Response ty to compliment
diff --git a/api/bundle/bundle.go b/api/bundle/bundle.go
@@ -1,3 +1,4 @@
+// Package bundle implements the HTTP handler for the bundle command.
 package bundle
 
 import (
@@ -27,7 +28,7 @@ func NewHandler(caBundleFile, intBundleFile string) (http.Handler, error) {
 	}
 
 	log.Info("bundler API ready")
-	return api.HTTPHandler{Handler: b, Method: "POST"}, nil
+	return api.HTTPHandler{Handler: b, Methods: []string{"POST"}}, nil
 }
 
 // Handle implements an http.Handler interface for the bundle handler.
diff --git a/api/client/client.go b/api/client/client.go
@@ -1,3 +1,4 @@
+// Package client implements the a Go client for CFSSL API commands.
 package client
 
 import (
@@ -153,20 +154,25 @@ func (srv *Server) Info(jsonData []byte) (*InfoResp, error) {
 		return nil, err
 	}
 
-	cert := res["certificate"]
-	usages := res["usages"].([]interface{})
-	exp := res["expiry"]
+	info := new(InfoResp)
+
+	if val, ok := res["certificate"]; ok {
+		info.Certificate = val.(string)
+	}
+	var usages []interface{}
+	if val, ok := res["usages"]; ok {
+		usages = val.([]interface{})
+	}
+	if val, ok := res["expiry"]; ok {
+		info.ExpiryString = val.(string)
+	}
 
 	usageStrings := make([]string, len(usages))
 	for i, s := range usages {
 		usageStrings[i] = s.(string)
 	}
 
-	return &InfoResp{
-		Certificate:  cert.(string),
-		Usage:        usageStrings,
-		ExpiryString: exp.(string),
-	}, nil
+	return info, nil
 }
 
 func (srv *Server) getResultMap(jsonData []byte, target string) (result map[string]interface{}, err error) {
diff --git a/api/generator/generator.go b/api/generator/generator.go
@@ -1,3 +1,4 @@
+// Package generator implements the HTTP handlers for certificate generation.
 package generator
 
 import (
@@ -51,7 +52,7 @@ func NewHandler(validator Validator) (http.Handler, error) {
 		Handler: &Handler{
 			generator: &csr.Generator{Validator: validator},
 		},
-		Method: "POST",
+		Methods: []string{"POST"},
 	}, nil
 }
 
@@ -176,7 +177,7 @@ func NewCertGeneratorHandler(validator Validator, caFile, caKeyFile string, poli
 
 	cg.generator = &csr.Generator{Validator: validator}
 
-	return api.HTTPHandler{Handler: cg, Method: "POST"}, nil
+	return api.HTTPHandler{Handler: cg, Methods: []string{"POST"}}, nil
 }
 
 // NewCertGeneratorHandlerFromSigner returns a handler directly from
@@ -187,7 +188,7 @@ func NewCertGeneratorHandlerFromSigner(validator Validator, signer signer.Signer
 			generator: &csr.Generator{Validator: validator},
 			signer:    signer,
 		},
-		Method: "POST",
+		Methods: []string{"POST"},
 	}
 }
 
diff --git a/api/info/info.go b/api/info/info.go
@@ -1,3 +1,4 @@
+// Package info implements the HTTP handler for the info command.
 package info
 
 import (
@@ -30,7 +31,7 @@ func NewHandler(s signer.Signer) (http.Handler, error) {
 		Handler: &Handler{
 			sign: s,
 		},
-		Method: "POST",
+		Methods: []string{"POST"},
 	}, nil
 }
 
@@ -98,7 +99,7 @@ func NewMultiHandler(signers map[string]signer.Signer, defaultLabel string) (htt
 			signers:      signers,
 			defaultLabel: defaultLabel,
 		},
-		Method: "POST",
+		Methods: []string{"POST"},
 	}, nil
 }
 
diff --git a/api/initca/initca.go b/api/initca/initca.go
@@ -1,3 +1,4 @@
+// Package initca implements the HTTP handler for the CA initialization command
 package initca
 
 import (
@@ -54,5 +55,5 @@ func initialCAHandler(w http.ResponseWriter, r *http.Request) error {
 // NewHandler returns a new http.Handler that handles request to
 // initialize a CA.
 func NewHandler() http.Handler {
-	return api.HTTPHandler{Handler: api.HandlerFunc(initialCAHandler), Method: "POST"}
+	return api.HTTPHandler{Handler: api.HandlerFunc(initialCAHandler), Methods: []string{"POST"}}
 }
diff --git a/api/scan/scan.go b/api/scan/scan.go
@@ -51,7 +51,10 @@ func scanHandler(w http.ResponseWriter, r *http.Request) error {
 
 // NewHandler returns a new http.Handler that handles a scan request.
 func NewHandler() http.Handler {
-	return api.HTTPHandler{Handler: api.HandlerFunc(scanHandler), Method: "GET"}
+	return api.HTTPHandler{
+		Handler: api.HandlerFunc(scanHandler),
+		Methods: []string{"GET"},
+	}
 }
 
 // scanInfoHandler is an HTTP handler that returns a JSON blob result describing
@@ -66,5 +69,5 @@ func scanInfoHandler(w http.ResponseWriter, r *http.Request) error {
 
 // NewInfoHandler returns a new http.Handler that handles a request for scan info.
 func NewInfoHandler() http.Handler {
-	return api.HTTPHandler{Handler: api.HandlerFunc(scanInfoHandler), Method: "GET"}
+	return api.HTTPHandler{Handler: api.HandlerFunc(scanInfoHandler), Methods: []string{"GET"}}
 }
diff --git a/api/sign/sign.go b/api/sign/sign.go
@@ -1,3 +1,4 @@
+// Package sign implements the HTTP handler for the certificate signing command.
 package sign
 
 import (
@@ -70,7 +71,7 @@ func NewHandlerFromSigner(signer signer.Signer) (h *api.HTTPHandler, err error)
 		Handler: &Handler{
 			signer: signer,
 		},
-		Method: "POST",
+		Methods: []string{"POST"},
 	}, nil
 }
 
@@ -231,7 +232,7 @@ func NewAuthHandlerFromSigner(signer signer.Signer) (http.Handler, error) {
 		Handler: &AuthHandler{
 			signer: signer,
 		},
-		Method: "POST",
+		Methods: []string{"POST"},
 	}, nil
 }
 
diff --git a/bundler/bundler.go b/bundler/bundler.go
@@ -47,11 +47,11 @@ const (
 )
 
 const (
-	sha2Warning          = "The bundle contains certs signed with advanced hash functions such as SHA2,  which are problematic at certain operating systems, e.g. Windows XP SP2."
-	ecdsaWarning         = "The bundle contains ECDSA signatures, which are problematic at certain operating systems, e.g. Windows XP SP2, Android 2.2 and Android 2.3."
-	expiringWarningStub  = "The bundle is expiring within 30 days. "
+	sha2Warning          = "The bundle contains certificates signed with advanced hash functions such as SHA2, which are problematic for certain operating systems, e.g. Windows XP SP2."
+	ecdsaWarning         = "The bundle contains ECDSA signatures, which are problematic for certain operating systems, e.g. Windows XP SP2, Android 2.2 and Android 2.3."
+	expiringWarningStub  = "The bundle is expiring within 30 days."
 	untrustedWarningStub = "The bundle may not be trusted by the following platform(s):"
-	ubiquityWarning      = "The bundle trust ubiquity is not guaranteed: No platform metadata found."
+	ubiquityWarning      = "Unable to measure bundle ubiquity: No platform metadata present."
 )
 
 // A Bundler contains the certificate pools for producing certificate
diff --git a/cli/bundle/bundle.go b/cli/bundle/bundle.go
@@ -1,3 +1,4 @@
+// Package bundle implements the bundle command.
 package bundle
 
 import (
diff --git a/cli/cli.go b/cli/cli.go
@@ -1,3 +1,4 @@
+// Package cli provides the template for adding new cfssl commands
 package cli
 
 /*
diff --git a/cli/config.go b/cli/config.go
@@ -49,6 +49,7 @@ type Config struct {
 	Scanner           string
 	Responses         string
 	Path              string
+	UseLocal          bool
 }
 
 // registerFlags defines all cfssl command flags and associates their values with variables.
@@ -86,6 +87,7 @@ func registerFlags(c *Config, f *flag.FlagSet) {
 	f.StringVar(&c.Responses, "responses", "", "file to load OCSP responses from")
 	f.StringVar(&c.Path, "path", "/", "Path on which the server will listen")
 	f.StringVar(&c.Password, "password", "", "Password for accessing PKCS #12 data passed to bundler")
+	f.BoolVar(&c.UseLocal, "uselocal", false, "serve local static files as opposed to compiled ones")
 
 	if pkcs11.Enabled {
 		f.StringVar(&c.Module, "pkcs11-module", "", "PKCS #11 module")
diff --git a/cli/gencert/gencert.go b/cli/gencert/gencert.go
@@ -1,3 +1,4 @@
+// Package gencert implements the gencert command.
 package gencert
 
 import (
diff --git a/cli/genkey/genkey.go b/cli/genkey/genkey.go
@@ -1,3 +1,4 @@
+// Package genkey implements the genkey command.
 package genkey
 
 import (
diff --git a/cli/info/info.go b/cli/info/info.go
@@ -1,3 +1,4 @@
+// Package info implements the info command.
 package info
 
 import (
@@ -38,6 +39,9 @@ func getInfoFromRemote(c cli.Config) (resp *client.InfoResp, err error) {
 
 	reqJSON, _ := json.Marshal(req)
 	resp, err = serv.Info(reqJSON)
+	if err != nil {
+		return
+	}
 
 	_, err = helpers.ParseCertificatePEM([]byte(resp.Certificate))
 	if err != nil {
diff --git a/cli/ocspserve/oscpserve.go b/cli/ocspserve/oscpserve.go
@@ -1,3 +1,4 @@
+// Package ocspserve implements the oscpserve function.
 package ocspserve
 
 import (
diff --git a/cli/ocspsign/ocspsign.go b/cli/ocspsign/ocspsign.go
@@ -1,3 +1,4 @@
+// Package ocspsign implements the ocspsign command.
 package ocspsign
 
 import (
diff --git a/cli/scan/scan.go b/cli/scan/scan.go
@@ -1,3 +1,4 @@
+// Package scan implements the scan CLI.
 package scan
 
 import (
diff --git a/cli/selfsign/selfsign.go b/cli/selfsign/selfsign.go
@@ -1,3 +1,4 @@
+// Package selfsign implements the selfsign command.
 package selfsign
 
 import (
diff --git a/cli/serve/serve.go b/cli/serve/serve.go
@@ -1,3 +1,4 @@
+// Package serve implements the serve command for CFSSL's API.
 package serve
 
 import (
@@ -24,13 +25,13 @@ var serverUsageText = `cfssl serve -- set up a HTTP server handles CF SSL reques
 Usage of serve:
         cfssl serve [-address address] [-ca cert] [-ca-bundle bundle] \
                     [-ca-key key] [-int-bundle bundle] [-port port] [-metadata file] \
-                    [-remote remote_host] [-config config]
+                    [-remote remote_host] [-config config] [-uselocal]
 
 Flags:
 `
 
 // Flags used by 'cfssl serve'
-var serverFlags = []string{"address", "port", "ca", "ca-key", "ca-bundle", "int-bundle", "int-dir", "metadata", "remote", "config"}
+var serverFlags = []string{"address", "port", "ca", "ca-key", "ca-bundle", "int-bundle", "int-dir", "metadata", "remote", "config", "uselocal"}
 
 // registerHandlers instantiates various handlers and associate them to corresponding endpoints.
 func registerHandlers(c cli.Config) error {
@@ -95,6 +96,9 @@ func registerHandlers(c cli.Config) error {
 	log.Info("Setting up scaninfo endpoint")
 	http.Handle("/api/v1/cfssl/scaninfo", scan.NewInfoHandler())
 
+	log.Info("Setting up static endpoints")
+	http.Handle("/", http.FileServer(FS(c.UseLocal)))
+
 	log.Info("Handler set up complete.")
 	return nil
 }
diff --git a/cli/serve/static.go b/cli/serve/static.go
diff --git a/cli/serve/static/index.html b/cli/serve/static/index.html
diff --git a/cli/serve/static/scan.html b/cli/serve/static/scan.html
diff --git a/cli/sign/sign.go b/cli/sign/sign.go
diff --git a/cli/version/version.go b/cli/version/version.go
diff --git a/doc/api.txt b/doc/api.txt
diff --git a/helpers/testsuite/servers_test.go b/helpers/testsuite/servers_test.go
diff --git a/scan/pki.go b/scan/pki.go
diff --git a/signer/remote/remote_test.go b/signer/remote/remote_test.go

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ func get(t testing.T, ts httptest.Server) (resp *http.Response, body []byte) {`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`func TestRigidHandle(t *testing.T) {`
`76`		`- ts := httptest.NewServer(HTTPHandler{Handler: HandlerFunc(simpleHandle), Method: "POST"})`
	`76`	`+ ts := httptest.NewServer(HTTPHandler{Handler: HandlerFunc(simpleHandle), Methods: []string{"POST"}})`
`77`	`77`	`defer ts.Close()`
`78`	`78`
`79`	`79`	`// Response to compliment`
`@@ -143,7 +143,7 @@ func TestRigidHandle(t *testing.T) {`
`143`	`143`	`}`
`144`	`144`
`145`	`145`	`func TestCleverHandle(t *testing.T) {`
`146`		`- ts := httptest.NewServer(HTTPHandler{Handler: HandlerFunc(cleverHandle), Method: "POST"})`
	`146`	`+ ts := httptest.NewServer(HTTPHandler{Handler: HandlerFunc(cleverHandle), Methods: []string{"POST"}})`
`147`	`147`	`defer ts.Close()`
`148`	`148`
`149`	`149`	`// Response ty to compliment`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+// Package bundle implements the HTTP handler for the bundle command.`
`1`	`2`	`package bundle`
`2`	`3`
`3`	`4`	`import (`
`@@ -27,7 +28,7 @@ func NewHandler(caBundleFile, intBundleFile string) (http.Handler, error) {`
`27`	`28`	`}`
`28`	`29`
`29`	`30`	`log.Info("bundler API ready")`
`30`		`- return api.HTTPHandler{Handler: b, Method: "POST"}, nil`
	`31`	`+ return api.HTTPHandler{Handler: b, Methods: []string{"POST"}}, nil`
`31`	`32`	`}`
`32`	`33`
`33`	`34`	`// Handle implements an http.Handler interface for the bundle handler.`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+// Package generator implements the HTTP handlers for certificate generation.`
`1`	`2`	`package generator`
`2`	`3`
`3`	`4`	`import (`
`@@ -51,7 +52,7 @@ func NewHandler(validator Validator) (http.Handler, error) {`
`51`	`52`	`Handler: &Handler{`
`52`	`53`	`generator: &csr.Generator{Validator: validator},`
`53`	`54`	`},`
`54`		`- Method: "POST",`
	`55`	`+ Methods: []string{"POST"},`
`55`	`56`	`}, nil`
`56`	`57`	`}`
`57`	`58`
`@@ -176,7 +177,7 @@ func NewCertGeneratorHandler(validator Validator, caFile, caKeyFile string, poli`
`176`	`177`
`177`	`178`	`cg.generator = &csr.Generator{Validator: validator}`
`178`	`179`
`179`		`- return api.HTTPHandler{Handler: cg, Method: "POST"}, nil`
	`180`	`+ return api.HTTPHandler{Handler: cg, Methods: []string{"POST"}}, nil`
`180`	`181`	`}`
`181`	`182`
`182`	`183`	`// NewCertGeneratorHandlerFromSigner returns a handler directly from`
`@@ -187,7 +188,7 @@ func NewCertGeneratorHandlerFromSigner(validator Validator, signer signer.Signer`
`187`	`188`	`generator: &csr.Generator{Validator: validator},`
`188`	`189`	`signer: signer,`
`189`	`190`	`},`
`190`		`- Method: "POST",`
	`191`	`+ Methods: []string{"POST"},`
`191`	`192`	`}`
`192`	`193`	`}`
`193`	`194`