github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/revocation/microsoft/microsoft_test.go (about) 1 package microsoft_test 2 3 import ( 4 "io/ioutil" 5 "os" 6 "testing" 7 8 "github.com/zmap/zcrypto/x509" 9 "github.com/zmap/zcrypto/x509/revocation/microsoft" 10 ) 11 12 // obtained from http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcert.sst 13 const disallowed_cert_location = `./test_disallowedcert.sst` 14 15 const revoked_intermediate = ` 16 -----BEGIN CERTIFICATE----- 17 MIIEiDCCA3CgAwIBAgIEATFpsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO 18 TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh 19 dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDcwNzA1MDg0MjA3WhcN 20 MTUwNzI3MDgzOTQ2WjBfMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy 21 IEIuVi4xNzA1BgNVBAMTLkRpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp 22 ZCBlbiBCZWRyaWp2ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc 23 vdKnTmoKuzuiheF/AK2+tDBomAfNoHrElM9x+Yo35FPrV3bMi+Zs/u6HVcg+uwQ5 24 AKeAeKxbT370vbhUuHE7BzFJOZNUfCA7eSuPu2GQfbGs5h+QLp1FAalkLU3DL7nn 25 UNVOKlyrdnY3Rtd57EKZ96LspIlw3Dgrh6aqJOadkiQbvvb91C8ZF3rmMgeUVAVT 26 Q+lsvK9Hy7zL/b07RBKB8WtLu+20z6slTxjSzAL8o0+1QjPLWc0J3NNQ/aB2jKx+ 27 ZopC9q0ckvO2+xRG603XLzDgbe5bNr5EdLcgBVeFTegAGaL2DOauocBC36esgl3H 28 aLcY5olLmmv6znn58yynAgMBAAGjggFQMIIBTDBIBgNVHSAEQTA/MD0GBFUdIAAw 29 NTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5kaWdpbm90YXIubmwvY3BzL3BraW92 30 ZXJoZWlkMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGABgNVHSME 31 eTB3gBQLhtYPd6NosftkCcOIblwEHFfpPaFZpFcwVTELMAkGA1UEBhMCTkwxHjAc 32 BgNVBAoTFVN0YWF0IGRlciBOZWRlcmxhbmRlbjEmMCQGA1UEAxMdU3RhYXQgZGVy 33 IE5lZGVybGFuZGVuIFJvb3QgQ0GCBACYmnkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0 34 cDovL2NybC5wa2lvdmVyaGVpZC5ubC9Eb21PdkxhdGVzdENSTC5jcmwwHQYDVR0O 35 BBYEFEwIyY128ZjHPt881y91DbF2eZfMMA0GCSqGSIb3DQEBBQUAA4IBAQAMlIca 36 v03jheLu19hjeQ5Q38aEW9K72fUxCho1l3TfFPoqDz7toOMI9tVOW6+mriXiRWsi 37 D7dUKH6S3o0UbNEc5W50BJy37zRERd/Jgx0ZH8Apad+J1T/CsFNt5U4X5HNhIxMm 38 cUP9TFnLw98iqiEr2b+VERqKpOKrp11Lbyn1UtHk0hWxi/7wA8+nfemZhzizDXMU 39 5HIs4c71rQZIZPrTKbmi2Lv01QulQERDjqC/zlqlUkxk0xcxYczopIro5Ij76eUv 40 BjMzm5RmZrGrUDqhCYF0U1onuabSJc/Tw6f/ltAv6uAejVLpGBwgCkegllYOQJBR 41 RKwa/fHuhR/3Qlpl 42 -----END CERTIFICATE----- 43 ` 44 45 func parseCertPEM(t *testing.T) (revoked *x509.Certificate) { 46 certPool := x509.NewCertPool() 47 ok := certPool.AppendCertsFromPEM([]byte(revoked_intermediate)) 48 if !ok { 49 t.Fail() 50 } 51 revoked = certPool.Certificates()[0] 52 return 53 } 54 55 func loadRevokedList(t *testing.T) (disallowed *microsoft.DisallowedCerts) { 56 sstFile, err := os.Open(disallowed_cert_location) 57 if err != nil { 58 t.Error(err.Error()) 59 } 60 sstBytes, err := ioutil.ReadAll(sstFile) 61 if err != nil { 62 t.Error(err.Error()) 63 } 64 sstFile.Close() 65 disallowed, err = microsoft.Parse(sstBytes) 66 if err != nil { 67 t.Error(err.Error()) 68 } 69 return 70 } 71 72 func TestParse(t *testing.T) { 73 loadRevokedList(t) 74 } 75 76 func TestCheck(t *testing.T) { 77 disallowed := loadRevokedList(t) 78 revoked := parseCertPEM(t) 79 entry := microsoft.Check(disallowed, revoked) 80 if entry == nil { // this should provide an entry, since cert is revoked and in the provided sst file 81 t.Fail() 82 } 83 if entry.SerialNumber.Cmp(revoked.SerialNumber) != 0 { 84 t.Fail() 85 } 86 }