|
|
|
@ -28,12 +28,24 @@ import (
|
|
|
|
|
"math/big"
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"git.cacert.org/cacert-gosigner/pkg/x509/helper"
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
|
|
"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func randomSerial(t *testing.T) *big.Int {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
serial, err := helper.GenerateRandomSerial()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return serial
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type testRepo struct {
|
|
|
|
|
crlNumber *big.Int
|
|
|
|
|
revoked []pkix.RevokedCertificate
|
|
|
|
@ -107,17 +119,6 @@ func (b brokenRepoNoRevocations) NextCRLNumber() (*big.Int, error) {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func randomSerial(t *testing.T) *big.Int {
|
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("could not generate random serial number: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return serial
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestX509Revoking_Revoke(t *testing.T) {
|
|
|
|
|
testRepository := testRepo{revoked: make([]pkix.RevokedCertificate, 0), crlNumber: big.NewInt(0)}
|
|
|
|
|
|
|
|
|
@ -125,10 +126,7 @@ func TestX509Revoking_Revoke(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
r := revoking.NewX509Revoking(&testRepository, x509.ECDSAWithSHA256, caCertificate, caKey)
|
|
|
|
|
|
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Errorf("could not create random serial: %v", err)
|
|
|
|
|
}
|
|
|
|
|
serial := randomSerial(t)
|
|
|
|
|
|
|
|
|
|
revoke, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
assert.NoError(t, err)
|
|
|
|
@ -152,10 +150,7 @@ func TestX509Revoking_Revoke_BrokenRepo(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
r := revoking.NewX509Revoking(&brokenRepo{}, x509.SHA256WithRSA, caCertificate, caKey)
|
|
|
|
|
|
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Errorf("could not create random serial: %v", err)
|
|
|
|
|
}
|
|
|
|
|
serial := randomSerial(t)
|
|
|
|
|
|
|
|
|
|
revoke, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
|
|
|
|
@ -174,12 +169,9 @@ func TestX509Revoking_CreateCRL(t *testing.T) {
|
|
|
|
|
key,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Errorf("could not create random serial: %v", err)
|
|
|
|
|
}
|
|
|
|
|
serial := randomSerial(t)
|
|
|
|
|
|
|
|
|
|
_, err = r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
crl, err := r.CreateCRL()
|
|
|
|
@ -212,12 +204,9 @@ func TestX509Revoking_CreateCRL_BrokenRepoNoRevocations(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
r := revoking.NewX509Revoking(&brokenRepoNoRevocations{}, x509.SHA256WithRSA, caCertificate, caKey)
|
|
|
|
|
|
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Errorf("could not create random serial: %v", err)
|
|
|
|
|
}
|
|
|
|
|
serial := randomSerial(t)
|
|
|
|
|
|
|
|
|
|
_, err = r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
crl, err := r.CreateCRL()
|
|
|
|
@ -232,12 +221,9 @@ func TestX509Revoking_CreateCRL_BrokenRepoNoCRLNumber(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
r := revoking.NewX509Revoking(&brokenRepoNoCrlNumber{}, x509.SHA256WithRSA, caCertificate, caKey)
|
|
|
|
|
|
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Errorf("could not create random serial: %v", err)
|
|
|
|
|
}
|
|
|
|
|
serial := randomSerial(t)
|
|
|
|
|
|
|
|
|
|
_, err = r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
crl, err := r.CreateCRL()
|
|
|
|
@ -257,12 +243,9 @@ func TestX509Revoking_CreateCRL_WrongAlgorithm(t *testing.T) {
|
|
|
|
|
key,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Errorf("could not create random serial: %v", err)
|
|
|
|
|
}
|
|
|
|
|
serial := randomSerial(t)
|
|
|
|
|
|
|
|
|
|
_, err = r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
crl, err := r.CreateCRL()
|
|
|
|
|