cacert-gosigner/pkg/x509/revoking/revoking_test.go

package revoking

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"math/big"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
)

type testRepo struct {
	revoked []big.Int
}

func (t *testRepo) RevokedCertificates() ([]pkix.RevokedCertificate, error) {
	result := make([]pkix.RevokedCertificate, len(t.revoked))

	for i, s := range t.revoked {
		result[i] = pkix.RevokedCertificate{
			SerialNumber:   &s,
			RevocationTime: time.Now(),
		}
	}

	return result, nil
}

func (t *testRepo) StoreRevocation(revoked *pkix.RevokedCertificate) error {
	t.revoked = append(t.revoked, *revoked.SerialNumber)
	return nil
}

func randomSerial(t *testing.T) *big.Int {
	t.Helper()
	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
	if err != nil {
		t.Fatalf("could not generate random serial number: %v", err)
	}
	return serial
}

func TestRevoking(t *testing.T) {
	testRepository := testRepo{revoked: make([]big.Int, 0)}

	caKey, err := rsa.GenerateKey(rand.Reader, 3072)
	if err != nil {
		t.Fatalf("could not generate key pair: %v", err)
	}
	caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)}

	certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey)
	if err != nil {
		t.Fatalf("could not self-sign CA certificate: %v", err)
	}
	caCertificate, err := x509.ParseCertificate(certificateBytes)
	if err != nil {
		t.Fatalf("could not create test CA certificate: %v", err)
	}

	r := NewX509Revoking(&testRepository, x509.ECDSAWithSHA256, caCertificate, caKey)

	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
	if err != nil {
		t.Errorf("could not create random serial: %v", err)
	}

	revoke, err := r.Revoke(&RevokeCertificate{serialNumber: serial, reason: CRLReasonKeyCompromise})
	assert.NoError(t, err)

	assert.Equal(t, CRLReasonKeyCompromise.BuildExtension(), revoke.Extensions[0])
	assert.Equal(t, serial, revoke.SerialNumber)

	assert.Contains(t, testRepository.revoked, *serial)
}
First DDD based signer implementation parts 3 years ago			`package revoking`

			`import (`
Finish openssl repository implementation and tests 2 years ago			`"crypto/rand"`
Use standard library types for certificates and revocations 2 years ago			`"crypto/rsa"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
First DDD based signer implementation parts 3 years ago			`"math/big"`
			`"testing"`
Use standard library types for certificates and revocations 2 years ago			`"time"`
First DDD based signer implementation parts 3 years ago
			`"github.com/stretchr/testify/assert"`
			`)`

			`type testRepo struct {`
			`revoked []big.Int`
			`}`

Use standard library types for certificates and revocations 2 years ago			`func (t *testRepo) RevokedCertificates() ([]pkix.RevokedCertificate, error) {`
			`result := make([]pkix.RevokedCertificate, len(t.revoked))`

			`for i, s := range t.revoked {`
			`result[i] = pkix.RevokedCertificate{`
			`SerialNumber: &s,`
			`RevocationTime: time.Now(),`
			`}`
			`}`

			`return result, nil`
			`}`

			`func (t testRepo) StoreRevocation(revoked pkix.RevokedCertificate) error {`
			`t.revoked = append(t.revoked, *revoked.SerialNumber)`
First DDD based signer implementation parts 3 years ago			`return nil`
			`}`

Move x509 and openpgp into pkg small refactoring to unify package structure. Use crypto.rand for serial number generation in tests. 2 years ago			`func randomSerial(t testing.T) big.Int {`
			`t.Helper()`
			`serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))`
			`if err != nil {`
			`t.Fatalf("could not generate random serial number: %v", err)`
			`}`
			`return serial`
			`}`

First DDD based signer implementation parts 3 years ago			`func TestRevoking(t *testing.T) {`
			`testRepository := testRepo{revoked: make([]big.Int, 0)}`
Use standard library types for certificates and revocations 2 years ago
			`caKey, err := rsa.GenerateKey(rand.Reader, 3072)`
			`if err != nil {`
			`t.Fatalf("could not generate key pair: %v", err)`
			`}`
Move x509 and openpgp into pkg small refactoring to unify package structure. Use crypto.rand for serial number generation in tests. 2 years ago			`caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)}`
Use standard library types for certificates and revocations 2 years ago
			`certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey)`
			`if err != nil {`
			`t.Fatalf("could not self-sign CA certificate: %v", err)`
			`}`
			`caCertificate, err := x509.ParseCertificate(certificateBytes)`
			`if err != nil {`
			`t.Fatalf("could not create test CA certificate: %v", err)`
			`}`

			`r := NewX509Revoking(&testRepository, x509.ECDSAWithSHA256, caCertificate, caKey)`
First DDD based signer implementation parts 3 years ago
Finish openssl repository implementation and tests 2 years ago			`serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))`
			`if err != nil {`
			`t.Errorf("could not create random serial: %v", err)`
			`}`
First DDD based signer implementation parts 3 years ago
Use standard library types for certificates and revocations 2 years ago			`revoke, err := r.Revoke(&RevokeCertificate{serialNumber: serial, reason: CRLReasonKeyCompromise})`
First DDD based signer implementation parts 3 years ago			`assert.NoError(t, err)`

Use standard library types for certificates and revocations 2 years ago			`assert.Equal(t, CRLReasonKeyCompromise.BuildExtension(), revoke.Extensions[0])`
			`assert.Equal(t, serial, revoke.SerialNumber)`
First DDD based signer implementation parts 3 years ago
			`assert.Contains(t, testRepository.revoked, *serial)`
			`}`