diff options
| author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-27 19:49:24 +0100 | 
|---|---|---|
| committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-27 19:49:24 +0100 | 
| commit | aa9189a05fa548bbad80af42a84027a6e9c40737 (patch) | |
| tree | 6ff8eacf04f0a3bb96eecee96a92b8a50473b348 /crypto_test.go | |
| parent | e350e63ccbb6cd84d48a8187c7d7727a4027c3fb (diff) | |
added buildChainFromDerList tests
Diffstat (limited to 'crypto_test.go')
| -rw-r--r-- | crypto_test.go | 99 | 
1 files changed, 98 insertions, 1 deletions
| diff --git a/crypto_test.go b/crypto_test.go index 577244a..b7179f3 100644 --- a/crypto_test.go +++ b/crypto_test.go @@ -7,14 +7,97 @@ import (  	"testing"  	cttestdata "github.com/google/certificate-transparency-go/trillian/testdata" +	"github.com/system-transparency/stfe/x509util" +	"github.com/system-transparency/stfe/x509util/testdata"  )  var (  	testLeaf = make([]byte, 64)  ) -// TODO: TestBuildChainFromDerList  func TestBuildChainFromDerList(t *testing.T) { +	for _, table := range []struct { +		description string +		maxChain    int64    // including trust anchor +		anchors     []byte   // pem block +		chain       [][]byte // der list +		wantErr     bool +	}{ +		{ +			description: "bad chain: cannot be parsed because empty", +			maxChain:    3, +			anchors:     testdata.RootCertificate, +			wantErr:     true, +		}, +		{ +			description: "bad chain: no path from end-entity to intermediate", +			maxChain:    3, +			anchors:     testdata.RootCertificate2, +			chain:       mustMakeDerList(t, testdata.ChainBadIntermediate)[:2], +			wantErr:     true, +		}, +		{ +			description: "bad chain: no path from intermediate to root", +			maxChain:    3, +			anchors:     testdata.RootCertificate2, +			chain:       mustMakeDerList(t, testdata.IntermediateChain), +			wantErr:     true, +		}, +		{ +			description: "bad chain: end-entity certificate expired", +			maxChain:    3, +			anchors:     testdata.RootCertificate, +			chain:       mustMakeDerList(t, testdata.ExpiredChain), +		}, +		{ +			description: "bad chain: too large", +			maxChain:    2, +			anchors:     testdata.RootCertificate, +			chain:       mustMakeDerList(t, testdata.IntermediateChain), +			wantErr:     true, +		}, +		{ +			description: "ok chain: one explicit trust anchor", +			maxChain:    3, +			anchors:     testdata.RootCertificate, +			chain:       mustMakeDerList(t, testdata.RootChain), +		}, +		{ +			description: "ok chain: unnecessary certificates are ignored", +			maxChain:    3, +			anchors:     testdata.RootCertificate, +			chain:       append(mustMakeDerList(t, testdata.IntermediateChain), mustMakeDerList(t, testdata.IntermediateChain2)...), +		}, +		{ +			description: "ok chain: multiple anchors but one valid path", +			maxChain:    3, +			anchors:     testdata.TrustAnchors, +			chain:       mustMakeDerList(t, testdata.IntermediateChain), +		}, +		// Note that the underlying verify function also checks name constraints +		// and extended key usages.  Not relied upon atm, so not tested. +	} { +		anchorList, err := x509util.NewCertificateList(table.anchors) +		if err != nil { +			t.Fatalf("must parse trust anchors: %v", err) +		} +		lp := &LogParameters{ +			LogId:      testLogId, +			TreeId:     testTreeId, +			Prefix:     testPrefix, +			MaxRange:   testMaxRange, +			MaxChain:   table.maxChain, +			AnchorPool: x509util.NewCertPool(anchorList), +			AnchorList: anchorList, +			KeyUsage:   testExtKeyUsage, +			Signer:     nil, +			HashType:   testHashType, +		} +		_, err = lp.buildChainFromDerList(table.chain) +		if got, want := err != nil, table.wantErr; got != want { +			t.Errorf("got error=%v but wanted %v in test %q: %v", got, want, table.description, err) +		} +	}  }  // TODO: TestVerifySignature @@ -133,3 +216,17 @@ func TestGenV1Sth(t *testing.T) {  }  // TODO: test that metrics are updated correctly? + +// mustMakeDerList must parse a PEM-encoded list of certificates to DER +func mustMakeDerList(t *testing.T, pem []byte) [][]byte { +	certs, err := x509util.NewCertificateList(pem) +	if err != nil { +		t.Fatalf("must parse pem-encoded certificates: %v", err) +	} + +	list := make([][]byte, 0, len(certs)) +	for _, cert := range certs { +		list = append(list, cert.Raw) +	} +	return list +} | 
