From e0dd1bd1327af233b2c88c30498b4bef7f584afd Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 22 Jul 2020 16:57:38 -0700 Subject: [PATCH] Fix typo and add extra test with all fields. --- x509util/certificate.go | 6 ++-- x509util/certificate_test.go | 55 +++++++++++++++++++++++++++++--- x509util/testdata/fullsimple.tpl | 36 +++++++++++++++++++++ 3 files changed, 90 insertions(+), 7 deletions(-) create mode 100644 x509util/testdata/fullsimple.tpl diff --git a/x509util/certificate.go b/x509util/certificate.go index 37ceb0cf..9786a0bd 100644 --- a/x509util/certificate.go +++ b/x509util/certificate.go @@ -29,7 +29,7 @@ type Certificate struct { CRLDistributionPoints CRLDistributionPoints `json:"crlDistributionPoints"` PolicyIdentifiers PolicyIdentifiers `json:"policyIdentifiers"` BasicConstraints *BasicConstraints `json:"basicConstraints"` - NameConstaints *NameConstraints `json:"nameConstraints"` + NameConstraints *NameConstraints `json:"nameConstraints"` SignatureAlgorithm SignatureAlgorithm `json:"signatureAlgorithm"` PublicKeyAlgorithm x509.PublicKeyAlgorithm `json:"-"` PublicKey interface{} `json:"-"` @@ -96,8 +96,8 @@ func (c *Certificate) GetCertificate() *x509.Certificate { if c.BasicConstraints != nil { c.BasicConstraints.Set(cert) } - if c.NameConstaints != nil { - c.NameConstaints.Set(cert) + if c.NameConstraints != nil { + c.NameConstraints.Set(cert) } // Custom Extensions. diff --git a/x509util/certificate_test.go b/x509util/certificate_test.go index fb987752..695d6977 100644 --- a/x509util/certificate_test.go +++ b/x509util/certificate_test.go @@ -109,6 +109,14 @@ func TestNewCertificate(t *testing.T) { crBadSignateure, _ := createCertificateRequest(t, "fail", []string{"foo.com"}) crBadSignateure.PublicKey = priv.Public() + ipNet := func(s string) *net.IPNet { + _, ipNet, err := net.ParseCIDR(s) + if err != nil { + t.Fatal(err) + } + return ipNet + } + type args struct { cr *x509.CertificateRequest opts []Option @@ -164,6 +172,45 @@ func TestNewCertificate(t *testing.T) { PublicKey: priv.Public(), PublicKeyAlgorithm: x509.Ed25519, }, false}, + {"okFullSimple", args{cr, []Option{WithTemplateFile("./testdata/fullsimple.tpl", TemplateData{})}}, &Certificate{ + Version: 3, + Subject: Subject{CommonName: "subjectCommonName"}, + SerialNumber: SerialNumber{big.NewInt(78187493520)}, + Issuer: Issuer{CommonName: "issuerCommonName"}, + DNSNames: []string{"doe.com"}, + IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}, + EmailAddresses: []string{"jane@doe.com"}, + URIs: []*url.URL{{Scheme: "https", Host: "doe.com"}}, + SANs: []SubjectAlternativeName{{Type: DNSType, Value: "www.doe.com"}}, + Extensions: []Extension{{ID: []int{1, 2, 3, 4}, Critical: true, Value: []byte("extension")}}, + KeyUsage: KeyUsage(x509.KeyUsageDigitalSignature), + ExtKeyUsage: ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}), + SubjectKeyID: []byte("subjectKeyId"), + AuthorityKeyID: []byte("authorityKeyId"), + OCSPServer: []string{"https://ocsp.server"}, + IssuingCertificateURL: []string{"https://ca.com"}, + CRLDistributionPoints: []string{"https://ca.com/ca.crl"}, + PolicyIdentifiers: PolicyIdentifiers{[]int{5, 6, 7, 8, 9, 0}}, + BasicConstraints: &BasicConstraints{ + IsCA: false, + MaxPathLen: 0, + }, + NameConstraints: &NameConstraints{ + Critical: true, + PermittedDNSDomains: []string{"jane.doe.com"}, + ExcludedDNSDomains: []string{"john.doe.com"}, + PermittedIPRanges: []*net.IPNet{ipNet("127.0.0.1/32")}, + ExcludedIPRanges: []*net.IPNet{ipNet("0.0.0.0/0")}, + PermittedEmailAddresses: []string{"jane@doe.com"}, + ExcludedEmailAddresses: []string{"john@doe.com"}, + PermittedURIDomains: []string{"https://jane.doe.com"}, + ExcludedURIDomains: []string{"https://john.doe.com"}, + }, + SignatureAlgorithm: SignatureAlgorithm(x509.PureEd25519), + PublicKey: priv.Public(), + PublicKeyAlgorithm: x509.Ed25519, + }, + false}, {"badSignature", args{crBadSignateure, nil}, nil, true}, {"failTemplate", args{cr, []Option{WithTemplate(`{{ fail "fatal error }}`, CreateTemplateData("commonName", []string{"foo.com"}))}}, nil, true}, {"missingTemplate", args{cr, []Option{WithTemplateFile("./testdata/missing.tpl", CreateTemplateData("commonName", []string{"foo.com"}))}}, nil, true}, @@ -177,7 +224,7 @@ func TestNewCertificate(t *testing.T) { return } if !reflect.DeepEqual(got, tt.want) { - t.Errorf("NewCertificate() = \n%v, want \n%v", got, tt.want) + t.Errorf("NewCertificate() = %v, want %v", got, tt.want) } }) } @@ -204,7 +251,7 @@ func TestCertificate_GetCertificate(t *testing.T) { CRLDistributionPoints CRLDistributionPoints PolicyIdentifiers PolicyIdentifiers BasicConstraints *BasicConstraints - NameConstaints *NameConstraints + NameConstraints *NameConstraints SignatureAlgorithm SignatureAlgorithm PublicKeyAlgorithm x509.PublicKeyAlgorithm PublicKey interface{} @@ -242,7 +289,7 @@ func TestCertificate_GetCertificate(t *testing.T) { CRLDistributionPoints: []string{"https://ca.com/crl"}, PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3, 4}}, BasicConstraints: &BasicConstraints{IsCA: true, MaxPathLen: 0}, - NameConstaints: &NameConstraints{PermittedDNSDomains: []string{"foo.bar"}}, + NameConstraints: &NameConstraints{PermittedDNSDomains: []string{"foo.bar"}}, SignatureAlgorithm: SignatureAlgorithm(x509.PureEd25519), PublicKeyAlgorithm: x509.Ed25519, PublicKey: ed25519.PublicKey("public key"), @@ -299,7 +346,7 @@ func TestCertificate_GetCertificate(t *testing.T) { CRLDistributionPoints: tt.fields.CRLDistributionPoints, PolicyIdentifiers: tt.fields.PolicyIdentifiers, BasicConstraints: tt.fields.BasicConstraints, - NameConstaints: tt.fields.NameConstaints, + NameConstraints: tt.fields.NameConstraints, SignatureAlgorithm: tt.fields.SignatureAlgorithm, PublicKeyAlgorithm: tt.fields.PublicKeyAlgorithm, PublicKey: tt.fields.PublicKey, diff --git a/x509util/testdata/fullsimple.tpl b/x509util/testdata/fullsimple.tpl new file mode 100644 index 00000000..0fbf16e6 --- /dev/null +++ b/x509util/testdata/fullsimple.tpl @@ -0,0 +1,36 @@ +{ + "version": 3, + "subject": "subjectCommonName", + "issuer": "issuerCommonName", + "serialNumber": "0x1234567890", + "dnsNames": "doe.com", + "emailAddresses": "jane@doe.com", + "ipAddresses": "127.0.0.1", + "uris": "https://doe.com", + "sans": [{"type":"dns", "value":"www.doe.com"}], + "extensions": [{"id":"1.2.3.4","critical":true,"value":"ZXh0ZW5zaW9u"}], + "keyUsage": ["digitalSignature"], + "extKeyUsage": ["serverAuth"], + "subjectKeyId": "c3ViamVjdEtleUlk", + "authorityKeyId": "YXV0aG9yaXR5S2V5SWQ=", + "ocspServer": "https://ocsp.server", + "issuingCertificateURL": "https://ca.com", + "crlDistributionPoints": "https://ca.com/ca.crl", + "policyIdentifiers": "5.6.7.8.9.0", + "basicConstraints": { + "isCA": false, + "maxPathLen": 0 + }, + "nameConstraints": { + "critical": true, + "permittedDNSDomains": "jane.doe.com", + "excludedDNSDomains": "john.doe.com", + "permittedIPRanges": "127.0.0.1/32", + "excludedIPRanges": "0.0.0.0/0", + "permittedEmailAddresses": "jane@doe.com", + "excludedEmailAddresses": "john@doe.com", + "permittedURIDomains": "https://jane.doe.com", + "excludedURIDomains": "https://john.doe.com" + }, + "signatureAlgorithm": "Ed25519" +} \ No newline at end of file