112 lines
2.9 KiB
Go
112 lines
2.9 KiB
Go
/*
|
|
Copyright 2021-2022 CAcert Inc.
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package openssl_test
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"math/big"
|
|
"os"
|
|
"path"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"git.cacert.org/cacert-gosigner/pkg/x509/openssl"
|
|
"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
|
|
)
|
|
|
|
func TestStoreRevocation(t *testing.T) {
|
|
tempdir := t.TempDir()
|
|
|
|
fr, err := openssl.NewFileRepository(tempdir)
|
|
require.NoError(t, err)
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
if err != nil {
|
|
t.Errorf("could not create random serial: %v", err)
|
|
}
|
|
|
|
notAfter := time.Now().UTC().Add(24 * time.Hour).UTC()
|
|
|
|
err = fr.StoreRevocation(&pkix.RevokedCertificate{
|
|
SerialNumber: serial,
|
|
RevocationTime: notAfter,
|
|
Extensions: []pkix.Extension{revoking.CRLReasonKeyCompromise.BuildExtension()},
|
|
})
|
|
|
|
assert.ErrorIs(t, err, openssl.CannotRevokeUnknown{Serial: serial})
|
|
|
|
err = os.WriteFile(path.Join(tempdir, "index.txt"), []byte(
|
|
strings.Join(
|
|
[]string{
|
|
"V",
|
|
notAfter.Format(openssl.TimeSpec),
|
|
"",
|
|
strings.ToUpper(serial.Text(16)),
|
|
"unknown",
|
|
pkix.Name{CommonName: "test.example.org"}.String(),
|
|
},
|
|
"\t",
|
|
)+"\n",
|
|
), 0o600)
|
|
assert.NoError(t, err)
|
|
|
|
err = fr.StoreRevocation(&pkix.RevokedCertificate{
|
|
SerialNumber: serial,
|
|
RevocationTime: time.Now(),
|
|
Extensions: []pkix.Extension{revoking.CRLReasonKeyCompromise.BuildExtension()},
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
assert.FileExists(t, path.Join(tempdir, "index.txt"))
|
|
}
|
|
|
|
func TestStoreCertificate(t *testing.T) {
|
|
tempdir := t.TempDir()
|
|
|
|
fr, err := openssl.NewFileRepository(tempdir)
|
|
require.NoError(t, err)
|
|
|
|
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
|
if err != nil {
|
|
t.Errorf("could not create random serial: %v", err)
|
|
}
|
|
|
|
err = fr.StoreCertificate(&x509.Certificate{
|
|
SerialNumber: serial,
|
|
Issuer: pkix.Name{
|
|
CommonName: "Test CA",
|
|
},
|
|
Subject: pkix.Name{
|
|
CommonName: "test.example.org",
|
|
},
|
|
NotBefore: time.Now().Add(-1 * time.Hour).UTC(),
|
|
NotAfter: time.Now().Add(24 * time.Hour).UTC(),
|
|
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement,
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
DNSNames: []string{"test.example.org"},
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
assert.FileExists(t, path.Join(tempdir, "index.txt"))
|
|
}
|