@@ -73,6 +73,7 @@ func makeCertificate() (serialNumber *big.Int, cert *x509.Certificate, pemBytes
73 73
Organization: []string{"Cornell CS 5152"},
74 74
},
75 75
AuthorityKeyId: []byte{42, 42, 42, 42},
76 +
NotAfter: time.Now(),
76 77
}
77 78
cert = &template
78 79
@@ -91,9 +92,9 @@ func makeCertificate() (serialNumber *big.Int, cert *x509.Certificate, pemBytes
91 92
Subject: pkix.Name{
92 93
Organization: []string{"Cornell CS 5152"},
93 94
},
94 -
AuthorityKeyId: []byte{42, 42, 42, 42},
95 -
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
96 -
IsCA: true,
95 +
AuthorityKeyId: []byte{42, 42, 42, 42},
96 +
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
97 +
IsCA: true,
97 98
BasicConstraintsValid: true,
98 99
}
99 100
issuerBytes, err := x509.CreateCertificate(rand.Reader, &issuerTemplate, &issuerTemplate, &privKey.PublicKey, privKey)
@@ -153,10 +154,11 @@ func TestInsertValidCertificate(t *testing.T) {
153 154
}
154 155 155 156
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
156 -
"serial_number": serialNumber.Text(16),
157 +
"serial_number": serialNumber.Text(10),
157 158
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
158 159
"status": "good",
159 160
"pem": string(pemBytes),
161 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
160 162
})
161 163 162 164
if resp.StatusCode != http.StatusOK {
@@ -179,7 +181,7 @@ func TestInsertValidCertificate(t *testing.T) {
179 181
t.Fatal("Could not parse returned OCSP response", err)
180 182
}
181 183 182 -
ocsps, err := dbAccessor.GetOCSP(serialNumber.Text(16), hex.EncodeToString(cert.AuthorityKeyId))
184 +
ocsps, err := dbAccessor.GetOCSP(serialNumber.Text(10), hex.EncodeToString(cert.AuthorityKeyId))
183 185
if err != nil {
184 186
t.Fatal(err)
185 187
}
@@ -223,6 +225,7 @@ func TestInsertMissingSerial(t *testing.T) {
223 225
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
224 226
"status": "good",
225 227
"pem": string(pemBytes),
228 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
226 229
})
227 230 228 231
if resp.StatusCode != http.StatusBadRequest {
@@ -236,16 +239,41 @@ func TestInsertMissingAKI(t *testing.T) {
236 239
t.Fatal(err)
237 240
}
238 241 239 -
serialNumber, _, pemBytes, signer, err := makeCertificate()
242 +
serialNumber, cert, pemBytes, signer, err := makeCertificate()
240 243 241 244
if err != nil {
242 245
t.Fatal(err)
243 246
}
244 247 245 248
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
246 -
"serial_number": serialNumber.Text(16),
249 +
"serial_number": serialNumber.Text(10),
247 250
"status": "good",
248 251
"pem": string(pemBytes),
252 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
253 +
})
254 + 255 +
if resp.StatusCode != http.StatusBadRequest {
256 +
t.Fatal("Expected HTTP Bad Request", resp.StatusCode, string(body))
257 +
}
258 +
}
259 + 260 +
func TestInsertMissingExpiry(t *testing.T) {
261 +
dbAccessor, err := prepDB()
262 +
if err != nil {
263 +
t.Fatal(err)
264 +
}
265 + 266 +
serialNumber, cert, pemBytes, signer, err := makeCertificate()
267 + 268 +
if err != nil {
269 +
t.Fatal(err)
270 +
}
271 + 272 +
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
273 +
"serial_number": serialNumber.Text(10),
274 +
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
275 +
"status": "good",
276 +
"pem": string(pemBytes),
249 277
})
250 278 251 279
if resp.StatusCode != http.StatusBadRequest {
@@ -266,9 +294,10 @@ func TestInsertMissingPEM(t *testing.T) {
266 294
}
267 295 268 296
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
269 -
"serial_number": serialNumber.Text(16),
297 +
"serial_number": serialNumber.Text(10),
270 298
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
271 299
"status": "good",
300 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
272 301
})
273 302 274 303
if resp.StatusCode != http.StatusBadRequest {
@@ -293,6 +322,7 @@ func TestInsertInvalidSerial(t *testing.T) {
293 322
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
294 323
"status": "good",
295 324
"pem": string(pemBytes),
325 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
296 326
})
297 327 298 328
if resp.StatusCode != http.StatusBadRequest {
@@ -306,17 +336,18 @@ func TestInsertInvalidAKI(t *testing.T) {
306 336
t.Fatal(err)
307 337
}
308 338 309 -
serialNumber, _, pemBytes, signer, err := makeCertificate()
339 +
serialNumber, cert, pemBytes, signer, err := makeCertificate()
310 340 311 341
if err != nil {
312 342
t.Fatal(err)
313 343
}
314 344 315 345
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
316 -
"serial_number": serialNumber.Text(16),
346 +
"serial_number": serialNumber.Text(10),
317 347
"authority_key_identifier": "this is not an AKI",
318 348
"status": "good",
319 349
"pem": string(pemBytes),
350 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
320 351
})
321 352 322 353
if resp.StatusCode != http.StatusBadRequest {
@@ -337,10 +368,11 @@ func TestInsertInvalidStatus(t *testing.T) {
337 368
}
338 369 339 370
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
340 -
"serial_number": serialNumber.Text(16),
371 +
"serial_number": serialNumber.Text(10),
341 372
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
342 373
"status": "invalid",
343 374
"pem": string(pemBytes),
375 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
344 376
})
345 377 346 378
if resp.StatusCode != http.StatusBadRequest {
@@ -361,10 +393,36 @@ func TestInsertInvalidPEM(t *testing.T) {
361 393
}
362 394 363 395
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
364 -
"serial_number": serialNumber.Text(16),
396 +
"serial_number": serialNumber.Text(10),
365 397
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
366 398
"status": "good",
367 399
"pem": "this is not a PEM certificate",
400 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
401 +
})
402 + 403 +
if resp.StatusCode != http.StatusBadRequest {
404 +
t.Fatal("Expected HTTP Bad Request, got", resp.StatusCode, string(body))
405 +
}
406 +
}
407 + 408 +
func TestInsertInvalidExpiry(t *testing.T) {
409 +
dbAccessor, err := prepDB()
410 +
if err != nil {
411 +
t.Fatal(err)
412 +
}
413 + 414 +
serialNumber, cert, pemBytes, signer, err := makeCertificate()
415 + 416 +
if err != nil {
417 +
t.Fatal(err)
418 +
}
419 + 420 +
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
421 +
"serial_number": serialNumber.Text(10),
422 +
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
423 +
"status": "good",
424 +
"pem": string(pemBytes),
425 +
"expiry": "this is not an expiry",
368 426
})
369 427 370 428
if resp.StatusCode != http.StatusBadRequest {
@@ -385,10 +443,11 @@ func TestInsertWrongSerial(t *testing.T) {
385 443
}
386 444 387 445
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
388 -
"serial_number": big.NewInt(1).Text(16),
446 +
"serial_number": big.NewInt(1).Text(10),
389 447
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
390 448
"status": "good",
391 449
"pem": string(pemBytes),
450 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
392 451
})
393 452 394 453
if resp.StatusCode != http.StatusBadRequest {
@@ -402,17 +461,43 @@ func TestInsertWrongAKI(t *testing.T) {
402 461
t.Fatal(err)
403 462
}
404 463 464 +
serialNumber, cert, pemBytes, signer, err := makeCertificate()
465 + 466 +
if err != nil {
467 +
t.Fatal(err)
468 +
}
469 + 470 +
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
471 +
"serial_number": serialNumber.Text(10),
472 +
"authority_key_identifier": hex.EncodeToString([]byte{7, 7}),
473 +
"status": "good",
474 +
"pem": string(pemBytes),
475 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
476 +
})
477 + 478 +
if resp.StatusCode != http.StatusBadRequest {
479 +
t.Fatal("Expected HTTP Bad Request", resp.StatusCode, string(body))
480 +
}
481 +
}
482 + 483 +
func TestInsertWrongExpiry(t *testing.T) {
484 +
dbAccessor, err := prepDB()
485 +
if err != nil {
486 +
t.Fatal(err)
487 +
}
488 + 405 489
serialNumber, _, pemBytes, signer, err := makeCertificate()
406 490 407 491
if err != nil {
408 492
t.Fatal(err)
409 493
}
410 494 411 495
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
412 -
"serial_number": serialNumber.Text(16),
496 +
"serial_number": serialNumber.Text(10),
413 497
"authority_key_identifier": hex.EncodeToString([]byte{7, 7}),
414 498
"status": "good",
415 499
"pem": string(pemBytes),
500 +
"expiry": time.Now().UTC().Format(time.RFC3339),
416 501
})
417 502 418 503
if resp.StatusCode != http.StatusBadRequest {
@@ -433,18 +518,19 @@ func TestInsertRevokedCertificate(t *testing.T) {
433 518
}
434 519 435 520
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
436 -
"serial_number": serialNumber.Text(16),
521 +
"serial_number": serialNumber.Text(10),
437 522
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
438 523
"status": "revoked",
439 524
"pem": string(pemBytes),
440 525
"revoked_at": time.Now(),
526 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
441 527
})
442 528 443 529
if resp.StatusCode != http.StatusOK {
444 530
t.Fatal("Expected HTTP OK", resp.StatusCode, string(body))
445 531
}
446 532 447 -
ocsps, err := dbAccessor.GetOCSP(serialNumber.Text(16), hex.EncodeToString(cert.AuthorityKeyId))
533 +
ocsps, err := dbAccessor.GetOCSP(serialNumber.Text(10), hex.EncodeToString(cert.AuthorityKeyId))
448 534
if err != nil {
449 535
t.Fatal(err)
450 536
}
@@ -477,10 +563,11 @@ func TestInsertRevokedCertificateWithoutTime(t *testing.T) {
477 563
}
478 564 479 565
resp, body := makeRequest(t, dbAccessor, signer, map[string]interface{}{
480 -
"serial_number": serialNumber.Text(16),
566 +
"serial_number": serialNumber.Text(10),
481 567
"authority_key_identifier": hex.EncodeToString(cert.AuthorityKeyId),
482 568
"status": "revoked",
483 569
"pem": string(pemBytes),
570 +
"expiry": cert.NotAfter.UTC().Format(time.RFC3339),
484 571
// Omit RevokedAt
485 572
})
486 573 RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4