151 lines
4.0 KiB
Go
151 lines
4.0 KiB
Go
|
package signer
|
||
|
|
||
|
import (
|
||
|
"bytes"
|
||
|
"crypto/x509"
|
||
|
"encoding/asn1"
|
||
|
"encoding/hex"
|
||
|
"fmt"
|
||
|
"reflect"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/cloudflare/cfssl/config"
|
||
|
"github.com/cloudflare/cfssl/csr"
|
||
|
)
|
||
|
|
||
|
func TestAppendIf(t *testing.T) {
|
||
|
s := ""
|
||
|
a := make([]string, 0, 5)
|
||
|
appendIf(s, &a)
|
||
|
if len(a) != 0 {
|
||
|
t.Fatal("appendIf should not append to a with an empty s")
|
||
|
}
|
||
|
s = "test"
|
||
|
appendIf(s, &a)
|
||
|
if len(a[0]) != 4 {
|
||
|
t.Fatal("appendIf should append s to a")
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestSplitHosts(t *testing.T) {
|
||
|
list := SplitHosts("")
|
||
|
if list != nil {
|
||
|
t.Fatal("SplitHost should return nil with empty input")
|
||
|
}
|
||
|
|
||
|
list = SplitHosts("single.domain")
|
||
|
if len(list) != 1 {
|
||
|
t.Fatal("SplitHost fails to split single domain")
|
||
|
}
|
||
|
|
||
|
list = SplitHosts("comma,separated,values")
|
||
|
if len(list) != 3 {
|
||
|
t.Fatal("SplitHost fails to split multiple domains")
|
||
|
}
|
||
|
if list[0] != "comma" || list[1] != "separated" || list[2] != "values" {
|
||
|
t.Fatal("SplitHost fails to split multiple domains")
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestAddPolicies(t *testing.T) {
|
||
|
var cert x509.Certificate
|
||
|
addPolicies(&cert, []config.CertificatePolicy{
|
||
|
{
|
||
|
ID: config.OID([]int{1, 2, 3, 4}),
|
||
|
},
|
||
|
})
|
||
|
|
||
|
if len(cert.ExtraExtensions) != 1 {
|
||
|
t.Fatal("No extension added")
|
||
|
}
|
||
|
ext := cert.ExtraExtensions[0]
|
||
|
if !reflect.DeepEqual(ext.Id, asn1.ObjectIdentifier{2, 5, 29, 32}) {
|
||
|
t.Fatal(fmt.Sprintf("Wrong OID for policy qualifier %v", ext.Id))
|
||
|
}
|
||
|
if ext.Critical {
|
||
|
t.Fatal("Policy qualifier marked critical")
|
||
|
}
|
||
|
expectedBytes, _ := hex.DecodeString("3007300506032a0304")
|
||
|
if !bytes.Equal(ext.Value, expectedBytes) {
|
||
|
t.Fatal(fmt.Sprintf("Value didn't match expected bytes: got %s, expected %s",
|
||
|
hex.EncodeToString(ext.Value), hex.EncodeToString(expectedBytes)))
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestAddPoliciesWithQualifiers(t *testing.T) {
|
||
|
var cert x509.Certificate
|
||
|
addPolicies(&cert, []config.CertificatePolicy{
|
||
|
{
|
||
|
ID: config.OID([]int{1, 2, 3, 4}),
|
||
|
Qualifiers: []config.CertificatePolicyQualifier{
|
||
|
{
|
||
|
Type: "id-qt-cps",
|
||
|
Value: "http://example.com/cps",
|
||
|
},
|
||
|
{
|
||
|
Type: "id-qt-unotice",
|
||
|
Value: "Do What Thou Wilt",
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
})
|
||
|
|
||
|
if len(cert.ExtraExtensions) != 1 {
|
||
|
t.Fatal("No extension added")
|
||
|
}
|
||
|
ext := cert.ExtraExtensions[0]
|
||
|
if !reflect.DeepEqual(ext.Id, asn1.ObjectIdentifier{2, 5, 29, 32}) {
|
||
|
t.Fatal(fmt.Sprintf("Wrong OID for policy qualifier %v", ext.Id))
|
||
|
}
|
||
|
if ext.Critical {
|
||
|
t.Fatal("Policy qualifier marked critical")
|
||
|
}
|
||
|
expectedBytes, _ := hex.DecodeString("304e304c06032a03043045302206082b060105050702011616687474703a2f2f6578616d706c652e636f6d2f637073301f06082b0601050507020230130c11446f20576861742054686f752057696c74")
|
||
|
if !bytes.Equal(ext.Value, expectedBytes) {
|
||
|
t.Fatal(fmt.Sprintf("Value didn't match expected bytes: %s vs %s",
|
||
|
hex.EncodeToString(ext.Value), hex.EncodeToString(expectedBytes)))
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestName(t *testing.T) {
|
||
|
sub := &Subject{
|
||
|
CN: "foobar",
|
||
|
Names: []csr.Name{
|
||
|
{
|
||
|
C: "US",
|
||
|
ST: "CA",
|
||
|
L: "Cool Locality",
|
||
|
O: "Cool Org",
|
||
|
OU: "Really Cool Sub Org",
|
||
|
},
|
||
|
{
|
||
|
L: "Another Cool Locality",
|
||
|
},
|
||
|
},
|
||
|
SerialNumber: "deadbeef",
|
||
|
}
|
||
|
name := sub.Name()
|
||
|
if name.CommonName != sub.CN {
|
||
|
t.Errorf("CommonName: want %#v, got %#v", sub.CN, name.CommonName)
|
||
|
}
|
||
|
if name.SerialNumber != sub.SerialNumber {
|
||
|
t.Errorf("SerialNumber: want %#v, got %#v", sub.SerialNumber, name.SerialNumber)
|
||
|
}
|
||
|
if !reflect.DeepEqual([]string{"US"}, name.Country) {
|
||
|
t.Errorf("Country: want %s, got %s", []string{"US"}, name.Country)
|
||
|
}
|
||
|
if !reflect.DeepEqual([]string{"CA"}, name.Province) {
|
||
|
t.Errorf("Province: want %s, got %s", []string{"CA"}, name.Province)
|
||
|
}
|
||
|
if !reflect.DeepEqual([]string{"Cool Org"}, name.Organization) {
|
||
|
t.Errorf("Organization: want %s, got %s", []string{"Cool Org"}, name.Organization)
|
||
|
}
|
||
|
if !reflect.DeepEqual([]string{"Really Cool Sub Org"}, name.OrganizationalUnit) {
|
||
|
t.Errorf("Organizational Unit: want %s, got %s", []string{"Really Cool Sub Org"}, name.OrganizationalUnit)
|
||
|
}
|
||
|
if !reflect.DeepEqual([]string{"Cool Locality", "Another Cool Locality"}, name.Locality) {
|
||
|
t.Errorf("Locality: want %s, got %s", []string{"CA"}, name.Locality)
|
||
|
}
|
||
|
|
||
|
}
|