98 lines
2.6 KiB
Go
98 lines
2.6 KiB
Go
package handlers
|
|
|
|
import "crypto/x509"
|
|
import "encoding/pem"
|
|
import "testing"
|
|
|
|
import "codit/internal/models"
|
|
|
|
func TestBuildCRLPEMIncludesOddLengthHexSerials(t *testing.T) {
|
|
var certPEM string
|
|
var keyPEM string
|
|
var ca models.PKICA
|
|
var certs []models.PKICert
|
|
var crlPEM string
|
|
var block *pem.Block
|
|
var crl *x509.RevocationList
|
|
var entries []x509.RevocationListEntry
|
|
var err error
|
|
|
|
certPEM, keyPEM, err = generateRootCA("test-ca", 365)
|
|
if err != nil {
|
|
t.Fatalf("generate root ca: %v", err)
|
|
}
|
|
ca = models.PKICA{
|
|
ID: "ca1",
|
|
Name: "test-ca",
|
|
CertPEM: certPEM,
|
|
KeyPEM: keyPEM,
|
|
}
|
|
certs = []models.PKICert{
|
|
{SerialHex: "5", Status: "revoked", RevokedAt: 1700000000},
|
|
{SerialHex: "0a", Status: "revoked", RevokedAt: 1700000100},
|
|
{SerialHex: "zz", Status: "revoked", RevokedAt: 1700000200},
|
|
{SerialHex: "b", Status: "active", RevokedAt: 1700000300},
|
|
}
|
|
|
|
crlPEM, err = buildCRLPEM(ca, certs)
|
|
if err != nil {
|
|
t.Fatalf("build crl: %v", err)
|
|
}
|
|
block, _ = pem.Decode([]byte(crlPEM))
|
|
if block == nil {
|
|
t.Fatalf("decode crl pem: nil block")
|
|
}
|
|
crl, err = x509.ParseRevocationList(block.Bytes)
|
|
if err != nil {
|
|
t.Fatalf("parse revocation list: %v", err)
|
|
}
|
|
entries = crl.RevokedCertificateEntries
|
|
if len(entries) != 2 {
|
|
t.Fatalf("unexpected revoked entry count: got=%d want=2", len(entries))
|
|
}
|
|
if entries[0].SerialNumber.Text(16) != "5" {
|
|
t.Fatalf("unexpected first serial: got=%s want=5", entries[0].SerialNumber.Text(16))
|
|
}
|
|
if entries[1].SerialNumber.Text(16) != "a" {
|
|
t.Fatalf("unexpected second serial: got=%s want=a", entries[1].SerialNumber.Text(16))
|
|
}
|
|
}
|
|
|
|
func TestIssueCertFromCAUsesValidSeconds(t *testing.T) {
|
|
var certPEM string
|
|
var keyPEM string
|
|
var ca models.PKICA
|
|
var issuedPEM string
|
|
var block *pem.Block
|
|
var cert *x509.Certificate
|
|
var err error
|
|
var validity int64
|
|
|
|
certPEM, keyPEM, err = generateRootCA("test-ca", 365)
|
|
if err != nil {
|
|
t.Fatalf("generate root ca: %v", err)
|
|
}
|
|
ca = models.PKICA{
|
|
ID: "ca1",
|
|
Name: "test-ca",
|
|
CertPEM: certPEM,
|
|
KeyPEM: keyPEM,
|
|
}
|
|
issuedPEM, _, _, _, err = issueCertFromCA(ca, 123, "server.example.com", []string{"server.example.com"}, []string{"127.0.0.1"}, 3600, false)
|
|
if err != nil {
|
|
t.Fatalf("issue cert: %v", err)
|
|
}
|
|
block, _ = pem.Decode([]byte(issuedPEM))
|
|
if block == nil {
|
|
t.Fatalf("decode cert pem: nil block")
|
|
}
|
|
cert, err = x509.ParseCertificate(block.Bytes)
|
|
if err != nil {
|
|
t.Fatalf("parse certificate: %v", err)
|
|
}
|
|
validity = int64(cert.NotAfter.Sub(cert.NotBefore).Seconds())
|
|
if validity < 3599 || validity > 3601 {
|
|
t.Fatalf("unexpected validity seconds: got=%d want~=3600", validity)
|
|
}
|
|
}
|