aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--instance_test.go37
-rw-r--r--server/testdata/x509/chain2.pem23
-rw-r--r--server/testdata/x509/end-entity2.key3
-rw-r--r--server/testdata/x509/end-entity2.pem10
-rw-r--r--server/testdata/x509/intermediate2.key3
-rw-r--r--server/testdata/x509/intermediate2.pem13
-rw-r--r--server/testdata/x509/root2.key3
-rw-r--r--server/testdata/x509/root2.pem13
-rw-r--r--testdata/data.go89
9 files changed, 194 insertions, 0 deletions
diff --git a/instance_test.go b/instance_test.go
new file mode 100644
index 0000000..57dee82
--- /dev/null
+++ b/instance_test.go
@@ -0,0 +1,37 @@
+package stfe
+
+import (
+ "testing"
+
+ "crypto"
+ "crypto/x509"
+
+ "github.com/system-transparency/stfe/testdata"
+ "github.com/system-transparency/stfe/x509util"
+)
+
+func TestNewLogParameters(t *testing.T) {
+ makeTestLogParameters(t, nil)
+}
+
+func makeTestLogParameters(t *testing.T, signer crypto.Signer) *LogParameters {
+ anchorList, err := x509util.NewCertificateList(testdata.PemAnchors)
+ if err != nil {
+ t.Fatalf("must decode trust anchors: %v", err)
+ }
+ if got, want := len(anchorList), testdata.NumPemAnchors; got != want {
+ t.Fatalf("must have %d trust anchor(s), got %d", want, got)
+ }
+ return &LogParameters{
+ LogId: make([]byte, 32),
+ TreeId: 0,
+ Prefix: "/test",
+ MaxRange: 3,
+ MaxChain: 3,
+ AnchorPool: x509util.NewCertPool(anchorList),
+ AnchorList: anchorList,
+ KeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
+ Signer: signer,
+ HashType: crypto.SHA256,
+ }
+}
diff --git a/server/testdata/x509/chain2.pem b/server/testdata/x509/chain2.pem
new file mode 100644
index 0000000..976b31a
--- /dev/null
+++ b/server/testdata/x509/chain2.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIBbDCCAR4CFCv557zJa/p94Hu3n+k7iYR/75xJMAUGAytlcDBsMQswCQYDVQQG
+EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
+A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
+Ak5BMB4XDTIwMTExNzE4MTc1MFoXDTMyMDIwNDE4MTc1MFowRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR
+H7O84kVFMAUGAytlcANBAI9Lq6SWu2Ua+lFcZSuFvOwoTgzLJVFYFVobLaobXZSL
+TKYluMIXPewoG+aywySEmsWletUcUVA5pHFAiz2rrwo=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
+DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
+A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTE3
+MTgxNjQ4WhcNMzIwMjA0MTgxNjQ4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
+TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
+BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
+DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy
+uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
+sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
+QQCKFy3FEGogW8/G8NS/AmJHfZQGlZxDPbCjPclB0HmWTOaLTq+jgpCvZz1VQapc
+us/Fs+5Pvt4UGYiAuTYJu7YK
+-----END CERTIFICATE-----
diff --git a/server/testdata/x509/end-entity2.key b/server/testdata/x509/end-entity2.key
new file mode 100644
index 0000000..4758b40
--- /dev/null
+++ b/server/testdata/x509/end-entity2.key
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIH65lXoCT4N9q4mPmDcsmAqIqG9CrqrB4KV2nqBC9JlZ
+-----END PRIVATE KEY-----
diff --git a/server/testdata/x509/end-entity2.pem b/server/testdata/x509/end-entity2.pem
new file mode 100644
index 0000000..22f72db
--- /dev/null
+++ b/server/testdata/x509/end-entity2.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbDCCAR4CFCv557zJa/p94Hu3n+k7iYR/75xJMAUGAytlcDBsMQswCQYDVQQG
+EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
+A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
+Ak5BMB4XDTIwMTExNzE4MTc1MFoXDTMyMDIwNDE4MTc1MFowRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR
+H7O84kVFMAUGAytlcANBAI9Lq6SWu2Ua+lFcZSuFvOwoTgzLJVFYFVobLaobXZSL
+TKYluMIXPewoG+aywySEmsWletUcUVA5pHFAiz2rrwo=
+-----END CERTIFICATE-----
diff --git a/server/testdata/x509/intermediate2.key b/server/testdata/x509/intermediate2.key
new file mode 100644
index 0000000..487627e
--- /dev/null
+++ b/server/testdata/x509/intermediate2.key
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIOo+qcT2GoWoAp0079ecz/ZyrCZ78Zqznv1xEoN96vT7
+-----END PRIVATE KEY-----
diff --git a/server/testdata/x509/intermediate2.pem b/server/testdata/x509/intermediate2.pem
new file mode 100644
index 0000000..44261f0
--- /dev/null
+++ b/server/testdata/x509/intermediate2.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
+DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
+A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTE3
+MTgxNjQ4WhcNMzIwMjA0MTgxNjQ4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
+TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
+BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
+DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy
+uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
+sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
+QQCKFy3FEGogW8/G8NS/AmJHfZQGlZxDPbCjPclB0HmWTOaLTq+jgpCvZz1VQapc
+us/Fs+5Pvt4UGYiAuTYJu7YK
+-----END CERTIFICATE-----
diff --git a/server/testdata/x509/root2.key b/server/testdata/x509/root2.key
new file mode 100644
index 0000000..df8b7af
--- /dev/null
+++ b/server/testdata/x509/root2.key
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIKQd3B84w9pB6zJLGljuDyGKfz9uPP6QBeLiFcw0EME4
+-----END PRIVATE KEY-----
diff --git a/server/testdata/x509/root2.pem b/server/testdata/x509/root2.pem
new file mode 100644
index 0000000..d0b131c
--- /dev/null
+++ b/server/testdata/x509/root2.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAa+gAwIBAgIUCFGFq5zAkH03LQ2fpAamPhGd8FgwBQYDK2VwMGwxCzAJ
+BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
+MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
+DQEJARYCTkEwHhcNMjAxMTE3MTgxNTQyWhcNMzIwMjA0MTgxNTQyWjBsMQswCQYD
+VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
+MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
+CQEWAk5BMCowBQYDK2VwAyEAFOG1Lof1UiV2mYsM17EopyVCR87qRrNW9YHP0biu
+pOyjYzBhMB0GA1UdDgQWBBQeeImH1qUrWk+pq3YOkwI8bWdEuTAfBgNVHSMEGDAW
+gBQeeImH1qUrWk+pq3YOkwI8bWdEuTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIChDAFBgMrZXADQQDP4IQePN5Krr7jn+RM8AbF+c4fXgamA1XDHVIfXy/n
+MexxZMsuSCSDq5XM5GMImffmBXA1dNJ6ytfJi668C+kF
+-----END CERTIFICATE-----
diff --git a/testdata/data.go b/testdata/data.go
new file mode 100644
index 0000000..1145505
--- /dev/null
+++ b/testdata/data.go
@@ -0,0 +1,89 @@
+package testdata
+
+var (
+ // NumPemAnchors is the number of trust anchors in PemAnchors
+ NumPemAnchors = 2
+ // PemAnchors is a list of trusted root certificates
+ PemAnchors = []byte(`-----BEGIN CERTIFICATE-----
+MIIB/TCCAa+gAwIBAgIUDYJzaC5VSkKwiLVAxO5MyphAkN8wBQYDK2VwMGwxCzAJ
+BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
+MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
+DQEJARYCTkEwHhcNMjAxMTAzMTgzMTMxWhcNMzIwMTIxMTgzMTMxWjBsMQswCQYD
+VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
+MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
+CQEWAk5BMCowBQYDK2VwAyEAJ1IiXCB4YHwdWka9MM0bc7LvKAtksmtIo8IhkuEB
+uzGjYzBhMB0GA1UdDgQWBBQBvsxROtKU6zmr/SxcfTMDsAQcMTAfBgNVHSMEGDAW
+gBQBvsxROtKU6zmr/SxcfTMDsAQcMTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIChDAFBgMrZXADQQCXh6kDnE5giTjcLET2S94qTwnHVAj57DJcR/rf9Jy8
+NMGbtzTL0/V0B8DHuJFA/islbZJbN7rSvqddEKL8N2gI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAa+gAwIBAgIUCFGFq5zAkH03LQ2fpAamPhGd8FgwBQYDK2VwMGwxCzAJ
+BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
+MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
+DQEJARYCTkEwHhcNMjAxMTE3MTgxNTQyWhcNMzIwMjA0MTgxNTQyWjBsMQswCQYD
+VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
+MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
+CQEWAk5BMCowBQYDK2VwAyEAFOG1Lof1UiV2mYsM17EopyVCR87qRrNW9YHP0biu
+pOyjYzBhMB0GA1UdDgQWBBQeeImH1qUrWk+pq3YOkwI8bWdEuTAfBgNVHSMEGDAW
+gBQeeImH1qUrWk+pq3YOkwI8bWdEuTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIChDAFBgMrZXADQQDP4IQePN5Krr7jn+RM8AbF+c4fXgamA1XDHVIfXy/n
+MexxZMsuSCSDq5XM5GMImffmBXA1dNJ6ytfJi668C+kF
+-----END CERTIFICATE-----`)
+ // FirstPemChain is composed of an end-entity and intermediate certificate
+ FirstPemChain = []byte(`-----BEGIN CERTIFICATE-----
+MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
+EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
+A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
+Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20
+wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC
+I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
+DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
+A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTAz
+MTgzMjE4WhcNMzIwMTIxMTgzMjE4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
+TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
+BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
+F1yPPpjHKDAKN73pBFGXzAvIjdkLLimydu2y1HLMOiKjZjBkMB0GA1UdDgQWBBQ6
+P7JQ7yXtrTh7YkVU0I78P9A+nDAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
+sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
+QQBm1GMV0ADPnXRWnelCW9tcyTh0p9hKefuSy/MNx7/XLHKnM5fX+yHqD84QOxES
+Vc510vi4dM8I+e/vcoBsmMQP
+-----END CERTIFICATE-----`)
+ // FirstPemChainKey is the end-entity private key for FirstPemChain[0]
+ FirstPemChainKey = []byte(`-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIDme3WaCwW2/FX095yh02yIIsn0D3vbvN5NsJzcdUwq1
+-----END PRIVATE KEY-----`)
+ // SecondPemChain is composed of an end-entity and intermediate certificate
+ SecondPemChain = []byte(`-----BEGIN CERTIFICATE-----
+MIIBbDCCAR4CFCv557zJa/p94Hu3n+k7iYR/75xJMAUGAytlcDBsMQswCQYDVQQG
+EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
+A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
+Ak5BMB4XDTIwMTExNzE4MTc1MFoXDTMyMDIwNDE4MTc1MFowRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR
+H7O84kVFMAUGAytlcANBAI9Lq6SWu2Ua+lFcZSuFvOwoTgzLJVFYFVobLaobXZSL
+TKYluMIXPewoG+aywySEmsWletUcUVA5pHFAiz2rrwo=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
+DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
+A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTE3
+MTgxNjQ4WhcNMzIwMjA0MTgxNjQ4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
+TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
+BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
+DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy
+uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
+sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
+QQCKFy3FEGogW8/G8NS/AmJHfZQGlZxDPbCjPclB0HmWTOaLTq+jgpCvZz1VQapc
+us/Fs+5Pvt4UGYiAuTYJu7YK
+-----END CERTIFICATE-----`)
+ // SecondPemChainKey is the end-entity private key for SecondPemChain[0]
+ SecondPemChainKey = []byte(`-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIH65lXoCT4N9q4mPmDcsmAqIqG9CrqrB4KV2nqBC9JlZ
+-----END PRIVATE KEY-----`)
+)