github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/revocation/mozilla/mozilla_test.go (about) 1 package mozilla_test 2 3 import ( 4 "io/ioutil" 5 "net/http" 6 "net/http/httptest" 7 "os" 8 "testing" 9 10 "github.com/stretchr/testify/assert" 11 "github.com/stretchr/testify/require" 12 "github.com/zmap/zcrypto/x509" 13 "github.com/zmap/zcrypto/x509/revocation/mozilla" 14 ) 15 16 // obtained from https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records 17 const onecrl_location = `./testdata/test_onecrl.json` 18 19 const revoked_intermediate = ` 20 -----BEGIN CERTIFICATE----- 21 MIIEiDCCA3CgAwIBAgIEATFpsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO 22 TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh 23 dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDcwNzA1MDg0MjA3WhcN 24 MTUwNzI3MDgzOTQ2WjBfMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy 25 IEIuVi4xNzA1BgNVBAMTLkRpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp 26 ZCBlbiBCZWRyaWp2ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc 27 vdKnTmoKuzuiheF/AK2+tDBomAfNoHrElM9x+Yo35FPrV3bMi+Zs/u6HVcg+uwQ5 28 AKeAeKxbT370vbhUuHE7BzFJOZNUfCA7eSuPu2GQfbGs5h+QLp1FAalkLU3DL7nn 29 UNVOKlyrdnY3Rtd57EKZ96LspIlw3Dgrh6aqJOadkiQbvvb91C8ZF3rmMgeUVAVT 30 Q+lsvK9Hy7zL/b07RBKB8WtLu+20z6slTxjSzAL8o0+1QjPLWc0J3NNQ/aB2jKx+ 31 ZopC9q0ckvO2+xRG603XLzDgbe5bNr5EdLcgBVeFTegAGaL2DOauocBC36esgl3H 32 aLcY5olLmmv6znn58yynAgMBAAGjggFQMIIBTDBIBgNVHSAEQTA/MD0GBFUdIAAw 33 NTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5kaWdpbm90YXIubmwvY3BzL3BraW92 34 ZXJoZWlkMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGABgNVHSME 35 eTB3gBQLhtYPd6NosftkCcOIblwEHFfpPaFZpFcwVTELMAkGA1UEBhMCTkwxHjAc 36 BgNVBAoTFVN0YWF0IGRlciBOZWRlcmxhbmRlbjEmMCQGA1UEAxMdU3RhYXQgZGVy 37 IE5lZGVybGFuZGVuIFJvb3QgQ0GCBACYmnkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0 38 cDovL2NybC5wa2lvdmVyaGVpZC5ubC9Eb21PdkxhdGVzdENSTC5jcmwwHQYDVR0O 39 BBYEFEwIyY128ZjHPt881y91DbF2eZfMMA0GCSqGSIb3DQEBBQUAA4IBAQAMlIca 40 v03jheLu19hjeQ5Q38aEW9K72fUxCho1l3TfFPoqDz7toOMI9tVOW6+mriXiRWsi 41 D7dUKH6S3o0UbNEc5W50BJy37zRERd/Jgx0ZH8Apad+J1T/CsFNt5U4X5HNhIxMm 42 cUP9TFnLw98iqiEr2b+VERqKpOKrp11Lbyn1UtHk0hWxi/7wA8+nfemZhzizDXMU 43 5HIs4c71rQZIZPrTKbmi2Lv01QulQERDjqC/zlqlUkxk0xcxYczopIro5Ij76eUv 44 BjMzm5RmZrGrUDqhCYF0U1onuabSJc/Tw6f/ltAv6uAejVLpGBwgCkegllYOQJBR 45 RKwa/fHuhR/3Qlpl 46 -----END CERTIFICATE----- 47 ` 48 49 func parseCertPEM(t *testing.T) (revoked *x509.Certificate) { 50 certPool := x509.NewCertPool() 51 ok := certPool.AppendCertsFromPEM([]byte(revoked_intermediate)) 52 if !ok { 53 t.Fail() 54 } 55 revoked = certPool.Certificates()[0] 56 return 57 } 58 59 func loadRevokedList(t *testing.T) (onecrl *mozilla.OneCRL) { 60 oneCRLFile, err := os.Open(onecrl_location) 61 if err != nil { 62 t.Error(err.Error()) 63 } 64 defer oneCRLFile.Close() 65 oneCRLBytes, err := ioutil.ReadAll(oneCRLFile) 66 if err != nil { 67 t.Error(err.Error()) 68 } 69 70 onecrl, err = mozilla.Parse(oneCRLBytes) 71 if err != nil { 72 t.Error(err.Error()) 73 } 74 return 75 } 76 77 func TestParse(t *testing.T) { 78 loadRevokedList(t) 79 } 80 81 func TestCheck(t *testing.T) { 82 onecrl := loadRevokedList(t) 83 revoked := parseCertPEM(t) 84 entry := onecrl.Check(revoked) 85 if entry == nil { // this should provide an entry, since cert is revoked and in the provided sst file 86 t.Fail() 87 } 88 if entry.SerialNumber.Cmp(revoked.SerialNumber) != 0 { 89 t.Fail() 90 } 91 } 92 93 func TestFetchLocal(t *testing.T) { 94 //bytes, err := ioutil.ReadFile("testdata/records") 95 bytes, err := ioutil.ReadFile(onecrl_location) 96 require.NoError(t, err) 97 98 h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 99 w.WriteHeader(http.StatusOK) 100 w.Write(bytes) 101 }) 102 server := httptest.NewServer(h) 103 defer server.Close() 104 105 p := mozilla.NewProvider(server.URL) 106 107 set, err := p.FetchAndParse() 108 require.NoError(t, err) 109 assert.NotNil(t, set.IssuerLists) 110 //assert.Len(t, set.IssuerLists, 251) 111 } 112 113 func TestFetchRemote(t *testing.T) { 114 p := mozilla.NewProvider(mozilla.OneCRLDistPoint) 115 116 set, err := p.FetchAndParse() 117 require.NoError(t, err) 118 assert.NotNil(t, set.IssuerLists) 119 120 // test default 121 set2, err := mozilla.FetchAndParse() 122 require.NoError(t, err) 123 assert.NotNil(t, set2.IssuerLists) 124 }