func prepDB() (db *sql.DB, err error) {
db = testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
expirationTime := time.Now().AddDate(1, 0, 0)
var cert = &certdb.CertificateRecord{
Serial: "1",
Expiry: expirationTime,
PEM: "unexpired cert",
}
err = certdb.InsertCertificate(db, cert)
if err != nil {
return nil, err
}
return
}
func TestSignerWithDB(t *testing.T) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
err := signerMain([]string{"../../testdata/server.csr"},
cli.Config{
CAFile: "../../testdata/server.crt",
CAKeyFile: "../../testdata/server.key",
Hostname: "www.cloudflare.com",
DBConfigFile: "../testdata/db-config.json"})
if err != nil {
t.Fatal(err)
}
var crs []*certdb.CertificateRecord
crs, err = certdb.GetUnexpiredCertificates(db)
if err != nil {
t.Fatal("Failed to get unexpired certificates")
}
if len(crs) != 1 {
t.Fatal("Expected 1 unexpired certificate in the database after signing 1")
}
}
func TestOCSPRefreshMain(t *testing.T) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
certPEM, err := ioutil.ReadFile("../../ocsp/testdata/cert.pem")
if err != nil {
t.Fatal(err)
}
expirationTime := time.Now().AddDate(1, 0, 0)
var cert = &certdb.CertificateRecord{
Serial: "1333308112180215502", // from cert.pem
Expiry: expirationTime,
PEM: string(certPEM),
Status: "good",
}
err = certdb.InsertCertificate(db, cert)
if err != nil {
t.Fatal(err)
}
err = ocsprefreshMain([]string{}, cli.Config{
CAFile: "../../ocsp/testdata/ca.pem",
ResponderFile: "../../ocsp/testdata/server.crt",
ResponderKeyFile: "../../ocsp/testdata/server.key",
DBConfigFile: "../testdata/db-config.json",
Interval: helpers.OneDay,
})
if err != nil {
t.Fatal(err)
}
var records []*certdb.OCSPRecord
records, err = certdb.GetUnexpiredOCSPs(db)
if err != nil {
t.Fatal("Failed to get OCSP responses")
}
if len(records) != 1 {
t.Fatal("Expected one OCSP response")
}
var resp *ocsp.Response
resp, err = ocsp.ParseResponse([]byte(records[0].Body), nil)
if err != nil {
t.Fatal("Failed to parse OCSP response")
}
if resp.Status != ocsp.Good {
t.Fatal("Expected cert status 'good'")
}
err = certdb.RevokeCertificate(db, cert.Serial, ocsp.KeyCompromise)
if err != nil {
t.Fatal("Failed to revoke certificate")
}
err = ocsprefreshMain([]string{}, cli.Config{
CAFile: "../../ocsp/testdata/ca.pem",
ResponderFile: "../../ocsp/testdata/server.crt",
ResponderKeyFile: "../../ocsp/testdata/server.key",
DBConfigFile: "../testdata/db-config.json",
Interval: helpers.OneDay,
})
if err != nil {
t.Fatal(err)
}
records, err = certdb.GetUnexpiredOCSPs(db)
if err != nil {
t.Fatal("Failed to get OCSP responses")
}
if len(records) != 1 {
t.Fatal("Expected one OCSP response")
}
resp, err = ocsp.ParseResponse([]byte(records[0].Body), nil)
if err != nil {
t.Fatal("Failed to parse OCSP response")
}
if resp.Status != ocsp.Revoked {
t.Fatal("Expected cert status 'revoked'")
}
}
func TestSQLite(t *testing.T) {
db := testdb.SQLiteDB(sqliteDBFile)
testEverything(db, t)
}
func TestSignerDBPersistence(t *testing.T) {
conf, err := config.LoadConfig([]byte(validLocalConfigLongerExpiry))
if err != nil {
t.Fatal(err)
}
var s *local.Signer
s, err = local.NewSignerFromFile(testCaFile, testCaKeyFile, conf.Signing)
if err != nil {
t.Fatal(err)
}
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
if err != nil {
t.Fatal(err)
}
s.SetDB(db)
var handler *api.HTTPHandler
handler, err = NewHandlerFromSigner(signer.Signer(s))
if err != nil {
t.Fatal(err)
}
ts := httptest.NewServer(handler)
defer ts.Close()
var csrPEM, body []byte
csrPEM, err = ioutil.ReadFile(testCSRFile)
if err != nil {
t.Fatal(err)
}
blob, err := json.Marshal(&map[string]string{"certificate_request": string(csrPEM)})
if err != nil {
t.Fatal(err)
}
var resp *http.Response
resp, err = http.Post(ts.URL, "application/json", bytes.NewReader(blob))
if err != nil {
t.Fatal(err)
}
body, err = ioutil.ReadAll(resp.Body)
if err != nil {
t.Fatal(err)
}
if resp.StatusCode != http.StatusOK {
t.Fatal(resp.Status, string(body))
}
message := new(api.Response)
err = json.Unmarshal(body, message)
if err != nil {
t.Fatalf("failed to read response body: %v", err)
}
if !message.Success {
t.Fatal("API operation failed")
}
var crs []*certdb.CertificateRecord
crs, err = certdb.GetUnexpiredCertificates(db)
if err != nil {
t.Fatal("Failed to get unexpired certificates")
}
if len(crs) != 1 {
t.Fatal("Expected 1 unexpired certificate in the database after signing 1")
}
}
