check mtls tests

CheckPointSW · Dec 17, 2024 · 8a47b3b · 8a47b3b
1 parent 0b97cd2
commit 8a47b3b
Show file tree

Hide file tree

Showing 18 changed files with 636 additions and 320 deletions.
diff --git a/internal/models/web-api-asset/input.go b/internal/models/web-api-asset/input.go
@@ -103,3 +103,12 @@ func (inputs TagsInputs) ToIndicatorsMap() map[string]TagInput {
 
 	return ret
 }
+
+func (mtlsInputs MTLSSchemas) ToIndicatorMap() map[string]MTLSSchema {
+	mTLSs := make(map[string]MTLSSchema)
+	for _, mTLS := range mtlsInputs {
+		mTLSs[mTLS.Type] = mTLS
+	}
+
+	return mTLSs
+}
diff --git a/internal/models/web-api-asset/schema.go b/internal/models/web-api-asset/schema.go
@@ -1,7 +1,28 @@
 package models
 
+import (
+	"encoding/base64"
+	"fmt"
+)
+
 const (
 	SourceIdentifierValueIDSeparator = ";;;"
+	FileDataFormat                   = "data:%s;base64,%s"
+
+	mTLSFileTypePEM = ".pem"
+	mTLSFileTypeCRT = ".crt"
+	mTLSFileTypeDER = ".der"
+	mTLSFileTypeP12 = ".p12"
+	mTLSFileTypePFX = ".pfx"
+	mTLSFileTypeP7B = ".p7b"
+	mTLSFileTypeP7C = ".p7c"
+	mTLSFileTypeCER = ".cer"
+
+	mimeTypePEM = "application/octet-stream"
+	mimeTypeDER = "application/x-x509-ca-cert"
+	mimeTypeP12 = "application/x-pkcs12"
+	mimeTypeP7B = "application/x-pkcs7-certificates"
+	mimeTypeP7C = "application/pkcs7-mime"
 )
 
 // SchemaPracticeMode represents a PracticeMode field of a practice field of a web API asset as it is saved in the state file
@@ -35,3 +56,70 @@ type SchemaTag struct {
 	Key   string `json:"key"`
 	Value string `json:"value"`
 }
+
+// MTLSSchema represents a field of web API asset as it is saved in the state file
+// this structure is aligned with the input schema (see web-api-asset.go file)
+type MTLSSchema struct {
+	FilenameID      string `json:"filename_id,omitempty"`
+	Filename        string `json:"filename,omitempty"`
+	CertificateType string `json:"certificate_type,omitempty"`
+	DataID          string `json:"data_id,omitempty"`
+	Data            string `json:"data"`
+	Type            string `json:"type,omitempty"`
+	EnableID        string `json:"enable_id,omitempty"`
+	Enable          bool   `json:"enable,omitempty"`
+}
+
+type MTLSSchemas []MTLSSchema
+
+// FileExtensionToMimeType returns the MIME type for a given file extension
+// if the extension is not recognized, it returns "application/octet-stream" - a generic binary file MIME type
+// the function is used to set the MIME type for the certificate type in the MTLSSchema
+// the certificate types that are allowed displayed in the web-api-asset.go file
+func FileExtensionToMimeType(extension string) string {
+	switch extension {
+	case mTLSFileTypePEM:
+		return mimeTypePEM
+	case mTLSFileTypeDER, mTLSFileTypeCER, mTLSFileTypeCRT:
+		return mimeTypeDER
+	case mTLSFileTypeP12, mTLSFileTypePFX:
+		return mimeTypeP12
+	case mTLSFileTypeP7B:
+		return mimeTypeP7B
+	case mTLSFileTypeP7C:
+		return mimeTypeP7C
+	default:
+		return mimeTypePEM
+	}
+}
+
+// MimeTypeToFileExtension returns the file extension for a given MIME type
+// the function is used to set the certificate type in the MTLSSchema
+func MimeTypeToFileExtension(mimeType string) string {
+	switch mimeType {
+	case mimeTypePEM:
+		return mTLSFileTypePEM
+	case mimeTypeDER:
+		return mTLSFileTypeDER
+	case mimeTypeP12:
+		return mTLSFileTypeP12
+	case mimeTypeP7B:
+		return mTLSFileTypeP7B
+	case mimeTypeP7C:
+		return mTLSFileTypeP7C
+	default:
+		return mTLSFileTypePEM
+	}
+}
+
+func NewFileSchemaEncode(filename, fileData, mTLSType, certificateType string, fileEnable bool) MTLSSchema {
+	b64Data := base64.StdEncoding.EncodeToString([]byte(fileData))
+	data := fmt.Sprintf(FileDataFormat, FileExtensionToMimeType(certificateType), b64Data)
+
+	return MTLSSchema{
+		Filename: filename,
+		Data:     data,
+		Type:     mTLSType,
+		Enable:   fileEnable,
+	}
+}
diff --git a/internal/models/web-app-asset/input.go b/internal/models/web-app-asset/input.go
@@ -105,8 +105,8 @@ func (inputs TagsInputs) ToIndicatorsMap() map[string]TagInput {
 	return ret
 }
 
-func (mtlsInputs FileSchemas) ToIndicatorMap() map[string]FileSchema {
-	mTLSs := make(map[string]FileSchema)
+func (mtlsInputs MTLSSchemas) ToIndicatorMap() map[string]MTLSSchema {
+	mTLSs := make(map[string]MTLSSchema)
 	for _, mTLS := range mtlsInputs {
 		mTLSs[mTLS.Type] = mTLS
 	}

diff --git a/internal/models/web-app-asset/schema.go b/internal/models/web-app-asset/schema.go
@@ -3,13 +3,12 @@ package models
 import (
 	"encoding/base64"
 	"fmt"
-	"mime"
+	webAPIAssetModels "github.com/CheckPointSW/terraform-provider-infinity-next/internal/models/web-api-asset"
 )
 
 const (
 	SourceIdentifierValueIDSeparator = ";;;"
-	//FileDataFilenameFormat           = "%s;"
-	FileDataFormat = "data:%s;base64,%s"
+	FileDataFormat                   = "data:%s;base64,%s"
 )
 
 // SchemaPracticeMode represents a PracticeMode field of a practice field of a
@@ -45,7 +44,9 @@ type SchemaTag struct {
 	Value string `json:"value"`
 }
 
-type FileSchema struct {
+// MTLSSchema represents a field of web application asset as it is saved in the state file
+// this structure is aligned with the input schema (see web-app-asset.go file)
+type MTLSSchema struct {
 	FilenameID      string `json:"filename_id,omitempty"`
 	Filename        string `json:"filename,omitempty"`
 	CertificateType string `json:"certificate_type,omitempty"`
@@ -56,50 +57,12 @@ type FileSchema struct {
 	Enable          bool   `json:"enable,omitempty"`
 }
 
-func fileExtensionToMimeType(extension string) string {
-	switch extension {
-	case ".pem":
-		return "application/x-pem-file"
-	case ".der", ".cer", ".crt":
-		return "application/x-x509-ca-cert"
-	case ".p12", ".pfx":
-		return "application/x-pkcs12"
-	case ".p7b":
-		return "application/x-pkcs7-certificates"
-	case ".p7c":
-		return "application/pkcs7-mime"
-	default:
-		return "application/octet-stream"
-	}
-}
-
-func MimeTypeToFileExtension(mimeType string) string {
-	switch mimeType {
-	case "application/x-pem-file":
-		return ".pem"
-	case "application/x-x509-ca-cert":
-		return ".cer"
-	case "application/x-pkcs12":
-		return ".p12"
-	case "application/x-pkcs7-certificates":
-		return ".p7b"
-	case "application/pkcs7-mime":
-		return ".p7c"
-	default:
-		return ".pem"
-	}
-}
+type MTLSSchemas []MTLSSchema
 
-type FileSchemas []FileSchema
-
-func NewFileSchemaEncode(filename, fileData, mTLSType, certificateType string, fileEnable bool) FileSchema {
+func NewFileSchemaEncode(filename, fileData, mTLSType, certificateType string, fileEnable bool) MTLSSchema {
 	b64Data := base64.StdEncoding.EncodeToString([]byte(fileData))
-	data := fmt.Sprintf(FileDataFormat, fileExtensionToMimeType(certificateType), b64Data)
-	fmt.Println("\nfile extension %s to mime type %s\n", certificateType, mime.TypeByExtension(certificateType))
-	//data := fmt.Sprintf(FileDataFormat, mime.TypeByExtension(certificateType), b64Data)
-	//filenameFmt := fmt.Sprintf(FileDataFilenameFormat, filepath.Base(filename))
-
-	return FileSchema{
+	data := fmt.Sprintf(FileDataFormat, webAPIAssetModels.FileExtensionToMimeType(certificateType), b64Data)
+	return MTLSSchema{
 		Filename: filename,
 		Data:     data,
 		Type:     mTLSType,

diff --git a/internal/resources/tests/add-mtls_test.go b/internal/resources/tests/add-mtls_test.go
@@ -95,12 +95,12 @@ func TestAccWebApplicationAssetWithmTLSBasic(t *testing.T) {
 						"tags.0.key":        "tagkey1",
 						"tags.0.value":      "tagvalue1",
 
-						//"mtls.#":                  "1",
-						//"mtls.0.filename":         "cert.pem",
-						//"mtls.0.certificate_type": ".pem",
-						//"mtls.0.data":             "cert data",
-						//"mtls.0.type":             "client",
-						//"mtls.0.enable":           "true",
+						"mtls.#":                  "1",
+						"mtls.0.filename":         "cert.pem",
+						"mtls.0.certificate_type": ".pem",
+						"mtls.0.data":             "cert data",
+						"mtls.0.type":             "client",
+						"mtls.0.enable":           "true",
 					}),
 						resource.TestCheckResourceAttrSet(assetResourceName, "id"),
 						resource.TestCheckResourceAttrSet(assetResourceName, "practice.0.id"),
@@ -203,12 +203,12 @@ func TestAccWebApplicationAssetWithmTLSFull(t *testing.T) {
 						"tags.1.key":        "tagkey2",
 						"tags.1.value":      "tagvalue2",
 
-						//"mtls.#":          "1",
-						//"mtls.0.filename": "cert.der",
-						////"mtls.0.certificate_type": ".pem",
-						//"mtls.0.data":   "cert data",
-						//"mtls.0.type":   "client",
-						//"mtls.0.enable": "true",
+						"mtls.#":                  "1",
+						"mtls.0.filename":         "cert.der",
+						"mtls.0.certificate_type": ".der",
+						"mtls.0.data":             "cert data",
+						"mtls.0.type":             "client",
+						"mtls.0.enable":           "true",
 					}),
 						resource.TestCheckResourceAttrSet(assetResourceName, "id"),
 						resource.TestCheckResourceAttrSet(assetResourceName, "practice.0.id"),
@@ -288,17 +288,17 @@ func TestAccWebApplicationAssetWithmTLSFull(t *testing.T) {
 						"tags.2.key":        "tagkey2",
 						"tags.2.value":      "tagvalue1",
 
-						//"mtls.#":                  "2",
-						//"mtls.0.filename":         "newfile.der",
-						//"mtls.0.certificate_type": ".cer",
-						//"mtls.0.data":             "new cert data",
-						//"mtls.0.type":             "server",
-						//"mtls.0.enable":           "true",
-						//"mtls.1.filename":         "newfile2.p12",
-						//"mtls.1.certificate_type": ".p12",
-						//"mtls.1.data":             "new cert data2",
-						//"mtls.1.type":             "client",
-						//"mtls.1.enable":           "false",
+						"mtls.#":                  "2",
+						"mtls.0.filename":         "newfile.crt",
+						"mtls.0.certificate_type": ".der",
+						"mtls.0.data":             "new cert data",
+						"mtls.0.type":             "server",
+						"mtls.0.enable":           "true",
+						"mtls.1.filename":         "newfile2.p12",
+						"mtls.1.certificate_type": ".p12",
+						"mtls.1.data":             "new cert data2",
+						"mtls.1.type":             "client",
+						"mtls.1.enable":           "false",
 					}),
 						resource.TestCheckResourceAttrSet(assetResourceName, "id"),
 						resource.TestCheckResourceAttrSet(assetResourceName, "practice.0.id"),
@@ -334,20 +334,6 @@ func webApplicationAssetmTLSBasicConfig(name string) string {
 resource "inext_web_app_asset" %[1]q {
 	name = %[1]q
 	urls = ["http://host/%[1]s/path1"]
-	mtls {
-		filename = "cert.pfx"
-		certificate_type = ".pfx"
-		data	 = "cert data"
-		type = "client"
-		enable = true
-	}
-	mtls {
-		filename = "cert.p7b"
-		certificate_type = ".p7b"
-		data	 = "cert data"
-		type = "server"
-		enable = true
-	}
 }
 `, name)
 }
@@ -405,13 +391,6 @@ resource "inext_web_app_asset" %[1]q {
 		type = "client"
 		enable = true
 	}
-	mtls {
-		filename = "cert.p7c"
-		certificate_type = ".p7c"
-		data	 = "cert data"
-		type = "server"
-		enable = true
-	}
 }
 
 resource "inext_appsec_gateway_profile" %[2]q {
@@ -559,13 +538,6 @@ resource "inext_web_app_asset" %[1]q {
 		type = "client"
 		enable = true
 	}
-	mtls {
-		filename = "cert.cer"
-		certificate_type = ".cer"
-		data	 = "cert data"
-		type = "server"
-		enable = true
-	}
 }
 
 resource "inext_appsec_gateway_profile" %[2]q {
@@ -746,7 +718,7 @@ resource "inext_web_app_asset" %[1]q {
 	}
 	mtls {
 		filename = "newfile.crt"
-		certificate_type = ".crt"
+		certificate_type = ".der"
 		data	 = "new cert data"
 		type = "server"
 		enable = true

diff --git a/internal/resources/tests/web-api-asset_test.go b/internal/resources/tests/web-api-asset_test.go
@@ -60,7 +60,7 @@ func TestAccWebAPIAssetBasic(t *testing.T) {
 						"urls_ids.#":                            "2",
 						"profiles.#":                            "1",
 						"practice.#":                            "1",
-						"practice.0.%":                          "6",
+						"practice.0.%":                          "5",
 						"practice.0.triggers.#":                 "1",
 						"practice.0.sub_practices_modes.IPS":    "AccordingToPractice",
 						"practice.0.sub_practices_modes.WebBot": "AccordingToPractice",
@@ -156,7 +156,7 @@ func TestAccWebAPIAssetFull(t *testing.T) {
 						"urls_ids.#":                            "2",
 						"profiles.#":                            "1",
 						"practice.#":                            "1",
-						"practice.0.%":                          "6",
+						"practice.0.%":                          "5",
 						"practice.0.triggers.#":                 "1",
 						"practice.0.sub_practices_modes.IPS":    "AccordingToPractice",
 						"practice.0.sub_practices_modes.WebBot": "AccordingToPractice",
@@ -228,7 +228,7 @@ func TestAccWebAPIAssetFull(t *testing.T) {
 						"urls_ids.#":                            "2",
 						"profiles.#":                            "1",
 						"practice.#":                            "1",
-						"practice.0.%":                          "6",
+						"practice.0.%":                          "5",
 						"practice.0.triggers.#":                 "1",
 						"practice.0.sub_practices_modes.IPS":    "Learn",
 						"practice.0.sub_practices_modes.WebBot": "Inactive",