cloudflare/cfssl_trust

Public

mirrored from https://github.com/cloudflare/cfssl_trustAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
trust-store-2022.6.2

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

model/certdb/certificate_test.go

771lines · modecode

1package certdb
2
3import (
4 "crypto/x509"
5 "database/sql"
6 "encoding/pem"
7 "fmt"
8 "io/ioutil"
9 "math/big"
10 "strings"
11 "testing"
12 "time"
13
14 "github.com/cloudflare/cfssl_trust/release"
15 _ "github.com/mattes/migrate/driver/sqlite3"
16)
17
18var sourceFiles = []string{
19 "1485991500_revision_1.up.sql",
20}
21
22const latestRevision = 1
23
24var (
25 testCert1PEM = `-----BEGIN CERTIFICATE-----
26MIIEujCCAqKgAwIBAgIUE88us8tr5RRFX4RlooTtDDKao5owDQYJKoZIhvcNAQEN
27BQAwZDELMAkGA1UEBhMCVVMxKDAmBgNVBAsTH0Ryb3Bzb25kZSBDZXJ0aWZpY2F0
28ZSBBdXRob3JpdHkxFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNh
29bGlmb3JuaWEwHhcNMTcwMzIyMjEyNDAwWhcNMTgwMzIyMjEyNDAwWjA7MQswCQYD
30VQQGEwJVUzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLRXhhbXBs
31ZSBPcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS8xbhnhoS9S8h
32fOoyS5UEpRa/qxqe8+CrQ/hlLmND3p9igSaMpmDzz6rhgadPSOAhU4eNkuXU+0gL
33c2qUny8TMZllS3bUzEVydRerDlz4ILsm0Pm/vvvOQxg+wAidKTpq6Mt9TjoXhqZW
34FyZzYArGecIQhofl8Z0aHhBQx3vSLCl6i+5FdBHLbrE6WKSo5nWN+lImOVBOUDoe
35KQvp9q3pX1WSzB02IEymBlMUfYuPx/Ak7q/ipgEcgQ9EkUQBR5G1fuuNzW/1WT8b
36RdduT7quEOEOTB672g4zY+DG+oo3UjgvZNSkxS9MuAHD/vC0quTKSWYqOUFsW4wO
37w+ymWO3dAgMBAAGjgYwwgYkwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG
38AQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDg3gWdPbhl4INGDMdU/RCig
391PrXMB8GA1UdIwQYMBaAFJs7c+/33EDkoip7EOnUrU1dDOw9MBQGA1UdEQQNMAuC
40CWxvY2FsaG9zdDANBgkqhkiG9w0BAQ0FAAOCAgEA3aqTKWrTgD3cZVuBTSz7nWRG
41k5LyVYA1wlAD1o/msPwtO1eJ/doSc+gTUyzIYoUD3wyAkTrA3UJosYiY6BYdJvsh
42AC5B/Kr+qwUjqqiE8ejPW/UzPjJldSa1zrhOMPDVDjnD+GMm9hLtxB7Mw0EWM3jn
43+noiPjz6RFsbo4jhZigWrHmR1FKBoCWKEAJEzE0k5n0RljzyCk2nH6jfE1tHLaoe
44njJ6XVu3RpW9RBJJcIyfyprhrG96ch8eet0VjV3Dn746sTKYY4yDMnvTc51aXc88
45CeV6RxiqYObVbfyH8jX5v3rdJUA5FTTQU1IXx8Lt80L12Zhh+NqODlqJnnKVFAen
46KpGINr31d0x2QE5C4uhb03OUgcQDT9pOu/VyLqZo7HUPZ/0HCUhPyvZrdiCAQCkQ
47zjdxJ7iTVJibIjXjblURGsZnJ0TX1XdGcMOzQHsguNpZcDCE5lri+MlMX5Q7UVc8
482AOP0tNzvDb/dtaKJOYHC5vF+A8mC7ypoWqIPRpgl4Q1fNor92tlAXv+EbUQ+X4s
495IsbInK07y3bWprTUXCl9h2C3ZvZpnTDOhcwA2LppN7HRa0z86yrxMtTKXrRwzp7
50cykDEvBNRzSMW4/JLLxWXX8xkgyof0FLOvKn6Vpa8yj3PO3LKPDYKXkMzMkyquAA
51XHXWOlG/EIvvGpRRLGA=
52-----END CERTIFICATE-----`
53 testCert2PEM = `-----BEGIN CERTIFICATE-----
54MIIEujCCAqKgAwIBAgIURax0FoxRFjsPw80NCPsLKlnTsTAwDQYJKoZIhvcNAQEN
55BQAwZDELMAkGA1UEBhMCVVMxKDAmBgNVBAsTH0Ryb3Bzb25kZSBDZXJ0aWZpY2F0
56ZSBBdXRob3JpdHkxFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNh
57bGlmb3JuaWEwHhcNMTcwMzIyMjM0NTAwWhcNMTgwMzIyMjM0NTAwWjA7MQswCQYD
58VQQGEwJVUzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLRXhhbXBs
59ZSBPcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr3D/yKjwbNzBx
60TkpbwKfdX7X7waApVFJnb8tBytwX+xgUEIjb/t7J5/HvILsQzL6rTXoqKj9xqF4n
61oYNZP1OWI9HAIILaVU/pKk7HAr7Yj3voAh4eWB0nrwSrn72lCzJZc6WJHD1juEps
62E1kH57WlsjMxyFddfknLvscQtDgKy+bEM3txklwwbj2FObyYfEbq3dK+/q3CiUra
63ksU8v1QAeSvgpLnXS50j5TyaZFRIn3xHKzI/v2spA1/gaL3Yjw9vynmhH1ZMcOhQ
64tKmqS1SZyU8WJnwE7WwA5+dAXWV1VT3q8dUAAi+bbw+jeT6+dlTFOSSYlzUhXeWL
65syxhMGD3AgMBAAGjgYwwgYkwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG
66AQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBLL3Acf8DziXVDxjO7RV7pb
67TU/8MB8GA1UdIwQYMBaAFJs7c+/33EDkoip7EOnUrU1dDOw9MBQGA1UdEQQNMAuC
68CWxvY2FsaG9zdDANBgkqhkiG9w0BAQ0FAAOCAgEAbmOCiB7B0e3KCWv3cwmz3FM4
69WNTBeui0RPRdxoOYwKRjiRoHoFTlomWZrq9a4dG/lvrX4QZ6KUgriMWQTuVV8z7K
70h/Ztz3o50zgEuhhIp2cAt9c3iQetJXwo/NSAn7XgkpnEiTPV9czGyAcAxUnLQfsT
71NA3UhQ8KR4zam0IXRmZrmmx1cM+x+jtmJ1zSVgR0HRWCPYHPQ0eUPyKg8Y6C2BYT
72J1CerMLyvZv77HhSOA7c2ycm00nM8zIzTgIXbVIgE0Iqc1nSh+fXMSH9XFsznS26
73/b5akeqy+5FXTpvmEA8fLaUvqfp14MYfVjnJupcUPa80pzva1RdzKDH+cIkc0ock
749LMRk1n8hRUJ1OZPlGyZQR9AWeaRRdPcsvSQK21ZGgKgCMTu8MbgRBPYCC/CXB77
755MnQJUDBY4/iqGXoR083p9XRX4h17ztLFQqR7jcRW2uoHKJVdQ6KNNqzToxIwmWI
76jhi/eGG9q+OQlWsLdlgPg+oMBpDlS5BKTSUMA6SRYAHqySNAQ+OLbNsbjVfcFR09
77GH+eBfE/3+enc7fuwA4PMGXXaVa535xCanfphRyJ8KUdJldhqBREV3pUjhNqi7Xu
78pPj5xf7ixOYOf8Dn+KLRhTHuxrns2jwOwum+a7SMsq8FFoAc0ns+DbLMVzIyXZ8M
79YG/B7dZNlSdEmuy/8Ls=
80-----END CERTIFICATE-----`
81 testCert3PEM = `-----BEGIN CERTIFICATE-----
82MIIE8TCCAtmgAwIBAgIUNf3QnXcvRrC+qV98F5/fqX7sSEYwDQYJKoZIhvcNAQEN
83BQAwZDELMAkGA1UEBhMCVVMxKDAmBgNVBAsTH0Ryb3Bzb25kZSBDZXJ0aWZpY2F0
84ZSBBdXRob3JpdHkxFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNh
85bGlmb3JuaWEwHhcNMTcwMzIyMjM1NzAwWhcNMTgwMzIyMjM1NzAwWjA7MQswCQYD
86VQQGEwJVUzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLRXhhbXBs
87ZSBPcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVuvrIyN2KZd8V
88LVrgydKirLSWTXLL4SnwhUElGd0Ng3mkm3+B/+bRqfku43oTgcCXSn2RBGO8FZ2h
89tKLus2sE3lSiJeFIz+x6mjfxHQ0teAtcaZr8H3JzbFfP3G04DvszyOr2hUmZz3Zg
90k+nJXwjBgXCswWJxIZ8b/PeWRsc3shUWSVED6IZIa/bBILbKPXi62cdDJxmHdMT3
918qIieamvP0EJemOQVSXPbUapVddOsZk9iXDJFYrmj89ngmyN/L+5XntVDELKKHFm
92MN5PSFQ8Dc9In9xQfsWJQBS39iOUOwzj3aB3r8qapnJsJBEyaNnU71NQ/rOI7sbN
93lPBiT/mDAgMBAAGjgcMwgcAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG
94AQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFoBtOYL2Aoxvqkin/dG0kyK
95pKGGMB8GA1UdIwQYMBaAFJs7c+/33EDkoip7EOnUrU1dDOw9MDUGCCsGAQUFBwEB
96BCkwJzAlBggrBgEFBQcwAoYZaHR0cDovL2xvY2FsaG9zdC9pc3N1YW5jZTAUBgNV
97HREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQENBQADggIBAEug5xSH5B62LDup
98soBnGcpiup6778O9pNlmln7h2Lh538S33JPYLp1SYqLieQ0Ww/9CCFMg/VxKDuKE
99vbF7n2ZDjLCgXNQpJwBRwCbSFiWY5lYyC4+wbKp04GywcV7HVct1YtqBlvRF+lO7
100TXmeEmE15IdyZRjONLv1FMhRXKkU6CpU6Dfn++UcE9EQq2xgFWXYzKZVGrkWv4Gp
10133fbCY7nuBSF3FAGyjHq+zBJM0ftcBkg1OrbTWqgJB4h41SXA5DT4dovBZ0AWuuv
10284ft8FxFLwVqRMtH8Trc8qXhBmDUYfa4Iv51NF1Ji8xkiusuqt8z6kiTo+VJw1hj
103z3ZQoYaj1Yk9UCHCbqHN3PxW+N/K451ib+i7CiSG8hhaxZMpX+cP8o3C65fVDquH
1042gpcrHLt5CAGRk3YY+uMkBGLvSYhQ2By8tpX1YXcmAYleF6h7a5E5xTqR9ek9Nhj
105PWnfrp07jugIsv2nFlYZjBaa1p1lWgabAaGHG47V0HRTFvKdtaxXCTMKofc3g0he
10644Wg1V0EcvsLeDAmjBgBtnwFyeV33y1ytDwvl7/EAlX9OWdaDOSXnzotocSzFpKh
107vxbpF0Bdu5S04wN5Qzc5sIQWCyPwtUsiq7A+xqqOCU9770bqraG3T7aBM7VuUm6O
108huB5zfRBKm6VY4UQEj7kHjQO8nxW
109-----END CERTIFICATE-----`
110 testCert1 *x509.Certificate
111 testCert2 *x509.Certificate
112 testCert3 *x509.Certificate
113 testDB *sql.DB
114 curRelease = release.New()
115)
116
117func mustParseCertificate(in string) *x509.Certificate {
118 p, rest := pem.Decode([]byte(in))
119 if len(rest) != 0 || p == nil {
120 panic("couldn't parse certificate")
121 }
122
123 if p.Type != "CERTIFICATE" {
124 panic("invalid certificate")
125 }
126
127 cert, err := x509.ParseCertificate(p.Bytes)
128 if err != nil {
129 panic(err.Error())
130 }
131
132 return cert
133}
134
135func execSQLFile(path string) error {
136 data, err := ioutil.ReadFile("../" + path)
137 if err != nil {
138 return err
139 }
140
141 split := strings.Split(string(data), ";")
142 var statements []string
143 for i := range split {
144 statement := strings.TrimSpace(split[i])
145 if statement != "" {
146 statements = append(statements, statement)
147 }
148 }
149
150 for _, statement := range statements {
151 _, err := testDB.Exec(statement)
152 if err != nil {
153 return err
154 }
155 }
156
157 return nil
158}
159
160func dbInit() {
161 var err error
162 testDB, err = sql.Open("sqlite3", ":memory:")
163 if err != nil {
164 panic(err.Error())
165 }
166
167 for _, source := range sourceFiles {
168 err = execSQLFile(source)
169 if err != nil {
170 panic(err.Error())
171 }
172 }
173
174 var revision int
175 row := testDB.QueryRow("SELECT max(revision) FROM schema_version")
176 err = row.Scan(&revision)
177 if err != nil {
178 panic(err.Error())
179 }
180
181 if revision != latestRevision {
182 panic(fmt.Sprintf("schema version is currently %d, but expected %d",
183 revision, latestRevision))
184 }
185}
186
187func init() {
188 testCert1 = mustParseCertificate(testCert1PEM)
189 testCert2 = mustParseCertificate(testCert2PEM)
190 testCert3 = mustParseCertificate(testCert3PEM)
191 dbInit()
192}
193
194// TestCertEnsure verifies the Ensure function with the Certificate
195// type. It does three tests: first, it calls Ensure with the first
196// test certificate to make sure it was inserted. Next, it makes the
197// same call; the certificate shouldn't be inserted twice. Finally,
198// it tries to Ensure the second test certificate. It also calls
199// Ensure on any other certificates that should be in the database.
200func TestCertEnsure(t *testing.T) {
201 tx, err := testDB.Begin()
202 if err != nil {
203 t.Fatal(err)
204 }
205
206 defer func() {
207 switch err {
208 case nil:
209 if err = tx.Commit(); err != nil {
210 t.Fatal(err)
211 }
212 default:
213 tx.Rollback()
214 t.Fatal("database was rolled back")
215 }
216 }()
217
218 cert := NewCertificate(testCert1)
219 inserted, err := Ensure(cert, tx)
220 if err != nil {
221 t.Fatal(err)
222 } else if !inserted {
223 t.Fatal("certdb: certificate should have been inserted")
224 }
225
226 cert = NewCertificate(testCert1)
227 inserted, err = Ensure(cert, tx)
228 if err != nil {
229 t.Fatal(err)
230 } else if inserted {
231 t.Fatal("certdb: certificate should not have been inserted")
232 }
233
234 cert = NewCertificate(testCert2)
235 inserted, err = Ensure(cert, tx)
236 if err != nil {
237 t.Fatal(err)
238 } else if !inserted {
239 t.Fatal("certdb: certificate should have been inserted")
240 }
241
242 cert = NewCertificate(testCert3)
243 inserted, err = Ensure(cert, tx)
244 if err != nil {
245 t.Fatal(err)
246 } else if !inserted {
247 t.Fatal("certdb: certificate should have been inserted")
248 }
249}
250
251// TestAIAEnsure verifies that Ensuring an AIA works.
252func TestAIAEnsure(t *testing.T) {
253 tx, err := testDB.Begin()
254 if err != nil {
255 t.Fatal(err)
256 }
257
258 defer func() {
259 switch err {
260 case nil:
261 if err = tx.Commit(); err != nil {
262 t.Fatal(err)
263 }
264 default:
265 tx.Rollback()
266 t.Fatal("database was rolled back")
267 }
268 }()
269
270 cert := NewCertificate(testCert1)
271 aia := NewAIA(cert)
272 if aia != nil {
273 t.Fatal("certdb: certificate with no AIA shouldn't return a valid AIA")
274 }
275
276 cert = NewCertificate(testCert3)
277 aia = NewAIA(cert)
278 if aia == nil {
279 t.Fatal("certdb: certificate should have returned a valid AIA")
280 }
281
282 inserted, err := Ensure(aia, tx)
283 if err != nil {
284 t.Fatal(err)
285 } else if !inserted {
286 t.Fatal("certdb: AIA should have been inserted")
287 }
288
289 cert = NewCertificate(testCert3)
290 aia = NewAIA(cert)
291 if aia == nil {
292 t.Fatal("certdb: certificate should have returned a valid AIA")
293 }
294
295 inserted, err = Ensure(aia, tx)
296 if err != nil {
297 t.Fatal(err)
298 } else if inserted {
299 t.Fatal("certdb: AIA shouldn't have been inserted")
300 }
301}
302
303// TestReleaseEnsure verifies that Ensuring a release works.
304func TestReleaseEnsure(t *testing.T) {
305 tx, err := testDB.Begin()
306 if err != nil {
307 t.Fatal(err)
308 }
309
310 defer func() {
311 switch err {
312 case nil:
313 if err = tx.Commit(); err != nil {
314 t.Fatal(err)
315 }
316 default:
317 tx.Rollback()
318 t.Fatal("database was rolled back")
319 }
320 }()
321
322 caRelease, err := NewRelease("ca", curRelease.String())
323 if err != nil {
324 t.Fatal(err)
325 }
326
327 inserted, err := Ensure(caRelease, tx)
328 if err != nil {
329 t.Fatal(err)
330 } else if !inserted {
331 t.Fatal("certdb: release should have been inserted")
332 }
333
334 inserted, err = Ensure(caRelease, tx)
335 if err != nil {
336 t.Fatal(err)
337 } else if inserted {
338 t.Fatal("certdb: release shouldn't have been inserted")
339 }
340
341 intRelease, err := NewRelease("int", curRelease.String())
342 if err != nil {
343 t.Fatal(err)
344 }
345
346 inserted, err = Ensure(intRelease, tx)
347 if err != nil {
348 t.Fatal(err)
349 } else if !inserted {
350 t.Fatal("certdb: release should have been inserted")
351 }
352
353 inserted, err = Ensure(intRelease, tx)
354 if err != nil {
355 t.Fatal(err)
356 } else if inserted {
357 t.Fatal("certdb: release shouldn't have been inserted")
358 }
359
360 _, err = NewRelease("something", curRelease.String())
361 if err == nil {
362 t.Fatal("certdb: 'something' shouldn't be a valid release name")
363 }
364 err = nil // This is needed to prevent the database from rolling back.
365}
366
367// TestCREnsure verifies certificate releases work as intended.
368func TestCREnsure(t *testing.T) {
369 tx, err := testDB.Begin()
370 if err != nil {
371 t.Fatal(err)
372 }
373
374 defer func() {
375 switch err {
376 case nil:
377 if err = tx.Commit(); err != nil {
378 t.Fatal(err)
379 }
380 default:
381 tx.Rollback()
382 t.Fatal("database was rolled back")
383 }
384 }()
385
386 caRelease, err := NewRelease("ca", curRelease.String())
387 if err != nil {
388 t.Fatal(err)
389 }
390
391 intRelease, err := NewRelease("int", curRelease.String())
392 if err != nil {
393 t.Fatal(err)
394 }
395
396 cert := NewCertificate(testCert1)
397 cr := NewCertificateRelease(cert, caRelease)
398
399 inserted, err := Ensure(cr, tx)
400 if err != nil {
401 t.Fatal(err)
402 } else if !inserted {
403 t.Fatal("certdb: certificate release should have been inserted")
404 }
405
406 inserted, err = Ensure(cr, tx)
407 if err != nil {
408 t.Fatal(err)
409 } else if inserted {
410 t.Fatal("certdb: certificate release shouldn't have been inserted")
411 }
412
413 cert = NewCertificate(testCert3)
414 cr = NewCertificateRelease(cert, caRelease)
415
416 inserted, err = Ensure(cr, tx)
417 if err != nil {
418 t.Fatal(err)
419 } else if !inserted {
420 t.Fatal("certdb: certificate release should have been inserted")
421 }
422
423 inserted, err = Ensure(cr, tx)
424 if err != nil {
425 t.Fatal(err)
426 } else if inserted {
427 t.Fatal("certdb: certificate release shouldn't have been inserted")
428 }
429
430 cert = NewCertificate(testCert2)
431 cr = NewCertificateRelease(cert, intRelease)
432
433 inserted, err = Ensure(cr, tx)
434 if err != nil {
435 t.Fatal(err)
436 } else if !inserted {
437 t.Fatal("certdb: certificate release should have been inserted")
438 }
439
440 inserted, err = Ensure(cr, tx)
441 if err != nil {
442 t.Fatal(err)
443 } else if inserted {
444 t.Fatal("certdb: certificate release shouldn't have been inserted")
445 }
446}
447
448func TestBundle(t *testing.T) {
449 tx, err := testDB.Begin()
450 if err != nil {
451 t.Fatal(err)
452 }
453
454 defer func() {
455 switch err {
456 case nil:
457 if err = tx.Commit(); err != nil {
458 t.Fatal(err)
459 }
460 default:
461 tx.Rollback()
462 t.Fatal("database was rolled back")
463 }
464 }()
465
466 certs, err := CollectRelease("ca", curRelease.String(), tx)
467 if err != nil {
468 t.Fatalf("%s", err)
469 }
470
471 if len(certs) != 2 {
472 t.Fatalf("unexpected number of certificates in bundle: have %d, want 2", len(certs))
473 }
474}
475
476func TestCertReleases(t *testing.T) {
477 tx, err := testDB.Begin()
478 if err != nil {
479 t.Fatal(err)
480 }
481
482 defer func() {
483 switch err {
484 case nil:
485 if err = tx.Commit(); err != nil {
486 t.Fatal(err)
487 }
488 default:
489 tx.Rollback()
490 t.Fatal("database was rolled back")
491 }
492 }()
493
494 cert := NewCertificate(testCert1)
495 releases, err := cert.Releases(tx)
496 if err != nil {
497 t.Fatal(err)
498 }
499
500 if len(releases) != 1 {
501 t.Fatal("certificate should be in a release")
502 }
503
504 rel := releases[0]
505 if rel.Bundle != "ca" {
506 t.Fatalf("certificate is in the wrong release: it should be a ca curRelease.String(), but it is %s", rel.Bundle)
507 }
508
509 if rel.Version != curRelease.String() {
510 t.Fatalf("certificate's release is the wrong version; it should be %s but is %s", curRelease.String(), rel.Version)
511 }
512}
513
514func TestFindCertificateBySKI(t *testing.T) {
515 ski := "383781674f6e197820d18331d53f4428a0d4fad7"
516 certs, err := FindCertificateBySKI(testDB, ski)
517 if err != nil {
518 t.Fatal(err)
519 }
520
521 if len(certs) != 1 {
522 t.Fatal("only one certificate should have been found, have ", len(certs))
523 }
524
525 serialBytes := []byte{
526 19, 207, 46, 179, 203, 107, 229, 20,
527 69, 95, 132, 101, 162, 132, 237, 12,
528 50, 154, 163, 154,
529 }
530
531 expectedSerial := big.NewInt(0).SetBytes(serialBytes)
532
533 if expectedSerial.Cmp(certs[0].cert.SerialNumber) != 0 {
534 t.Fatalf("serial numbers don't match: have %s, but want %s",
535 certs[0].cert.SerialNumber, expectedSerial)
536 }
537}
538
539func TestAllCertificates(t *testing.T) {
540 tx, err := testDB.Begin()
541 if err != nil {
542 t.Fatal(err)
543 }
544 defer tx.Rollback()
545
546 certs, err := AllCertificates(tx)
547 if err != nil {
548 t.Fatal(err)
549 }
550
551 if len(certs) != 3 {
552 t.Fatal("expected 3 certificates from AllCertificates, but have", len(certs))
553 }
554}
555func TestAllReleases(t *testing.T) {
556 tx, err := testDB.Begin()
557 if err != nil {
558 t.Fatal(err)
559 }
560 defer tx.Rollback()
561
562 nextRelease, err := curRelease.Inc()
563 if err != nil {
564 t.Fatal(err)
565 }
566
567 anotherRelease, err := nextRelease.Inc()
568 if err != nil {
569 t.Fatal(err)
570 }
571
572 time.Sleep(time.Second) // Ensure the released_at timestamp is bumped.
573 rel, err := NewRelease("ca", nextRelease.String())
574 if err != nil {
575 t.Fatal(err)
576 }
577
578 ok, err := Ensure(rel, tx)
579 if err != nil {
580 t.Fatal(err)
581 } else if !ok {
582 t.Fatal("release wasn't entered into database")
583 }
584
585 time.Sleep(time.Second) // Ensure the released_at timestamp is bumped.
586 rel, err = NewRelease("ca", anotherRelease.String())
587 if err != nil {
588 t.Fatal(err)
589 }
590
591 ok, err = Ensure(rel, tx)
592 if err != nil {
593 t.Fatal(err)
594 } else if !ok {
595 t.Fatal("release wasn't entered into database")
596 }
597
598 err = tx.Commit()
599 if err != nil {
600 t.Fatal(err)
601 }
602
603 releases, err := AllReleases(testDB, "ca")
604 if err != nil {
605 t.Fatal(err)
606 }
607
608 if len(releases) != 3 {
609 t.Fatalf("expected 3 releases, but have %d", len(releases))
610 }
611
612 // Verify that the releases are properly ordered.
613 if releases[0].Version != anotherRelease.String() {
614 t.Fatalf("expected release[0] to be %s, but have %s", anotherRelease.String(), releases[0].Version)
615 }
616 if releases[1].Version != nextRelease.String() {
617 t.Fatalf("expected release[1] to be %s, but have %s", nextRelease.String(), releases[1].Version)
618 }
619 if releases[2].Version != curRelease.String() {
620 t.Fatalf("expected release[2] to be %s, but have %s", curRelease.String(), releases[2].Version)
621 }
622
623 tx, err = testDB.Begin()
624 if err != nil {
625 t.Fatal(err)
626 }
627
628 rel = &Release{Bundle: "ca", Version: curRelease.String()}
629 err = rel.Select(tx)
630 if err != nil {
631 t.Fatal(err)
632 }
633
634 err = tx.Commit()
635 if err != nil {
636 t.Fatal(err)
637 }
638
639 n, err := rel.Count(testDB)
640 if err != nil {
641 t.Fatal(err)
642 }
643
644 if n != 2 {
645 t.Fatalf("expected 2 certificates in the %s release, but have %d", rel.Version, n)
646 }
647
648 rel, err = LatestRelease(testDB, "ca")
649 if err != nil {
650 t.Fatal(err)
651 }
652
653 if rel.Version != anotherRelease.String() {
654 t.Fatalf("expected the latest release to be %s, but it's %s", anotherRelease.String(), rel.Version)
655 }
656}
657
658func TestCertificateRevoked(t *testing.T) {
659 tx, err := testDB.Begin()
660 if err != nil {
661 t.Fatal(err)
662 }
663 defer tx.Rollback()
664
665 cert := NewCertificate(testCert1)
666 revoked, err := cert.Revoked(tx, time.Now().Unix())
667 if err != nil {
668 t.Fatal(err)
669 }
670
671 if revoked {
672 t.Fatal("certificate should not be revoked, but has been revoked")
673 }
674
675 err = tx.Commit()
676 if err != nil {
677 t.Fatal(err)
678 }
679
680 tx, err = testDB.Begin()
681 if err != nil {
682 t.Fatal(err)
683 }
684
685 err = cert.Revoke(tx, "test", "test", time.Now().Unix())
686 if err != nil {
687 t.Fatal(err)
688 }
689
690 err = tx.Commit()
691 if err != nil {
692 t.Fatal(err)
693 }
694
695 tx, err = testDB.Begin()
696 if err != nil {
697 t.Fatal(err)
698 }
699
700 revoked, err = cert.Revoked(tx, time.Now().Unix())
701 if err != nil {
702 t.Fatal(err)
703 }
704
705 if !revoked {
706 t.Fatal("certificate not be revoked, but has not been revoked")
707 }
708
709 _, err = tx.Exec(`DELETE FROM revocations WHERE ski=?`, cert.SKI)
710 if err != nil {
711 t.Fatal(err)
712 }
713
714 err = tx.Commit()
715 if err != nil {
716 t.Fatal(err)
717 }
718}
719
720func TestPreviousRelease(t *testing.T) {
721 tx, err := testDB.Begin()
722 if err != nil {
723 t.Fatal(err)
724 }
725 defer tx.Rollback()
726
727 nextRelease, err := curRelease.Inc()
728 if err != nil {
729 t.Fatal(err)
730 }
731
732 next := &Release{
733 Bundle: "ca",
734 Version: nextRelease.String(),
735 }
736
737 cur := &Release{
738 Bundle: "ca",
739 Version: curRelease.String(),
740 }
741
742 err = next.Select(tx)
743 if err != nil {
744 t.Fatal(err)
745 }
746
747 err = cur.Select(tx)
748 if err != nil {
749 t.Fatal(err)
750 }
751
752 err = tx.Commit()
753 if err != nil {
754 t.Fatal(err)
755 }
756
757 prev, err := next.Previous(testDB)
758 if err != nil {
759 t.Fatal(err)
760 }
761
762 if prev.Version != curRelease.String() {
763 t.Fatalf("the call to Previous() should return %s, but returned %s",
764 curRelease.String(), prev.Version)
765 }
766
767 _, err = cur.Previous(testDB)
768 if err != sql.ErrNoRows {
769 t.Fatal("there shouldn't be a release prior to the current release, but there is")
770 }
771}
772