Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
cloudflare
/
cfssl
zrkadlo https://github.com/cloudflare/cfssl
Pridať medzi pozorované 1
Hviezda 0
Fork 0
Súbory Issues
Branch: master
Branche Tagy
cfssl
/
cli
/
revoke
/
revoke_test.go

revoke_test.go 3.1 KB
Permanentný odkaz História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 
  1. package revoke
    2. 

  2. 

  3. import (
    4. 

  4. 	"testing"
    5. 

  5. 	"time"
    6. 

  6. 

  7. 	"github.com/cloudflare/cfssl/certdb"
    8. 

  8. 	"github.com/cloudflare/cfssl/certdb/sql"
    9. 

  9. 	"github.com/cloudflare/cfssl/certdb/testdb"
    10. 

  10. 	"github.com/cloudflare/cfssl/cli"
    11. 

  11. 	"golang.org/x/crypto/ocsp"
    12. 

  12. )
    13. 

  13. 

  14. var dbAccessor certdb.Accessor
    15. 

  15. 

  16. const (
    17. 

  17. 	fakeAKI = "fake aki"
    18. 

  18. )
    19. 

  19. 

  20. func prepDB() (err error) {
    21. 

  21. 	db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
    22. 

  22. 	expirationTime := time.Now().AddDate(1, 0, 0)
    23. 

  23. 	var cert = certdb.CertificateRecord{
    24. 

  24. 		Serial: "1",
    25. 

  25. 		AKI:    fakeAKI,
    26. 

  26. 		Expiry: expirationTime,
    27. 

  27. 		PEM:    "unexpired cert",
    28. 

  28. 	}
    29. 

  29. 

  30. 	dbAccessor = sql.NewAccessor(db)
    31. 

  31. 	err = dbAccessor.InsertCertificate(cert)
    32. 

  32. 	if err != nil {
    33. 

  33. 		return err
    34. 

  34. 	}
    35. 

  35. 

  36. 	return
    37. 

  37. }
    38. 

  38. 

  39. func TestRevokeMain(t *testing.T) {
    40. 

  40. 	err := prepDB()
    41. 

  41. 	if err != nil {
    42. 

  42. 		t.Fatal(err)
    43. 

  43. 	}
    44. 

  44. 

  45. 	err = revokeMain([]string{}, cli.Config{Serial: "1", AKI: fakeAKI, DBConfigFile: "../testdata/db-config.json"})
    46. 

  46. 	if err != nil {
    47. 

  47. 		t.Fatal(err)
    48. 

  48. 	}
    49. 

  49. 

  50. 	crs, err := dbAccessor.GetCertificate("1", fakeAKI)
    51. 

  51. 	if err != nil {
    52. 

  52. 		t.Fatal("Failed to get certificate")
    53. 

  53. 	}
    54. 

  54. 

  55. 	if len(crs) != 1 {
    56. 

  56. 		t.Fatal("Failed to get exactly one certificate")
    57. 

  57. 	}
    58. 

  58. 

  59. 	cr := crs[0]
    60. 

  60. 	if cr.Status != "revoked" {
    61. 

  61. 		t.Fatal("Certificate not marked revoked after we revoked it")
    62. 

  62. 	}
    63. 

  63. 

  64. 	err = revokeMain([]string{}, cli.Config{Serial: "1", AKI: fakeAKI, Reason: "2", DBConfigFile: "../testdata/db-config.json"})
    65. 

  65. 	if err != nil {
    66. 

  66. 		t.Fatal(err)
    67. 

  67. 	}
    68. 

  68. 

  69. 	crs, err = dbAccessor.GetCertificate("1", fakeAKI)
    70. 

  70. 	if err != nil {
    71. 

  71. 		t.Fatal("Failed to get certificate")
    72. 

  72. 	}
    73. 

  73. 	if len(crs) != 1 {
    74. 

  74. 		t.Fatal("Failed to get exactly one certificate")
    75. 

  75. 	}
    76. 

  76. 

  77. 	cr = crs[0]
    78. 

  78. 	if cr.Reason != 2 {
    79. 

  79. 		t.Fatal("Certificate revocation reason incorrect")
    80. 

  80. 	}
    81. 

  81. 

  82. 	err = revokeMain([]string{}, cli.Config{Serial: "1", AKI: fakeAKI, Reason: "Superseded", DBConfigFile: "../testdata/db-config.json"})
    83. 

  83. 	if err != nil {
    84. 

  84. 		t.Fatal(err)
    85. 

  85. 	}
    86. 

  86. 

  87. 	crs, err = dbAccessor.GetCertificate("1", fakeAKI)
    88. 

  88. 	if err != nil {
    89. 

  89. 		t.Fatal("Failed to get certificate")
    90. 

  90. 	}
    91. 

  91. 	if len(crs) != 1 {
    92. 

  92. 		t.Fatal("Failed to get exactly one certificate")
    93. 

  93. 	}
    94. 

  94. 

  95. 	cr = crs[0]
    96. 

  96. 	if cr.Reason != ocsp.Superseded {
    97. 

  97. 		t.Fatal("Certificate revocation reason incorrect")
    98. 

  98. 	}
    99. 

  99. 

  100. 	err = revokeMain([]string{}, cli.Config{Serial: "1", AKI: fakeAKI, Reason: "invalid_reason", DBConfigFile: "../testdata/db-config.json"})
    101. 

  101. 	if err == nil {
    102. 

  102. 		t.Fatal("Expected error from invalid reason")
    103. 

  103. 	}
    104. 

  104. 

  105. 	err = revokeMain([]string{}, cli.Config{Serial: "1", AKI: fakeAKI, Reason: "999", DBConfigFile: "../testdata/db-config.json"})
    106. 

  106. 	if err == nil {
    107. 

  107. 		t.Fatal("Expected error from invalid reason")
    108. 

  108. 	}
    109. 

  109. 

  110. 	err = revokeMain([]string{}, cli.Config{Serial: "2", AKI: fakeAKI, DBConfigFile: "../testdata/db-config.json"})
    111. 

  111. 	if err == nil {
    112. 

  112. 		t.Fatal("Expected error from unrecognized serial number")
    113. 

  113. 	}
    114. 

  114. 

  115. 	err = revokeMain([]string{}, cli.Config{AKI: fakeAKI, DBConfigFile: "../testdata/db-config.json"})
    116. 

  116. 	if err == nil {
    117. 

  117. 		t.Fatal("Expected error from missing serial number")
    118. 

  118. 	}
    119. 

  119. 

  120. 	err = revokeMain([]string{}, cli.Config{Serial: "1", AKI: fakeAKI})
    121. 

  121. 	if err == nil {
    122. 

  122. 		t.Fatal("Expected error from missing db config")
    123. 

  123. 	}
    124. 

  124. 

  125. 	err = revokeMain([]string{}, cli.Config{Serial: "1", DBConfigFile: "../testdata/db-config.json"})
    126. 

  126. 	if err == nil {
    127. 

  127. 		t.Fatal("Expected error from missing aki")
    128. 

  128. 	}
    129. 

  129. }
    130. 

  130.