github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/revocation/mozilla/mozilla_test.go

github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/revocation/mozilla/mozilla_test.go (about)

     1  package mozilla_test
     2  
     3  import (
     4  	"io/ioutil"
     5  	"net/http"
     6  	"net/http/httptest"
     7  	"os"
     8  	"testing"
     9  
    10  	"github.com/stretchr/testify/assert"
    11  	"github.com/stretchr/testify/require"
    12  	"github.com/zmap/zcrypto/x509"
    13  	"github.com/zmap/zcrypto/x509/revocation/mozilla"
    14  )
    15  
    16  // obtained from https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records
    17  const onecrl_location = `./testdata/test_onecrl.json`
    18  
    19  const revoked_intermediate = `
    20  -----BEGIN CERTIFICATE-----
    21  MIIEiDCCA3CgAwIBAgIEATFpsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO
    22  TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh
    23  dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDcwNzA1MDg0MjA3WhcN
    24  MTUwNzI3MDgzOTQ2WjBfMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy
    25  IEIuVi4xNzA1BgNVBAMTLkRpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp
    26  ZCBlbiBCZWRyaWp2ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
    27  vdKnTmoKuzuiheF/AK2+tDBomAfNoHrElM9x+Yo35FPrV3bMi+Zs/u6HVcg+uwQ5
    28  AKeAeKxbT370vbhUuHE7BzFJOZNUfCA7eSuPu2GQfbGs5h+QLp1FAalkLU3DL7nn
    29  UNVOKlyrdnY3Rtd57EKZ96LspIlw3Dgrh6aqJOadkiQbvvb91C8ZF3rmMgeUVAVT
    30  Q+lsvK9Hy7zL/b07RBKB8WtLu+20z6slTxjSzAL8o0+1QjPLWc0J3NNQ/aB2jKx+
    31  ZopC9q0ckvO2+xRG603XLzDgbe5bNr5EdLcgBVeFTegAGaL2DOauocBC36esgl3H
    32  aLcY5olLmmv6znn58yynAgMBAAGjggFQMIIBTDBIBgNVHSAEQTA/MD0GBFUdIAAw
    33  NTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5kaWdpbm90YXIubmwvY3BzL3BraW92
    34  ZXJoZWlkMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGABgNVHSME
    35  eTB3gBQLhtYPd6NosftkCcOIblwEHFfpPaFZpFcwVTELMAkGA1UEBhMCTkwxHjAc
    36  BgNVBAoTFVN0YWF0IGRlciBOZWRlcmxhbmRlbjEmMCQGA1UEAxMdU3RhYXQgZGVy
    37  IE5lZGVybGFuZGVuIFJvb3QgQ0GCBACYmnkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0
    38  cDovL2NybC5wa2lvdmVyaGVpZC5ubC9Eb21PdkxhdGVzdENSTC5jcmwwHQYDVR0O
    39  BBYEFEwIyY128ZjHPt881y91DbF2eZfMMA0GCSqGSIb3DQEBBQUAA4IBAQAMlIca
    40  v03jheLu19hjeQ5Q38aEW9K72fUxCho1l3TfFPoqDz7toOMI9tVOW6+mriXiRWsi
    41  D7dUKH6S3o0UbNEc5W50BJy37zRERd/Jgx0ZH8Apad+J1T/CsFNt5U4X5HNhIxMm
    42  cUP9TFnLw98iqiEr2b+VERqKpOKrp11Lbyn1UtHk0hWxi/7wA8+nfemZhzizDXMU
    43  5HIs4c71rQZIZPrTKbmi2Lv01QulQERDjqC/zlqlUkxk0xcxYczopIro5Ij76eUv
    44  BjMzm5RmZrGrUDqhCYF0U1onuabSJc/Tw6f/ltAv6uAejVLpGBwgCkegllYOQJBR
    45  RKwa/fHuhR/3Qlpl
    46  -----END CERTIFICATE-----
    47  `
    48  
    49  func parseCertPEM(t *testing.T) (revoked *x509.Certificate) {
    50  	certPool := x509.NewCertPool()
    51  	ok := certPool.AppendCertsFromPEM([]byte(revoked_intermediate))
    52  	if !ok {
    53  		t.Fail()
    54  	}
    55  	revoked = certPool.Certificates()[0]
    56  	return
    57  }
    58  
    59  func loadRevokedList(t *testing.T) (onecrl *mozilla.OneCRL) {
    60  	oneCRLFile, err := os.Open(onecrl_location)
    61  	if err != nil {
    62  		t.Error(err.Error())
    63  	}
    64  	defer oneCRLFile.Close()
    65  	oneCRLBytes, err := ioutil.ReadAll(oneCRLFile)
    66  	if err != nil {
    67  		t.Error(err.Error())
    68  	}
    69  
    70  	onecrl, err = mozilla.Parse(oneCRLBytes)
    71  	if err != nil {
    72  		t.Error(err.Error())
    73  	}
    74  	return
    75  }
    76  
    77  func TestParse(t *testing.T) {
    78  	loadRevokedList(t)
    79  }
    80  
    81  func TestCheck(t *testing.T) {
    82  	onecrl := loadRevokedList(t)
    83  	revoked := parseCertPEM(t)
    84  	entry := onecrl.Check(revoked)
    85  	if entry == nil { // this should provide an entry, since cert is revoked and in the provided sst file
    86  		t.Fail()
    87  	}
    88  	if entry.SerialNumber.Cmp(revoked.SerialNumber) != 0 {
    89  		t.Fail()
    90  	}
    91  }
    92  
    93  func TestFetchLocal(t *testing.T) {
    94  	//bytes, err := ioutil.ReadFile("testdata/records")
    95  	bytes, err := ioutil.ReadFile(onecrl_location)
    96  	require.NoError(t, err)
    97  
    98  	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    99  		w.WriteHeader(http.StatusOK)
   100  		w.Write(bytes)
   101  	})
   102  	server := httptest.NewServer(h)
   103  	defer server.Close()
   104  
   105  	p := mozilla.NewProvider(server.URL)
   106  
   107  	set, err := p.FetchAndParse()
   108  	require.NoError(t, err)
   109  	assert.NotNil(t, set.IssuerLists)
   110  	//assert.Len(t, set.IssuerLists, 251)
   111  }
   112  
   113  func TestFetchRemote(t *testing.T) {
   114  	p := mozilla.NewProvider(mozilla.OneCRLDistPoint)
   115  
   116  	set, err := p.FetchAndParse()
   117  	require.NoError(t, err)
   118  	assert.NotNil(t, set.IssuerLists)
   119  
   120  	// test default
   121  	set2, err := mozilla.FetchAndParse()
   122  	require.NoError(t, err)
   123  	assert.NotNil(t, set2.IssuerLists)
   124  }