github.com/zmap/zlint@v1.1.0/lints/lint_ext_tor_service_descriptor_hash_invalid_test.go

github.com/zmap/zlint@v1.1.0/lints/lint_ext_tor_service_descriptor_hash_invalid_test.go (about)

     1  package lints
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  )
     7  
     8  func TestTorDescHashInvalid(t *testing.T) {
     9  	testCases := []struct {
    10  		Name            string
    11  		InputFilename   string
    12  		ExpectedResult  LintStatus
    13  		ExpectedDetails string
    14  	}{
    15  		{
    16  			Name:           "Onion subject, no service descriptor extension, before util.CABV201Date",
    17  			InputFilename:  "dnsNameOnionTLD.pem",
    18  			ExpectedResult: NE,
    19  		},
    20  		{
    21  			Name:            "Onion subject, no service descriptor extension, after util.CABV201Date",
    22  			InputFilename:   "onionSANEV.pem",
    23  			ExpectedResult:  Error,
    24  			ExpectedDetails: "certificate contained a .onion domain but is missing a TorServiceDescriptor extension (oid 2.23.140.1.31)",
    25  		},
    26  		{
    27  			Name:            "Onion subject, bad service descriptor, unknown hash algorithm",
    28  			InputFilename:   "onionSANBadServDescUnknownHashAlg.pem",
    29  			ExpectedResult:  Error,
    30  			ExpectedDetails: `TorServiceDescriptor extension (oid 2.23.140.1.31) contained a TorServiceDescriptorHash for Onion URI "https://zmap.onion" with an unknown hash algorithm`,
    31  		},
    32  		{
    33  			Name:            "Onion subject, bad service descriptor, missing hostname",
    34  			InputFilename:   "onionSANBadServDescInvalidUTF8OnionURI.pem",
    35  			ExpectedResult:  Error,
    36  			ExpectedDetails: `TorServiceDescriptor extension (oid 2.23.140.1.31) contained TorServiceDescriptorHash object with Onion URI missing a hostname`,
    37  		},
    38  		{
    39  			Name:            "Onion subject, bad service descriptor, hash alg and hash bit len mismatch",
    40  			InputFilename:   "onionSANBadServDescHashMismatch.pem",
    41  			ExpectedResult:  Error,
    42  			ExpectedDetails: `TorServiceDescriptor extension (oid 2.23.140.1.31) contained a TorServiceDescriptorHash with hash algorithm "SHA256" but only 128 bits of hash not 256`,
    43  		},
    44  		{
    45  			Name:            "Multiple Onion subjects, one missing service descriptor hash entry",
    46  			InputFilename:   "onionSANMissingServDescHash.pem",
    47  			ExpectedResult:  Error,
    48  			ExpectedDetails: `.onion subject domain name "missing.onion" does not have a corresponding TorServiceDescriptorHash for its eTLD+1`,
    49  		},
    50  		{
    51  			Name:            "More service descriptor hash entries than Onion subjects",
    52  			InputFilename:   "onionSANTooManyServDesc.pem",
    53  			ExpectedResult:  Error,
    54  			ExpectedDetails: `TorServiceDescriptor extension (oid 2.23.140.1.31) contained a TorServiceDescriptorHash with a hostname ("other.onion") not present as a subject in the certificate`,
    55  		},
    56  		{
    57  			Name:           "Onion subject, valid service descriptor extension",
    58  			InputFilename:  "onionSANGoodServDesc.pem",
    59  			ExpectedResult: Pass,
    60  		},
    61  	}
    62  
    63  	for _, tc := range testCases {
    64  		t.Run(tc.Name, func(t *testing.T) {
    65  			inputPath := fmt.Sprintf("%s%s", testCaseDir, tc.InputFilename)
    66  			result := Lints["e_ext_tor_service_descriptor_hash_invalid"].Execute(ReadCertificate(inputPath))
    67  			if result.Status != tc.ExpectedResult {
    68  				t.Errorf("expected result %v was %v", tc.ExpectedResult, result.Status)
    69  			}
    70  			if result.Details != tc.ExpectedDetails {
    71  				t.Errorf("expected result details %q was %q", tc.ExpectedDetails, result.Details)
    72  			}
    73  		})
    74  	}
    75  }