github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/revocation/microsoft/microsoft_test.go

github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/revocation/microsoft/microsoft_test.go (about)

     1  package microsoft_test
     2  
     3  import (
     4  	"io/ioutil"
     5  	"os"
     6  	"testing"
     7  
     8  	"github.com/zmap/zcrypto/x509"
     9  	"github.com/zmap/zcrypto/x509/revocation/microsoft"
    10  )
    11  
    12  // obtained from http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcert.sst
    13  const disallowed_cert_location = `./test_disallowedcert.sst`
    14  
    15  const revoked_intermediate = `
    16  -----BEGIN CERTIFICATE-----
    17  MIIEiDCCA3CgAwIBAgIEATFpsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO
    18  TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh
    19  dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDcwNzA1MDg0MjA3WhcN
    20  MTUwNzI3MDgzOTQ2WjBfMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy
    21  IEIuVi4xNzA1BgNVBAMTLkRpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp
    22  ZCBlbiBCZWRyaWp2ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
    23  vdKnTmoKuzuiheF/AK2+tDBomAfNoHrElM9x+Yo35FPrV3bMi+Zs/u6HVcg+uwQ5
    24  AKeAeKxbT370vbhUuHE7BzFJOZNUfCA7eSuPu2GQfbGs5h+QLp1FAalkLU3DL7nn
    25  UNVOKlyrdnY3Rtd57EKZ96LspIlw3Dgrh6aqJOadkiQbvvb91C8ZF3rmMgeUVAVT
    26  Q+lsvK9Hy7zL/b07RBKB8WtLu+20z6slTxjSzAL8o0+1QjPLWc0J3NNQ/aB2jKx+
    27  ZopC9q0ckvO2+xRG603XLzDgbe5bNr5EdLcgBVeFTegAGaL2DOauocBC36esgl3H
    28  aLcY5olLmmv6znn58yynAgMBAAGjggFQMIIBTDBIBgNVHSAEQTA/MD0GBFUdIAAw
    29  NTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5kaWdpbm90YXIubmwvY3BzL3BraW92
    30  ZXJoZWlkMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGABgNVHSME
    31  eTB3gBQLhtYPd6NosftkCcOIblwEHFfpPaFZpFcwVTELMAkGA1UEBhMCTkwxHjAc
    32  BgNVBAoTFVN0YWF0IGRlciBOZWRlcmxhbmRlbjEmMCQGA1UEAxMdU3RhYXQgZGVy
    33  IE5lZGVybGFuZGVuIFJvb3QgQ0GCBACYmnkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0
    34  cDovL2NybC5wa2lvdmVyaGVpZC5ubC9Eb21PdkxhdGVzdENSTC5jcmwwHQYDVR0O
    35  BBYEFEwIyY128ZjHPt881y91DbF2eZfMMA0GCSqGSIb3DQEBBQUAA4IBAQAMlIca
    36  v03jheLu19hjeQ5Q38aEW9K72fUxCho1l3TfFPoqDz7toOMI9tVOW6+mriXiRWsi
    37  D7dUKH6S3o0UbNEc5W50BJy37zRERd/Jgx0ZH8Apad+J1T/CsFNt5U4X5HNhIxMm
    38  cUP9TFnLw98iqiEr2b+VERqKpOKrp11Lbyn1UtHk0hWxi/7wA8+nfemZhzizDXMU
    39  5HIs4c71rQZIZPrTKbmi2Lv01QulQERDjqC/zlqlUkxk0xcxYczopIro5Ij76eUv
    40  BjMzm5RmZrGrUDqhCYF0U1onuabSJc/Tw6f/ltAv6uAejVLpGBwgCkegllYOQJBR
    41  RKwa/fHuhR/3Qlpl
    42  -----END CERTIFICATE-----
    43  `
    44  
    45  func parseCertPEM(t *testing.T) (revoked *x509.Certificate) {
    46  	certPool := x509.NewCertPool()
    47  	ok := certPool.AppendCertsFromPEM([]byte(revoked_intermediate))
    48  	if !ok {
    49  		t.Fail()
    50  	}
    51  	revoked = certPool.Certificates()[0]
    52  	return
    53  }
    54  
    55  func loadRevokedList(t *testing.T) (disallowed *microsoft.DisallowedCerts) {
    56  	sstFile, err := os.Open(disallowed_cert_location)
    57  	if err != nil {
    58  		t.Error(err.Error())
    59  	}
    60  	sstBytes, err := ioutil.ReadAll(sstFile)
    61  	if err != nil {
    62  		t.Error(err.Error())
    63  	}
    64  	sstFile.Close()
    65  	disallowed, err = microsoft.Parse(sstBytes)
    66  	if err != nil {
    67  		t.Error(err.Error())
    68  	}
    69  	return
    70  }
    71  
    72  func TestParse(t *testing.T) {
    73  	loadRevokedList(t)
    74  }
    75  
    76  func TestCheck(t *testing.T) {
    77  	disallowed := loadRevokedList(t)
    78  	revoked := parseCertPEM(t)
    79  	entry := microsoft.Check(disallowed, revoked)
    80  	if entry == nil { // this should provide an entry, since cert is revoked and in the provided sst file
    81  		t.Fail()
    82  	}
    83  	if entry.SerialNumber.Cmp(revoked.SerialNumber) != 0 {
    84  		t.Fail()
    85  	}
    86  }