ホーム エクスプローラ ヘルプ
サインイン
cloudflare
/
cfssl
同期ミラー https://github.com/cloudflare/cfssl
Watch 1
Star 0
Fork 0
ファイル 課題
ブランチ: nicky/goreleaser-action
ブランチ タグ
cfssl
/
cli
/
crl
/
crl_test.go

crl_test.go 2.1 KB
パーマリンク 履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. package crl
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto/x509"
    5. 

  5. 	"testing"
    6. 

  6. 	"time"
    7. 

  7. 

  8. 	"github.com/cloudflare/cfssl/certdb"
    9. 

  9. 	"github.com/cloudflare/cfssl/certdb/sql"
    10. 

  10. 	"github.com/cloudflare/cfssl/certdb/testdb"
    11. 

  11. 	"github.com/cloudflare/cfssl/cli"
    12. 

  12. 	"github.com/cloudflare/cfssl/helpers"
    13. 

  13. )
    14. 

  14. 

  15. var dbAccessor certdb.Accessor
    16. 

  16. 

  17. const (
    18. 

  18. 	fakeAKI       = "fake aki"
    19. 

  19. 	testCaFile    = "../testdata/ca.pem"
    20. 

  20. 	testCaKeyFile = "../testdata/ca-key.pem"
    21. 

  21. )
    22. 

  22. 

  23. func prepDB() (err error) {
    24. 

  24. 	db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
    25. 

  25. 	expirationTime := time.Now().AddDate(1, 0, 0)
    26. 

  26. 	var cert = certdb.CertificateRecord{
    27. 

  27. 		Serial:    "1",
    28. 

  28. 		AKI:       fakeAKI,
    29. 

  29. 		Expiry:    expirationTime,
    30. 

  30. 		PEM:       "revoked cert",
    31. 

  31. 		Status:    "revoked",
    32. 

  32. 		RevokedAt: time.Now(),
    33. 

  33. 		Reason:    4,
    34. 

  34. 	}
    35. 

  35. 

  36. 	dbAccessor = sql.NewAccessor(db)
    37. 

  37. 	err = dbAccessor.InsertCertificate(cert)
    38. 

  38. 	if err != nil {
    39. 

  39. 		return err
    40. 

  40. 	}
    41. 

  41. 

  42. 	return
    43. 

  43. }
    44. 

  44. 

  45. func verifyCRL(t *testing.T, crlBytesDER []byte, serial string, expireAfter time.Duration) {
    46. 

  46. 	parsedCrl, err := x509.ParseCRL(crlBytesDER)
    47. 

  47. 	if err != nil {
    48. 

  48. 		t.Fatal("failed to get certificate ", err)
    49. 

  49. 	}
    50. 

  50. 	if !parsedCrl.HasExpired(time.Now().Add(expireAfter)) {
    51. 

  51. 		t.Fatal("the CRL should have expired")
    52. 

  52. 	}
    53. 

  53. 	certs := parsedCrl.TBSCertList.RevokedCertificates
    54. 

  54. 	if len(certs) != 1 {
    55. 

  55. 		t.Fatal("failed to get one certificate")
    56. 

  56. 	}
    57. 

  57. 

  58. 	cert := certs[0]
    59. 

  59. 

  60. 	if cert.SerialNumber.String() != serial {
    61. 

  61. 		t.Fatal("cert was not correctly inserted in CRL, serial was " + cert.SerialNumber.String())
    62. 

  62. 	}
    63. 

  63. }
    64. 

  64. 

  65. func TestRevokeMain(t *testing.T) {
    66. 

  66. 	err := prepDB()
    67. 

  67. 	if err != nil {
    68. 

  68. 		t.Fatal(err)
    69. 

  69. 	}
    70. 

  70. 

  71. 	crlBytes, err := generateCRL(cli.Config{CAFile: testCaFile, CAKeyFile: testCaKeyFile, DBConfigFile: "../testdata/db-config.json"})
    72. 

  72. 	if err != nil {
    73. 

  73. 		t.Fatal(err)
    74. 

  74. 	}
    75. 

  75. 

  76. 	verifyCRL(t, crlBytes, "1", 7*helpers.OneDay+time.Second)
    77. 

  77. }
    78. 

  78. 

  79. func TestRevokeExpiry(t *testing.T) {
    80. 

  80. 	err := prepDB()
    81. 

  81. 	if err != nil {
    82. 

  82. 		t.Fatal(err)
    83. 

  83. 	}
    84. 

  84. 

  85. 	crlBytes, err := generateCRL(cli.Config{CAFile: testCaFile, CAKeyFile: testCaKeyFile, DBConfigFile: "../testdata/db-config.json", CRLExpiration: 23 * time.Hour})
    86. 

  86. 	if err != nil {
    87. 

  87. 		t.Fatal(err)
    88. 

  88. 	}
    89. 

  89. 

  90. 	verifyCRL(t, crlBytes, "1", 23*time.Hour+time.Second)
    91. 

  91. }
    92. 

  92.