cacert-gosignerclient/internal/legacydb/legacydb_test.go

/*
Copyright CAcert Inc.
SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package legacydb

import (
	"crypto/x509"
	"crypto/x509/pkix"
	"testing"

	"github.com/stretchr/testify/assert"
)

func Test_extractSubjectParts(t *testing.T) {
	tests := []struct {
		name    string
		subject string
		want    *x509.Certificate
		wantErr bool
	}{
		{
			"personal user subject",
			"/CN=John Doe/emailAddress=john.doe@example.org",
			&x509.Certificate{
				Subject:        pkix.Name{CommonName: "John Doe"},
				EmailAddresses: []string{"john.doe@example.org"},
			},
			false,
		},
		{
			"subject with supported and unsupported alt names",
			"/CN=a.example.com/subjectAltName=DNS:a.example.com/" +
				"subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:a.example.com",
			&x509.Certificate{
				Subject:  pkix.Name{CommonName: "a.example.com"},
				DNSNames: []string{"a.example.com"},
			},
			false,
		},
		{
			"subject with ISO-8859-1 special characters",
			"/CN=D\xf6ner Kebap/emailAddress=doener@example.org",
			&x509.Certificate{
				Subject:        pkix.Name{CommonName: "Döner Kebap"},
				EmailAddresses: []string{"doener@example.org"},
			},
			false,
		},
		{
			"subject with Windows1252 special characters",
			"/CN=J\xe1no\x9a Test\x9c/emailAddress=janos.testoe@example.org",
			&x509.Certificate{
				Subject:        pkix.Name{CommonName: "Jánoš Testœ"},
				EmailAddresses: []string{"janos.testoe@example.org"},
			},
			false,
		},
		{
			"WoT User subject",
			"/CN=CAcert WoT User/emailAddress=test@example.org",
			&x509.Certificate{
				Subject:        pkix.Name{CommonName: "CAcert WoT User"},
				EmailAddresses: []string{"test@example.org"},
			},
			false,
		},
		{
			"Keep address order",
			"/CN=CAcert WoT User/emailAddress=wot.user@example.com/emailAddress=wu@example.com",
			&x509.Certificate{
				Subject:        pkix.Name{CommonName: "CAcert WoT User"},
				EmailAddresses: []string{"wot.user@example.com", "wu@example.com"},
			},
			false,
		},
		{
			"Keep DNS name order",
			"/CN=Test User/subjectAltName=DNS:www.example.com/subjectAltName=DNS:example.com",
			&x509.Certificate{
				Subject:  pkix.Name{CommonName: "Test User"},
				DNSNames: []string{"www.example.com", "example.com"},
			},
			false,
		},
		{
			"Organization user without OU",
			"/CN=Test User/emailAddress=test@example.org/organizationName=Acme Inc./" +
				"localityName=Example town/stateOrProvinceName=BW/countryName=DE",
			&x509.Certificate{
				Subject: pkix.Name{
					CommonName:   "Test User",
					Organization: []string{"Acme Inc."},
					Locality:     []string{"Example town"},
					Province:     []string{"BW"},
					Country:      []string{"DE"},
				},
				EmailAddresses: []string{"test@example.org"},
			},
			false,
		},
		{
			"Organization user with OU",
			"/CN=Test User/emailAddress=test@example.org/organizationalUnitName=IT/" +
				"organizationName=Acme Inc./localityName=Example town/countryName=DE",
			&x509.Certificate{
				Subject: pkix.Name{
					CommonName:         "Test User",
					Organization:       []string{"Acme Inc."},
					OrganizationalUnit: []string{"IT"},
					Locality:           []string{"Example town"},
					Country:            []string{"DE"},
				},
				EmailAddresses: []string{"test@example.org"},
			},
			false,
		},
		{
			"Organization domain without OU",
			"/organizationName=Acme Inc./localityName=Example Town/stateOrProvinceName=BW/countryName=DE/" +
				"commonName=www.example.org",
			&x509.Certificate{
				Subject: pkix.Name{CommonName: "www.example.org",
					Organization: []string{"Acme Inc."},
					Locality:     []string{"Example Town"},
					Province:     []string{"BW"},
					Country:      []string{"DE"},
				},
				DNSNames: []string{"www.example.org"},
			},
			false,
		},
		{
			"Organization domain with OU",
			"/organizationalUnitName=IT/organizationName=Acme Inc./localityName=Example Town/" +
				"stateOrProvinceName=BW/countryName=DE/commonName=example.org",
			&x509.Certificate{
				Subject: pkix.Name{CommonName: "example.org",
					Organization:       []string{"Acme Inc."},
					OrganizationalUnit: []string{"IT"},
					Locality:           []string{"Example Town"},
					Province:           []string{"BW"},
					Country:            []string{"DE"},
				},
				DNSNames: []string{"example.org"},
			},
			false,
		},
		{
			"Empty subject",
			"",
			nil,
			true,
		},
		{
			"No = in part",
			"/CNexample",
			nil,
			true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got, err := extractSubjectParts(tt.subject)
			if (err != nil) != tt.wantErr {
				t.Errorf("extractSubjectParts() error = %v, wantErr %v", err, tt.wantErr)

				return
			}
			assert.Equal(t, tt.want, got, "extractSubjectParts() got = %v, want %v", got, tt.want)
		})
	}
}