alihan/fn-serverless
1
0
Fork 0
mirror of https://github.com/fnproject/fn.git synced 2022-10-28 21:29:17 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d7bf64bf6613ff08bd4614d3fb26f888836cab9e
fn-serverless/vendor/github.com/cloudflare/cfssl/api/crl/crl_test.go

150 lines
3.5 KiB
Go
Raw Blame History

package crl
import (
"crypto/x509"
"encoding/base64"
"encoding/json"
"io/ioutil"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/cloudflare/cfssl/api"
"github.com/cloudflare/cfssl/certdb"
"github.com/cloudflare/cfssl/certdb/sql"
"github.com/cloudflare/cfssl/certdb/testdb"
"github.com/cloudflare/cfssl/helpers"
)
const (
fakeAKI = "fake aki"
testCaFile = "../testdata/ca.pem"
testCaKeyFile = "../testdata/ca_key.pem"
)
func prepDB() (certdb.Accessor, error) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
expirationTime := time.Now().AddDate(1, 0, 0)
var cert = certdb.CertificateRecord{
Serial: "1",
AKI: fakeAKI,
Expiry: expirationTime,
PEM: "revoked cert",
Status: "revoked",
RevokedAt: time.Now(),
Reason: 4,
}
dbAccessor := sql.NewAccessor(db)
err := dbAccessor.InsertCertificate(cert)
if err != nil {
return nil, err
}
return dbAccessor, nil
}
func testGetCRL(t *testing.T, dbAccessor certdb.Accessor, expiry string) (resp *http.Response, body []byte) {
handler, err := NewHandler(dbAccessor, testCaFile, testCaKeyFile)
if err != nil {
t.Fatal(err)
}
ts := httptest.NewServer(handler)
defer ts.Close()
if expiry != "" {
resp, err = http.Get(ts.URL + "?expiry=" + expiry)
} else {
resp, err = http.Get(ts.URL)
}
if err != nil {
t.Fatal(err)
}
body, err = ioutil.ReadAll(resp.Body)
if err != nil {
t.Fatal(err)
}
return
}
func TestCRLGeneration(t *testing.T) {
dbAccessor, err := prepDB()
if err != nil {
t.Fatal(err)
}
resp, body := testGetCRL(t, dbAccessor, "")
if resp.StatusCode != http.StatusOK {
t.Fatal("unexpected HTTP status code; expected OK", string(body))
}
message := new(api.Response)
err = json.Unmarshal(body, message)
if err != nil {
t.Fatalf("failed to read response body: %v", err)
}
crlBytes := message.Result.(string)
crlBytesDER, err := base64.StdEncoding.DecodeString(crlBytes)
if err != nil {
t.Fatal("failed to decode certificate ", err)
}
parsedCrl, err := x509.ParseCRL(crlBytesDER)
if err != nil {
t.Fatal("failed to get certificate ", err)
}
if parsedCrl.HasExpired(time.Now().Add(5 * helpers.OneDay)) {
t.Fatal("the request will expire after 5 days, this shouldn't happen")
}
certs := parsedCrl.TBSCertList.RevokedCertificates
if len(certs) != 1 {
t.Fatal("failed to get one certificate")
}
cert := certs[0]
if cert.SerialNumber.String() != "1" {
t.Fatal("cert was not correctly inserted in CRL, serial was ", cert.SerialNumber)
}
}
func TestCRLGenerationWithExpiry(t *testing.T) {
dbAccessor, err := prepDB()
if err != nil {
t.Fatal(err)
}
resp, body := testGetCRL(t, dbAccessor, "119h")
if resp.StatusCode != http.StatusOK {
t.Fatal("unexpected HTTP status code; expected OK", string(body))
}
message := new(api.Response)
err = json.Unmarshal(body, message)
if err != nil {
t.Fatalf("failed to read response body: %v", err)
}
crlBytes := message.Result.(string)
crlBytesDER, err := base64.StdEncoding.DecodeString(crlBytes)
if err != nil {
t.Fatal("failed to decode certificate ", err)
}
parsedCrl, err := x509.ParseCRL(crlBytesDER)
if err != nil {
t.Fatal("failed to get certificate ", err)
}
if !parsedCrl.HasExpired(time.Now().Add(5 * helpers.OneDay)) {
t.Fatal("the request should have expired")
}
certs := parsedCrl.TBSCertList.RevokedCertificates
if len(certs) != 1 {
t.Fatal("failed to get one certificate")
}
cert := certs[0]
if cert.SerialNumber.String() != "1" {
t.Fatal("cert was not correctly inserted in CRL, serial was ", cert.SerialNumber)
}
}
Reference in New Issue View Git Blame Copy Permalink