Fix typo and add extra test with all fields.

This commit is contained in:
Mariano Cano 2020-07-22 16:57:38 -07:00
parent e4ca83e8f9
commit e0dd1bd132
3 changed files with 90 additions and 7 deletions

View file

@ -29,7 +29,7 @@ type Certificate struct {
CRLDistributionPoints CRLDistributionPoints `json:"crlDistributionPoints"` CRLDistributionPoints CRLDistributionPoints `json:"crlDistributionPoints"`
PolicyIdentifiers PolicyIdentifiers `json:"policyIdentifiers"` PolicyIdentifiers PolicyIdentifiers `json:"policyIdentifiers"`
BasicConstraints *BasicConstraints `json:"basicConstraints"` BasicConstraints *BasicConstraints `json:"basicConstraints"`
NameConstaints *NameConstraints `json:"nameConstraints"` NameConstraints *NameConstraints `json:"nameConstraints"`
SignatureAlgorithm SignatureAlgorithm `json:"signatureAlgorithm"` SignatureAlgorithm SignatureAlgorithm `json:"signatureAlgorithm"`
PublicKeyAlgorithm x509.PublicKeyAlgorithm `json:"-"` PublicKeyAlgorithm x509.PublicKeyAlgorithm `json:"-"`
PublicKey interface{} `json:"-"` PublicKey interface{} `json:"-"`
@ -96,8 +96,8 @@ func (c *Certificate) GetCertificate() *x509.Certificate {
if c.BasicConstraints != nil { if c.BasicConstraints != nil {
c.BasicConstraints.Set(cert) c.BasicConstraints.Set(cert)
} }
if c.NameConstaints != nil { if c.NameConstraints != nil {
c.NameConstaints.Set(cert) c.NameConstraints.Set(cert)
} }
// Custom Extensions. // Custom Extensions.

View file

@ -109,6 +109,14 @@ func TestNewCertificate(t *testing.T) {
crBadSignateure, _ := createCertificateRequest(t, "fail", []string{"foo.com"}) crBadSignateure, _ := createCertificateRequest(t, "fail", []string{"foo.com"})
crBadSignateure.PublicKey = priv.Public() crBadSignateure.PublicKey = priv.Public()
ipNet := func(s string) *net.IPNet {
_, ipNet, err := net.ParseCIDR(s)
if err != nil {
t.Fatal(err)
}
return ipNet
}
type args struct { type args struct {
cr *x509.CertificateRequest cr *x509.CertificateRequest
opts []Option opts []Option
@ -164,6 +172,45 @@ func TestNewCertificate(t *testing.T) {
PublicKey: priv.Public(), PublicKey: priv.Public(),
PublicKeyAlgorithm: x509.Ed25519, PublicKeyAlgorithm: x509.Ed25519,
}, false}, }, false},
{"okFullSimple", args{cr, []Option{WithTemplateFile("./testdata/fullsimple.tpl", TemplateData{})}}, &Certificate{
Version: 3,
Subject: Subject{CommonName: "subjectCommonName"},
SerialNumber: SerialNumber{big.NewInt(78187493520)},
Issuer: Issuer{CommonName: "issuerCommonName"},
DNSNames: []string{"doe.com"},
IPAddresses: []net.IP{net.ParseIP("127.0.0.1")},
EmailAddresses: []string{"jane@doe.com"},
URIs: []*url.URL{{Scheme: "https", Host: "doe.com"}},
SANs: []SubjectAlternativeName{{Type: DNSType, Value: "www.doe.com"}},
Extensions: []Extension{{ID: []int{1, 2, 3, 4}, Critical: true, Value: []byte("extension")}},
KeyUsage: KeyUsage(x509.KeyUsageDigitalSignature),
ExtKeyUsage: ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}),
SubjectKeyID: []byte("subjectKeyId"),
AuthorityKeyID: []byte("authorityKeyId"),
OCSPServer: []string{"https://ocsp.server"},
IssuingCertificateURL: []string{"https://ca.com"},
CRLDistributionPoints: []string{"https://ca.com/ca.crl"},
PolicyIdentifiers: PolicyIdentifiers{[]int{5, 6, 7, 8, 9, 0}},
BasicConstraints: &BasicConstraints{
IsCA: false,
MaxPathLen: 0,
},
NameConstraints: &NameConstraints{
Critical: true,
PermittedDNSDomains: []string{"jane.doe.com"},
ExcludedDNSDomains: []string{"john.doe.com"},
PermittedIPRanges: []*net.IPNet{ipNet("127.0.0.1/32")},
ExcludedIPRanges: []*net.IPNet{ipNet("0.0.0.0/0")},
PermittedEmailAddresses: []string{"jane@doe.com"},
ExcludedEmailAddresses: []string{"john@doe.com"},
PermittedURIDomains: []string{"https://jane.doe.com"},
ExcludedURIDomains: []string{"https://john.doe.com"},
},
SignatureAlgorithm: SignatureAlgorithm(x509.PureEd25519),
PublicKey: priv.Public(),
PublicKeyAlgorithm: x509.Ed25519,
},
false},
{"badSignature", args{crBadSignateure, nil}, nil, true}, {"badSignature", args{crBadSignateure, nil}, nil, true},
{"failTemplate", args{cr, []Option{WithTemplate(`{{ fail "fatal error }}`, CreateTemplateData("commonName", []string{"foo.com"}))}}, nil, true}, {"failTemplate", args{cr, []Option{WithTemplate(`{{ fail "fatal error }}`, CreateTemplateData("commonName", []string{"foo.com"}))}}, nil, true},
{"missingTemplate", args{cr, []Option{WithTemplateFile("./testdata/missing.tpl", CreateTemplateData("commonName", []string{"foo.com"}))}}, nil, true}, {"missingTemplate", args{cr, []Option{WithTemplateFile("./testdata/missing.tpl", CreateTemplateData("commonName", []string{"foo.com"}))}}, nil, true},
@ -177,7 +224,7 @@ func TestNewCertificate(t *testing.T) {
return return
} }
if !reflect.DeepEqual(got, tt.want) { if !reflect.DeepEqual(got, tt.want) {
t.Errorf("NewCertificate() = \n%v, want \n%v", got, tt.want) t.Errorf("NewCertificate() = %v, want %v", got, tt.want)
} }
}) })
} }
@ -204,7 +251,7 @@ func TestCertificate_GetCertificate(t *testing.T) {
CRLDistributionPoints CRLDistributionPoints CRLDistributionPoints CRLDistributionPoints
PolicyIdentifiers PolicyIdentifiers PolicyIdentifiers PolicyIdentifiers
BasicConstraints *BasicConstraints BasicConstraints *BasicConstraints
NameConstaints *NameConstraints NameConstraints *NameConstraints
SignatureAlgorithm SignatureAlgorithm SignatureAlgorithm SignatureAlgorithm
PublicKeyAlgorithm x509.PublicKeyAlgorithm PublicKeyAlgorithm x509.PublicKeyAlgorithm
PublicKey interface{} PublicKey interface{}
@ -242,7 +289,7 @@ func TestCertificate_GetCertificate(t *testing.T) {
CRLDistributionPoints: []string{"https://ca.com/crl"}, CRLDistributionPoints: []string{"https://ca.com/crl"},
PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3, 4}}, PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3, 4}},
BasicConstraints: &BasicConstraints{IsCA: true, MaxPathLen: 0}, BasicConstraints: &BasicConstraints{IsCA: true, MaxPathLen: 0},
NameConstaints: &NameConstraints{PermittedDNSDomains: []string{"foo.bar"}}, NameConstraints: &NameConstraints{PermittedDNSDomains: []string{"foo.bar"}},
SignatureAlgorithm: SignatureAlgorithm(x509.PureEd25519), SignatureAlgorithm: SignatureAlgorithm(x509.PureEd25519),
PublicKeyAlgorithm: x509.Ed25519, PublicKeyAlgorithm: x509.Ed25519,
PublicKey: ed25519.PublicKey("public key"), PublicKey: ed25519.PublicKey("public key"),
@ -299,7 +346,7 @@ func TestCertificate_GetCertificate(t *testing.T) {
CRLDistributionPoints: tt.fields.CRLDistributionPoints, CRLDistributionPoints: tt.fields.CRLDistributionPoints,
PolicyIdentifiers: tt.fields.PolicyIdentifiers, PolicyIdentifiers: tt.fields.PolicyIdentifiers,
BasicConstraints: tt.fields.BasicConstraints, BasicConstraints: tt.fields.BasicConstraints,
NameConstaints: tt.fields.NameConstaints, NameConstraints: tt.fields.NameConstraints,
SignatureAlgorithm: tt.fields.SignatureAlgorithm, SignatureAlgorithm: tt.fields.SignatureAlgorithm,
PublicKeyAlgorithm: tt.fields.PublicKeyAlgorithm, PublicKeyAlgorithm: tt.fields.PublicKeyAlgorithm,
PublicKey: tt.fields.PublicKey, PublicKey: tt.fields.PublicKey,

36
x509util/testdata/fullsimple.tpl vendored Normal file
View file

@ -0,0 +1,36 @@
{
"version": 3,
"subject": "subjectCommonName",
"issuer": "issuerCommonName",
"serialNumber": "0x1234567890",
"dnsNames": "doe.com",
"emailAddresses": "jane@doe.com",
"ipAddresses": "127.0.0.1",
"uris": "https://doe.com",
"sans": [{"type":"dns", "value":"www.doe.com"}],
"extensions": [{"id":"1.2.3.4","critical":true,"value":"ZXh0ZW5zaW9u"}],
"keyUsage": ["digitalSignature"],
"extKeyUsage": ["serverAuth"],
"subjectKeyId": "c3ViamVjdEtleUlk",
"authorityKeyId": "YXV0aG9yaXR5S2V5SWQ=",
"ocspServer": "https://ocsp.server",
"issuingCertificateURL": "https://ca.com",
"crlDistributionPoints": "https://ca.com/ca.crl",
"policyIdentifiers": "5.6.7.8.9.0",
"basicConstraints": {
"isCA": false,
"maxPathLen": 0
},
"nameConstraints": {
"critical": true,
"permittedDNSDomains": "jane.doe.com",
"excludedDNSDomains": "john.doe.com",
"permittedIPRanges": "127.0.0.1/32",
"excludedIPRanges": "0.0.0.0/0",
"permittedEmailAddresses": "jane@doe.com",
"excludedEmailAddresses": "john@doe.com",
"permittedURIDomains": "https://jane.doe.com",
"excludedURIDomains": "https://john.doe.com"
},
"signatureAlgorithm": "Ed25519"
}