cacert-gosigner/pkg/x509/openssl/repository_test.go

95 lines
2.3 KiB
Go
Raw Normal View History

package openssl_test
import (
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"math/big"
"os"
"path"
"strings"
"testing"
"time"
"git.cacert.org/cacert-gosigner/pkg/x509/openssl"
"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestStoreRevocation(t *testing.T) {
tempdir := t.TempDir()
fr, err := openssl.NewFileRepository(tempdir)
require.NoError(t, err)
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
t.Errorf("could not create random serial: %v", err)
}
notAfter := time.Now().UTC().Add(24 * time.Hour).UTC()
err = fr.StoreRevocation(&pkix.RevokedCertificate{
SerialNumber: serial,
RevocationTime: notAfter,
Extensions: []pkix.Extension{revoking.CRLReasonKeyCompromise.BuildExtension()},
})
assert.ErrorIs(t, err, openssl.CannotRevokeUnknown{Serial: serial})
err = os.WriteFile(path.Join(tempdir, "index.txt"), []byte(
strings.Join(
[]string{
"V",
notAfter.Format(openssl.TimeSpec),
"",
strings.ToUpper(serial.Text(16)),
"unknown",
pkix.Name{CommonName: "test.example.org"}.String(),
},
"\t",
)+"\n",
), 0o600)
assert.NoError(t, err)
err = fr.StoreRevocation(&pkix.RevokedCertificate{
SerialNumber: serial,
RevocationTime: time.Now(),
Extensions: []pkix.Extension{revoking.CRLReasonKeyCompromise.BuildExtension()},
})
assert.NoError(t, err)
assert.FileExists(t, path.Join(tempdir, "index.txt"))
}
func TestStoreCertificate(t *testing.T) {
tempdir := t.TempDir()
fr, err := openssl.NewFileRepository(tempdir)
require.NoError(t, err)
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
t.Errorf("could not create random serial: %v", err)
}
err = fr.StoreCertificate(&x509.Certificate{
SerialNumber: serial,
Issuer: pkix.Name{
CommonName: "Test CA",
},
Subject: pkix.Name{
CommonName: "test.example.org",
},
NotBefore: time.Now().Add(-1 * time.Hour).UTC(),
NotAfter: time.Now().Add(24 * time.Hour).UTC(),
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
DNSNames: []string{"test.example.org"},
})
assert.NoError(t, err)
assert.FileExists(t, path.Join(tempdir, "index.txt"))
}