forked from letsencrypt/boulder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
core_test.go
113 lines (92 loc) · 3.75 KB
/
core_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package core
import (
"encoding/base64"
"encoding/json"
"testing"
"github.com/letsencrypt/boulder/test"
"gopkg.in/square/go-jose.v2"
)
// challenges.go
var accountKeyJSON = `{
"kty":"RSA",
"n":"yNWVhtYEKJR21y9xsHV-PD_bYwbXSeNuFal46xYxVfRL5mqha7vttvjB_vc7Xg2RvgCxHPCqoxgMPTzHrZT75LjCwIW2K_klBYN8oYvTwwmeSkAz6ut7ZxPv-nZaT5TJhGk0NT2kh_zSpdriEJ_3vW-mqxYbbBmpvHqsa1_zx9fSuHYctAZJWzxzUZXykbWMWQZpEiE0J4ajj51fInEzVn7VxV-mzfMyboQjujPh7aNJxAWSq4oQEJJDgWwSh9leyoJoPpONHxh5nEE5AjE01FkGICSxjpZsF-w8hOTI3XXohUdu29Se26k2B0PolDSuj0GIQU6-W9TdLXSjBb2SpQ",
"e":"AQAB"
}`
func TestChallenges(t *testing.T) {
var accountKey *jose.JSONWebKey
err := json.Unmarshal([]byte(accountKeyJSON), &accountKey)
if err != nil {
t.Errorf("Error unmarshaling JWK: %v", err)
}
http01 := HTTPChallenge01()
test.AssertNotError(t, http01.CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer returned an error")
tlssni01 := TLSSNIChallenge01()
test.AssertNotError(t, tlssni01.CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer returned an error")
dns01 := DNSChallenge01()
test.AssertNotError(t, dns01.CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer returned an error")
tlsalpn01 := TLSALPNChallenge01()
test.AssertNotError(t, tlsalpn01.CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer returned an error")
test.Assert(t, ValidChallenge(ChallengeTypeHTTP01), "Refused valid challenge")
test.Assert(t, ValidChallenge(ChallengeTypeTLSSNI01), "Refused valid challenge")
test.Assert(t, ValidChallenge(ChallengeTypeDNS01), "Refused valid challenge")
test.Assert(t, ValidChallenge(ChallengeTypeTLSALPN01), "Refused valid challenge")
test.Assert(t, !ValidChallenge("nonsense-71"), "Accepted invalid challenge")
}
// objects.go
var testCertificateRequestBadCSR = []byte(`{"csr":"AAAA"}`)
var testCertificateRequestGood = []byte(`{
"csr": "MIHRMHgCAQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWUlnRrm5ErSVkTzBTk3isg1hNydfyY4NM1P_N1S-ZeD39HMrYJsQkUh2tKvy3ztfmEqWpekvO4WRktSa000BPoAAwCgYIKoZIzj0EAwMDSQAwRgIhAIZIBwu4xOUD_4dJuGgceSKaoXTFBQKA3BFBNVJvbpdsAiEAlfq3Dq_8dnYbtmyDdXgopeKkSV5_76VSpcog-wkwEwo"
}`)
func TestCertificateRequest(t *testing.T) {
// Good
var goodCR CertificateRequest
err := json.Unmarshal(testCertificateRequestGood, &goodCR)
if err != nil {
t.Errorf("Error unmarshaling good certificate request: %v", err)
}
if err = goodCR.CSR.CheckSignature(); err != nil {
t.Errorf("Valid CSR in CertificateRequest failed to verify: %v", err)
}
// Bad CSR
var badCR CertificateRequest
err = json.Unmarshal(testCertificateRequestBadCSR, &badCR)
if err == nil {
t.Errorf("Unexpectedly accepted certificate request with bad CSR")
}
// Marshal
jsonCR, err := json.Marshal(goodCR)
if err != nil {
t.Errorf("Failed to marshal good certificate request: %v", err)
}
err = json.Unmarshal(jsonCR, &goodCR)
if err != nil {
t.Errorf("Marshalled certificate request failed to unmarshal: %v", err)
}
}
// util.go
func TestRandomString(t *testing.T) {
byteLength := 256
b64 := RandomString(byteLength)
bin, err := base64.RawURLEncoding.DecodeString(b64)
if err != nil {
t.Errorf("Error in base64 decode: %v", err)
}
if len(bin) != byteLength {
t.Errorf("Improper length: %v", len(bin))
}
token := NewToken()
if len(token) != 43 {
t.Errorf("Improper length for token: %v %v", len(token), token)
}
}
func TestFingerprint(t *testing.T) {
in := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
out := []byte{55, 71, 8, 255, 247, 113, 157, 213,
151, 158, 200, 117, 213, 108, 210, 40,
111, 109, 60, 247, 236, 49, 122, 59,
37, 99, 42, 171, 40, 236, 55, 187}
digest := Fingerprint256(in)
if digest != base64.RawURLEncoding.EncodeToString(out) {
t.Errorf("Incorrect SHA-256 fingerprint: %v", digest)
}
}