From a525cd04161abbf02105492c9c2a1df836fe53b1 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Mon, 28 Mar 2022 21:28:41 +0200 Subject: [PATCH] Start golangci-lint fixes --- cmd/cacertocsp/main.go | 3 +- pkg/ocsp/doc.go | 17 +++++++ pkg/ocsp/ocsp.go | 17 +++++++ pkg/ocsp/responder.go | 17 +++++++ pkg/ocsp/responder_test.go | 26 ++++++++++- pkg/ocspsource/ocspsource.go | 3 +- pkg/ocspsource/opensslcertdb.go | 7 +-- pkg/ocspsource/opensslcertdb_test.go | 67 +++++++++++++++++++++------- 8 files changed, 135 insertions(+), 22 deletions(-) diff --git a/cmd/cacertocsp/main.go b/cmd/cacertocsp/main.go index 0ddc35d..e069e45 100644 --- a/cmd/cacertocsp/main.go +++ b/cmd/cacertocsp/main.go @@ -32,12 +32,13 @@ import ( "syscall" "time" - "git.cacert.org/cacert-goocsp/pkg/ocsp" "github.com/knadh/koanf" "github.com/knadh/koanf/parsers/yaml" "github.com/knadh/koanf/providers/file" "github.com/sirupsen/logrus" + "git.cacert.org/cacert-goocsp/pkg/ocsp" + "git.cacert.org/cacert-goocsp/pkg/ocspsource" ) diff --git a/pkg/ocsp/doc.go b/pkg/ocsp/doc.go index 0725131..06be884 100644 --- a/pkg/ocsp/doc.go +++ b/pkg/ocsp/doc.go @@ -1,2 +1,19 @@ +/* +Copyright 2022 CAcert Inc. +SPDX-License-Identifier: Apache-2.0 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + // Package ocsp contains adapted code from github.com/cloudflare/cfssl/ocsp and golang.org/x/crypto/ocsp package ocsp diff --git a/pkg/ocsp/ocsp.go b/pkg/ocsp/ocsp.go index bd20c37..fa65599 100644 --- a/pkg/ocsp/ocsp.go +++ b/pkg/ocsp/ocsp.go @@ -1,3 +1,20 @@ +/* +Copyright 2022 CAcert Inc. +SPDX-License-Identifier: Apache-2.0 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + // Copyright 2013 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. diff --git a/pkg/ocsp/responder.go b/pkg/ocsp/responder.go index 17f6d3c..0c3be10 100644 --- a/pkg/ocsp/responder.go +++ b/pkg/ocsp/responder.go @@ -1,3 +1,20 @@ +/* +Copyright 2022 CAcert Inc. +SPDX-License-Identifier: Apache-2.0 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + // Package ocsp implements an OCSP responder based on a generic storage backend. // It provides a couple of sample implementations. // Because OCSP responders handle high query volumes, we have to be careful diff --git a/pkg/ocsp/responder_test.go b/pkg/ocsp/responder_test.go index ea197f6..bd1fd9e 100644 --- a/pkg/ocsp/responder_test.go +++ b/pkg/ocsp/responder_test.go @@ -1,3 +1,20 @@ +/* +Copyright 2022 CAcert Inc. +SPDX-License-Identifier: Apache-2.0 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package ocsp import ( @@ -35,16 +52,22 @@ func TestOCSP(t *testing.T) { {"OPTIONS", "/", http.StatusMethodNotAllowed}, {"GET", "/", http.StatusBadRequest}, // Bad URL encoding + // nolint:lll {"GET", "%ZZFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, // Bad URL encoding + // nolint:lll {"GET", "%%FQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, // Bad base64 encoding + // nolint:lll {"GET", "==MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, // Bad OCSP DER encoding + // nolint:lll {"GET", "AAAMFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, // Good encoding all around, including a double slash + // nolint:lll {"GET", "MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusOK}, // Good request, leading slash + // nolint:lll {"GET", "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusOK}, } @@ -68,6 +91,7 @@ func TestOCSP(t *testing.T) { } } +// nolint:lll var testResp = `308204f90a0100a08204f2308204ee06092b0601050507300101048204df308204db3081a7a003020100a121301f311d301b06035504030c146861707079206861636b65722066616b65204341180f32303135303932333231303630305a306c306a3042300906052b0e03021a0500041439e45eb0e3a861c7fa3a3973876be61f7b7d98860414fb784f12f96015832c9f177f3419b32e36ea41890209009cf1912ea8d509088000180f32303135303932333030303030305aa011180f32303330303832363030303030305a300d06092a864886f70d01010b05000382010100c17ed5f12c408d214092c86cb2d6ba9881637a9d5cafb8ddc05aed85806a554c37abdd83c2e00a4bb25b2d0dda1e1c0be65144377471bca53f14616f379ee0c0b436c697b400b7eba9513c5be6d92fbc817586d568156293cfa0099d64585146def907dee36eb650c424a00207b01813aa7ae90e65045339482eeef12b6fa8656315da8f8bb1375caa29ac3858f891adb85066c35b5176e154726ae746016e42e0d6016668ff10a8aa9637417d29be387a1bdba9268b13558034ab5f3e498a47fb096f2e1b39236b22956545884fbbed1884f1bc9686b834d8def4802bac8f79924a36867af87412f808977abaf6457f3cda9e7eccbd0731bcd04865b899ee41a08203193082031530820311308201f9a0030201020209009cf1912ea8d50908300d06092a864886f70d01010b0500301f311d301b06035504030c146861707079206861636b65722066616b65204341301e170d3135303430373233353033385a170d3235303430343233353033385a301f311d301b06035504030c146861707079206861636b65722066616b6520434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c20a47799a05c512b27717633413d770f936bf99de62f130c8774d476deac0029aa6c9d1bb519605df32d34b336394d48e9adc9bbeb48652767dafdb5241c2fc54ce9650e33cb672298888c403642407270cc2f46667f07696d3dd62cfd1f41a8dc0ed60d7c18366b1d2cd462d34a35e148e8695a9a3ec62b656bd129a211a9a534847992d005b0412bcdffdde23085eeca2c32c2693029b5a79f1090fe0b1cb4a154b5c36bc04c7d5a08fa2a58700d3c88d5059205bc5560dc9480f1732b1ad29b030ed3235f7fb868f904fdc79f98ffb5c4e7d4b831ce195f171729ec3f81294df54e66bd3f83d81843b640aea5d7ec64d0905a9dbb03e6ff0e6ac523d36ab0203010001a350304e301d0603551d0e04160414fb784f12f96015832c9f177f3419b32e36ea4189301f0603551d23041830168014fb784f12f96015832c9f177f3419b32e36ea4189300c0603551d13040530030101ff300d06092a864886f70d01010b050003820101001df436be66ff938ccbfb353026962aa758763a777531119377845109e7c2105476c165565d5bbce1464b41bd1d392b079a7341c978af754ca9b3bd7976d485cbbe1d2070d2d4feec1e0f79e8fec9df741e0ea05a26a658d3866825cc1aa2a96a0a04942b2c203cc39501f917a899161dfc461717fe9301fce6ea1afffd7b7998f8941cf76f62def994c028bd1c4b49b17c4d243a6fb058c484968cf80501234da89347108b56b2640cb408e3c336fd72cd355c7f690a15405a7f4ba1e30a6be4a51d262b586f77f8472b207fdd194efab8d3a2683cc148abda7a11b9de1db9307b8ed5a9cd20226f668bd6ac5a3852fd449e42899b7bc915ee747891a110a971` type testHeaderSource struct { @@ -137,7 +161,7 @@ func TestCacheHeaders(t *testing.T) { {"Etag", "\"8169FB0843B081A76E9F6F13FD70C8411597BEACF8B182136FFDD19FBD26140A\""}, } for _, tc := range testCases { - headers, ok := rw.HeaderMap[tc.header] + headers, ok := rw.Header()[tc.header] if !ok { t.Errorf("Header %s missing from HTTP response", tc.header) continue diff --git a/pkg/ocspsource/ocspsource.go b/pkg/ocspsource/ocspsource.go index a72171d..f322986 100644 --- a/pkg/ocspsource/ocspsource.go +++ b/pkg/ocspsource/ocspsource.go @@ -30,8 +30,9 @@ import ( "net/http" "time" - "git.cacert.org/cacert-goocsp/pkg/ocsp" "github.com/sirupsen/logrus" + + "git.cacert.org/cacert-goocsp/pkg/ocsp" ) type CertificateUpdate struct { diff --git a/pkg/ocspsource/opensslcertdb.go b/pkg/ocspsource/opensslcertdb.go index 1a677f4..dacf23d 100644 --- a/pkg/ocspsource/opensslcertdb.go +++ b/pkg/ocspsource/opensslcertdb.go @@ -30,9 +30,10 @@ import ( "strings" "time" - "git.cacert.org/cacert-goocsp/pkg/ocsp" "github.com/fsnotify/fsnotify" "github.com/sirupsen/logrus" + + "git.cacert.org/cacert-goocsp/pkg/ocsp" ) const ( @@ -55,7 +56,6 @@ const ( type OpenSSLCertDB struct { fileName string content map[string]*ocsp.Response - issuer *CertificateIssuer } func (o *OpenSSLCertDB) UpdateCertificate(update *CertificateUpdate) { @@ -107,6 +107,7 @@ func (o *OpenSSLCertDB) update() error { lastLine := false count := 0 + for { line, err := b.ReadString('\n') if err != nil { @@ -120,7 +121,7 @@ func (o *OpenSSLCertDB) update() error { update := parseLine(strings.TrimSpace(line)) if update != nil { o.UpdateCertificate(update) - count += 1 + count++ } if lastLine { diff --git a/pkg/ocspsource/opensslcertdb_test.go b/pkg/ocspsource/opensslcertdb_test.go index 6b20b7e..28dcd47 100644 --- a/pkg/ocspsource/opensslcertdb_test.go +++ b/pkg/ocspsource/opensslcertdb_test.go @@ -1,3 +1,20 @@ +/* +Copyright 2022 CAcert Inc. +SPDX-License-Identifier: Apache-2.0 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package ocspsource import ( @@ -15,9 +32,10 @@ import ( "testing" "time" - "git.cacert.org/cacert-goocsp/pkg/ocsp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" + + "git.cacert.org/cacert-goocsp/pkg/ocsp" ) type OcspSourceTestSuite struct { @@ -61,7 +79,8 @@ func (suite *OcspSourceTestSuite) SetupSuite() { testHandler := &OcspTestHandler{suite} suite.Server = httptest.NewServer(testHandler) - baseUrl := suite.Server.URL + + baseURL := suite.Server.URL var ( startDate, endDate time.Time @@ -92,7 +111,7 @@ func (suite *OcspSourceTestSuite) SetupSuite() { KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, IsCA: true, MaxPathLen: 3, - CRLDistributionPoints: []string{baseUrl + "/crl/root.crl"}, + CRLDistributionPoints: []string{baseURL + "/crl/root.crl"}, } suite.RootCertificate = suite.signCertificate( template, @@ -120,8 +139,8 @@ func (suite *OcspSourceTestSuite) SetupSuite() { KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, IsCA: true, MaxPathLen: 2, - OCSPServer: []string{baseUrl + "/ocsp"}, - CRLDistributionPoints: []string{baseUrl + "/crl/intermediate.crl"}, + OCSPServer: []string{baseURL + "/ocsp"}, + CRLDistributionPoints: []string{baseURL + "/crl/intermediate.crl"}, } suite.IntermediateCertificate = suite.signCertificate( template, @@ -150,8 +169,8 @@ func (suite *OcspSourceTestSuite) SetupSuite() { IsCA: false, MaxPathLen: 0, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning}, - OCSPServer: []string{baseUrl + "/ocsp"}, - CRLDistributionPoints: []string{baseUrl + "/crl/root.crl"}, + OCSPServer: []string{baseURL + "/ocsp"}, + CRLDistributionPoints: []string{baseURL + "/crl/root.crl"}, } suite.RootResponderCertificate = suite.signCertificate( template, @@ -180,8 +199,8 @@ func (suite *OcspSourceTestSuite) SetupSuite() { IsCA: false, MaxPathLen: 0, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning}, - OCSPServer: []string{baseUrl + "/ocsp"}, - CRLDistributionPoints: []string{baseUrl + "/crl/intermediate.crl"}, + OCSPServer: []string{baseURL + "/ocsp"}, + CRLDistributionPoints: []string{baseURL + "/crl/intermediate.crl"}, } suite.IntermediaResponderCertificate = suite.signCertificate( template, @@ -201,6 +220,7 @@ func newTestCertDB() *testCertDB { func (t testCertDB) LookupResponseTemplate(serial *big.Int) *ocsp.Response { serialText := serial.Text(hexBase) + if response, ok := t.content[serialText]; ok { return response } @@ -209,6 +229,7 @@ func (t testCertDB) LookupResponseTemplate(serial *big.Int) *ocsp.Response { Status: ocsp.Revoked, SerialNumber: serial, } + return response } @@ -267,6 +288,7 @@ func (suite *OcspSourceTestSuite) newRandomSerial() *big.Int { func (suite *OcspSourceTestSuite) deserializeKey(index int) crypto.Signer { var ( + // nolint:lll pkcs8Keys = []string{ `MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0sI1pZMtN8MyKE2uO8Jx7nythIzQ6QtG07Tj+CwjdsTlrLYOjtmXl5NHaElAFcCdknX5TT/P+z+uBwbFUQbTsp0Z9Dd/SX4M5VXHFyPDFHLfBdAcRO/ECy7JxbntDBdS5skpDZzsFFDUXrKtAZoAUtRn8DsrHWoSDKpoMvkT5dRyJEv6AJGhV8853PGBWH59hcPqXYts/mYOPpfGcQ9JvePKTc2+Xp+OOYm0pG8D+tpDwLu5qy0NXjgRRUS1Gs2chpV4M+cvYEU0bfZ6j5ZzaaiqWHdKlRJxL9dHArI4Lx0A4r6lTbTbkheDqndYa4i+Nxcp7FxiJEsgahCfHmdRinY+9YpFaxT3v2925y+UWCW3CYD93iumbD1XwAwrVt5ipUpW00P5Dm0A623S0WPw2sN9dCKruQtj1rDHudi8lYw3hwpQu/mEJ5rvLDnq/yINFRnQTbRGvyjiVgppIwgNzC393nPXxy7MVkKvlxLqoXtkEtZHf37rT8mjsQFLV9o4U+rKl9Bw3MiuufEu3aL7UMZ7Y1VwRBEgpQVW1sN2ycpm6mR9UMRNUMQZlF5PcODKN1rSn0G49xiUTTHfzdql1xzmh37iuFXMju071ZLAOweHNZp6E61p6PyiPhlmoWToX/UpMsCjEqLmGv8odAZnvAn+dWsg+B0pkJn4qYGwOWQIDAQABAoICAQCFYwBBmYLr2qNkGsoAD2e1at8fKlnX2JPuuGCmSYcWAUqd8E+Jf5DhkXXJQlOIcC7ke89RuWgp51u3wkEiLg9d1G6YyrE8H/5DSOxgUeJL4NNWIE1HT7Svl6f3TNP5ukg7fX6NG5vaN/ypqXISbJiIsNip1lGjsRK5sa1fUuagMPAL0NXHyxiquvzj0NJdQaLqz/ht4TBxVuZkGOCvtvGWEPciGsl6bxnxdn+XJUHnxuZgKIUgmUTxUYmmbgK6ep3bnLQ9Z/ovWzZM4QNHgq20H0Oo5gMmteubt7BMSBXkZAbo0eRyDeHD+YD8MeBooCjyw9yh2X7nUdIeoQistMavdoyqCpp+3ppDTE4aXEDXEGvjlDrRyoxMu+IYTrONDICT1H+0UDyxHBMpMXslC5WiqqPaXaiE3APxQJlTViOSYfi1AIfn6XTMDDX7xrIFryAn3/YRU3BvGEQRPdAp/PioCl1pwYrGUPzN9dpngCTlJMaGNq689paQ7cqft/+WTi/0d2znrZvfjTD8ebtMi3JRvN6gWNGdipUZylcxk+3xFZwijDf4aiFQTDEWB9/ztDILU8umVdx3Pg+95/7H7/dGb27hmgGPdKhcL7LdHc0R/l1AVSI+ktkyVW4WuFgDtdxvfXaG9ueYIumHVETgGyezwMjhWr4jXanmdHti2ckoAQKCAQEA8KUNYVMxCFvHFqlu39tS8uhUuW/QlmZJntalbqJSDFMcfjVYIxWH/t0lmoNcql4gp+PizG9yPZEr1/hM6xfVBONdZRZkLYfgfpL4eIxeR3yKog/THyYY8ePpl9kMO985dV/iPGGttXPAy4KLF4/PAgR+yXTbQS6IGZK+m0ND4OfkNb1jL6FhyiyQQMoOzqaiixziVCctD28IFAj8X9/G1Lei/LkrZsTh2nUxrPQijuwoYjhd/mZkRiUXGRrqydniRRU0u5SEgTciriwaNp1KEMCJH2+tqddEU1OCd6I9fzs7d0M+6I3WVypZXq1o/zLQszuUSjTeHvDO+HPMwQC6QQKCAQEAwDghREsLkh9hvCi42DXE8aKClXwfEErk26ptGM0IKp4Vs/PyV8JUvb4sfYRz0XEz5gY5cFkwGJ8na9Jn6WlZhkJFPgjDrP1eUOM1XNvWcFaCFisjneV65wue2QgZuLFKGdSM2l08V2vkAYupe/ndWqbfuOiHX9uFtlwmTrq0csmr5Nj88xFsBCee3RZQn1mBWAXnZTGjvQqMuSMBr9Erqq6YVtsueQVOWS82dZPKO7YySaFWniN3ENe6YGEehlXsfwC21fAr6q0m383ZoaB5aIOhhZZSZIAy5tslXTSygkioyMt9t8fkYOq1FbKInpCb7Qg1qbvf8L78wKVjKXZeGQKCAQEAgJq0m96pxZ3GuAW0i03a9pXTMYbgIoBnt8tefdGhp5SDFa/MenN3Sm1FO14Yl7PWH+NZwYeNtflvROwdr0X9Qa+AqhVdVDfZcct5nnLlr66PKCzs1yi1DBCRNeV49EZHnsKvVTWeb+p8jkYlr2Hbb2iXmXIp+puzgHc8Bh3cmMVU4KNl7n6AlFtcfEN/xlCnbVDyY6bMHgNofcyPk200BVpecFFFMJbnXKhk89lE3ry2mEcndF2kGRiZT4FjGJyon+LFW7nzVlrw3cQT/jvw6SL8JSC53pp8mUt33heGZghxrzrw07d5ZPvs5vwlsLynbCHbDg1S55YqBf1c34hUAQKCAQAYvKB7W3UHvwYi4tK28GSB/Dn15t1QiXLeWhZkJK6yXVnJqNE9PgMN0BWFqbAF+h2FsrNdo/yujnzSQWeiAC7HOmwSyan07z5eBn9tjdUQ6/EdzTtuLIQei75Li+FThW1V2aauy2Tikz3qfQC4tbUo32TXNQWG7odMqps7coeaZh26+7nBxjIybq7hIOgLOceNfmUC/tplj6AAi2LCL5cBBisQsnBOnsIwdAT8KKLUAGSEWUD+ZO4Dut9/W8BD5Xbj+UGOUrQ0JUhlcOZbCH3XV2lH+cpsqJrkXrt2PTvjzFn8TUPGjPD1D/9x5WHzlgSbAn11dHojT1DTsfUK9vKxAoIBAEraanpXIJqzjt5wj8z8/OjbXFXOdH3njKe2ntwPCrzU9qN4yv2/a9GEqhnBHZp4s1kznM5hCoEG3TROOKmgp4iDyq/hFKx61wZQAOdHOjCuxvOr+TXSUYJ5lW41BkjZUhm+gWO5WK1nsstaGbOUBQkbOF41zAzUvyt3klaXRaoSJL2XmcVm0VHkpO9IDFIgJNXQpEWV+uiQcghp1K1KPm9sII18g0i0KeI8LllbcmrSvC5kZcv2r9XIKz7h6qvSWYS3wzBKZxeZgCMlMAbg5RNTn72qFvPtXdJBymRvRebxuwrsMhkwvtyxk8T8ym/fKHSJuHaLt46c+r4QjO4alY0`, `MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0Fi/9aWs4cezbKPZv8D2gXCvD/B/8tqCq3i+9gFcMGj9etBBXtxd0k4TIIbC+y3bbI5bo3AM0RPLsqeGEBnb0V+tfJ211xJaVqOMnUfKrRXjzUiENcO/qGfueh1pMV9KJ+ZUcbm+FQrTRnDShfZlcUZwyGxy6pCxGfQTHMdCSAA5XDj3gmRQxSJvYfZK7hIE9dmNG/yi+rw6Qoh+jGTROiuihY4Bi/w+KczWX74Y6N7vPEH5DTfxuNQxYzMsYBF3Pq+nNpwhB1Ntq7YPpFco8T4zzmh0RHIAGILxBjhcPvtnbSPF4BQATtquj/l2K30CelLCO5h9kPB+r73+di0Nk/d0TBat1PSTVfdZntreb8HhzZ2aSTtXTuNMk4zx0UeoTXKYDsSY9wJY1r5+Sy8XbBYUQJnDgut/ZmKEByV3fkqlJkKvyP/6RKKWAtq6uwZQcbQsEIhSn+V8rP4j20NkASL+KvETsIjr+sb/j8udiynshWML8lrcNVeeMxaYTpzpgUsX8FX58pE3u366zy2PMvYw94baeaxVwSjhXXQr1yDq6NEsqlx0FnWU5DCQWgO3WzRwu0cp0juxLuyPssEuPBz9yBMRKOnc2Own1+vO6q4h56dCR0QI1RuEobIXB/O89fA4dhAjYeBD4bjk3EkNYME1RQDQ+oZxDTbPx2PZ3XQIDAQABAoICAH1MCqvIUx98tI1vnLcZcedG+fRsUV0lO/hmitTQnMAA6yJbKhu9egZUNUiBmFXHfrTNuEvf+CK/7j0XnZ6cWNt86HjWF+SemR8b2KAc9jiQJ60z8WdGssYwuc784ajIWeZBzqtvcwxG80P76OqLVs7SwVhjYMPDQkLw7Qgi8rkCbPfJIuhH2bLIkBY6mIL7mGhJHJ3jHlg9uGaNRnHWMXyMTXssncFDMW7k5d8Gel+7M2LIWPE/K2kKY8LNCml1cEfzlsLNeoNDND7bbrIXxRPdTXaYPa0QJUseL5103TrJUQ6vW8JjyD/vEtERQ8hBuNYdIhLqreCxrF+WTTYyFPrc6UPXE55XTSr78cTZNe5w/u1eYwz/n24J6o6CLjp9XwY+Xb5dmm60TpjqDZl5NmQPvpIgH53l0wxLWg5C2QvKPRo1gBv/LHun2bflZG9eZ+mktYNkfcu4OsZZ86ry7/3tx2UUZaesmVZ8mDhAY2593DfJVQvGEJuOmzLfg4gRTRCAneAjORewLYGh2bRUW0CFrU284cxdFNZkdh3SO0ekpC95EgF2FeKFMI9nxcL+DtR9wTGFmzth9rzPXacGCoEI6a3eZvCXbBqOG0FrRM9KmuabVADiPUm4iFLTKDw6iPPiFZyIu+hpo+f4Seb80VgYLhDhjACmUuBqzzZtxVFJAoIBAQDBJso4sc2ZwWXQrnYnEhvKpaCw3y02/CX3v81j5v/JBO728MZ3KRZaHDzz2ZaTIY2GRRWl/wt6kdWegMlIwK+HHOBQGJXe4qwz+OkqMacN4vkc8cJbhohc9VA/UGJ+1jt2XQTD8oBUGk+5Lyh0YEeS9V2xequz19rXrNToi5vlbrVJL4um7h1wccJy50+07gGCE1AGUSQ4aaV9oTWXiUcsTvC6AYtltUKwsE3pJAilTAfuW4QD65aXux6Z7+bRjDmZAUJvYnDA8F2fPrYt7Ly3abX2cAO+2zGe7jHLURnge1r9ITZA+s2eV01FkJBDE+HsLoaTX39TwIDHn5mq8sdLAoIBAQDurx3IOoOoIS+lFvYoydlxfDFUJzEoQ5mDRSv4ql+Bgmld1jl9txBBC1oo+sA71NvuPZ8Ki9O3TLwcrJdVca9EzEP1dGryYaQ7genkkDoGC9eM31QFoWyYCBXKHychYseHeMBFFmdvk9Zn8uBjTN67i0HMMoPebzeHI/6ZgVLjk3KjXzZ/YJ93vcGlGAWzOXU3X/uISQGFBpyb2wSqRWholcOtPAhE9ToH/G4MdTsqjCJFyaSUPcmrOu337KbpcIxO0kZmRhwAfXtMS/njj88T35v0CUYvLWGPwFOBCofTH5+Od/RUfYY7g1X0lNk11cY6NF32XKgdhaqTMk55Bcr3AoIBADeCAEd+wYlYTPxFxuq/h4EbTCzIVmQg3oBufIYjUorgghQxabfA9Q18Y//oHh+2Wselfu0veIsG8g8VD8N6rHb103jxN9DP75EYDVn03v9cpR6uU56d8P5V+XPYlBXDV19SqBXv0PVagmLDrKqVKLyRCxYAHOwYMmoc3yrdRDYRNMQNh+K3N3qjFrCSzRM/+ur4xdyq4O/dXJPYCmC8MNoI7aFm5Dqcdsf0Qs+nbVyjlvvnDO9bevGr8sVmbjz2QW85L3B3J9Qqv50OFqjoCevj00k5M7pbn8z+wwydCAS9Lo7kRoUyDnlcuXYub2b3hcusKzybCyp0fg3gTfcUwjUCggEBALRNnt7ZrQj+AMLiZJONX3BGE/FxJcY3wqiSQVQ4R6tKu5PCN23LM0EfdT1NppfMBVOkQxcxZ36pPdUfX7aRCYicEZ5DEmME9Y5qZihd9ycIHQ1yy0LxnVn/iY5FGEc1GmsxAXVvJjX4ZNfjdjQtJnhgCxVY95q5QyYYP8TwF5CImunlDAMPF4fZ1YWEbxHjjrOFEzrxg29c/kMSISULB4Mx1z5vAgQth2fu/ab1i/tpHp6/Y08Emep6urc1kyT2+1azq7Cot5B7Of/5yMxpn1Fw8ptXwifzTSbNb4ckUFRhKCP0Y6LLq/IbFXyMUMVFNthTJMPtXKXoimFleDgd8yMCggEBAKc+Ro5kkEE7vIEOTkMZ88/X9eTRV7qk5FVEpllyGBDOYkrPP25UaS0I1CbXtqWMTqBz40tXcdAN69sHru6MlF5zioEcl51QYJUcrY9/4M5Rv/xIA5dWeuJ42Ly1A89U+Zzx+lTjuwgQR+R6Y8AyjHhkYF76JSEoFkCb28+uIsERHhCay7pevOLZYLbeHdANCtXceId80Yvh36+9/qzKoV4eTE6O8LWj1cDudc+vGAb97DCCeGi5vbh3XBf1Xzp88MnsnGFzC6azCrjr9TLW3/p66OESSmm1y1qnMwcq/h/9Bh9SjhFTab9ftOS9bO3pcvTygheHAywO212BOZ+I8h0`, @@ -282,6 +304,7 @@ func (suite *OcspSourceTestSuite) deserializeKey(index int) crypto.Signer { ) assert.Less(suite.T(), index, len(pkcs8Keys)) + keyBytes, err := base64.RawStdEncoding.DecodeString(pkcs8Keys[index]) if err != nil { suite.FailNow("could not decode private key DER bytes: %v", err) @@ -309,10 +332,12 @@ func (suite *OcspSourceTestSuite) signCertificate( if err != nil { suite.FailNow("could not sign test root certificate %v", err) } + certificate, err := x509.ParseCertificate(rootBytes) if err != nil { suite.FailNow("could not parse generated root certificate: %v", err) } + return certificate } @@ -339,12 +364,14 @@ func (suite *OcspSourceTestSuite) TestCertificateInIndexTxt() { ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, OCSPServer: suite.IntermediateCertificate.OCSPServer, } + cert := suite.signCertificate( template, suite.IntermediateCertificate, key.Public(), suite.IntermediateKey, ) + suite.IntermediateIssuer.UpdateCert(&CertificateUpdate{ Serial: serial, Status: ocsp.Good, @@ -352,17 +379,22 @@ func (suite *OcspSourceTestSuite) TestCertificateInIndexTxt() { }) ocspClient := http.DefaultClient + request, err := ocsp.CreateRequest(cert, suite.IntermediateCertificate, nil) if err != nil { suite.FailNow("could not create OCSP request: %v", err) } - response, err := ocspClient.Post(suite.IntermediateCertificate.OCSPServer[0], "application/ocsp-request", bytes.NewReader(request)) + + response, err := ocspClient.Post( + suite.IntermediateCertificate.OCSPServer[0], + "application/ocsp-request", + bytes.NewReader(request), + ) if err != nil { suite.FailNow("could not retrieve response: %v", err) } - defer func(Body io.ReadCloser) { - _ = Body.Close() - }(response.Body) + + defer response.Body.Close() assert.Equal(suite.T(), 200, response.StatusCode) @@ -370,13 +402,16 @@ func (suite *OcspSourceTestSuite) TestCertificateInIndexTxt() { if err != nil { suite.FailNow("could not read data from OCSP response: %v", err) } + tempFile, _ := ioutil.TempFile("", "ocspresponse-*.der") - io.Copy(tempFile, bytes.NewReader(responseData)) + + _, _ = io.Copy(tempFile, bytes.NewReader(responseData)) data, err := ocsp.ParseResponse(responseData, suite.IntermediateCertificate) if err != nil { suite.FailNow("could not parse OCSP response: %v", err) } + assert.Equal(suite.T(), serial, data.SerialNumber) assert.Equal(suite.T(), ocsp.Good, data.Status) } @@ -391,6 +426,6 @@ const ( idxRootOcspKey idxIntermediaryOcspKey idxEndpointKey1 - idxEndpointKey2 - idxEndpointKey3 + // idxEndpointKey2 + // idxEndpointKey3 )