Beispiel #1
0
func testInsertOCSPAndGetUnexpiredOCSP(dba certdb.Accessor, t *testing.T) {
	want := &certdb.OCSPRecord{
		Serial: "fake serial 2",
		Body:   "fake body",
		Expiry: time.Now().Add(time.Minute),
	}

	if err := dba.InsertOCSP(want); err != nil {
		t.Fatal(err)
	}

	got, err := dba.GetOCSP(want.Serial)
	if err != nil {
		t.Fatal(err)
	}

	if want.Serial != got.Serial || want.Body != got.Body ||
		!roughlySameTime(want.Expiry, got.Expiry) {
		t.Errorf("want OCSP %+v, got %+v", *want, *got)
	}

	unexpired, err := dba.GetUnexpiredOCSPs()

	if err != nil {
		t.Fatal(err)
	}

	if len(unexpired) != 1 {
		t.Error("should not have other than 1 unexpired certificate record:", len(unexpired))
	}
}
Beispiel #2
0
func testUpdateOCSPAndGetOCSP(dba certdb.Accessor, t *testing.T) {
	want := &certdb.OCSPRecord{
		Serial: "fake serial 3",
		Body:   "fake body",
		Expiry: time.Date(2010, time.December, 25, 23, 0, 0, 0, time.UTC),
	}

	if err := dba.InsertOCSP(want); err != nil {
		t.Fatal(err)
	}

	newExpiry := time.Now().Add(time.Hour)
	if err := dba.UpdateOCSP(want.Serial, "fake body revoked", newExpiry); err != nil {
		t.Fatal(err)
	}

	got, err := dba.GetOCSP(want.Serial)
	if err != nil {
		t.Fatal(err)
	}

	want.Expiry = newExpiry
	if want.Serial != got.Serial || got.Body != "fake body revoked" ||
		!roughlySameTime(newExpiry, got.Expiry) {
		t.Errorf("want OCSP %+v, got %+v", *want, *got)
	}
}
Beispiel #3
0
func testInsertOCSPAndGetOCSP(dba certdb.Accessor, t *testing.T) {
	expiry := time.Date(2010, time.December, 25, 23, 0, 0, 0, time.UTC)
	want := &certdb.OCSPRecord{
		Serial: "fake serial",
		Body:   "fake body",
		Expiry: expiry,
	}

	if err := dba.InsertOCSP(want); err != nil {
		t.Fatal(err)
	}

	got, err := dba.GetOCSP(want.Serial)
	if err != nil {
		t.Fatal(err)
	}

	if want.Serial != got.Serial || want.Body != got.Body ||
		!roughlySameTime(want.Expiry, got.Expiry) {
		t.Errorf("want OCSP %+v, got %+v", *want, *got)
	}

	unexpired, err := dba.GetUnexpiredOCSPs()

	if err != nil {
		t.Fatal(err)
	}

	if len(unexpired) != 0 {
		t.Error("should not have unexpired certificate record")
	}
}
Beispiel #4
0
func testUpdateCertificateAndGetCertificate(dba certdb.Accessor, t *testing.T) {
	expiry := time.Date(2010, time.December, 25, 23, 0, 0, 0, time.UTC)
	want := &certdb.CertificateRecord{
		PEM:     "fake cert data",
		Serial:  "fake serial 3",
		CALabel: "default",
		Status:  "good",
		Reason:  0,
		Expiry:  expiry,
	}

	if err := dba.InsertCertificate(want); err != nil {
		t.Fatal(err)
	}

	// reason 2 is CACompromise
	if err := dba.RevokeCertificate(want.Serial, 2); err != nil {
		t.Fatal(err)
	}

	got, err := dba.GetCertificate(want.Serial)
	if err != nil {
		t.Fatal(err)
	}

	// relfection comparison with zero time objects are not stable as it seems
	if want.Serial != got.Serial || got.Status != "revoked" ||
		want.CALabel != got.CALabel || got.RevokedAt.IsZero() ||
		want.PEM != got.PEM {
		t.Errorf("want Certificate %+v, got %+v", *want, *got)
	}
}
Beispiel #5
0
func testUpdateOCSPAndGetOCSP(dba certdb.Accessor, t *testing.T) {
	want := certdb.OCSPRecord{
		Serial: "fake serial 3",
		AKI:    fakeAKI,
		Body:   "fake body",
		Expiry: time.Date(2010, time.December, 25, 23, 0, 0, 0, time.UTC),
	}

	if err := dba.InsertOCSP(want); err != nil {
		t.Fatal(err)
	}

	want.Body = "fake body revoked"
	newExpiry := time.Now().Add(time.Hour)
	if err := dba.UpdateOCSP(want.Serial, want.AKI, want.Body, newExpiry); err != nil {
		t.Fatal(err)
	}

	rets, err := dba.GetOCSP(want.Serial, want.AKI)
	if err != nil {
		t.Fatal(err)
	}
	if len(rets) != 1 {
		t.Fatal("should return exactly one record")
	}

	got := rets[0]

	want.Expiry = newExpiry
	if want.Serial != got.Serial || got.Body != "fake body revoked" ||
		!roughlySameTime(newExpiry, got.Expiry) {
		t.Errorf("want OCSP %+v, got %+v", want, got)
	}
}
Beispiel #6
0
func testInsertCertificateAndGetUnexpiredCertificate(dba certdb.Accessor, t *testing.T) {
	expiry := time.Now().Add(time.Minute)
	want := certdb.CertificateRecord{
		PEM:    "fake cert data",
		Serial: "fake serial 2",
		AKI:    fakeAKI,
		Status: "good",
		Reason: 0,
		Expiry: expiry,
	}

	if err := dba.InsertCertificate(want); err != nil {
		t.Fatal(err)
	}

	rets, err := dba.GetCertificate(want.Serial, want.AKI)
	if err != nil {
		t.Fatal(err)
	}

	if len(rets) != 1 {
		t.Fatal("should return exactly one record")
	}

	got := rets[0]

	// relfection comparison with zero time objects are not stable as it seems
	if want.Serial != got.Serial || want.Status != got.Status ||
		want.AKI != got.AKI || !got.RevokedAt.IsZero() ||
		want.PEM != got.PEM || !roughlySameTime(got.Expiry, expiry) {
		t.Errorf("want Certificate %+v, got %+v", want, got)
	}

	unexpired, err := dba.GetUnexpiredCertificates()

	if err != nil {
		t.Fatal(err)
	}

	if len(unexpired) != 1 {
		t.Error("should not have other than 1 unexpired certificate record:", len(unexpired))
	}
}
Beispiel #7
0
func testUpdateCertificateAndGetCertificate(dba certdb.Accessor, t *testing.T) {
	expiry := time.Date(2010, time.December, 25, 23, 0, 0, 0, time.UTC)
	want := certdb.CertificateRecord{
		PEM:    "fake cert data",
		Serial: "fake serial 3",
		AKI:    fakeAKI,
		Status: "good",
		Reason: 0,
		Expiry: expiry,
	}

	if err := dba.InsertCertificate(want); err != nil {
		t.Fatal(err)
	}

	// reason 2 is CACompromise
	if err := dba.RevokeCertificate(want.Serial, want.AKI, 2); err != nil {
		t.Fatal(err)
	}

	rets, err := dba.GetCertificate(want.Serial, want.AKI)
	if err != nil {
		t.Fatal(err)
	}

	if len(rets) != 1 {
		t.Fatal("should return exactly one record")
	}

	got := rets[0]

	// relfection comparison with zero time objects are not stable as it seems
	if want.Serial != got.Serial || got.Status != "revoked" ||
		want.AKI != got.AKI || got.RevokedAt.IsZero() ||
		want.PEM != got.PEM {
		t.Errorf("want Certificate %+v, got %+v", want, got)
	}
}
Beispiel #8
0
func testInsertCertificateAndGetCertificate(dba certdb.Accessor, t *testing.T) {
	expiry := time.Date(2010, time.December, 25, 23, 0, 0, 0, time.UTC)
	want := &certdb.CertificateRecord{
		PEM:     "fake cert data",
		Serial:  "fake serial",
		CALabel: "default",
		Status:  "good",
		Reason:  0,
		Expiry:  expiry,
	}

	if err := dba.InsertCertificate(want); err != nil {
		t.Fatal(err)
	}

	got, err := dba.GetCertificate(want.Serial)
	if err != nil {
		t.Fatal(err)
	}

	// relfection comparison with zero time objects are not stable as it seems
	if want.Serial != got.Serial || want.Status != got.Status ||
		want.CALabel != got.CALabel || !got.RevokedAt.IsZero() ||
		want.PEM != got.PEM || !roughlySameTime(got.Expiry, expiry) {
		t.Errorf("want Certificate %+v, got %+v", *want, *got)
	}

	unexpired, err := dba.GetUnexpiredCertificates()

	if err != nil {
		t.Fatal(err)
	}

	if len(unexpired) != 0 {
		t.Error("should not have unexpired certificate record")
	}
}