1package crl 2 3import ( 4 "crypto/x509" 5 "testing" 6 "time" 7 8 "github.com/cloudflare/cfssl/certdb" 9 "github.com/cloudflare/cfssl/certdb/sql" 10 "github.com/cloudflare/cfssl/certdb/testdb" 11 "github.com/cloudflare/cfssl/cli" 12 "github.com/cloudflare/cfssl/helpers" 13) 14 15var dbAccessor certdb.Accessor 16 17const ( 18 fakeAKI = "fake aki" 19 testCaFile = "../testdata/ca.pem" 20 testCaKeyFile = "../testdata/ca-key.pem" 21) 22 23func prepDB() (err error) { 24 db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db") 25 expirationTime := time.Now().AddDate(1, 0, 0) 26 var cert = certdb.CertificateRecord{ 27 Serial: "1", 28 AKI: fakeAKI, 29 Expiry: expirationTime, 30 PEM: "revoked cert", 31 Status: "revoked", 32 RevokedAt: time.Now(), 33 Reason: 4, 34 } 35 36 dbAccessor = sql.NewAccessor(db) 37 err = dbAccessor.InsertCertificate(cert) 38 if err != nil { 39 return err 40 } 41 42 return 43} 44 45func verifyCRL(t *testing.T, crlBytesDER []byte, serial string, expireAfter time.Duration) { 46 parsedCrl, err := x509.ParseCRL(crlBytesDER) 47 if err != nil { 48 t.Fatal("failed to get certificate ", err) 49 } 50 if !parsedCrl.HasExpired(time.Now().Add(expireAfter)) { 51 t.Fatal("the CRL should have expired") 52 } 53 certs := parsedCrl.TBSCertList.RevokedCertificates 54 if len(certs) != 1 { 55 t.Fatal("failed to get one certificate") 56 } 57 58 cert := certs[0] 59 60 if cert.SerialNumber.String() != serial { 61 t.Fatal("cert was not correctly inserted in CRL, serial was " + cert.SerialNumber.String()) 62 } 63} 64 65func TestRevokeMain(t *testing.T) { 66 err := prepDB() 67 if err != nil { 68 t.Fatal(err) 69 } 70 71 crlBytes, err := generateCRL(cli.Config{CAFile: testCaFile, CAKeyFile: testCaKeyFile, DBConfigFile: "../testdata/db-config.json"}) 72 if err != nil { 73 t.Fatal(err) 74 } 75 76 verifyCRL(t, crlBytes, "1", 7*helpers.OneDay+time.Second) 77} 78 79func TestRevokeExpiry(t *testing.T) { 80 err := prepDB() 81 if err != nil { 82 t.Fatal(err) 83 } 84 85 crlBytes, err := generateCRL(cli.Config{CAFile: testCaFile, CAKeyFile: testCaKeyFile, DBConfigFile: "../testdata/db-config.json", CRLExpiration: 23 * time.Hour}) 86 if err != nil { 87 t.Fatal(err) 88 } 89 90 verifyCRL(t, crlBytes, "1", 23*time.Hour+time.Second) 91} 92