certlib: linter autofixes
This commit is contained in:
@@ -14,27 +14,27 @@ import (
|
|||||||
func ReadCertificate(in []byte) (cert *x509.Certificate, rest []byte, err error) {
|
func ReadCertificate(in []byte) (cert *x509.Certificate, rest []byte, err error) {
|
||||||
if len(in) == 0 {
|
if len(in) == 0 {
|
||||||
err = certerr.ErrEmptyCertificate
|
err = certerr.ErrEmptyCertificate
|
||||||
return
|
return cert, rest, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if in[0] == '-' {
|
if in[0] == '-' {
|
||||||
p, remaining := pem.Decode(in)
|
p, remaining := pem.Decode(in)
|
||||||
if p == nil {
|
if p == nil {
|
||||||
err = errors.New("certlib: invalid PEM file")
|
err = errors.New("certlib: invalid PEM file")
|
||||||
return
|
return cert, rest, err
|
||||||
}
|
}
|
||||||
|
|
||||||
rest = remaining
|
rest = remaining
|
||||||
if p.Type != "CERTIFICATE" {
|
if p.Type != "CERTIFICATE" {
|
||||||
err = certerr.ErrInvalidPEMType(p.Type, "CERTIFICATE")
|
err = certerr.ErrInvalidPEMType(p.Type, "CERTIFICATE")
|
||||||
return
|
return cert, rest, err
|
||||||
}
|
}
|
||||||
|
|
||||||
in = p.Bytes
|
in = p.Bytes
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err = x509.ParseCertificate(in)
|
cert, err = x509.ParseCertificate(in)
|
||||||
return
|
return cert, rest, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// ReadCertificates tries to read all the certificates in a
|
// ReadCertificates tries to read all the certificates in a
|
||||||
|
|||||||
@@ -65,10 +65,10 @@ const OneYear = 8760 * time.Hour
|
|||||||
// OneDay is a time.Duration representing a day's worth of seconds.
|
// OneDay is a time.Duration representing a day's worth of seconds.
|
||||||
const OneDay = 24 * time.Hour
|
const OneDay = 24 * time.Hour
|
||||||
|
|
||||||
// DelegationUsage is the OID for the DelegationUseage extensions
|
// DelegationUsage is the OID for the DelegationUseage extensions.
|
||||||
var DelegationUsage = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44363, 44}
|
var DelegationUsage = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44363, 44}
|
||||||
|
|
||||||
// DelegationExtension
|
// DelegationExtension.
|
||||||
var DelegationExtension = pkix.Extension{
|
var DelegationExtension = pkix.Extension{
|
||||||
Id: DelegationUsage,
|
Id: DelegationUsage,
|
||||||
Critical: false,
|
Critical: false,
|
||||||
@@ -89,8 +89,8 @@ var Jul2012 = InclusiveDate(2012, time.July, 01)
|
|||||||
// issuing certificates valid for more than 39 months.
|
// issuing certificates valid for more than 39 months.
|
||||||
var Apr2015 = InclusiveDate(2015, time.April, 01)
|
var Apr2015 = InclusiveDate(2015, time.April, 01)
|
||||||
|
|
||||||
// KeyLength returns the bit size of ECDSA or RSA PublicKey
|
// KeyLength returns the bit size of ECDSA or RSA PublicKey.
|
||||||
func KeyLength(key interface{}) int {
|
func KeyLength(key any) int {
|
||||||
if key == nil {
|
if key == nil {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@@ -106,7 +106,7 @@ func KeyLength(key interface{}) int {
|
|||||||
// ExpiryTime returns the time when the certificate chain is expired.
|
// ExpiryTime returns the time when the certificate chain is expired.
|
||||||
func ExpiryTime(chain []*x509.Certificate) (notAfter time.Time) {
|
func ExpiryTime(chain []*x509.Certificate) (notAfter time.Time) {
|
||||||
if len(chain) == 0 {
|
if len(chain) == 0 {
|
||||||
return
|
return notAfter
|
||||||
}
|
}
|
||||||
|
|
||||||
notAfter = chain[0].NotAfter
|
notAfter = chain[0].NotAfter
|
||||||
@@ -115,7 +115,7 @@ func ExpiryTime(chain []*x509.Certificate) (notAfter time.Time) {
|
|||||||
notAfter = cert.NotAfter
|
notAfter = cert.NotAfter
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return
|
return notAfter
|
||||||
}
|
}
|
||||||
|
|
||||||
// MonthsValid returns the number of months for which a certificate is valid.
|
// MonthsValid returns the number of months for which a certificate is valid.
|
||||||
@@ -221,7 +221,7 @@ func HashAlgoString(alg x509.SignatureAlgorithm) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// StringTLSVersion returns underlying enum values from human names for TLS
|
// StringTLSVersion returns underlying enum values from human names for TLS
|
||||||
// versions, defaults to current golang default of TLS 1.0
|
// versions, defaults to current golang default of TLS 1.0.
|
||||||
func StringTLSVersion(version string) uint16 {
|
func StringTLSVersion(version string) uint16 {
|
||||||
switch version {
|
switch version {
|
||||||
case "1.2":
|
case "1.2":
|
||||||
@@ -233,20 +233,22 @@ func StringTLSVersion(version string) uint16 {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncodeCertificatesPEM encodes a number of x509 certificates to PEM
|
// EncodeCertificatesPEM encodes a number of x509 certificates to PEM.
|
||||||
func EncodeCertificatesPEM(certs []*x509.Certificate) []byte {
|
func EncodeCertificatesPEM(certs []*x509.Certificate) []byte {
|
||||||
var buffer bytes.Buffer
|
var buffer bytes.Buffer
|
||||||
for _, cert := range certs {
|
for _, cert := range certs {
|
||||||
pem.Encode(&buffer, &pem.Block{
|
if err := pem.Encode(&buffer, &pem.Block{
|
||||||
Type: "CERTIFICATE",
|
Type: "CERTIFICATE",
|
||||||
Bytes: cert.Raw,
|
Bytes: cert.Raw,
|
||||||
})
|
}); err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return buffer.Bytes()
|
return buffer.Bytes()
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncodeCertificatePEM encodes a single x509 certificates to PEM
|
// EncodeCertificatePEM encodes a single x509 certificates to PEM.
|
||||||
func EncodeCertificatePEM(cert *x509.Certificate) []byte {
|
func EncodeCertificatePEM(cert *x509.Certificate) []byte {
|
||||||
return EncodeCertificatesPEM([]*x509.Certificate{cert})
|
return EncodeCertificatesPEM([]*x509.Certificate{cert})
|
||||||
}
|
}
|
||||||
@@ -269,7 +271,10 @@ func ParseCertificatesPEM(certsPEM []byte) ([]*x509.Certificate, error) {
|
|||||||
certs = append(certs, cert...)
|
certs = append(certs, cert...)
|
||||||
}
|
}
|
||||||
if len(certsPEM) > 0 {
|
if len(certsPEM) > 0 {
|
||||||
return nil, certerr.DecodeError(certerr.ErrorSourceCertificate, errors.New("trailing data at end of certificate"))
|
return nil, certerr.DecodeError(
|
||||||
|
certerr.ErrorSourceCertificate,
|
||||||
|
errors.New("trailing data at end of certificate"),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
return certs, nil
|
return certs, nil
|
||||||
}
|
}
|
||||||
@@ -280,7 +285,8 @@ func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certi
|
|||||||
certsDER = bytes.TrimSpace(certsDER)
|
certsDER = bytes.TrimSpace(certsDER)
|
||||||
pkcs7data, err := pkcs7.ParsePKCS7(certsDER)
|
pkcs7data, err := pkcs7.ParsePKCS7(certsDER)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
var pkcs12data interface{}
|
var pkcs12data any
|
||||||
|
var ok bool
|
||||||
certs = make([]*x509.Certificate, 1)
|
certs = make([]*x509.Certificate, 1)
|
||||||
pkcs12data, certs[0], err = pkcs12.Decode(certsDER, password)
|
pkcs12data, certs[0], err = pkcs12.Decode(certsDER, password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -289,7 +295,10 @@ func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certi
|
|||||||
return nil, nil, certerr.DecodeError(certerr.ErrorSourceCertificate, err)
|
return nil, nil, certerr.DecodeError(certerr.ErrorSourceCertificate, err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
key = pkcs12data.(crypto.Signer)
|
key, ok = pkcs12data.(crypto.Signer)
|
||||||
|
if !ok {
|
||||||
|
return nil, nil, certerr.DecodeError(certerr.ErrorSourcePrivateKey, errors.New("PKCS12 data does not contain a private key"))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if pkcs7data.ContentInfo != "SignedData" {
|
if pkcs7data.ContentInfo != "SignedData" {
|
||||||
@@ -338,7 +347,6 @@ func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error) {
|
|||||||
// multiple certificates, from the top of certsPEM, which itself may
|
// multiple certificates, from the top of certsPEM, which itself may
|
||||||
// contain multiple PEM encoded certificate objects.
|
// contain multiple PEM encoded certificate objects.
|
||||||
func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error) {
|
func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error) {
|
||||||
|
|
||||||
block, rest := pem.Decode(certsPEM)
|
block, rest := pem.Decode(certsPEM)
|
||||||
if block == nil {
|
if block == nil {
|
||||||
return nil, rest, nil
|
return nil, rest, nil
|
||||||
@@ -441,7 +449,10 @@ func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error)
|
|||||||
p, rest := pem.Decode(in)
|
p, rest := pem.Decode(in)
|
||||||
if p != nil {
|
if p != nil {
|
||||||
if p.Type != "NEW CERTIFICATE REQUEST" && p.Type != "CERTIFICATE REQUEST" {
|
if p.Type != "NEW CERTIFICATE REQUEST" && p.Type != "CERTIFICATE REQUEST" {
|
||||||
return nil, rest, certerr.ParsingError(certerr.ErrorSourceCSR, certerr.ErrInvalidPEMType(p.Type, "NEW CERTIFICATE REQUEST", "CERTIFICATE REQUEST"))
|
return nil, rest, certerr.ParsingError(
|
||||||
|
certerr.ErrorSourceCSR,
|
||||||
|
certerr.ErrInvalidPEMType(p.Type, "NEW CERTIFICATE REQUEST", "CERTIFICATE REQUEST"),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
csr, err = x509.ParseCertificateRequest(p.Bytes)
|
csr, err = x509.ParseCertificateRequest(p.Bytes)
|
||||||
@@ -509,7 +520,7 @@ func SignerAlgo(priv crypto.Signer) x509.SignatureAlgorithm {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadClientCertificate load key/certificate from pem files
|
// LoadClientCertificate load key/certificate from pem files.
|
||||||
func LoadClientCertificate(certFile string, keyFile string) (*tls.Certificate, error) {
|
func LoadClientCertificate(certFile string, keyFile string) (*tls.Certificate, error) {
|
||||||
if certFile != "" && keyFile != "" {
|
if certFile != "" && keyFile != "" {
|
||||||
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||||
@@ -521,7 +532,7 @@ func LoadClientCertificate(certFile string, keyFile string) (*tls.Certificate, e
|
|||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateTLSConfig creates a tls.Config object from certs and roots
|
// CreateTLSConfig creates a tls.Config object from certs and roots.
|
||||||
func CreateTLSConfig(remoteCAs *x509.CertPool, cert *tls.Certificate) *tls.Config {
|
func CreateTLSConfig(remoteCAs *x509.CertPool, cert *tls.Certificate) *tls.Config {
|
||||||
var certs []tls.Certificate
|
var certs []tls.Certificate
|
||||||
if cert != nil {
|
if cert != nil {
|
||||||
@@ -554,7 +565,10 @@ func DeserializeSCTList(serializedSCTList []byte) ([]ct.SignedCertificateTimesta
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if len(rest) != 0 {
|
if len(rest) != 0 {
|
||||||
return nil, certerr.ParsingError(certerr.ErrorSourceSCTList, errors.New("serialized SCT list contained trailing garbage"))
|
return nil, certerr.ParsingError(
|
||||||
|
certerr.ErrorSourceSCTList,
|
||||||
|
errors.New("serialized SCT list contained trailing garbage"),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
list := make([]ct.SignedCertificateTimestamp, len(sctList.SCTList))
|
list := make([]ct.SignedCertificateTimestamp, len(sctList.SCTList))
|
||||||
@@ -565,7 +579,10 @@ func DeserializeSCTList(serializedSCTList []byte) ([]ct.SignedCertificateTimesta
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if len(rest) != 0 {
|
if len(rest) != 0 {
|
||||||
return nil, certerr.ParsingError(certerr.ErrorSourceSCTList, errors.New("serialized SCT list contained trailing garbage"))
|
return nil, certerr.ParsingError(
|
||||||
|
certerr.ErrorSourceSCTList,
|
||||||
|
errors.New("serialized SCT list contained trailing garbage"),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
list[i] = sct
|
list[i] = sct
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -93,7 +93,7 @@ type signedData struct {
|
|||||||
Version int
|
Version int
|
||||||
DigestAlgorithms asn1.RawValue
|
DigestAlgorithms asn1.RawValue
|
||||||
ContentInfo asn1.RawValue
|
ContentInfo asn1.RawValue
|
||||||
Certificates asn1.RawValue `asn1:"optional" asn1:"tag:0"`
|
Certificates asn1.RawValue `asn1:"optional"`
|
||||||
Crls asn1.RawValue `asn1:"optional"`
|
Crls asn1.RawValue `asn1:"optional"`
|
||||||
SignerInfos asn1.RawValue
|
SignerInfos asn1.RawValue
|
||||||
}
|
}
|
||||||
@@ -207,7 +207,10 @@ func populateEncryptedData(msg *PKCS7, contentBytes []byte) error {
|
|||||||
return certerr.ParsingError(certerr.ErrorSourceCertificate, err)
|
return certerr.ParsingError(certerr.ErrorSourceCertificate, err)
|
||||||
}
|
}
|
||||||
if ed.Version != 0 {
|
if ed.Version != 0 {
|
||||||
return certerr.ParsingError(certerr.ErrorSourceCertificate, errors.New("only PKCS #7 encryptedData version 0 is supported"))
|
return certerr.ParsingError(
|
||||||
|
certerr.ErrorSourceCertificate,
|
||||||
|
errors.New("only PKCS #7 encryptedData version 0 is supported"),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
msg.Content.EncryptedData = ed
|
msg.Content.EncryptedData = ed
|
||||||
return nil
|
return nil
|
||||||
@@ -216,7 +219,6 @@ func populateEncryptedData(msg *PKCS7, contentBytes []byte) error {
|
|||||||
// ParsePKCS7 attempts to parse the DER encoded bytes of a
|
// ParsePKCS7 attempts to parse the DER encoded bytes of a
|
||||||
// PKCS7 structure.
|
// PKCS7 structure.
|
||||||
func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {
|
func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {
|
||||||
|
|
||||||
pkcs7, err := unmarshalInit(raw)
|
pkcs7, err := unmarshalInit(raw)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@@ -240,9 +242,11 @@ func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, errors.New("only PKCS# 7 content of type data, signed data or encrypted data can be parsed"))
|
return nil, certerr.ParsingError(
|
||||||
|
certerr.ErrorSourceCertificate,
|
||||||
|
errors.New("only PKCS# 7 content of type data, signed data or encrypted data can be parsed"),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
return msg, nil
|
return msg, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -89,7 +89,7 @@ func ldapURL(url string) bool {
|
|||||||
// - false, false: an error was encountered while checking revocations.
|
// - false, false: an error was encountered while checking revocations.
|
||||||
// - false, true: the certificate was checked successfully, and it is not revoked.
|
// - false, true: the certificate was checked successfully, and it is not revoked.
|
||||||
// - true, true: the certificate was checked successfully, and it is revoked.
|
// - true, true: the certificate was checked successfully, and it is revoked.
|
||||||
// - true, false: failure to check revocation status causes verification to fail
|
// - true, false: failure to check revocation status causes verification to fail.
|
||||||
func revCheck(cert *x509.Certificate) (revoked, ok bool, err error) {
|
func revCheck(cert *x509.Certificate) (revoked, ok bool, err error) {
|
||||||
for _, url := range cert.CRLDistributionPoints {
|
for _, url := range cert.CRLDistributionPoints {
|
||||||
if ldapURL(url) {
|
if ldapURL(url) {
|
||||||
@@ -154,7 +154,6 @@ func getIssuer(cert *x509.Certificate) *x509.Certificate {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return issuer
|
return issuer
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// check a cert against a specific CRL. Returns the same bool pair
|
// check a cert against a specific CRL. Returns the same bool pair
|
||||||
@@ -219,16 +218,16 @@ func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool) {
|
|||||||
// VerifyCertificateError ensures that the certificate passed in hasn't
|
// VerifyCertificateError ensures that the certificate passed in hasn't
|
||||||
// expired and checks the CRL for the server.
|
// expired and checks the CRL for the server.
|
||||||
func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error) {
|
func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error) {
|
||||||
if !time.Now().Before(cert.NotAfter) {
|
if !time.Now().Before(cert.NotAfter) {
|
||||||
msg := fmt.Sprintf("Certificate expired %s\n", cert.NotAfter)
|
msg := fmt.Sprintf("Certificate expired %s\n", cert.NotAfter)
|
||||||
log.Info(msg)
|
log.Info(msg)
|
||||||
return true, true, errors.New(msg)
|
return true, true, errors.New(msg)
|
||||||
} else if !time.Now().After(cert.NotBefore) {
|
} else if !time.Now().After(cert.NotBefore) {
|
||||||
msg := fmt.Sprintf("Certificate isn't valid until %s\n", cert.NotBefore)
|
msg := fmt.Sprintf("Certificate isn't valid until %s\n", cert.NotBefore)
|
||||||
log.Info(msg)
|
log.Info(msg)
|
||||||
return true, true, errors.New(msg)
|
return true, true, errors.New(msg)
|
||||||
}
|
}
|
||||||
return revCheck(cert)
|
return revCheck(cert)
|
||||||
}
|
}
|
||||||
|
|
||||||
func fetchRemote(url string) (*x509.Certificate, error) {
|
func fetchRemote(url string) (*x509.Certificate, error) {
|
||||||
@@ -343,21 +342,21 @@ func sendOCSPRequest(server string, req []byte, leaf, issuer *x509.Certificate)
|
|||||||
|
|
||||||
var crlRead = io.ReadAll
|
var crlRead = io.ReadAll
|
||||||
|
|
||||||
// SetCRLFetcher sets the function to use to read from the http response body
|
// SetCRLFetcher sets the function to use to read from the http response body.
|
||||||
func SetCRLFetcher(fn func(io.Reader) ([]byte, error)) {
|
func SetCRLFetcher(fn func(io.Reader) ([]byte, error)) {
|
||||||
crlRead = fn
|
crlRead = fn
|
||||||
}
|
}
|
||||||
|
|
||||||
var remoteRead = io.ReadAll
|
var remoteRead = io.ReadAll
|
||||||
|
|
||||||
// SetRemoteFetcher sets the function to use to read from the http response body
|
// SetRemoteFetcher sets the function to use to read from the http response body.
|
||||||
func SetRemoteFetcher(fn func(io.Reader) ([]byte, error)) {
|
func SetRemoteFetcher(fn func(io.Reader) ([]byte, error)) {
|
||||||
remoteRead = fn
|
remoteRead = fn
|
||||||
}
|
}
|
||||||
|
|
||||||
var ocspRead = io.ReadAll
|
var ocspRead = io.ReadAll
|
||||||
|
|
||||||
// SetOCSPFetcher sets the function to use to read from the http response body
|
// SetOCSPFetcher sets the function to use to read from the http response body.
|
||||||
func SetOCSPFetcher(fn func(io.Reader) ([]byte, error)) {
|
func SetOCSPFetcher(fn func(io.Reader) ([]byte, error)) {
|
||||||
ocspRead = fn
|
ocspRead = fn
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|||||||
// to indicate that this is the case.
|
// to indicate that this is the case.
|
||||||
|
|
||||||
// 2014/05/22 14:18:17 Certificate expired 2014-04-04 14:14:20 +0000 UTC
|
// 2014/05/22 14:18:17 Certificate expired 2014-04-04 14:14:20 +0000 UTC
|
||||||
// 2014/05/22 14:18:17 Revoked certificate: misc/intermediate_ca/ActalisServerAuthenticationCA.crt
|
// 2014/05/22 14:18:17 Revoked certificate: misc/intermediate_ca/ActalisServerAuthenticationCA.crt.
|
||||||
var expiredCert = mustParse(`-----BEGIN CERTIFICATE-----
|
var expiredCert = mustParse(`-----BEGIN CERTIFICATE-----
|
||||||
MIIEXTCCA8agAwIBAgIEBycURTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV
|
MIIEXTCCA8agAwIBAgIEBycURTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV
|
||||||
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
|
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
|
||||||
@@ -80,7 +80,7 @@ sESPRwHkcMUNdAp37FLweUw=
|
|||||||
|
|
||||||
// 2014/05/22 14:18:31 Serial number match: intermediate is revoked.
|
// 2014/05/22 14:18:31 Serial number match: intermediate is revoked.
|
||||||
// 2014/05/22 14:18:31 certificate is revoked via CRL
|
// 2014/05/22 14:18:31 certificate is revoked via CRL
|
||||||
// 2014/05/22 14:18:31 Revoked certificate: misc/intermediate_ca/MobileArmorEnterpriseCA.crt
|
// 2014/05/22 14:18:31 Revoked certificate: misc/intermediate_ca/MobileArmorEnterpriseCA.crt.
|
||||||
var revokedCert = mustParse(`-----BEGIN CERTIFICATE-----
|
var revokedCert = mustParse(`-----BEGIN CERTIFICATE-----
|
||||||
MIIEEzCCAvugAwIBAgILBAAAAAABGMGjftYwDQYJKoZIhvcNAQEFBQAwcTEoMCYG
|
MIIEEzCCAvugAwIBAgILBAAAAAABGMGjftYwDQYJKoZIhvcNAQEFBQAwcTEoMCYG
|
||||||
A1UEAxMfR2xvYmFsU2lnbiBSb290U2lnbiBQYXJ0bmVycyBDQTEdMBsGA1UECxMU
|
A1UEAxMfR2xvYmFsU2lnbiBSb290U2lnbiBQYXJ0bmVycyBDQTEdMBsGA1UECxMU
|
||||||
@@ -106,7 +106,7 @@ Kz5vh+5tmytUPKA8hUgmLWe94lMb7Uqq2wgZKsqun5DAWleKu81w7wEcOrjiiB+x
|
|||||||
jeBHq7OnpWm+ccTOPCE6H4ZN4wWVS7biEBUdop/8HgXBPQHWAdjL
|
jeBHq7OnpWm+ccTOPCE6H4ZN4wWVS7biEBUdop/8HgXBPQHWAdjL
|
||||||
-----END CERTIFICATE-----`)
|
-----END CERTIFICATE-----`)
|
||||||
|
|
||||||
// A Comodo intermediate CA certificate with issuer url, CRL url and OCSP url
|
// A Comodo intermediate CA certificate with issuer url, CRL url and OCSP url.
|
||||||
var goodComodoCA = (`-----BEGIN CERTIFICATE-----
|
var goodComodoCA = (`-----BEGIN CERTIFICATE-----
|
||||||
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
|
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
|
||||||
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
||||||
@@ -182,7 +182,6 @@ func TestGood(t *testing.T) {
|
|||||||
} else if revoked {
|
} else if revoked {
|
||||||
t.Fatalf("good certificate should not have been marked as revoked")
|
t.Fatalf("good certificate should not have been marked as revoked")
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLdap(t *testing.T) {
|
func TestLdap(t *testing.T) {
|
||||||
@@ -230,7 +229,6 @@ func TestBadCRLSet(t *testing.T) {
|
|||||||
t.Fatalf("key emptystring should be deleted from CRLSet")
|
t.Fatalf("key emptystring should be deleted from CRLSet")
|
||||||
}
|
}
|
||||||
delete(CRLSet, "")
|
delete(CRLSet, "")
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCachedCRLSet(t *testing.T) {
|
func TestCachedCRLSet(t *testing.T) {
|
||||||
@@ -241,13 +239,11 @@ func TestCachedCRLSet(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestRemoteFetchError(t *testing.T) {
|
func TestRemoteFetchError(t *testing.T) {
|
||||||
|
|
||||||
badurl := ":"
|
badurl := ":"
|
||||||
|
|
||||||
if _, err := fetchRemote(badurl); err == nil {
|
if _, err := fetchRemote(badurl); err == nil {
|
||||||
t.Fatalf("fetching bad url should result in non-nil error")
|
t.Fatalf("fetching bad url should result in non-nil error")
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNoOCSPServers(t *testing.T) {
|
func TestNoOCSPServers(t *testing.T) {
|
||||||
|
|||||||
Reference in New Issue
Block a user