Implement enough to satisfy the tests TestPingTPP TestRetrieveSelfIdentity TestGetRefreshToken TestGetRefreshTokenWithDefaultScope

	/vedauth/authorize/oauth
	/vedsdk/Identity/Self
	/vedsdk/certificates/checkpolicy
	/vedsdk/

Signed-off-by: Richard Wall <[email protected]>

Author: wallrj

Makefile

@@ -59,13 +59,16 @@ test: get linter
 	go test -v -coverprofile=cov_cmd.out ./cmd/vcert
 	go tool cover -func=cov_cmd.out
 
+WHAT ?= .
+
 tpp_test: get
-	go test -v $(GOFLAGS) -coverprofile=cov_tpp.out ./pkg/venafi/tpp
+	go test -v $(GOFLAGS) -coverprofile=cov_tpp.out ./pkg/venafi/tpp  -run $(WHAT)
 	go tool cover -func=cov_tpp.out
 
 fake_tpp_test: export MAKE := $(MAKE)
+fake_tpp_test: export WHAT := ^\(TestPingTPP\|TestRetrieveSelfIdentity\|TestGetRefreshToken\|TestGetRefreshTokenWithDefaultScope\)
 fake_tpp_test:
-	go test ./test/tpp/fake/...
+	go test ./test/tpp/fake/... -count=1 -v
 
 cloud_test: get
 	go test -v $(GOFLAGS) -coverprofile=cov_vaas.out ./pkg/venafi/cloud

go.mod

@@ -2,15 +2,18 @@ module github.com/Venafi/vcert/v4
 
 require (
 	github.com/go-logr/logr v1.2.3
+	github.com/go-openapi/errors v0.20.3
+	github.com/go-openapi/strfmt v0.21.3
+	github.com/go-openapi/swag v0.22.3
 	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c
 	github.com/pavel-v-chernykh/keystore-go/v4 v4.1.0
 	github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d
 	github.com/spf13/viper v1.7.0
-	github.com/stretchr/testify v1.3.0
+	github.com/stretchr/testify v1.8.0
 	github.com/urfave/cli/v2 v2.1.1
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
-	golang.org/x/sync v0.0.0-20190423024810-112230192c58
+	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	gopkg.in/ini.v1 v1.51.0
 	gopkg.in/yaml.v2 v2.4.0
 	software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237

go.sum

@@ -198,11 +198,11 @@ type oauthGetRefreshTokenRequest struct {
 }
 type OauthGetRefreshTokenResponse struct {
 	Access_token  string `json:"access_token,omitempty"`
-	Expires       int    `json:"expires,omitempty"`
-	ExpiresIn     int    `json:"expires_in,omitempty"` //Attribute added as it's used on vSSH
+	Expires       uint64 `json:"expires,omitempty"`
+	ExpiresIn     uint64 `json:"expires_in,omitempty"` //Attribute added as it's used on vSSH
 	Identity      string `json:"identity,omitempty"`
 	Refresh_token string `json:"refresh_token,omitempty"`
-	Refresh_until int    `json:"refresh_until,omitempty"`
+	Refresh_until uint64 `json:"refresh_until,omitempty"`
 	Scope         string `json:"scope,omitempty"`
 	Token_type    string `json:"token_type,omitempty"`
 }
@@ -461,7 +461,7 @@ func (c *Connector) request(method string, resource urlResource, data interface{
 	defer res.Body.Close()
 	body, err = ioutil.ReadAll(res.Body)
 	// Do not enable trace in production
-	trace := false // IMPORTANT: sensitive information can be diclosured
+	trace := true // IMPORTANT: sensitive information can be diclosured
 	// I hope you know what are you doing
 	if trace {
 		log.Println("#################")

pkg/venafi/tpp/tpp.go

@@ -2,27 +2,57 @@ package fake
 
 import (
 	"context"
+	"encoding/json"
 	"net/http"
 	"net/http/httptest"
+	"sync"
+	"time"
 
+	"github.com/Venafi/vcert/v4/test/tpp/fake/models"
 	"github.com/go-logr/logr"
 )
 
-type Fake struct {
-	*httptest.Server
+type state struct {
+	sync.RWMutex
+	username            string
+	password            string
+	refreshToken        string
+	accessToken         string
+	refreshTokenExpires time.Time
 }
 
-func New() *Fake {
-	mux := http.NewServeMux()
-	mux.HandleFunc("/vedauth/authorize/oauth", func(w http.ResponseWriter, req *http.Request) {
-		defer req.Body.Close()
-		w.Write([]byte("{}"))
-		return
-	})
-	ts := httptest.NewUnstartedServer(mux)
-	return &Fake{
-		Server: ts,
-	}
+func (o *state) WithUsername(username string) *state {
+	o.Lock()
+	defer o.Unlock()
+	o.username = username
+	return o
+}
+
+func (o *state) WithPassword(password string) *state {
+	o.Lock()
+	defer o.Unlock()
+	o.password = password
+	return o
+}
+
+func (o *state) WithRefreshToken(token string) *state {
+	o.Lock()
+	defer o.Unlock()
+	o.accessToken = token
+	return o
+}
+
+func (o *state) WithAccessToken(token string) *state {
+	o.Lock()
+	defer o.Unlock()
+	o.accessToken = token
+	return o
+}
+
+type Fake struct {
+	*state
+	*httptest.Server
+	log logr.Logger
 }
 
 func (o *Fake) Start(ctx context.Context) {
@@ -37,6 +67,105 @@ func (o *Fake) Close(ctx context.Context) {
 	o.Server.Close()
 }
 
+func New(log logr.Logger) *Fake {
+	mux := http.NewServeMux()
+	ts := httptest.NewUnstartedServer(mux)
+	f := &Fake{
+		log:    log,
+		state:  &state{},
+		Server: ts,
+	}
+	mux.HandleFunc("/vedauth/authorize/oauth", f.handlerAuthorizeOAuth)
+	mux.HandleFunc("/vedsdk/Identity/Self", f.handlerIdentitySelf)
+	mux.HandleFunc("/vedsdk/certificates/checkpolicy", f.handlerCertificatesCheckPolicy)
+	mux.HandleFunc("/vedsdk/", f.handlerPing)
+	mux.HandleFunc("/", f.handlerCatchAll)
+	return f
+}
+
+func (o *Fake) handlerAuthorizeOAuth(w http.ResponseWriter, req *http.Request) {
+	defer req.Body.Close()
+	o.log.Info("request", "uri", req.RequestURI)
+	decoder := json.NewDecoder(req.Body)
+	var in models.AuthorizeOAuthRequest
+	if err := decoder.Decode(&in); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	if in.Username != o.username || in.Password != o.password {
+		// Mimics the behavior of TPP 20.4 and above. See:
+		// https://github.com/jetstack/venafi-oauth-helper/issues/25#issuecomment-854037706
+		http.Error(w, `{"error":"invalid_grant","error_description":"Username\/password combination not valid"}`,
+			http.StatusBadRequest)
+		return
+	}
+	o.WithRefreshToken(o.refreshToken + "x")
+	o.WithAccessToken(o.accessToken + "x")
+	out := models.AuthorizeOAuthResponse{
+		AccessToken:  o.accessToken,
+		Expires:      uint64(time.Now().UTC().Add(time.Hour).Unix()),
+		RefreshToken: o.refreshToken,
+		RefreshUntil: uint64(o.refreshTokenExpires.Unix()),
+		Scope:        in.Scope,
+		TokenType:    "Bearer",
+		Identity:     "",
+	}
+	encoder := json.NewEncoder(w)
+	if err := encoder.Encode(&out); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+}
+
+func (o *Fake) handlerIdentitySelf(w http.ResponseWriter, req *http.Request) {
+	defer req.Body.Close()
+	log := o.log.WithValues("uri", req.RequestURI).WithName("handlerIdentifySelf")
+	log.V(1).Info("request")
+	out := models.IdentityWebResponse{
+		Identities: []*models.IdentityEntry{
+			&models.IdentityEntry{
+				Name: "Joe Bloggs",
+			},
+		},
+	}
+	encoder := json.NewEncoder(w)
+	if err := encoder.Encode(&out); err != nil {
+		log.Error(err, "While encoding response")
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+}
+
+func (o *Fake) handlerCertificatesCheckPolicy(w http.ResponseWriter, req *http.Request) {
+	defer req.Body.Close()
+	log := o.log.WithValues("uri", req.RequestURI).WithName("handlerCertificatesCheckPolicy")
+	log.V(1).Info("request")
+	decoder := json.NewDecoder(req.Body)
+	var in models.CheckPolicyRequest
+	if err := decoder.Decode(&in); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	out := models.CheckPolicyResponse{}
+	encoder := json.NewEncoder(w)
+	if err := encoder.Encode(&out); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+}
+
+func (o *Fake) handlerPing(w http.ResponseWriter, req *http.Request) {
+	defer req.Body.Close()
+	o.log.Info("request", "uri", req.RequestURI)
+	if req.URL.Path != "/vedsdk/" {
+		panic(req)
+	}
+}
+
+func (o *Fake) handlerCatchAll(w http.ResponseWriter, req *http.Request) {
+	panic(req)
+}
+
 func logFromContext(ctx context.Context) logr.Logger {
 	log, err := logr.FromContext(ctx)
 	if err != nil {

test/tpp/fake/fake.go

@@ -30,7 +30,13 @@ func TestFake(t *testing.T) {
 	})
 	ctx = logr.NewContext(ctx, log)
 
-	s := fake.New()
+	const (
+		tppUsername = "user1"
+		tppPassword = "password1"
+		tppZone     = "zone1"
+	)
+	s := fake.New(log)
+	s.WithUsername(tppUsername).WithPassword(tppPassword)
 	s.Start(ctx)
 	t.Cleanup(func() { s.Close(ctx) })
 
@@ -39,6 +45,9 @@ func TestFake(t *testing.T) {
 	cmd.Env = append(
 		os.Environ(),
 		"TPP_URL="+s.URL,
+		"TPP_USER="+tppUsername,
+		"TPP_PASSWORD="+tppPassword,
+		"TPP_ZONE="+tppZone,
 	)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr