ziti-sdk-swift/CZitiTests/ZitiIdentityTests.swift at 37a706940115d16f35b0317691c27a03a3d8db45 · openziti/ziti-sdk-swift · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/*
Copyright NetFoundry Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import XCTest
@testable import CZiti

class ZitiIdentityTests: XCTestCase {

    func testCodableRoundTrip() throws {
        let id = ZitiIdentity(id: "test-id-123", ztAPIs: ["https://ctrl1:1280", "https://ctrl2:1280"],
                              name: "test-identity", certs: "-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----",
                              ca: "-----BEGIN CERTIFICATE-----\nca\n-----END CERTIFICATE-----")
        id.startDisabled = true

        let data = try JSONEncoder().encode(id)
        let decoded = try JSONDecoder().decode(ZitiIdentity.self, from: data)

        XCTAssertEqual(decoded.id, "test-id-123")
        XCTAssertEqual(decoded.ztAPIs, ["https://ctrl1:1280", "https://ctrl2:1280"])
        XCTAssertEqual(decoded.name, "test-identity")
        XCTAssertEqual(decoded.certs, "-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----")
        XCTAssertEqual(decoded.ca, "-----BEGIN CERTIFICATE-----\nca\n-----END CERTIFICATE-----")
        XCTAssertEqual(decoded.startDisabled, true)
    }

    func testZtAPIDerivedFromZtAPIs() {
        let id = ZitiIdentity(id: "x", ztAPIs: ["https://first:1280", "https://second:1280"])
        XCTAssertEqual(id.ztAPI, "https://first:1280")
    }

    func testZtAPIEmptyWhenZtAPIsEmpty() {
        let id = ZitiIdentity(id: "x", ztAPIs: [])
        XCTAssertEqual(id.ztAPI, "")
    }

    func testOptionalFieldsDefaultToNil() throws {
        let json = """
        {"id":"minimal","ztAPI":"https://ctrl:1280"}
        """
        let decoded = try JSONDecoder().decode(ZitiIdentity.self, from: json.data(using: .utf8)!)
        XCTAssertEqual(decoded.id, "minimal")
        XCTAssertNil(decoded.name)
        XCTAssertNil(decoded.certs)
        XCTAssertNil(decoded.ca)
        XCTAssertNil(decoded.ztAPIs)
    }

    func testSaveAndLoadFromFile() throws {
        let id = ZitiIdentity(id: "file-test", ztAPIs: ["https://ctrl:1280"], name: "saved")
        let tmpFile = NSTemporaryDirectory() + "ZitiIdentityTest-\(UUID().uuidString).zid"
        defer { try? FileManager.default.removeItem(atPath: tmpFile) }

        XCTAssertTrue(id.save(tmpFile))

        let data = try Data(contentsOf: URL(fileURLWithPath: tmpFile))
        let loaded = try JSONDecoder().decode(ZitiIdentity.self, from: data)
        XCTAssertEqual(loaded.id, "file-test")
        XCTAssertEqual(loaded.name, "saved")
    }

    func testStartDisabledRoundTripFalse() throws {
        let id = ZitiIdentity(id: "x", ztAPIs: ["https://ctrl:1280"])
        id.startDisabled = false
        let data = try JSONEncoder().encode(id)
        let decoded = try JSONDecoder().decode(ZitiIdentity.self, from: data)
        XCTAssertEqual(decoded.startDisabled, false)
    }

    func testStartDisabledRoundTripTrue() throws {
        let id = ZitiIdentity(id: "x", ztAPIs: ["https://ctrl:1280"])
        id.startDisabled = true
        let data = try JSONEncoder().encode(id)
        let decoded = try JSONDecoder().decode(ZitiIdentity.self, from: data)
        XCTAssertEqual(decoded.startDisabled, true)
    }

#if CZITI_TEST_INSECURE_KEYS
    func testKeyDefaultsToNil() throws {
        let id = ZitiIdentity(id: "x", ztAPIs: ["https://ctrl:1280"])
        XCTAssertNil(id.key)

        let data = try JSONEncoder().encode(id)
        let decoded = try JSONDecoder().decode(ZitiIdentity.self, from: data)
        XCTAssertNil(decoded.key)
    }

    func testKeyRoundTrip() throws {
        let pem = "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJB...\n-----END RSA PRIVATE KEY-----\n"
        let id = ZitiIdentity(id: "x", ztAPIs: ["https://ctrl:1280"])
        id.key = pem

        let data = try JSONEncoder().encode(id)
        let decoded = try JSONDecoder().decode(ZitiIdentity.self, from: data)
        XCTAssertEqual(decoded.key, pem)
    }
#endif

    func testDecodeOldZidWithoutKeyField() throws {
        // Existing .zid files in the wild never have a key field. Must still decode.
        let json = """
        {"id":"legacy","ztAPI":"https://ctrl:1280","certs":"CERT","ca":"CA"}
        """
        let decoded = try JSONDecoder().decode(ZitiIdentity.self, from: json.data(using: .utf8)!)
        XCTAssertEqual(decoded.id, "legacy")
    }
}