diff options
Diffstat (limited to 'src/pkg/crypto/x509/verify_test.go')
| -rw-r--r-- | src/pkg/crypto/x509/verify_test.go | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/src/pkg/crypto/x509/verify_test.go b/src/pkg/crypto/x509/verify_test.go index ecff7ffd8..201685830 100644 --- a/src/pkg/crypto/x509/verify_test.go +++ b/src/pkg/crypto/x509/verify_test.go @@ -5,10 +5,12 @@ package x509 import ( + "crypto/x509/pkix" "encoding/pem" - "os" + "errors" "strings" "testing" + "time" ) type verifyTest struct { @@ -17,8 +19,9 @@ type verifyTest struct { roots []string currentTime int64 dnsName string + nilRoots bool - errorCallback func(*testing.T, int, os.Error) bool + errorCallback func(*testing.T, int, error) bool expectedChains [][]string } @@ -46,6 +49,14 @@ var verifyTests = []verifyTest{ { leaf: googleLeaf, intermediates: []string{thawteIntermediate}, + nilRoots: true, // verifies that we don't crash + currentTime: 1302726541, + dnsName: "www.google.com", + errorCallback: expectAuthorityUnknown, + }, + { + leaf: googleLeaf, + intermediates: []string{thawteIntermediate}, roots: []string{verisignRoot}, currentTime: 1, dnsName: "www.example.com", @@ -94,7 +105,7 @@ var verifyTests = []verifyTest{ }, } -func expectHostnameError(t *testing.T, i int, err os.Error) (ok bool) { +func expectHostnameError(t *testing.T, i int, err error) (ok bool) { if _, ok := err.(HostnameError); !ok { t.Errorf("#%d: error was not a HostnameError: %s", i, err) return false @@ -102,7 +113,7 @@ func expectHostnameError(t *testing.T, i int, err os.Error) (ok bool) { return true } -func expectExpired(t *testing.T, i int, err os.Error) (ok bool) { +func expectExpired(t *testing.T, i int, err error) (ok bool) { if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != Expired { t.Errorf("#%d: error was not Expired: %s", i, err) return false @@ -110,7 +121,7 @@ func expectExpired(t *testing.T, i int, err os.Error) (ok bool) { return true } -func expectAuthorityUnknown(t *testing.T, i int, err os.Error) (ok bool) { +func expectAuthorityUnknown(t *testing.T, i int, err error) (ok bool) { if _, ok := err.(UnknownAuthorityError); !ok { t.Errorf("#%d: error was not UnknownAuthorityError: %s", i, err) return false @@ -118,10 +129,10 @@ func expectAuthorityUnknown(t *testing.T, i int, err os.Error) (ok bool) { return true } -func certificateFromPEM(pemBytes string) (*Certificate, os.Error) { +func certificateFromPEM(pemBytes string) (*Certificate, error) { block, _ := pem.Decode([]byte(pemBytes)) if block == nil { - return nil, os.NewError("failed to decode PEM") + return nil, errors.New("failed to decode PEM") } return ParseCertificate(block.Bytes) } @@ -132,7 +143,10 @@ func TestVerify(t *testing.T) { Roots: NewCertPool(), Intermediates: NewCertPool(), DNSName: test.dnsName, - CurrentTime: test.currentTime, + CurrentTime: time.Unix(test.currentTime, 0), + } + if test.nilRoots { + opts.Roots = nil } for j, root := range test.roots { @@ -211,6 +225,10 @@ func chainToDebugString(chain []*Certificate) string { return chainStr } +func nameToKey(name *pkix.Name) string { + return strings.Join(name.Country, ",") + "/" + strings.Join(name.Organization, ",") + "/" + strings.Join(name.OrganizationalUnit, ",") + "/" + name.CommonName +} + const verisignRoot = `-----BEGIN CERTIFICATE----- MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz |