-
Notifications
You must be signed in to change notification settings - Fork 4
/
crl_test.go
107 lines (83 loc) · 2.33 KB
/
crl_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package main
import (
"crypto/x509"
"io/ioutil"
"math/big"
"os"
"testing"
)
func TestGetDistributionPoint(t *testing.T) {
cert, _ := readCertificate("./testdata/certificate.pem")
server, _ := getCRLDistributionPoint(cert)
expected := "http://crl3.digicert.com/ssca-sha2-g3.crl"
if server != expected {
t.Errorf("expected %q, got %q", expected, server)
}
}
func TestGetDestributionPointFromCertWithoutCRL(t *testing.T) {
cert, _ := readCertificate("./testdata/cloudflare_origin_ca_rsa_root.crt")
server, _ := getCRLDistributionPoint(cert)
expected := ""
if server != expected {
t.Errorf("expected %q, got %q", expected, server)
}
}
func TestFindCert(t *testing.T) {
// NOTE: DigiCert SHA2 Extended Validation Server CA CRL
crl, _ := ioutil.ReadFile("./testdata/sha2-ev-server-g2.crl")
resp, err := x509.ParseCRL(crl)
if err != nil {
t.Fatal(err)
}
// Serial belongs to https://censys.io/certificates/39e31c9f5913e4ed68c9582de80c8be4689608f622075d0c81b6fe52dfe2db82
s := new(big.Int)
s.SetString("17015245701990644280577643802745589798", 10)
test := findCert(s, resp)
if test == nil {
t.Errorf("expected to find revoked certificate with serial number %q", s.String())
}
}
func TestFindNonExistingRevokedCert(t *testing.T) {
// NOTE: DigiCert SHA2 Extended Validation Server CA CRL
crl, _ := ioutil.ReadFile("./testdata/sha2-ev-server-g2.crl")
resp, err := x509.ParseCRL(crl)
if err != nil {
t.Fatal(err)
}
test := findCert(big.NewInt(0), resp)
if test != nil {
t.Error("did not expect to find a revoked certificate")
}
}
func TestGetCRLResponse(t *testing.T) {
httpClient := &MockHTTPClient{}
client := NewClient(httpClient, os.Stdout)
cert, err := readCertificate("./testdata/cisco_revoked.pem")
if err != nil {
t.Fatal(err)
}
st, err := client.GetCRLResponse(cert)
if err != nil {
t.Fatal(err)
}
expected := "Revoked"
if st.Status != expected {
t.Errorf("expected %q, got %q", expected, st.Status)
}
}
func TestGetCRLResponseNotRevoked(t *testing.T) {
httpClient := &MockHTTPClient{}
client := NewClient(httpClient, os.Stdout)
cert, err := readCertificate("./testdata/twitter.pem")
if err != nil {
t.Fatal(err)
}
st, err := client.GetCRLResponse(cert)
if err != nil {
t.Fatal(err)
}
expected := "Good"
if st.Status != expected {
t.Errorf("expected %q, got %q", expected, st.Status)
}
}