github.com/secure-build/gitlab-runner@v12.5.0+incompatible/helpers/tls/ca_chain/helpers_test.go (about) 1 package ca_chain 2 3 import ( 4 "crypto/x509" 5 "encoding/pem" 6 "errors" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 ) 12 13 func loadCertificate(t *testing.T, dump string) *x509.Certificate { 14 block, _ := pem.Decode([]byte(dump)) 15 cert, err := x509.ParseCertificate(block.Bytes) 16 require.NoError(t, err) 17 18 return cert 19 } 20 21 func TestErrorInvalidCertificate_Error(t *testing.T) { 22 testError := errors.New("test-error") 23 24 tests := map[string]struct { 25 err *ErrorInvalidCertificate 26 expectedOutput string 27 }{ 28 "no details provided": { 29 err: new(ErrorInvalidCertificate), 30 expectedOutput: "invalid certificate", 31 }, 32 "inner specified": { 33 err: &ErrorInvalidCertificate{ 34 inner: testError, 35 }, 36 expectedOutput: "invalid certificate: test-error", 37 }, 38 "marked with nonCertBlockType": { 39 err: &ErrorInvalidCertificate{ 40 inner: testError, 41 nonCertBlockType: true, 42 }, 43 expectedOutput: "invalid certificate: non-certificate PEM block", 44 }, 45 "marked with nilBlock": { 46 err: &ErrorInvalidCertificate{ 47 inner: testError, 48 nonCertBlockType: true, 49 nilBlock: true, 50 }, 51 expectedOutput: "invalid certificate: empty PEM block", 52 }, 53 } 54 55 for tn, tc := range tests { 56 t.Run(tn, func(t *testing.T) { 57 assert.EqualError(t, tc.err, tc.expectedOutput) 58 }) 59 } 60 } 61 62 func TestDecodeCertificate(t *testing.T) { 63 block, _ := pem.Decode([]byte(testCert)) 64 decodedPEMx509Data := block.Bytes 65 66 testX509Certificate, err := x509.ParseCertificate(decodedPEMx509Data) 67 require.NoError(t, err) 68 69 block, _ = pem.Decode([]byte(testCertPKCS7)) 70 decodedPEMPKCS7Data := block.Bytes 71 72 tests := map[string]struct { 73 data []byte 74 expectedError string 75 expectedCertificate *x509.Certificate 76 }{ 77 "invalid data": { 78 data: []byte("test"), 79 expectedError: "invalid certificate: ber2der: BER tag length is more than available data", 80 expectedCertificate: nil, 81 }, 82 "invalid PEM type": { 83 data: []byte(testCertPubKey), 84 expectedError: "invalid certificate: non-certificate PEM block", 85 expectedCertificate: nil, 86 }, 87 "raw PEM x509 data": { 88 data: []byte(testCert), 89 expectedError: "", 90 expectedCertificate: testX509Certificate, 91 }, 92 "decoded PEM x509 data": { 93 data: decodedPEMx509Data, 94 expectedError: "", 95 expectedCertificate: testX509Certificate, 96 }, 97 "decoded PEM pkcs7 data": { 98 data: decodedPEMPKCS7Data, 99 expectedError: "", 100 expectedCertificate: testX509Certificate, 101 }, 102 } 103 104 for tn, tc := range tests { 105 t.Run(tn, func(t *testing.T) { 106 cert, err := decodeCertificate(tc.data) 107 108 if tc.expectedError != "" { 109 assert.EqualError(t, err, tc.expectedError) 110 return 111 } 112 113 assert.NoError(t, err) 114 115 if tc.expectedCertificate != nil { 116 assert.Equal(t, tc.expectedCertificate.SerialNumber, cert.SerialNumber) 117 return 118 } 119 120 assert.Nil(t, tc.expectedCertificate) 121 }) 122 } 123 } 124 125 func TestIsPem(t *testing.T) { 126 assert.True(t, isPEM([]byte(testCert))) 127 128 block, _ := pem.Decode([]byte(testCert)) 129 assert.False(t, isPEM(block.Bytes)) 130 }