From 9e6c301a830ef2675a2b2dab08002723b1315af4 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Mon, 30 Nov 2020 17:26:08 +0100 Subject: migrated over to x509util/testdata --- handler_test.go | 22 ++++++------ instance_test.go | 7 ++-- reqres_test.go | 10 +++--- testdata/data.go | 89 ----------------------------------------------- trillian_test.go | 24 ++++++------- type_test.go | 6 ++-- x509util/testdata/data.go | 2 ++ 7 files changed, 35 insertions(+), 125 deletions(-) delete mode 100644 testdata/data.go diff --git a/handler_test.go b/handler_test.go index cb11a07..4bfb87d 100644 --- a/handler_test.go +++ b/handler_test.go @@ -20,8 +20,8 @@ import ( "github.com/google/certificate-transparency-go/trillian/mockclient" cttestdata "github.com/google/certificate-transparency-go/trillian/testdata" "github.com/google/trillian" - "github.com/system-transparency/stfe/testdata" "github.com/system-transparency/stfe/x509util" + "github.com/system-transparency/stfe/x509util/testdata" ) type testHandler struct { @@ -148,6 +148,7 @@ func TestGetAnchors(t *testing.T) { } func TestGetEntries(t *testing.T) { + chainLen := 3 for _, table := range []struct { description string breq *GetEntriesRequest @@ -181,7 +182,7 @@ func TestGetEntries(t *testing.T) { Start: 0, End: 1, }, - trsp: makeTrillianGetLeavesByRangeResponse(t, 0, 1, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, false), + trsp: makeTrillianGetLeavesByRangeResponse(t, 0, 1, []byte("foobar-1.2.3"), testdata.RootChain, testdata.EndEntityPrivateKey, false), wantCode: http.StatusInternalServerError, wantErrText: http.StatusText(http.StatusInternalServerError) + "\n", }, @@ -191,7 +192,7 @@ func TestGetEntries(t *testing.T) { Start: 0, End: 1, }, - trsp: makeTrillianGetLeavesByRangeResponse(t, 0, 1, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, true), + trsp: makeTrillianGetLeavesByRangeResponse(t, 0, 1, []byte("foobar-1.2.3"), testdata.RootChain, testdata.EndEntityPrivateKey, true), wantCode: http.StatusOK, }, } { @@ -251,8 +252,7 @@ func TestGetEntries(t *testing.T) { chain, err := x509util.ParseDerList(rsp.Chain) if err != nil { t.Errorf("failed parsing certificate chain: %v", err) - } else if got, want := len(chain), 2; got != want { - // TODO: test data with trust anchor in chain + } else if got, want := len(chain), chainLen; got != want { t.Errorf("got chain length %d, want %d", got, want) } else { if err := x509util.VerifyChain(chain); err != nil { @@ -282,29 +282,29 @@ func TestAddEntry(t *testing.T) { }{ { description: "empty trillian response", - breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, true), + breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, true), terr: fmt.Errorf("back-end failure"), wantCode: http.StatusInternalServerError, wantErrText: http.StatusText(http.StatusInternalServerError) + "\n", }, { description: "bad request parameters", - breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, false), + breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, false), wantCode: http.StatusBadRequest, wantErrText: http.StatusText(http.StatusBadRequest) + "\n", }, { description: "log signature failure", - breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, true), - trsp: makeTrillianQueueLeafResponse(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, false), + breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, true), + trsp: makeTrillianQueueLeafResponse(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, false), wantCode: http.StatusInternalServerError, wantErrText: http.StatusText(http.StatusInternalServerError) + "\n", signer: cttestdata.NewSignerWithErr(nil, fmt.Errorf("signing failed")), }, { description: "valid add-entry request-response", - breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, true), - trsp: makeTrillianQueueLeafResponse(t, []byte("foobar-1.2.3"), testdata.FirstPemChain, testdata.FirstPemChainKey, false), + breq: makeTestLeafBuffer(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, true), + trsp: makeTrillianQueueLeafResponse(t, []byte("foobar-1.2.3"), testdata.IntermediateChain, testdata.EndEntityPrivateKey, false), wantCode: http.StatusOK, signer: cttestdata.NewSignerWithFixedSig(nil, make([]byte, 32)), }, diff --git a/instance_test.go b/instance_test.go index f4a8fea..582b232 100644 --- a/instance_test.go +++ b/instance_test.go @@ -6,8 +6,8 @@ import ( "crypto" "crypto/x509" - "github.com/system-transparency/stfe/testdata" "github.com/system-transparency/stfe/x509util" + "github.com/system-transparency/stfe/x509util/testdata" ) var ( @@ -21,13 +21,10 @@ var ( ) func makeTestLogParameters(t *testing.T, signer crypto.Signer) *LogParameters { - anchorList, err := x509util.NewCertificateList(testdata.PemAnchors) + anchorList, err := x509util.NewCertificateList(testdata.TrustAnchors) if err != nil { t.Fatalf("must decode trust anchors: %v", err) } - if got, want := len(anchorList), testdata.NumPemAnchors; got != want { - t.Fatalf("must have %d trust anchor(s), got %d", want, got) - } return &LogParameters{ LogId: testLogId, TreeId: testTreeId, diff --git a/reqres_test.go b/reqres_test.go index 53f6f07..1a6304b 100644 --- a/reqres_test.go +++ b/reqres_test.go @@ -10,7 +10,7 @@ import ( "net/http" "github.com/google/trillian" - "github.com/system-transparency/stfe/testdata" + "github.com/system-transparency/stfe/x509util/testdata" ) // TODO: TestNewAddEntryRequest @@ -229,7 +229,7 @@ func TestNewGetEntryResponse(t *testing.T) { lp := makeTestLogParameters(t, nil) var appendix Appendix - leaf, app := makeTestLeaf(t, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey) + leaf, app := makeTestLeaf(t, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey) if err := appendix.Unmarshal(app); err != nil { t.Fatalf("must unmarshal appendix: %v", err) } @@ -266,7 +266,7 @@ func TestNewGetEntriesResponse(t *testing.T) { lp := makeTestLogParameters(t, nil) // Invalid - leaf := makeTrillianQueueLeafResponse(t, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, false).QueuedLeaf.Leaf + leaf := makeTrillianQueueLeafResponse(t, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, false).QueuedLeaf.Leaf leaf.ExtraData = leaf.ExtraData[1:] if _, err := lp.newGetEntriesResponse([]*trillian.LogLeaf{leaf}); err == nil { t.Errorf("got no error for invalid appendix") @@ -276,7 +276,7 @@ func TestNewGetEntriesResponse(t *testing.T) { for n, numEntries := 0, 5; n < numEntries; n++ { leaves := make([]*trillian.LogLeaf, 0, n) for i := 0; i < n; i++ { - leaves = append(leaves, makeTrillianQueueLeafResponse(t, []byte(fmt.Sprintf("%s-%d", testPackage, i)), testdata.FirstPemChain, testdata.FirstPemChainKey, false).QueuedLeaf.Leaf) + leaves = append(leaves, makeTrillianQueueLeafResponse(t, []byte(fmt.Sprintf("%s-%d", testPackage, i)), testdata.RootChain, testdata.EndEntityPrivateKey, false).QueuedLeaf.Leaf) } if rsp, err := lp.newGetEntriesResponse(leaves); err != nil { t.Errorf("got error for %d valid leaves: %v", n, err) @@ -289,7 +289,7 @@ func TestNewGetEntriesResponse(t *testing.T) { func TestNewGetAnchorsResponse(t *testing.T) { rawAnchors := makeTestLogParameters(t, nil).newGetAnchorsResponse() - if got, want := len(rawAnchors), testdata.NumPemAnchors; got != want { + if got, want := len(rawAnchors), testdata.NumTrustAnchors; got != want { t.Errorf("got %d anchors but wanted %d", got, want) } for _, rawAnchor := range rawAnchors { diff --git a/testdata/data.go b/testdata/data.go deleted file mode 100644 index 1145505..0000000 --- a/testdata/data.go +++ /dev/null @@ -1,89 +0,0 @@ -package testdata - -var ( - // NumPemAnchors is the number of trust anchors in PemAnchors - NumPemAnchors = 2 - // PemAnchors is a list of trusted root certificates - PemAnchors = []byte(`-----BEGIN CERTIFICATE----- -MIIB/TCCAa+gAwIBAgIUDYJzaC5VSkKwiLVAxO5MyphAkN8wBQYDK2VwMGwxCzAJ -BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B -MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3 -DQEJARYCTkEwHhcNMjAxMTAzMTgzMTMxWhcNMzIwMTIxMTgzMTMxWjBsMQswCQYD -VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL -MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B -CQEWAk5BMCowBQYDK2VwAyEAJ1IiXCB4YHwdWka9MM0bc7LvKAtksmtIo8IhkuEB -uzGjYzBhMB0GA1UdDgQWBBQBvsxROtKU6zmr/SxcfTMDsAQcMTAfBgNVHSMEGDAW -gBQBvsxROtKU6zmr/SxcfTMDsAQcMTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIChDAFBgMrZXADQQCXh6kDnE5giTjcLET2S94qTwnHVAj57DJcR/rf9Jy8 -NMGbtzTL0/V0B8DHuJFA/islbZJbN7rSvqddEKL8N2gI ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB/TCCAa+gAwIBAgIUCFGFq5zAkH03LQ2fpAamPhGd8FgwBQYDK2VwMGwxCzAJ -BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B -MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3 -DQEJARYCTkEwHhcNMjAxMTE3MTgxNTQyWhcNMzIwMjA0MTgxNTQyWjBsMQswCQYD -VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL -MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B -CQEWAk5BMCowBQYDK2VwAyEAFOG1Lof1UiV2mYsM17EopyVCR87qRrNW9YHP0biu -pOyjYzBhMB0GA1UdDgQWBBQeeImH1qUrWk+pq3YOkwI8bWdEuTAfBgNVHSMEGDAW -gBQeeImH1qUrWk+pq3YOkwI8bWdEuTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIChDAFBgMrZXADQQDP4IQePN5Krr7jn+RM8AbF+c4fXgamA1XDHVIfXy/n -MexxZMsuSCSDq5XM5GMImffmBXA1dNJ6ytfJi668C+kF ------END CERTIFICATE-----`) - // FirstPemChain is composed of an end-entity and intermediate certificate - FirstPemChain = []byte(`-----BEGIN CERTIFICATE----- -MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG -EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG -A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW -Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC -QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp -dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20 -wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC -I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI -DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG -A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTAz -MTgzMjE4WhcNMzIwMTIxMTgzMjE4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC -TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV -BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA -F1yPPpjHKDAKN73pBFGXzAvIjdkLLimydu2y1HLMOiKjZjBkMB0GA1UdDgQWBBQ6 -P7JQ7yXtrTh7YkVU0I78P9A+nDAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD -sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD -QQBm1GMV0ADPnXRWnelCW9tcyTh0p9hKefuSy/MNx7/XLHKnM5fX+yHqD84QOxES -Vc510vi4dM8I+e/vcoBsmMQP ------END CERTIFICATE-----`) - // FirstPemChainKey is the end-entity private key for FirstPemChain[0] - FirstPemChainKey = []byte(`-----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIDme3WaCwW2/FX095yh02yIIsn0D3vbvN5NsJzcdUwq1 ------END PRIVATE KEY-----`) - // SecondPemChain is composed of an end-entity and intermediate certificate - SecondPemChain = []byte(`-----BEGIN CERTIFICATE----- -MIIBbDCCAR4CFCv557zJa/p94Hu3n+k7iYR/75xJMAUGAytlcDBsMQswCQYDVQQG -EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG -A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW -Ak5BMB4XDTIwMTExNzE4MTc1MFoXDTMyMDIwNDE4MTc1MFowRTELMAkGA1UEBhMC -QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp -dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR -H7O84kVFMAUGAytlcANBAI9Lq6SWu2Ua+lFcZSuFvOwoTgzLJVFYFVobLaobXZSL -TKYluMIXPewoG+aywySEmsWletUcUVA5pHFAiz2rrwo= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI -DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG -A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTE3 -MTgxNjQ4WhcNMzIwMjA0MTgxNjQ4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC -TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV -BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA -DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy -uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD -sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD -QQCKFy3FEGogW8/G8NS/AmJHfZQGlZxDPbCjPclB0HmWTOaLTq+jgpCvZz1VQapc -us/Fs+5Pvt4UGYiAuTYJu7YK ------END CERTIFICATE-----`) - // SecondPemChainKey is the end-entity private key for SecondPemChain[0] - SecondPemChainKey = []byte(`-----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIH65lXoCT4N9q4mPmDcsmAqIqG9CrqrB4KV2nqBC9JlZ ------END PRIVATE KEY-----`) -) diff --git a/trillian_test.go b/trillian_test.go index ab053a5..749f22a 100644 --- a/trillian_test.go +++ b/trillian_test.go @@ -6,7 +6,7 @@ import ( "github.com/google/trillian" "github.com/google/trillian/types" - "github.com/system-transparency/stfe/testdata" + "github.com/system-transparency/stfe/x509util/testdata" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -35,11 +35,11 @@ func TestCheckQueueLeaf(t *testing.T) { }, { description: "ok response: duplicate leaf", - rsp: makeTrillianQueueLeafResponse(t, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true), + rsp: makeTrillianQueueLeafResponse(t, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true), }, { description: "ok response: new leaf", - rsp: makeTrillianQueueLeafResponse(t, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, false), + rsp: makeTrillianQueueLeafResponse(t, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, false), }, } { if err := checkQueueLeaf(table.rsp, table.err); (err != nil) != table.wantErr { @@ -70,7 +70,7 @@ func TestCheckGetLeavesByRange(t *testing.T) { rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse { rsp.Leaves = nil return rsp - }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)), + }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)), wantErr: true, }, { @@ -78,7 +78,7 @@ func TestCheckGetLeavesByRange(t *testing.T) { rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse { rsp.SignedLogRoot = nil return rsp - }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)), + }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)), wantErr: true, }, { @@ -86,7 +86,7 @@ func TestCheckGetLeavesByRange(t *testing.T) { rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse { rsp.SignedLogRoot.LogRoot = nil return rsp - }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)), + }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)), wantErr: true, }, { @@ -95,13 +95,13 @@ func TestCheckGetLeavesByRange(t *testing.T) { rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse { rsp.SignedLogRoot.LogRoot = rsp.SignedLogRoot.LogRoot[1:] return rsp - }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)), + }(makeTrillianGetLeavesByRangeResponse(t, 0, 1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)), wantErr: true, }, { description: "bad response: too many leaves", req: &GetEntriesRequest{Start: 0, End: 1}, - rsp: makeTrillianGetLeavesByRangeResponse(t, 0, 2, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true), + rsp: makeTrillianGetLeavesByRangeResponse(t, 0, 2, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true), wantErr: true, }, { @@ -110,13 +110,13 @@ func TestCheckGetLeavesByRange(t *testing.T) { rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse { rsp.SignedLogRoot = makeLatestSignedLogRootResponse(t, 0, testTreeSize, testNodeHash).SignedLogRoot return rsp - }(makeTrillianGetLeavesByRangeResponse(t, int64(testTreeSize)-1, int64(testTreeSize)-1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)), + }(makeTrillianGetLeavesByRangeResponse(t, int64(testTreeSize)-1, int64(testTreeSize)-1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)), wantErr: true, }, { description: "bad response: invalid leaf indices", req: &GetEntriesRequest{Start: 10, End: 11}, - rsp: makeTrillianGetLeavesByRangeResponse(t, 11, 12, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true), + rsp: makeTrillianGetLeavesByRangeResponse(t, 11, 12, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true), wantErr: true, }, { @@ -125,12 +125,12 @@ func TestCheckGetLeavesByRange(t *testing.T) { rsp: func(rsp *trillian.GetLeavesByRangeResponse) *trillian.GetLeavesByRangeResponse { rsp.SignedLogRoot = makeLatestSignedLogRootResponse(t, 0, testTreeSize, testNodeHash).SignedLogRoot return rsp - }(makeTrillianGetLeavesByRangeResponse(t, int64(testTreeSize)-1, int64(testTreeSize)-1, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true)), + }(makeTrillianGetLeavesByRangeResponse(t, int64(testTreeSize)-1, int64(testTreeSize)-1, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true)), }, { description: "ok response: a bunch of leaves", req: &GetEntriesRequest{Start: 10, End: 20}, - rsp: makeTrillianGetLeavesByRangeResponse(t, 10, 20, testPackage, testdata.FirstPemChain, testdata.FirstPemChainKey, true), + rsp: makeTrillianGetLeavesByRangeResponse(t, 10, 20, testPackage, testdata.RootChain, testdata.EndEntityPrivateKey, true), }, } { if _, err := checkGetLeavesByRange(table.req, table.rsp, table.err); (err != nil) != table.wantErr { diff --git a/type_test.go b/type_test.go index ea3ab36..e8dce00 100644 --- a/type_test.go +++ b/type_test.go @@ -5,8 +5,8 @@ import ( "crypto/tls" - "github.com/system-transparency/stfe/testdata" "github.com/system-transparency/stfe/x509util" + "github.com/system-transparency/stfe/x509util/testdata" ) var ( @@ -275,7 +275,7 @@ func TestEncDecStItem(t *testing.T) { // // Note: max limits for certificate chains are not tested. func TestEncDecAppendix(t *testing.T) { - chain, err := x509util.NewCertificateList(testdata.FirstPemChain) + chain, err := x509util.NewCertificateList(testdata.RootChain) if err != nil { t.Fatalf("must decode certificate chain: %v", err) } @@ -398,7 +398,7 @@ func TestStItemUnmarshalFailure(t *testing.T) { // TestAppendixUnmarshal tests that invalid appendices cannot be unmarshaled func TestAppendixUnmarshalFailure(t *testing.T) { - chain, err := x509util.NewCertificateList(testdata.FirstPemChain) + chain, err := x509util.NewCertificateList(testdata.RootChain) if err != nil { t.Fatalf("must decode certificate chain: %v", err) } diff --git a/x509util/testdata/data.go b/x509util/testdata/data.go index 46f4ab5..832a3aa 100644 --- a/x509util/testdata/data.go +++ b/x509util/testdata/data.go @@ -161,6 +161,8 @@ MC4CAQAwBQYDK2VwBCIEIKQd3B84w9pB6zJLGljuDyGKfz9uPP6QBeLiFcw0EME4 RootCertificate, RootCertificate2, }, []byte("\n")) + // NumTrustAnchors is the number of test trust anchors + NumTrustAnchors = 2 // ExpiredCertificate is a PEM-encoded certificate that is always expired, // i.e., `Not Before`=`Not After`. It is signed by IntermediateCertificate. -- cgit v1.2.3