check hosts in ssl certificates

2018-08-09 15:07:53 +02:00
parent 481115e0d0
commit 331f9ea96c
362 changed files with 2499 additions and 59344 deletions
--- a/vendor/github.com/cloudflare/cfssl/auth/auth_test.go
+++ b/vendor/github.com/cloudflare/cfssl/auth/auth_test.go
@ -1,159 +0,0 @@
-package auth
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"testing"
-)
-
-var (
-	testProvider   Provider
-	testProviderAD Provider
-	testKey        = "0123456789ABCDEF0123456789ABCDEF"
-	testAD         = []byte{1, 2, 3, 4} // IP address 1.2.3.4
-)
-
-func TestNew(t *testing.T) {
-	_, err := New("ABC", nil)
-	if err == nil {
-		t.Fatal("expected failure with improperly-hex-encoded key")
-	}
-
-	testProvider, err = New(testKey, nil)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	testProviderAD, err = New(testKey, testAD)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-}
-
-var (
-	testRequest1A = &AuthenticatedRequest{
-		Request: []byte(`testing 1 2 3`),
-	}
-	testRequest1B = &AuthenticatedRequest{
-		Request: []byte(`testing 1 2 3`),
-	}
-	testRequest2 = &AuthenticatedRequest{
-		Request: []byte(`testing 3 2 1`),
-	}
-)
-
-// Sanity check: can a newly-generated token be verified?
-func TestVerifyTrue(t *testing.T) {
-	var err error
-
-	testRequest1A.Token, err = testProvider.Token(testRequest1A.Request)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	testRequest1B.Token, err = testProviderAD.Token(testRequest1B.Request)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	if !testProvider.Verify(testRequest1A) {
-		t.Fatal("failed to verify request 1A")
-	}
-
-	if !testProviderAD.Verify(testRequest1B) {
-		t.Fatal("failed to verify request 1B")
-	}
-}
-
-// Sanity check: ensure that additional data is actually used in
-// verification.
-func TestVerifyAD(t *testing.T) {
-	if testProvider.Verify(testRequest1B) {
-		t.Fatal("no-AD provider verifies request with AD")
-	}
-
-	if testProviderAD.Verify(testRequest1A) {
-		t.Fatal("AD provider verifies request without AD")
-	}
-}
-
-// Sanity check: verification fails if tokens are not the same length.
-func TestTokenLength(t *testing.T) {
-	token := testRequest1A.Token[:]
-	testRequest1A.Token = testRequest1A.Token[1:]
-
-	if testProvider.Verify(testRequest1A) {
-		t.Fatal("invalid token should not be verified")
-	}
-
-	testRequest1A.Token = token
-}
-
-// Sanity check: token fails validation if the request is changed.
-func TestBadRequest(t *testing.T) {
-	testRequest2.Token = testRequest1A.Token
-	if testProvider.Verify(testRequest2) {
-		t.Fatal("bad request should fail verification")
-	}
-}
-
-// Sanity check: a null request should fail to verify.
-func TestNullRequest(t *testing.T) {
-	if testProvider.Verify(nil) {
-		t.Fatal("null request should fail verification")
-	}
-}
-
-// Sanity check: verify a pre-generated authenticated request.
-func TestPreGenerated(t *testing.T) {
-	in, err := ioutil.ReadFile("testdata/authrequest.json")
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	var req AuthenticatedRequest
-	err = json.Unmarshal(in, &req)
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	if !testProvider.Verify(&req) {
-		t.Fatal("failed to verify pre-generated request")
-	}
-}
-
-var bmRequest []byte
-
-func TestLoadBenchmarkRequest(t *testing.T) {
-	in, err := ioutil.ReadFile("testdata/request.json")
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-
-	bmRequest = in
-}
-
-func BenchmarkToken(b *testing.B) {
-	for i := 0; i < b.N; i++ {
-		_, err := testProvider.Token(bmRequest)
-		if err != nil {
-			b.Fatalf("%v", err)
-		}
-	}
-}
-
-func BenchmarkVerify(b *testing.B) {
-	token, _ := testProvider.Token(bmRequest)
-	req := &AuthenticatedRequest{
-		Token:   token,
-		Request: bmRequest,
-	}
-	b.ResetTimer()
-
-	for i := 0; i < b.N; i++ {
-		if !testProvider.Verify(req) {
-			b.Fatal("failed to verify request")
-		}
-	}
-}
--- a/vendor/github.com/cloudflare/cfssl/auth/testdata/authrequest.json
+++ b/vendor/github.com/cloudflare/cfssl/auth/testdata/authrequest.json
@ -1 +0,0 @@
-{"token": "tSU1WTE/322iXrOBfJSQ9/u1dleqpwUmCj1LXYHw07Y=", "request": "ewoJImhvc3RuYW1lIjogImt5bGVpc29tLm5ldCIsCgkicmVxdWVzdCI6ICItLS0tLUJFR0lOIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQoJICAgIE1JSUQwVENDQWpzQ0FRQXdZREVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WQkFvVENXUnliM0J6YjI1a1pURVEKCSAgICBNQTRHQTFVRUN4TUhRMFl0UTJoaGRERVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFVE1CRUdBMVVFCgkgICAgQ0JNS1EyRnNhV1p2Y201cFlUQ0NBYUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQU1jQwoJICAgIEdCbDVMVHJla0dGV2hvdGtkYlorUjFNbG9hcld4UXY5alA0QWVrdDhVT2ljeXBIdkZPNnhPdFN3SG8rcjMyaUUKCSAgICBxblM1eXYvMDFQMk1KdXlxbmRuY1RTTXNPbFQvN242N1RNMDB1MDFLLzljL3NvZ0tFS2pseXBsVFA3eUZkRy9jCgkgICAgT3UvOXFLYi9KYWxkMndFTEZZRTZ4cTJSREZ5eHlpWk9CM2c3WjdGeGE1ZDZhZGZHUndaek50VUw0LzhzK0x5aQoJICAgIHFkdzlJMWZrUWQ2MDRwb1pGTjB3clFzNGxmaFdUVWZnMHJIdWg1d2dHS1AzVnpacGJ0OEZiMXZOamZiSHRvaHgKCSAgICBHMlBDVTZKeStEYzFiU2ZVeldjUW5lbnA4NThXNEY4ejdwRjV5YmRuRlIzMTNIam9zcVhuRzI4eklUck9hZE1UCgkgICAgSGFKNnpPaGdFYWZVT1dYT3pqTm9mRkJGYTJJdUNBVCtJVFJZMXRDL2dxcHhHd0gveXVWTjE5Qkc4VXBuMCtIQQoJICAgIGllMm1LQ0hmU0JBS1QvWGU0dW1QZWF4U2JJcVdzVzhjaytkM2I0b3I5Ulp2NWNaUmNUM29pa0p0K1NRRzY5cFcKCSAgICA0T0FiYitBQnNzL05JdXJpNnowZTdERWVJTDV6bXlTSnFkdFlIZE5ZTjcrK3Y5eEJOc0w0SXNVNklFeTMrUUlECgkgICAgQVFBQm9DNHdMQVlKS29aSWh2Y05BUWtPTVI4d0hUQWJCZ05WSFJFRUZEQVNnaEJqWmk1a2NtOXdjMjl1WkdVdQoJICAgIGJtVjBNQXNHQ1NxR1NJYjNEUUVCREFPQ0FZRUFoTUFxQmlySStrMWFVM2xmQUdRaVNtOHl0T3paaWozODloSXIKCSAgICBuVXA4K1duVHVWVGI4WFozL1YrTDlFblRJbUY2dTF3ZWFqWGQzU3VlNDk1NzBMYlltSXV4QmtHcDUwL0JkVUR6CgkgICAgdUI2eHNoaEpXczEySnhVYjkxSW1tMGJUUncyek1xZXdnYTZmdHpaL0FLNG1zeFFBMlVJYmNXWmRzS2J1TTdzbwoJICAgIEpUZlZXOWlPd3FIdC82NFpqNHRCWmY5THpPRHI3a051S0tMbndqaXpIMTg3eGZJSWhkcmpGOFdTN0g5QVBCMU8KCSAgICBTdUVVRGZxaDBTV1IzbHRXdUF1VVdlbzZTS2NIVnVzeS9HNFlFK1BCeXcxZVY3RzRTYmVHNVowbytHT1VVSy9GCgkgICAgYjU1R21XMXhhNExBcnMxQSt6ZUZidkovQkFwc2JVMmI2V1ZtTmE3V3BIejdXWElGT0p1WUpnRWtWS1BKbkt1cwoJICAgIHFxczNGZ1VxejBadjdUSzhtTWlFVEpvWFpzNnpDdk15c1FldTNKL29qZ3RBanZNaHpRYzZQUy9udk90SmRJZysKCSAgICBIMHFYNDlmaHAxQnJZeXNsYWx6UUlGMCtIMHFTVWV5b1V5VjJ3YkxCQUxhcHhNZnZUVmxoTnduYWN0Y0tReHE0CgkgICAgK3dUKzJQVEowYk0vNUFWMFRPMVNQVDBBVmlKaAoJICAgIC0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLSIsCgkicHJvZmlsZSI6ICIiLAoJInJlbW90ZSI6ICIiLAoJImxhYmVsIjogInByaW1hcnkiCn0KCg=="}
--- a/vendor/github.com/cloudflare/cfssl/auth/testdata/request.json
+++ b/vendor/github.com/cloudflare/cfssl/auth/testdata/request.json
@ -1,30 +0,0 @@
-{
-	"hostname": "kyleisom.net",
-	"request": "-----BEGIN CERTIFICATE REQUEST-----
-	    MIID0TCCAjsCAQAwYDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWRyb3Bzb25kZTEQ
-	    MA4GA1UECxMHQ0YtQ2hhdDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UE
-	    CBMKQ2FsaWZvcm5pYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMcC
-	    GBl5LTrekGFWhotkdbZ+R1MloarWxQv9jP4Aekt8UOicypHvFO6xOtSwHo+r32iE
-	    qnS5yv/01P2MJuyqndncTSMsOlT/7n67TM00u01K/9c/sogKEKjlyplTP7yFdG/c
-	    Ou/9qKb/Jald2wELFYE6xq2RDFyxyiZOB3g7Z7Fxa5d6adfGRwZzNtUL4/8s+Lyi
-	    qdw9I1fkQd604poZFN0wrQs4lfhWTUfg0rHuh5wgGKP3VzZpbt8Fb1vNjfbHtohx
-	    G2PCU6Jy+Dc1bSfUzWcQnenp858W4F8z7pF5ybdnFR313HjosqXnG28zITrOadMT
-	    HaJ6zOhgEafUOWXOzjNofFBFa2IuCAT+ITRY1tC/gqpxGwH/yuVN19BG8Upn0+HA
-	    ie2mKCHfSBAKT/Xe4umPeaxSbIqWsW8ck+d3b4or9RZv5cZRcT3oikJt+SQG69pW
-	    4OAbb+ABss/NIuri6z0e7DEeIL5zmySJqdtYHdNYN7++v9xBNsL4IsU6IEy3+QID
-	    AQABoC4wLAYJKoZIhvcNAQkOMR8wHTAbBgNVHREEFDASghBjZi5kcm9wc29uZGUu
-	    bmV0MAsGCSqGSIb3DQEBDAOCAYEAhMAqBirI+k1aU3lfAGQiSm8ytOzZij389hIr
-	    nUp8+WnTuVTb8XZ3/V+L9EnTImF6u1weajXd3Sue49570LbYmIuxBkGp50/BdUDz
-	    uB6xshhJWs12JxUb91Imm0bTRw2zMqewga6ftzZ/AK4msxQA2UIbcWZdsKbuM7so
-	    JTfVW9iOwqHt/64Zj4tBZf9LzODr7kNuKKLnwjizH187xfIIhdrjF8WS7H9APB1O
-	    SuEUDfqh0SWR3ltWuAuUWeo6SKcHVusy/G4YE+PByw1eV7G4SbeG5Z0o+GOUUK/F
-	    b55GmW1xa4LArs1A+zeFbvJ/BApsbU2b6WVmNa7WpHz7WXIFOJuYJgEkVKPJnKus
-	    qqs3FgUqz0Zv7TK8mMiETJoXZs6zCvMysQeu3J/ojgtAjvMhzQc6PS/nvOtJdIg+
-	    H0qX49fhp1BrYyslalzQIF0+H0qSUeyoUyV2wbLBALapxMfvTVlhNwnactcKQxq4
-	    +wT+2PTJ0bM/5AV0TO1SPT0AViJh
-	    -----END CERTIFICATE REQUEST-----",
-	"profile": "",
-	"remote": "",
-	"label": "primary"
-}
-
				`@ -1 +0,0 @@`
				{"token": "tSU1WTE/322iXrOBfJSQ9/u1dleqpwUmCj1LXYHw07Y=", "request": "ewoJImhvc3RuYW1lIjogImt5bGVpc29tLm5ldCIsCgkicmVxdWVzdCI6ICItLS0tLUJFR0lOIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQoJICAgIE1JSUQwVENDQWpzQ0FRQXdZREVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WQkFvVENXUnliM0J6YjI1a1pURVEKCSAgICBNQTRHQTFVRUN4TUhRMFl0UTJoaGRERVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFVE1CRUdBMVVFCgkgICAgQ0JNS1EyRnNhV1p2Y201cFlUQ0NBYUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQU1jQwoJICAgIEdCbDVMVHJla0dGV2hvdGtkYlorUjFNbG9hcld4UXY5alA0QWVrdDhVT2ljeXBIdkZPNnhPdFN3SG8rcjMyaUUKCSAgICBxblM1eXYvMDFQMk1KdXlxbmRuY1RTTXNPbFQvN242N1RNMDB1MDFLLzljL3NvZ0tFS2pseXBsVFA3eUZkRy9jCgkgICAgT3UvOXFLYi9KYWxkMndFTEZZRTZ4cTJSREZ5eHlpWk9CM2c3WjdGeGE1ZDZhZGZHUndaek50VUw0LzhzK0x5aQoJICAgIHFkdzlJMWZrUWQ2MDRwb1pGTjB3clFzNGxmaFdUVWZnMHJIdWg1d2dHS1AzVnpacGJ0OEZiMXZOamZiSHRvaHgKCSAgICBHMlBDVTZKeStEYzFiU2ZVeldjUW5lbnA4NThXNEY4ejdwRjV5YmRuRlIzMTNIam9zcVhuRzI4eklUck9hZE1UCgkgICAgSGFKNnpPaGdFYWZVT1dYT3pqTm9mRkJGYTJJdUNBVCtJVFJZMXRDL2dxcHhHd0gveXVWTjE5Qkc4VXBuMCtIQQoJICAgIGllMm1LQ0hmU0JBS1QvWGU0dW1QZWF4U2JJcVdzVzhjaytkM2I0b3I5Ulp2NWNaUmNUM29pa0p0K1NRRzY5cFcKCSAgICA0T0FiYitBQnNzL05JdXJpNnowZTdERWVJTDV6bXlTSnFkdFlIZE5ZTjcrK3Y5eEJOc0w0SXNVNklFeTMrUUlECgkgICAgQVFBQm9DNHdMQVlKS29aSWh2Y05BUWtPTVI4d0hUQWJCZ05WSFJFRUZEQVNnaEJqWmk1a2NtOXdjMjl1WkdVdQoJICAgIGJtVjBNQXNHQ1NxR1NJYjNEUUVCREFPQ0FZRUFoTUFxQmlySStrMWFVM2xmQUdRaVNtOHl0T3paaWozODloSXIKCSAgICBuVXA4K1duVHVWVGI4WFozL1YrTDlFblRJbUY2dTF3ZWFqWGQzU3VlNDk1NzBMYlltSXV4QmtHcDUwL0JkVUR6CgkgICAgdUI2eHNoaEpXczEySnhVYjkxSW1tMGJUUncyek1xZXdnYTZmdHpaL0FLNG1zeFFBMlVJYmNXWmRzS2J1TTdzbwoJICAgIEpUZlZXOWlPd3FIdC82NFpqNHRCWmY5THpPRHI3a051S0tMbndqaXpIMTg3eGZJSWhkcmpGOFdTN0g5QVBCMU8KCSAgICBTdUVVRGZxaDBTV1IzbHRXdUF1VVdlbzZTS2NIVnVzeS9HNFlFK1BCeXcxZVY3RzRTYmVHNVowbytHT1VVSy9GCgkgICAgYjU1R21XMXhhNExBcnMxQSt6ZUZidkovQkFwc2JVMmI2V1ZtTmE3V3BIejdXWElGT0p1WUpnRWtWS1BKbkt1cwoJICAgIHFxczNGZ1VxejBadjdUSzhtTWlFVEpvWFpzNnpDdk15c1FldTNKL29qZ3RBanZNaHpRYzZQUy9udk90SmRJZysKCSAgICBIMHFYNDlmaHAxQnJZeXNsYWx6UUlGMCtIMHFTVWV5b1V5VjJ3YkxCQUxhcHhNZnZUVmxoTnduYWN0Y0tReHE0CgkgICAgK3dUKzJQVEowYk0vNUFWMFRPMVNQVDBBVmlKaAoJICAgIC0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLSIsCgkicHJvZmlsZSI6ICIiLAoJInJlbW90ZSI6ICIiLAoJImxhYmVsIjogInByaW1hcnkiCn0KCg=="}