/
signer_test.go
150 lines (138 loc) · 4 KB
/
signer_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package signer
import (
"bytes"
"crypto/x509"
"encoding/asn1"
"encoding/hex"
"fmt"
"reflect"
"testing"
"github.com/cloudflare/cfssl/config"
"github.com/cloudflare/cfssl/csr"
)
func TestAppendIf(t *testing.T) {
s := ""
a := make([]string, 0, 5)
appendIf(s, &a)
if len(a) != 0 {
t.Fatal("appendIf should not append to a with an empty s")
}
s = "test"
appendIf(s, &a)
if len(a[0]) != 4 {
t.Fatal("appendIf should append s to a")
}
}
func TestSplitHosts(t *testing.T) {
list := SplitHosts("")
if list != nil {
t.Fatal("SplitHost should return nil with empty input")
}
list = SplitHosts("single.domain")
if len(list) != 1 {
t.Fatal("SplitHost fails to split single domain")
}
list = SplitHosts("comma,separated,values")
if len(list) != 3 {
t.Fatal("SplitHost fails to split multiple domains")
}
if list[0] != "comma" || list[1] != "separated" || list[2] != "values" {
t.Fatal("SplitHost fails to split multiple domains")
}
}
func TestAddPolicies(t *testing.T) {
var cert x509.Certificate
addPolicies(&cert, []config.CertificatePolicy{
{
ID: config.OID([]int{1, 2, 3, 4}),
},
})
if len(cert.ExtraExtensions) != 1 {
t.Fatal("No extension added")
}
ext := cert.ExtraExtensions[0]
if !reflect.DeepEqual(ext.Id, asn1.ObjectIdentifier{2, 5, 29, 32}) {
t.Fatal(fmt.Sprintf("Wrong OID for policy qualifier %v", ext.Id))
}
if ext.Critical {
t.Fatal("Policy qualifier marked critical")
}
expectedBytes, _ := hex.DecodeString("3007300506032a0304")
if !bytes.Equal(ext.Value, expectedBytes) {
t.Fatal(fmt.Sprintf("Value didn't match expected bytes: got %s, expected %s",
hex.EncodeToString(ext.Value), hex.EncodeToString(expectedBytes)))
}
}
func TestAddPoliciesWithQualifiers(t *testing.T) {
var cert x509.Certificate
addPolicies(&cert, []config.CertificatePolicy{
{
ID: config.OID([]int{1, 2, 3, 4}),
Qualifiers: []config.CertificatePolicyQualifier{
{
Type: "id-qt-cps",
Value: "http://example.com/cps",
},
{
Type: "id-qt-unotice",
Value: "Do What Thou Wilt",
},
},
},
})
if len(cert.ExtraExtensions) != 1 {
t.Fatal("No extension added")
}
ext := cert.ExtraExtensions[0]
if !reflect.DeepEqual(ext.Id, asn1.ObjectIdentifier{2, 5, 29, 32}) {
t.Fatal(fmt.Sprintf("Wrong OID for policy qualifier %v", ext.Id))
}
if ext.Critical {
t.Fatal("Policy qualifier marked critical")
}
expectedBytes, _ := hex.DecodeString("304e304c06032a03043045302206082b060105050702011616687474703a2f2f6578616d706c652e636f6d2f637073301f06082b0601050507020230130c11446f20576861742054686f752057696c74")
if !bytes.Equal(ext.Value, expectedBytes) {
t.Fatal(fmt.Sprintf("Value didn't match expected bytes: %s vs %s",
hex.EncodeToString(ext.Value), hex.EncodeToString(expectedBytes)))
}
}
func TestName(t *testing.T) {
sub := &Subject{
CN: "foobar",
Names: []csr.Name{
{
C: "US",
ST: "CA",
L: "Cool Locality",
O: "Cool Org",
OU: "Really Cool Sub Org",
},
{
L: "Another Cool Locality",
},
},
SerialNumber: "deadbeef",
}
name := sub.Name()
if name.CommonName != sub.CN {
t.Errorf("CommonName: want %#v, got %#v", sub.CN, name.CommonName)
}
if name.SerialNumber != sub.SerialNumber {
t.Errorf("SerialNumber: want %#v, got %#v", sub.SerialNumber, name.SerialNumber)
}
if !reflect.DeepEqual([]string{"US"}, name.Country) {
t.Errorf("Country: want %s, got %s", []string{"US"}, name.Country)
}
if !reflect.DeepEqual([]string{"CA"}, name.Province) {
t.Errorf("Province: want %s, got %s", []string{"CA"}, name.Province)
}
if !reflect.DeepEqual([]string{"Cool Org"}, name.Organization) {
t.Errorf("Organization: want %s, got %s", []string{"Cool Org"}, name.Organization)
}
if !reflect.DeepEqual([]string{"Really Cool Sub Org"}, name.OrganizationalUnit) {
t.Errorf("Province: want %s, got %s", []string{"Really Cool Sub Org"}, name.OrganizationalUnit)
}
if !reflect.DeepEqual([]string{"Cool Locality", "Another Cool Locality"}, name.Locality) {
t.Errorf("Locality: want %s, got %s", []string{"CA"}, name.Locality)
}
}