forked from TrueCloudLab/certificates
662 lines
27 KiB
Go
662 lines
27 KiB
Go
package x509util
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/asn1"
|
|
"net"
|
|
"net/url"
|
|
"reflect"
|
|
"testing"
|
|
)
|
|
|
|
func Test_convertName(t *testing.T) {
|
|
type args struct {
|
|
s string
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want string
|
|
}{
|
|
{"lowerCase", args{"FooBAR"}, "foobar"},
|
|
{"underscore", args{"foo_bar"}, "foobar"},
|
|
{"mixed", args{"FOO_Bar"}, "foobar"},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if got := convertName(tt.args.s); got != tt.want {
|
|
t.Errorf("convertName() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func Test_newExtension(t *testing.T) {
|
|
type args struct {
|
|
e pkix.Extension
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want Extension
|
|
}{
|
|
{"ok", args{pkix.Extension{Id: []int{1, 2, 3, 4}, Value: []byte("foo")}}, Extension{ID: []int{1, 2, 3, 4}, Critical: false, Value: []byte("foo")}},
|
|
{"critical", args{pkix.Extension{Id: []int{1, 2, 3, 4}, Critical: true, Value: []byte("foo")}}, Extension{ID: []int{1, 2, 3, 4}, Critical: true, Value: []byte("foo")}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if got := newExtension(tt.args.e); !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("newExtension() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func Test_newExtensions(t *testing.T) {
|
|
ext1 := pkix.Extension{Id: []int{1, 2, 3, 4}, Value: []byte("foo")}
|
|
ext2 := pkix.Extension{Id: []int{4, 3, 2, 1}, Critical: true, Value: []byte("bar")}
|
|
|
|
type args struct {
|
|
extensions []pkix.Extension
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want []Extension
|
|
}{
|
|
{"ok", args{[]pkix.Extension{ext1, ext2}}, []Extension{
|
|
{ID: []int{1, 2, 3, 4}, Critical: false, Value: []byte("foo")},
|
|
{ID: []int{4, 3, 2, 1}, Critical: true, Value: []byte("bar")},
|
|
}},
|
|
{"nil", args{}, nil},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if got := newExtensions(tt.args.extensions); !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("newExtensions() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestExtension_Set(t *testing.T) {
|
|
type fields struct {
|
|
ID ObjectIdentifier
|
|
Critical bool
|
|
Value []byte
|
|
}
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", fields{[]int{1, 2, 3, 4}, true, []byte("foo")}, args{&x509.Certificate{}}, &x509.Certificate{
|
|
ExtraExtensions: []pkix.Extension{{Id: []int{1, 2, 3, 4}, Critical: true, Value: []byte("foo")}},
|
|
}},
|
|
{"existing", fields{[]int{1, 2, 3, 4}, true, []byte("foo")}, args{&x509.Certificate{
|
|
ExtraExtensions: []pkix.Extension{
|
|
{Id: []int{1, 1, 1, 1}, Critical: false, Value: []byte("foo")},
|
|
},
|
|
}}, &x509.Certificate{
|
|
ExtraExtensions: []pkix.Extension{
|
|
{Id: []int{1, 1, 1, 1}, Critical: false, Value: []byte("foo")},
|
|
{Id: []int{1, 2, 3, 4}, Critical: true, Value: []byte("foo")},
|
|
},
|
|
}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
e := Extension{
|
|
ID: tt.fields.ID,
|
|
Critical: tt.fields.Critical,
|
|
Value: tt.fields.Value,
|
|
}
|
|
e.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("Extension.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestObjectIdentifier_MarshalJSON(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
o ObjectIdentifier
|
|
want []byte
|
|
wantErr bool
|
|
}{
|
|
{"ok", []int{1, 2, 3, 4}, []byte(`"1.2.3.4"`), false},
|
|
{"empty", []int{}, []byte(`""`), false},
|
|
{"nil", nil, []byte(`""`), false},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := tt.o.MarshalJSON()
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("ObjectIdentifier.MarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
|
|
return
|
|
}
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("ObjectIdentifier.MarshalJSON() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestObjectIdentifier_UnmarshalJSON(t *testing.T) {
|
|
type args struct {
|
|
data []byte
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want ObjectIdentifier
|
|
wantErr bool
|
|
}{
|
|
{"ok", args{[]byte(`"1.2.3.4"`)}, []int{1, 2, 3, 4}, false},
|
|
{"empty", args{[]byte(`""`)}, []int{}, false},
|
|
{"null", args{[]byte(`null`)}, []int{}, false},
|
|
{"number", args{[]byte(`123`)}, nil, true},
|
|
{"badFormat", args{[]byte(`"1.2.foo.4`)}, nil, true},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
var got ObjectIdentifier
|
|
if err := got.UnmarshalJSON(tt.args.data); (err != nil) != tt.wantErr {
|
|
t.Errorf("ObjectIdentifier.UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
|
|
}
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("ObjectIdentifier.UnmarshalJSON() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestSubjectAlternativeName_Set(t *testing.T) {
|
|
panicCount := 0
|
|
type fields struct {
|
|
Type string
|
|
Value string
|
|
}
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"dns", fields{"dns", "foo.com"}, args{&x509.Certificate{}}, &x509.Certificate{DNSNames: []string{"foo.com"}}},
|
|
{"dnsAdd", fields{"DNS", "bar.com"}, args{&x509.Certificate{DNSNames: []string{"foo.com"}}}, &x509.Certificate{DNSNames: []string{"foo.com", "bar.com"}}},
|
|
{"email", fields{"email", "john@doe.com"}, args{&x509.Certificate{}}, &x509.Certificate{EmailAddresses: []string{"john@doe.com"}}},
|
|
{"emailAdd", fields{"EMAIL", "jane@doe.com"}, args{&x509.Certificate{EmailAddresses: []string{"john@doe.com"}}}, &x509.Certificate{EmailAddresses: []string{"john@doe.com", "jane@doe.com"}}},
|
|
{"ip", fields{"ip", "127.0.0.1"}, args{&x509.Certificate{}}, &x509.Certificate{IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}}},
|
|
{"ipAdd", fields{"IP", "::1"}, args{&x509.Certificate{IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}}}, &x509.Certificate{IPAddresses: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}}},
|
|
{"ipBad", fields{"IP", "fooo"}, args{&x509.Certificate{IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}}}, &x509.Certificate{IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}}},
|
|
{"uri", fields{"uri", "https://foo.com"}, args{&x509.Certificate{}}, &x509.Certificate{URIs: []*url.URL{{Scheme: "https", Host: "foo.com"}}}},
|
|
{"uriAdd", fields{"URI", "uri:foo:bar"}, args{&x509.Certificate{URIs: []*url.URL{{Scheme: "https", Host: "foo.com"}}}}, &x509.Certificate{URIs: []*url.URL{{Scheme: "https", Host: "foo.com"}, {Scheme: "uri", Opaque: "foo:bar"}}}},
|
|
{"uriBad", fields{"URI", "::1"}, args{&x509.Certificate{URIs: []*url.URL{{Scheme: "https", Host: "foo.com"}}}}, &x509.Certificate{URIs: []*url.URL{{Scheme: "https", Host: "foo.com"}}}},
|
|
{"AutoDNS", fields{"", "foo.com"}, args{&x509.Certificate{}}, &x509.Certificate{DNSNames: []string{"foo.com"}}},
|
|
{"AutoDNSAdd", fields{"auto", "bar.com"}, args{&x509.Certificate{DNSNames: []string{"foo.com"}}}, &x509.Certificate{DNSNames: []string{"foo.com", "bar.com"}}},
|
|
{"AutoEmail", fields{"AUTO", "john@doe.com"}, args{&x509.Certificate{}}, &x509.Certificate{EmailAddresses: []string{"john@doe.com"}}},
|
|
{"AutoEmailAdd", fields{"", "jane@doe.com"}, args{&x509.Certificate{EmailAddresses: []string{"john@doe.com"}}}, &x509.Certificate{EmailAddresses: []string{"john@doe.com", "jane@doe.com"}}},
|
|
{"IPAutoIP", fields{"AutO", "127.0.0.1"}, args{&x509.Certificate{}}, &x509.Certificate{IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}}},
|
|
{"AutoIPAdd", fields{"", "::1"}, args{&x509.Certificate{IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}}}, &x509.Certificate{IPAddresses: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}}},
|
|
{"AutoURI", fields{"Auto", "https://foo.com"}, args{&x509.Certificate{}}, &x509.Certificate{URIs: []*url.URL{{Scheme: "https", Host: "foo.com"}}}},
|
|
{"AutoURIAdd", fields{"", "uri:foo:bar"}, args{&x509.Certificate{URIs: []*url.URL{{Scheme: "https", Host: "foo.com"}}}}, &x509.Certificate{URIs: []*url.URL{{Scheme: "https", Host: "foo.com"}, {Scheme: "uri", Opaque: "foo:bar"}}}},
|
|
{"panic", fields{"panic", "foo.com"}, args{&x509.Certificate{}}, &x509.Certificate{DNSNames: []string{"foo.com"}}},
|
|
{"panicAdd", fields{"panic", "bar.com"}, args{&x509.Certificate{DNSNames: []string{"foo.com"}}}, &x509.Certificate{DNSNames: []string{"foo.com"}}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
defer func() {
|
|
if r := recover(); r != nil {
|
|
panicCount++
|
|
}
|
|
}()
|
|
s := SubjectAlternativeName{
|
|
Type: tt.fields.Type,
|
|
Value: tt.fields.Value,
|
|
}
|
|
s.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("SubjectAlternativeName.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
|
|
if panicCount != 2 {
|
|
t.Errorf("SubjectAlternativeName.Set() number of panics = %d, want 2", panicCount)
|
|
}
|
|
}
|
|
|
|
func TestKeyUsage_Set(t *testing.T) {
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
k KeyUsage
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", KeyUsage(x509.KeyUsageDigitalSignature), args{&x509.Certificate{}}, &x509.Certificate{KeyUsage: x509.KeyUsageDigitalSignature}},
|
|
{"overwrite", KeyUsage(x509.KeyUsageCRLSign | x509.KeyUsageCertSign), args{&x509.Certificate{KeyUsage: x509.KeyUsageDigitalSignature}}, &x509.Certificate{KeyUsage: x509.KeyUsageCRLSign | x509.KeyUsageCertSign}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
tt.k.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("KeyUsage.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestKeyUsage_UnmarshalJSON(t *testing.T) {
|
|
type args struct {
|
|
data []byte
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want KeyUsage
|
|
wantErr bool
|
|
}{
|
|
// Normalized
|
|
{"DigitalSignature", args{[]byte(`"DigitalSignature"`)}, KeyUsage(x509.KeyUsageDigitalSignature), false},
|
|
{"ContentCommitment", args{[]byte(`"ContentCommitment"`)}, KeyUsage(x509.KeyUsageContentCommitment), false},
|
|
{"KeyEncipherment", args{[]byte(`"KeyEncipherment"`)}, KeyUsage(x509.KeyUsageKeyEncipherment), false},
|
|
{"DataEncipherment", args{[]byte(`"DataEncipherment"`)}, KeyUsage(x509.KeyUsageDataEncipherment), false},
|
|
{"KeyAgreement", args{[]byte(`"KeyAgreement"`)}, KeyUsage(x509.KeyUsageKeyAgreement), false},
|
|
{"CertSign", args{[]byte(`"CertSign"`)}, KeyUsage(x509.KeyUsageCertSign), false},
|
|
{"CRLSign", args{[]byte(`"CRLSign"`)}, KeyUsage(x509.KeyUsageCRLSign), false},
|
|
{"EncipherOnly", args{[]byte(`"EncipherOnly"`)}, KeyUsage(x509.KeyUsageEncipherOnly), false},
|
|
{"DecipherOnly", args{[]byte(`"DecipherOnly"`)}, KeyUsage(x509.KeyUsageDecipherOnly), false},
|
|
// Snake case
|
|
{"digital_signature", args{[]byte(`"digital_signature"`)}, KeyUsage(x509.KeyUsageDigitalSignature), false},
|
|
{"content_commitment", args{[]byte(`"content_commitment"`)}, KeyUsage(x509.KeyUsageContentCommitment), false},
|
|
{"key_encipherment", args{[]byte(`"key_encipherment"`)}, KeyUsage(x509.KeyUsageKeyEncipherment), false},
|
|
{"data_encipherment", args{[]byte(`"data_encipherment"`)}, KeyUsage(x509.KeyUsageDataEncipherment), false},
|
|
{"key_agreement", args{[]byte(`"key_agreement"`)}, KeyUsage(x509.KeyUsageKeyAgreement), false},
|
|
{"cert_sign", args{[]byte(`"cert_sign"`)}, KeyUsage(x509.KeyUsageCertSign), false},
|
|
{"crl_sign", args{[]byte(`"crl_sign"`)}, KeyUsage(x509.KeyUsageCRLSign), false},
|
|
{"encipher_only", args{[]byte(`"encipher_only"`)}, KeyUsage(x509.KeyUsageEncipherOnly), false},
|
|
{"decipher_only", args{[]byte(`"decipher_only"`)}, KeyUsage(x509.KeyUsageDecipherOnly), false},
|
|
// MultiString
|
|
{"DigitalSignatureAsArray", args{[]byte(`["digital_signature"]`)}, KeyUsage(x509.KeyUsageDigitalSignature), false},
|
|
{"DigitalSignature|KeyEncipherment", args{[]byte(`["DigitalSignature", "key_encipherment"]`)}, KeyUsage(x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment), false},
|
|
// Errors
|
|
{"invalid", args{[]byte(`"invalid"`)}, KeyUsage(0), true},
|
|
{"number", args{[]byte(`123`)}, KeyUsage(0), true},
|
|
{"object", args{[]byte(`{}`)}, KeyUsage(0), true},
|
|
{"badJSON", args{[]byte(`{`)}, KeyUsage(0), true},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
var got KeyUsage
|
|
if err := got.UnmarshalJSON(tt.args.data); (err != nil) != tt.wantErr {
|
|
t.Errorf("KeyUsage.UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
|
|
}
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("KeyUsage.UnmarshalJSON() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestExtKeyUsage_Set(t *testing.T) {
|
|
eku1 := []x509.ExtKeyUsage{
|
|
x509.ExtKeyUsageClientAuth,
|
|
x509.ExtKeyUsageServerAuth,
|
|
}
|
|
eku2 := []x509.ExtKeyUsage{
|
|
x509.ExtKeyUsageCodeSigning,
|
|
}
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
k ExtKeyUsage
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", ExtKeyUsage(eku1), args{&x509.Certificate{}}, &x509.Certificate{ExtKeyUsage: eku1}},
|
|
{"overwrite", ExtKeyUsage(eku2), args{&x509.Certificate{ExtKeyUsage: eku1}}, &x509.Certificate{ExtKeyUsage: eku2}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
tt.k.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("ExtKeyUsage.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestExtKeyUsage_UnmarshalJSON(t *testing.T) {
|
|
type args struct {
|
|
data []byte
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want ExtKeyUsage
|
|
wantErr bool
|
|
}{
|
|
// Normalized
|
|
{"Any", args{[]byte(`"Any"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageAny}), false},
|
|
{"ServerAuth", args{[]byte(`"ServerAuth"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}), false},
|
|
{"ClientAuth", args{[]byte(`"ClientAuth"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}), false},
|
|
{"CodeSigning", args{[]byte(`"CodeSigning"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}), false},
|
|
{"EmailProtection", args{[]byte(`"EmailProtection"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection}), false},
|
|
{"IPSECEndSystem", args{[]byte(`"IPSECEndSystem"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECEndSystem}), false},
|
|
{"IPSECTunnel", args{[]byte(`"IPSECTunnel"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECTunnel}), false},
|
|
{"IPSECUser", args{[]byte(`"IPSECUser"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECUser}), false},
|
|
{"TimeStamping", args{[]byte(`"TimeStamping"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageTimeStamping}), false},
|
|
{"OCSPSigning", args{[]byte(`"OCSPSigning"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning}), false},
|
|
{"MicrosoftServerGatedCrypto", args{[]byte(`"MicrosoftServerGatedCrypto"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftServerGatedCrypto}), false},
|
|
{"NetscapeServerGatedCrypto", args{[]byte(`"NetscapeServerGatedCrypto"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageNetscapeServerGatedCrypto}), false},
|
|
{"MicrosoftCommercialCodeSigning", args{[]byte(`"MicrosoftCommercialCodeSigning"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftCommercialCodeSigning}), false},
|
|
{"MicrosoftKernelCodeSigning", args{[]byte(`"MicrosoftKernelCodeSigning"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftKernelCodeSigning}), false},
|
|
// Snake case
|
|
{"any", args{[]byte(`"any"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageAny}), false},
|
|
{"server_auth", args{[]byte(`"server_auth"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}), false},
|
|
{"client_auth", args{[]byte(`"client_auth"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}), false},
|
|
{"code_signing", args{[]byte(`"code_signing"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}), false},
|
|
{"email_protection", args{[]byte(`"email_protection"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection}), false},
|
|
{"ipsec_end_system", args{[]byte(`"ipsec_end_system"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECEndSystem}), false},
|
|
{"ipsec_tunnel", args{[]byte(`"ipsec_tunnel"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECTunnel}), false},
|
|
{"ipsec_user", args{[]byte(`"ipsec_user"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECUser}), false},
|
|
{"time_stamping", args{[]byte(`"time_stamping"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageTimeStamping}), false},
|
|
{"ocsp_signing", args{[]byte(`"ocsp_signing"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning}), false},
|
|
{"microsoft_server_gated_crypto", args{[]byte(`"microsoft_server_gated_crypto"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftServerGatedCrypto}), false},
|
|
{"netscape_server_gated_crypto", args{[]byte(`"netscape_server_gated_crypto"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageNetscapeServerGatedCrypto}), false},
|
|
{"microsoft_commercial_code_signing", args{[]byte(`"microsoft_commercial_code_signing"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftCommercialCodeSigning}), false},
|
|
{"microsoft_kernel_code_signing", args{[]byte(`"microsoft_kernel_code_signing"`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftKernelCodeSigning}), false},
|
|
// Multistring
|
|
{"CodeSigningAsArray", args{[]byte(`["code_signing"]`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}), false},
|
|
{"ServerAuth+ClientAuth", args{[]byte(`["ServerAuth","client_auth"]`)}, ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}), false},
|
|
// Errors
|
|
{"invalid", args{[]byte(`"invalid"`)}, nil, true},
|
|
{"number", args{[]byte(`123`)}, nil, true},
|
|
{"object", args{[]byte(`{}`)}, nil, true},
|
|
{"badJSON", args{[]byte(`{`)}, nil, true},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
var got ExtKeyUsage
|
|
if err := got.UnmarshalJSON(tt.args.data); (err != nil) != tt.wantErr {
|
|
t.Errorf("ExtKeyUsage.UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
|
|
}
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("ExtKeyUsage.UnmarshalJSON() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestSubjectKeyID_Set(t *testing.T) {
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
id SubjectKeyID
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", []byte("subjectKeyID"), args{&x509.Certificate{}}, &x509.Certificate{SubjectKeyId: []byte("subjectKeyID")}},
|
|
{"overwrite", []byte("newSubjectKeyID"), args{&x509.Certificate{SubjectKeyId: []byte("subjectKeyID")}}, &x509.Certificate{SubjectKeyId: []byte("newSubjectKeyID")}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
tt.id.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("SubjectKeyID.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAuthorityKeyID_Set(t *testing.T) {
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
id AuthorityKeyID
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", []byte("authorityKeyID"), args{&x509.Certificate{}}, &x509.Certificate{AuthorityKeyId: []byte("authorityKeyID")}},
|
|
{"overwrite", []byte("newAuthorityKeyID"), args{&x509.Certificate{AuthorityKeyId: []byte("authorityKeyID")}}, &x509.Certificate{AuthorityKeyId: []byte("newAuthorityKeyID")}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
tt.id.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("AuthorityKeyID.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOCSPServer_Set(t *testing.T) {
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
o OCSPServer
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", []string{"oscp.server"}, args{&x509.Certificate{}}, &x509.Certificate{OCSPServer: []string{"oscp.server"}}},
|
|
{"overwrite", []string{"oscp.server", "oscp.com"}, args{&x509.Certificate{OCSPServer: []string{"oscp.server"}}}, &x509.Certificate{OCSPServer: []string{"oscp.server", "oscp.com"}}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
tt.o.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("OCSPServer.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestIssuingCertificateURL_Set(t *testing.T) {
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
o IssuingCertificateURL
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", []string{"issuing.server"}, args{&x509.Certificate{}}, &x509.Certificate{IssuingCertificateURL: []string{"issuing.server"}}},
|
|
{"overwrite", []string{"issuing.server", "issuing.com"}, args{&x509.Certificate{IssuingCertificateURL: []string{"issuing.server"}}}, &x509.Certificate{IssuingCertificateURL: []string{"issuing.server", "issuing.com"}}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
tt.o.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("IssuingCertificateURL.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCRLDistributionPoints_Set(t *testing.T) {
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
o CRLDistributionPoints
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", []string{"crl.server"}, args{&x509.Certificate{}}, &x509.Certificate{CRLDistributionPoints: []string{"crl.server"}}},
|
|
{"overwrite", []string{"crl.server", "crl.com"}, args{&x509.Certificate{CRLDistributionPoints: []string{"crl.server"}}}, &x509.Certificate{CRLDistributionPoints: []string{"crl.server", "crl.com"}}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
tt.o.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("CRLDistributionPoints.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestPolicyIdentifiers_Set(t *testing.T) {
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
o PolicyIdentifiers
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", []asn1.ObjectIdentifier{{1, 2, 3, 4}}, args{&x509.Certificate{}}, &x509.Certificate{PolicyIdentifiers: []asn1.ObjectIdentifier{{1, 2, 3, 4}}}},
|
|
{"overwrite", []asn1.ObjectIdentifier{{1, 2, 3, 4}, {4, 3, 2, 1}}, args{&x509.Certificate{PolicyIdentifiers: []asn1.ObjectIdentifier{{1, 2, 3, 4}}}}, &x509.Certificate{PolicyIdentifiers: []asn1.ObjectIdentifier{{1, 2, 3, 4}, {4, 3, 2, 1}}}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
tt.o.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("PolicyIdentifiers.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestBasicConstraints_Set(t *testing.T) {
|
|
type fields struct {
|
|
IsCA bool
|
|
MaxPathLen int
|
|
}
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"IsCAFalse", fields{false, 0}, args{&x509.Certificate{}}, &x509.Certificate{}},
|
|
{"IsCAFalseWithPathLen", fields{false, 1}, args{&x509.Certificate{}}, &x509.Certificate{}},
|
|
{"IsCAFalseWithAnyPathLen", fields{false, -1}, args{&x509.Certificate{}}, &x509.Certificate{}},
|
|
{"IsCATrue", fields{true, 0}, args{&x509.Certificate{}}, &x509.Certificate{IsCA: true, MaxPathLen: 0, MaxPathLenZero: true, BasicConstraintsValid: true}},
|
|
{"IsCATrueWithPathLen", fields{true, 1}, args{&x509.Certificate{}}, &x509.Certificate{IsCA: true, MaxPathLen: 1, MaxPathLenZero: false, BasicConstraintsValid: true}},
|
|
{"IsCATrueWithAnyPathLen", fields{true, -1}, args{&x509.Certificate{}}, &x509.Certificate{IsCA: true, MaxPathLen: -1, MaxPathLenZero: false, BasicConstraintsValid: true}},
|
|
{"overwriteToFalse", fields{false, 0}, args{&x509.Certificate{IsCA: true, MaxPathLen: 0, MaxPathLenZero: true, BasicConstraintsValid: true}}, &x509.Certificate{}},
|
|
{"overwriteToTrue", fields{true, -100}, args{&x509.Certificate{IsCA: true, MaxPathLen: 0, MaxPathLenZero: true, BasicConstraintsValid: true}}, &x509.Certificate{IsCA: true, MaxPathLen: -1, MaxPathLenZero: false, BasicConstraintsValid: true}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
b := BasicConstraints{
|
|
IsCA: tt.fields.IsCA,
|
|
MaxPathLen: tt.fields.MaxPathLen,
|
|
}
|
|
b.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("BasicConstraints.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestNameConstraints_Set(t *testing.T) {
|
|
ipNet := func(s string) *net.IPNet {
|
|
_, ipNet, err := net.ParseCIDR(s)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
return ipNet
|
|
}
|
|
type fields struct {
|
|
Critical bool
|
|
PermittedDNSDomains MultiString
|
|
ExcludedDNSDomains MultiString
|
|
PermittedIPRanges MultiIPNet
|
|
ExcludedIPRanges MultiIPNet
|
|
PermittedEmailAddresses MultiString
|
|
ExcludedEmailAddresses MultiString
|
|
PermittedURIDomains MultiString
|
|
ExcludedURIDomains MultiString
|
|
}
|
|
type args struct {
|
|
c *x509.Certificate
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
want *x509.Certificate
|
|
}{
|
|
{"ok", fields{
|
|
Critical: true,
|
|
PermittedDNSDomains: []string{"foo.com", "bar.com"},
|
|
ExcludedDNSDomains: []string{"zar.com"},
|
|
PermittedIPRanges: []*net.IPNet{ipNet("1.2.0.0/16"), ipNet("2.3.4.0/8")},
|
|
ExcludedIPRanges: []*net.IPNet{ipNet("3.0.0.0/24")},
|
|
PermittedEmailAddresses: []string{"root@foo.com"},
|
|
ExcludedEmailAddresses: []string{"admin@foo.com", "root@bar.com", "admin@bar.com"},
|
|
PermittedURIDomains: []string{".foo.com", ".bar.com"},
|
|
ExcludedURIDomains: []string{".zar.com"},
|
|
}, args{&x509.Certificate{}}, &x509.Certificate{
|
|
PermittedDNSDomainsCritical: true,
|
|
PermittedDNSDomains: []string{"foo.com", "bar.com"},
|
|
ExcludedDNSDomains: []string{"zar.com"},
|
|
PermittedIPRanges: []*net.IPNet{ipNet("1.2.0.0/16"), ipNet("2.3.4.0/8")},
|
|
ExcludedIPRanges: []*net.IPNet{ipNet("3.0.0.0/24")},
|
|
PermittedEmailAddresses: []string{"root@foo.com"},
|
|
ExcludedEmailAddresses: []string{"admin@foo.com", "root@bar.com", "admin@bar.com"},
|
|
PermittedURIDomains: []string{".foo.com", ".bar.com"},
|
|
ExcludedURIDomains: []string{".zar.com"},
|
|
}},
|
|
{"overwrite", fields{}, args{&x509.Certificate{
|
|
PermittedDNSDomainsCritical: true,
|
|
PermittedDNSDomains: []string{"foo.com", "bar.com"},
|
|
ExcludedDNSDomains: []string{"zar.com"},
|
|
PermittedIPRanges: []*net.IPNet{ipNet("1.2.0.0/16"), ipNet("2.3.4.0/8")},
|
|
ExcludedIPRanges: []*net.IPNet{ipNet("3.0.0.0/24")},
|
|
PermittedEmailAddresses: []string{"root@foo.com"},
|
|
ExcludedEmailAddresses: []string{"admin@foo.com", "root@bar.com", "admin@bar.com"},
|
|
PermittedURIDomains: []string{".foo.com", ".bar.com"},
|
|
ExcludedURIDomains: []string{".zar.com"},
|
|
}}, &x509.Certificate{}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
n := NameConstraints{
|
|
Critical: tt.fields.Critical,
|
|
PermittedDNSDomains: tt.fields.PermittedDNSDomains,
|
|
ExcludedDNSDomains: tt.fields.ExcludedDNSDomains,
|
|
PermittedIPRanges: tt.fields.PermittedIPRanges,
|
|
ExcludedIPRanges: tt.fields.ExcludedIPRanges,
|
|
PermittedEmailAddresses: tt.fields.PermittedEmailAddresses,
|
|
ExcludedEmailAddresses: tt.fields.ExcludedEmailAddresses,
|
|
PermittedURIDomains: tt.fields.PermittedURIDomains,
|
|
ExcludedURIDomains: tt.fields.ExcludedURIDomains,
|
|
}
|
|
n.Set(tt.args.c)
|
|
if !reflect.DeepEqual(tt.args.c, tt.want) {
|
|
t.Errorf("NameConstraints.Set() = %v, want %v", tt.args.c, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|