func TestSQLite(t *testing.T) {
db := testdb.SQLiteDB(sqliteDBFile)
ta := TestAccessor{
Accessor: NewAccessor(db),
DB: db,
}
testEverything(ta, t)
}
func prepDB() (db *sql.DB, err error) {
db = testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
expirationTime := time.Now().AddDate(1, 0, 0)
var cert = &certdb.CertificateRecord{
Serial: "1",
Expiry: expirationTime,
PEM: "unexpired cert",
}
err = certdb.InsertCertificate(db, cert)
if err != nil {
return nil, err
}
return
}
func prepDB() (certdb.Accessor, error) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
expirationTime := time.Now().AddDate(1, 0, 0)
var cert = &certdb.CertificateRecord{
Serial: "1",
Expiry: expirationTime,
PEM: "unexpired cert",
}
dbAccessor := sql.NewAccessor(db)
err := dbAccessor.InsertCertificate(cert)
if err != nil {
return nil, err
}
return dbAccessor, nil
}
func TestSignerWithDB(t *testing.T) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
err := signerMain([]string{"../../testdata/server.csr"},
cli.Config{
CAFile: "../../testdata/server.crt",
CAKeyFile: "../../testdata/server.key",
Hostname: "www.cloudflare.com",
DBConfigFile: "../testdata/db-config.json"})
if err != nil {
t.Fatal(err)
}
dbAccessor := sql.NewAccessor(db)
crs, err := dbAccessor.GetUnexpiredCertificates()
if err != nil {
t.Fatal("Failed to get unexpired certificates")
}
if len(crs) != 1 {
t.Fatal("Expected 1 unexpired certificate in the database after signing 1")
}
}
func TestSQLite(t *testing.T) {
db := testdb.SQLiteDB(sqliteDBFile)
testEverything(db, t)
}
func TestSignerDBPersistence(t *testing.T) {
conf, err := config.LoadConfig([]byte(validLocalConfigLongerExpiry))
if err != nil {
t.Fatal(err)
}
var s *local.Signer
s, err = local.NewSignerFromFile(testCaFile, testCaKeyFile, conf.Signing)
if err != nil {
t.Fatal(err)
}
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
if err != nil {
t.Fatal(err)
}
dbAccessor = sql.NewAccessor(db)
s.SetDBAccessor(dbAccessor)
var handler *api.HTTPHandler
handler, err = NewHandlerFromSigner(signer.Signer(s))
if err != nil {
t.Fatal(err)
}
ts := httptest.NewServer(handler)
defer ts.Close()
var csrPEM, body []byte
csrPEM, err = ioutil.ReadFile(testCSRFile)
if err != nil {
t.Fatal(err)
}
blob, err := json.Marshal(&map[string]string{"certificate_request": string(csrPEM)})
if err != nil {
t.Fatal(err)
}
var resp *http.Response
resp, err = http.Post(ts.URL, "application/json", bytes.NewReader(blob))
if err != nil {
t.Fatal(err)
}
body, err = ioutil.ReadAll(resp.Body)
if err != nil {
t.Fatal(err)
}
if resp.StatusCode != http.StatusOK {
t.Fatal(resp.Status, string(body))
}
message := new(api.Response)
err = json.Unmarshal(body, message)
if err != nil {
t.Fatalf("failed to read response body: %v", err)
}
if !message.Success {
t.Fatal("API operation failed")
}
crs, err := dbAccessor.GetUnexpiredCertificates()
if err != nil {
t.Fatal("Failed to get unexpired certificates")
}
if len(crs) != 1 {
t.Fatal("Expected 1 unexpired certificate in the database after signing 1: len(crs)=", len(crs))
}
}
func TestSQLite(t *testing.T) {
db := testdb.SQLiteDB(sqliteDBFile)
dba := NewAccessor(db)
testEverything(dba, t)
}
func TestOCSPRefreshMain(t *testing.T) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
certPEM, err := ioutil.ReadFile("../../ocsp/testdata/cert.pem")
if err != nil {
t.Fatal(err)
}
cert, err := helpers.ParseCertificatePEM(certPEM)
if err != nil {
t.Fatal(err)
}
expirationTime := time.Now().AddDate(1, 0, 0)
certRecord := certdb.CertificateRecord{
Serial: cert.SerialNumber.String(),
AKI: hex.EncodeToString(cert.AuthorityKeyId),
Expiry: expirationTime,
PEM: string(certPEM),
Status: "good",
}
dbAccessor = sql.NewAccessor(db)
err = dbAccessor.InsertCertificate(certRecord)
if err != nil {
t.Fatal(err)
}
err = ocsprefreshMain([]string{}, cli.Config{
CAFile: "../../ocsp/testdata/ca.pem",
ResponderFile: "../../ocsp/testdata/server.crt",
ResponderKeyFile: "../../ocsp/testdata/server.key",
DBConfigFile: "../testdata/db-config.json",
Interval: helpers.OneDay,
})
if err != nil {
t.Fatal(err)
}
records, err := dbAccessor.GetUnexpiredOCSPs()
if err != nil {
t.Fatal("Failed to get OCSP responses")
}
if len(records) != 1 {
t.Fatal("Expected one OCSP response")
}
var resp *ocsp.Response
resp, err = ocsp.ParseResponse([]byte(records[0].Body), nil)
if err != nil {
t.Fatal("Failed to parse OCSP response")
}
if resp.Status != ocsp.Good {
t.Fatal("Expected cert status 'good'")
}
err = dbAccessor.RevokeCertificate(certRecord.Serial, certRecord.AKI, ocsp.KeyCompromise)
if err != nil {
t.Fatal("Failed to revoke certificate")
}
err = ocsprefreshMain([]string{}, cli.Config{
CAFile: "../../ocsp/testdata/ca.pem",
ResponderFile: "../../ocsp/testdata/server.crt",
ResponderKeyFile: "../../ocsp/testdata/server.key",
DBConfigFile: "../testdata/db-config.json",
Interval: helpers.OneDay,
})
if err != nil {
t.Fatal(err)
}
records, err = dbAccessor.GetUnexpiredOCSPs()
if err != nil {
t.Fatal("Failed to get OCSP responses")
}
if len(records) != 1 {
t.Fatal("Expected one OCSP response")
}
resp, err = ocsp.ParseResponse([]byte(records[0].Body), nil)
if err != nil {
t.Fatal("Failed to parse OCSP response")
}
if resp.Status != ocsp.Revoked {
t.Fatal("Expected cert status 'revoked'")
}
}
func TestOCSPRefreshMain(t *testing.T) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
certPEM, err := ioutil.ReadFile("../../ocsp/testdata/cert.pem")
if err != nil {
t.Fatal(err)
}
expirationTime := time.Now().AddDate(1, 0, 0)
var cert = &certdb.CertificateRecord{
Serial: "1333308112180215502", // from cert.pem
Expiry: expirationTime,
PEM: string(certPEM),
Status: "good",
}
err = certdb.InsertCertificate(db, cert)
if err != nil {
t.Fatal(err)
}
err = ocsprefreshMain([]string{}, cli.Config{
CAFile: "../../ocsp/testdata/ca.pem",
ResponderFile: "../../ocsp/testdata/server.crt",
ResponderKeyFile: "../../ocsp/testdata/server.key",
DBConfigFile: "../testdata/db-config.json",
Interval: helpers.OneDay,
})
if err != nil {
t.Fatal(err)
}
var records []*certdb.OCSPRecord
records, err = certdb.GetUnexpiredOCSPs(db)
if err != nil {
t.Fatal("Failed to get OCSP responses")
}
if len(records) != 1 {
t.Fatal("Expected one OCSP response")
}
var resp *ocsp.Response
resp, err = ocsp.ParseResponse([]byte(records[0].Body), nil)
if err != nil {
t.Fatal("Failed to parse OCSP response")
}
if resp.Status != ocsp.Good {
t.Fatal("Expected cert status 'good'")
}
err = certdb.RevokeCertificate(db, cert.Serial, ocsp.KeyCompromise)
if err != nil {
t.Fatal("Failed to revoke certificate")
}
err = ocsprefreshMain([]string{}, cli.Config{
CAFile: "../../ocsp/testdata/ca.pem",
ResponderFile: "../../ocsp/testdata/server.crt",
ResponderKeyFile: "../../ocsp/testdata/server.key",
DBConfigFile: "../testdata/db-config.json",
Interval: helpers.OneDay,
})
if err != nil {
t.Fatal(err)
}
records, err = certdb.GetUnexpiredOCSPs(db)
if err != nil {
t.Fatal("Failed to get OCSP responses")
}
if len(records) != 1 {
t.Fatal("Expected one OCSP response")
}
resp, err = ocsp.ParseResponse([]byte(records[0].Body), nil)
if err != nil {
t.Fatal("Failed to parse OCSP response")
}
if resp.Status != ocsp.Revoked {
t.Fatal("Expected cert status 'revoked'")
}
}