aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--handler_test.go22
-rw-r--r--instance_test.go7
-rw-r--r--reqres_test.go10
-rw-r--r--testdata/data.go89
-rw-r--r--trillian_test.go24
-rw-r--r--type_test.go6
-rw-r--r--x509util/testdata/data.go2
7 files changed, 35 insertions, 125 deletions
diff --git a/handler_test.go b/handler_test.go
index cb11a07..4bfb87d 100644
--- a/handler_test.go
+++ b/handler_test.go
@@ -20,8 +20,8 @@ import (
"github.com/google/certificate-transparency-go/trillian/mockclient"
cttestdata "github.com/google/certificate-transparency-go/trillian/testdata"
"github.com/google/trillian"
- "github.com/system-transparency/stfe/testdata"
"github.com/system-transparency/stfe/x509util"
+ "github.com/system-transparency/stfe/x509util/testdata"
)
type testHandler struct {
@@ -148,6 +148,7 @@ func TestGetAnchors(t *testing.T) {
}
func TestGetEntries(t *testing.T) {
+ chainLen := 3
for _, table := range []struct {
description string
breq *GetEntriesRequest
@@ -181,7 +182,7 @@ func TestGetEntries(t *testing.T) {
Start: 0,
End: 1,
},
- trsp: makeTrillianGetLeavesByRangeResponse(t, 0, 1, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, false),
+ trsp: makeTrillianGetLeavesByRangeResponse(t, 0, 1, []byte("foobar-1.2.3"), testdata.RootChain, testdata.EndEntityPrivateKey, false),
wantCode: http.StatusInternalServerError,
wantErrText: http.StatusText(http.StatusInternalServerError) + "\n",
},
@@ -191,7 +192,7 @@ func TestGetEntries(t *testing.T) {
Start: 0,
End: 1,
},
- trsp: makeTrillianGetLeavesByRangeResponse(t, 0, 1, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, true),
+ trsp: makeTrillianGetLeavesByRangeResponse(t, 0, 1, []byte("foobar-1.2.3"), testdata.RootChain, testdata.EndEntityPrivateKey, true),
wantCode: http.StatusOK,
},
} {
@@ -251,8 +252,7 @@ func TestGetEntries(t *testing.T) {
chain, err := x509util.ParseDerList(rsp.Chain)
if err != nil {
t.Errorf("failed parsing certificate chain: %v", err)
- } else if got, want := len(chain), 2; got != want {
- // TODO: test data with trust anchor in chain
+ } else if got, want := len(chain), chainLen; got != want {
t.Errorf("got chain length %d, want %d", got, want)
} else {
if err := x509util.VerifyChain(chain); err != nil {
@@ -282,29 +282,29 @@ func TestAddEntry(t *testing.T) {
}{
{
description: "empty trillian response",
- breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, true),
+ breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, true),
terr: fmt.Errorf("back-end failure"),
wantCode: http.StatusInternalServerError,
wantErrText: http.StatusText(http.StatusInternalServerError) + "\n",
},
{
description: "bad request parameters",
- breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, false),
+ breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, false),
wantCode: http.StatusBadRequest,
wantErrText: http.StatusText(http.StatusBadRequest) + "\n",
},
{
description: "log signature failure",
- breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, true),
- trsp: makeTrillianQueueLeafResponse(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, false),
+ breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, true),
+ trsp: makeTrillianQueueLeafResponse(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, false),
wantCode: http.StatusInternalServerError,
wantErrText: http.StatusText(http.StatusInternalServerError) + "\n",
signer: cttestdata.NewSignerWithErr(nil, fmt.Errorf("signing failed")),
},
{
description: "valid add-entry request-response",
- breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, true),
- trsp: makeTrillianQueueLeafResponse(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, false),
+ breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, true),
+ trsp: makeTrillianQueueLeafResponse(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, false),
wantCode: http.StatusOK,
signer: cttestdata.NewSignerWithFixedSig(nil, make([]byte, 32)),
},
diff --git a/instance_test.go b/instance_test.go
index f4a8fea..582b232 100644
--- a/instance_test.go
+++ b/instance_test.go
@@ -6,8 +6,8 @@ import (
"crypto"
"crypto/x509"
- "github.com/system-transparency/stfe/testdata"
"github.com/system-transparency/stfe/x509util"
+ "github.com/system-transparency/stfe/x509util/testdata"
)
var (
@@ -21,13 +21,10 @@ var (
)
func makeTestLogParameters(t *testing.T, signer crypto.Signer) *LogParameters {
- anchorList, err := x509util.NewCertificateList(testdata.PemAnchors)
+ anchorList, err := x509util.NewCertificateList(testdata.TrustAnchors)
if err != nil {
t.Fatalf("must decode trust anchors: %v", err)
}
- if got, want := len(anchorList), testdata.NumPemAnchors; got != want {
- t.Fatalf("must have %d trust anchor(s), got %d", want, got)
- }
return &LogParameters{
LogId: testLogId,
TreeId: testTreeId,
diff --git a/reqres_test.go b/reqres_test.go
index 53f6f07..1a6304b 100644
--- a/reqres_test.go
+++ b/reqres_test.go
@@ -10,7 +10,7 @@ import (
"net/http"
"github.com/google/trillian"
- "github.com/system-transparency/stfe/testdata"
+ "github.com/system-transparency/stfe/x509util/testdata"
)
// TODO: TestNewAddEntryRequest
@@ -229,7 +229,7 @@ func TestNewGetEntryResponse(t *testing.T) {
lp := makeTestLogParameters(t, nil)
var appendix Appendix
- leaf, app := makeTestLeaf(t, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey)
+ leaf, app := makeTestLeaf(t, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey)
if err := appendix.Unmarshal(app); err != nil {
t.Fatalf("must unmarshal appendix: %v", err)
}
@@ -266,7 +266,7 @@ func TestNewGetEntriesResponse(t *testing.T) {
lp := makeTestLogParameters(t, nil)
// Invalid
- leaf := makeTrillianQueueLeafResponse(t, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, false).QueuedLeaf.Leaf
+ leaf := makeTrillianQueueLeafResponse(t, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, false).QueuedLeaf.Leaf
leaf.ExtraData = leaf.ExtraData[1:]
if _, err := lp.newGetEntriesResponse([]*trillian.LogLeaf{leaf}); err == nil {
t.Errorf("got no error for invalid appendix")
@@ -276,7 +276,7 @@ func TestNewGetEntriesResponse(t *testing.T) {
for n, numEntries := 0, 5; n < numEntries; n++ {
leaves := make([]*trillian.LogLeaf, 0, n)
for i := 0; i < n; i++ {
- leaves = append(leaves, makeTrillianQueueLeafResponse(t, []byte(fmt.Sprintf("%s-%d", testPackage, i)), testdata.FirstPemChain, testdata.FirstPemChainKey, false).QueuedLeaf.Leaf)
+ leaves = append(leaves, makeTrillianQueueLeafResponse(t, []byte(fmt.Sprintf("%s-%d", testPackage, i)), testdata.RootChain, testdata.EndEntityPrivateKey, false).QueuedLeaf.Leaf)
}
if rsp, err := lp.newGetEntriesResponse(leaves); err != nil {
t.Errorf("got error for %d valid leaves: %v", n, err)
@@ -289,7 +289,7 @@ func TestNewGetEntriesResponse(t *testing.T) {
func TestNewGetAnchorsResponse(t *testing.T) {
rawAnchors := makeTestLogParameters(t, nil).newGetAnchorsResponse()
- if got, want := len(rawAnchors), testdata.NumPemAnchors; got != want {
+ if got, want := len(rawAnchors), testdata.NumTrustAnchors; got != want {
t.Errorf("got %d anchors but wanted %d", got, want)
}
for _, rawAnchor := range rawAnchors {
diff --git a/testdata/data.go b/testdata/data.go
deleted file mode 100644
index 1145505..0000000
--- a/testdata/data.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package testdata
-
-var (
- // NumPemAnchors is the number of trust anchors in PemAnchors
- NumPemAnchors = 2
- // PemAnchors is a list of trusted root certificates
- PemAnchors = []byte(`-----BEGIN CERTIFICATE-----
-MIIB/TCCAa+gAwIBAgIUDYJzaC5VSkKwiLVAxO5MyphAkN8wBQYDK2VwMGwxCzAJ
-BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
-MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
-DQEJARYCTkEwHhcNMjAxMTAzMTgzMTMxWhcNMzIwMTIxMTgzMTMxWjBsMQswCQYD
-VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
-MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
-CQEWAk5BMCowBQYDK2VwAyEAJ1IiXCB4YHwdWka9MM0bc7LvKAtksmtIo8IhkuEB
-uzGjYzBhMB0GA1UdDgQWBBQBvsxROtKU6zmr/SxcfTMDsAQcMTAfBgNVHSMEGDAW
-gBQBvsxROtKU6zmr/SxcfTMDsAQcMTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIChDAFBgMrZXADQQCXh6kDnE5giTjcLET2S94qTwnHVAj57DJcR/rf9Jy8
-NMGbtzTL0/V0B8DHuJFA/islbZJbN7rSvqddEKL8N2gI
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB/TCCAa+gAwIBAgIUCFGFq5zAkH03LQ2fpAamPhGd8FgwBQYDK2VwMGwxCzAJ
-BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
-MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
-DQEJARYCTkEwHhcNMjAxMTE3MTgxNTQyWhcNMzIwMjA0MTgxNTQyWjBsMQswCQYD
-VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
-MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
-CQEWAk5BMCowBQYDK2VwAyEAFOG1Lof1UiV2mYsM17EopyVCR87qRrNW9YHP0biu
-pOyjYzBhMB0GA1UdDgQWBBQeeImH1qUrWk+pq3YOkwI8bWdEuTAfBgNVHSMEGDAW
-gBQeeImH1qUrWk+pq3YOkwI8bWdEuTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIChDAFBgMrZXADQQDP4IQePN5Krr7jn+RM8AbF+c4fXgamA1XDHVIfXy/n
-MexxZMsuSCSDq5XM5GMImffmBXA1dNJ6ytfJi668C+kF
------END CERTIFICATE-----`)
- // FirstPemChain is composed of an end-entity and intermediate certificate
- FirstPemChain = []byte(`-----BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20
-wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC
-I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
-DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
-A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTAz
-MTgzMjE4WhcNMzIwMTIxMTgzMjE4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
-TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
-BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
-F1yPPpjHKDAKN73pBFGXzAvIjdkLLimydu2y1HLMOiKjZjBkMB0GA1UdDgQWBBQ6
-P7JQ7yXtrTh7YkVU0I78P9A+nDAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
-sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
-QQBm1GMV0ADPnXRWnelCW9tcyTh0p9hKefuSy/MNx7/XLHKnM5fX+yHqD84QOxES
-Vc510vi4dM8I+e/vcoBsmMQP
------END CERTIFICATE-----`)
- // FirstPemChainKey is the end-entity private key for FirstPemChain[0]
- FirstPemChainKey = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIDme3WaCwW2/FX095yh02yIIsn0D3vbvN5NsJzcdUwq1
------END PRIVATE KEY-----`)
- // SecondPemChain is composed of an end-entity and intermediate certificate
- SecondPemChain = []byte(`-----BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFCv557zJa/p94Hu3n+k7iYR/75xJMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTExNzE4MTc1MFoXDTMyMDIwNDE4MTc1MFowRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR
-H7O84kVFMAUGAytlcANBAI9Lq6SWu2Ua+lFcZSuFvOwoTgzLJVFYFVobLaobXZSL
-TKYluMIXPewoG+aywySEmsWletUcUVA5pHFAiz2rrwo=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
-DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
-A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTE3
-MTgxNjQ4WhcNMzIwMjA0MTgxNjQ4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
-TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
-BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
-DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy
-uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
-sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
-QQCKFy3FEGogW8/G8NS/AmJHfZQGlZxDPbCjPclB0HmWTOaLTq+jgpCvZz1VQapc
-us/Fs+5Pvt4UGYiAuTYJu7YK
------END CERTIFICATE-----`)
- // SecondPemChainKey is the end-entity private key for SecondPemChain[0]
- SecondPemChainKey = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIH65lXoCT4N9q4mPmDcsmAqIqG9CrqrB4KV2nqBC9JlZ
------END PRIVATE KEY-----`)
-)
diff --git a/trillian_test.go b/trillian_test.go
index ab053a5..749f22a 100644
--- a/trillian_test.go
+++ b/trillian_test.go
@@ -6,7 +6,7 @@ import (
"github.com/google/trillian"
"github.com/google/trillian/types"
- "github.com/system-transparency/stfe/testdata"
+ "github.com/system-transparency/stfe/x509util/testdata"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
@@ -35,11 +35,11 @@ func TestCheckQueueLeaf(t *testing.T) {
},
{
description: "ok response: duplicate leaf",
- rsp: makeTrillianQueueLeafResponse(t, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true),
+ rsp: makeTrillianQueueLeafResponse(t, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true),
},
{
description: "ok response: new leaf",
- rsp: makeTrillianQueueLeafResponse(t, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, false),
+ rsp: makeTrillianQueueLeafResponse(t, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, false),
},
} {
if err := checkQueueLeaf(table.rsp, table.err); (err != nil) != table.wantErr {
@@ -70,7 +70,7 @@ func TestCheckGetLeavesByRange(t *testing.T) {
rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse {
rsp.Leaves = nil
return rsp
- }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)),
+ }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)),
wantErr: true,
},
{
@@ -78,7 +78,7 @@ func TestCheckGetLeavesByRange(t *testing.T) {
rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse {
rsp.SignedLogRoot = nil
return rsp
- }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)),
+ }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)),
wantErr: true,
},
{
@@ -86,7 +86,7 @@ func TestCheckGetLeavesByRange(t *testing.T) {
rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse {
rsp.SignedLogRoot.LogRoot = nil
return rsp
- }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)),
+ }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)),
wantErr: true,
},
{
@@ -95,13 +95,13 @@ func TestCheckGetLeavesByRange(t *testing.T) {
rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse {
rsp.SignedLogRoot.LogRoot = rsp.SignedLogRoot.LogRoot[1:]
return rsp
- }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)),
+ }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)),
wantErr: true,
},
{
description: "bad response: too many leaves",
req: &GetEntriesRequest{Start: 0, End: 1},
- rsp: makeTrillianGetLeavesByRangeResponse(t, 0, 2, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true),
+ rsp: makeTrillianGetLeavesByRangeResponse(t, 0, 2, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true),
wantErr: true,
},
{
@@ -110,13 +110,13 @@ func TestCheckGetLeavesByRange(t *testing.T) {
rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse {
rsp.SignedLogRoot = makeLatestSignedLogRootResponse(t, 0, testTreeSize, testNodeHash).SignedLogRoot
return rsp
- }(makeTrillianGetLeavesByRangeResponse(t, int64(testTreeSize)-1, int64(testTreeSize)-1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)),
+ }(makeTrillianGetLeavesByRangeResponse(t, int64(testTreeSize)-1, int64(testTreeSize)-1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)),
wantErr: true,
},
{
description: "bad response: invalid leaf indices",
req: &GetEntriesRequest{Start: 10, End: 11},
- rsp: makeTrillianGetLeavesByRangeResponse(t, 11, 12, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true),
+ rsp: makeTrillianGetLeavesByRangeResponse(t, 11, 12, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true),
wantErr: true,
},
{
@@ -125,12 +125,12 @@ func TestCheckGetLeavesByRange(t *testing.T) {
rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse {
rsp.SignedLogRoot = makeLatestSignedLogRootResponse(t, 0, testTreeSize, testNodeHash).SignedLogRoot
return rsp
- }(makeTrillianGetLeavesByRangeResponse(t, int64(testTreeSize)-1, int64(testTreeSize)-1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)),
+ }(makeTrillianGetLeavesByRangeResponse(t, int64(testTreeSize)-1, int64(testTreeSize)-1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)),
},
{
description: "ok response: a bunch of leaves",
req: &GetEntriesRequest{Start: 10, End: 20},
- rsp: makeTrillianGetLeavesByRangeResponse(t, 10, 20, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true),
+ rsp: makeTrillianGetLeavesByRangeResponse(t, 10, 20, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true),
},
} {
if _, err := checkGetLeavesByRange(table.req, table.rsp, table.err); (err != nil) != table.wantErr {
diff --git a/type_test.go b/type_test.go
index ea3ab36..e8dce00 100644
--- a/type_test.go
+++ b/type_test.go
@@ -5,8 +5,8 @@ import (
"crypto/tls"
- "github.com/system-transparency/stfe/testdata"
"github.com/system-transparency/stfe/x509util"
+ "github.com/system-transparency/stfe/x509util/testdata"
)
var (
@@ -275,7 +275,7 @@ func TestEncDecStItem(t *testing.T) {
//
// Note: max limits for certificate chains are not tested.
func TestEncDecAppendix(t *testing.T) {
- chain, err := x509util.NewCertificateList(testdata.FirstPemChain)
+ chain, err := x509util.NewCertificateList(testdata.RootChain)
if err != nil {
t.Fatalf("must decode certificate chain: %v", err)
}
@@ -398,7 +398,7 @@ func TestStItemUnmarshalFailure(t *testing.T) {
// TestAppendixUnmarshal tests that invalid appendices cannot be unmarshaled
func TestAppendixUnmarshalFailure(t *testing.T) {
- chain, err := x509util.NewCertificateList(testdata.FirstPemChain)
+ chain, err := x509util.NewCertificateList(testdata.RootChain)
if err != nil {
t.Fatalf("must decode certificate chain: %v", err)
}
diff --git a/x509util/testdata/data.go b/x509util/testdata/data.go
index 46f4ab5..832a3aa 100644
--- a/x509util/testdata/data.go
+++ b/x509util/testdata/data.go
@@ -161,6 +161,8 @@ MC4CAQAwBQYDK2VwBCIEIKQd3B84w9pB6zJLGljuDyGKfz9uPP6QBeLiFcw0EME4
RootCertificate,
RootCertificate2,
}, []byte("\n"))
+ // NumTrustAnchors is the number of test trust anchors
+ NumTrustAnchors = 2
// ExpiredCertificate is a PEM-encoded certificate that is always expired,
// i.e., `Not Before`=`Not After`. It is signed by IntermediateCertificate.