go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/parse_certificates_test.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package resources_test 5 6 import ( 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 ) 12 13 // Example use for certificate parser: 14 // parse.certificates('/etc/ssl/cert.pem').list { 15 // fingerprints 16 // serial 17 // subjectKeyID 18 // authorityKeyID 19 // isCA 20 // version 21 // keyUsage 22 // extendedKeyUsage 23 // crlDistributionPoints 24 // ocspServer 25 // issuingCertificateUrl 26 // issuer { serialNumber commonName } 27 // subject {serialNumber commonName} 28 // policyidentifier 29 // extensions { identifier } 30 // } 31 32 func TestResource_ParseCertificates(t *testing.T) { 33 t.Run("view authorized keys file", func(t *testing.T) { 34 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').content") 35 require.NotEmpty(t, res) 36 assert.Equal(t, 1207, len(res[0].Data.Value.(string))) 37 }) 38 39 t.Run("test certificate serial", func(t *testing.T) { 40 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].serial") 41 require.NotEmpty(t, res) 42 assert.Empty(t, res[0].Result().Error) 43 assert.Equal(t, "06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca", res[0].Data.Value) 44 }) 45 46 t.Run("test certificate issuer commonname", func(t *testing.T) { 47 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].issuer.commonName") 48 require.NotEmpty(t, res) 49 assert.Empty(t, res[0].Result().Error) 50 assert.Equal(t, "Amazon Root CA 1", res[0].Data.Value) 51 }) 52 53 t.Run("test certificate issuer dn", func(t *testing.T) { 54 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].issuer.dn") 55 require.NotEmpty(t, res) 56 assert.Empty(t, res[0].Result().Error) 57 assert.Equal(t, "CN=Amazon Root CA 1,O=Amazon,C=US", res[0].Data.Value) 58 }) 59 60 t.Run("test certificate subjectkeyid", func(t *testing.T) { 61 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].subjectKeyID") 62 require.NotEmpty(t, res) 63 assert.Empty(t, res[0].Result().Error) 64 assert.Equal(t, "84:18:cc:85:34:ec:bc:0c:94:94:2e:08:59:9c:c7:b2:10:4e:0a:08", res[0].Data.Value) 65 }) 66 67 t.Run("test certificate authoritykeyid", func(t *testing.T) { 68 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].authorityKeyID") 69 require.NotEmpty(t, res) 70 assert.Empty(t, res[0].Result().Error) 71 assert.Equal(t, "", res[0].Data.Value) 72 }) 73 74 t.Run("test certificate version", func(t *testing.T) { 75 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].version") 76 require.NotEmpty(t, res) 77 assert.Empty(t, res[0].Result().Error) 78 assert.Equal(t, int64(3), res[0].Data.Value) 79 }) 80 81 t.Run("test certificate isca", func(t *testing.T) { 82 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].isCA") 83 require.NotEmpty(t, res) 84 assert.Empty(t, res[0].Result().Error) 85 assert.Equal(t, true, res[0].Data.Value) 86 }) 87 88 t.Run("test certificate keyusage", func(t *testing.T) { 89 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].keyUsage") 90 require.NotEmpty(t, res) 91 assert.Empty(t, res[0].Result().Error) 92 list := res[0].Data.Value.([]interface{}) 93 assert.Contains(t, list, "CRLSign") 94 assert.Contains(t, list, "DigitalSignature") 95 assert.Contains(t, list, "CertificateSign") 96 }) 97 98 t.Run("test certificate extendedkeyusage", func(t *testing.T) { 99 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].extendedKeyUsage") 100 require.NotEmpty(t, res) 101 assert.Empty(t, res[0].Result().Error) 102 assert.Equal(t, []interface{}{}, res[0].Data.Value) 103 }) 104 105 t.Run("test certificate crldistributionpoints", func(t *testing.T) { 106 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].crlDistributionPoints") 107 require.NotEmpty(t, res) 108 assert.Empty(t, res[0].Result().Error) 109 assert.Equal(t, []interface{}{}, res[0].Data.Value) 110 }) 111 112 t.Run("test certificate ocspserver", func(t *testing.T) { 113 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].ocspServer") 114 require.NotEmpty(t, res) 115 assert.Empty(t, res[0].Result().Error) 116 assert.Equal(t, []interface{}{}, res[0].Data.Value) 117 }) 118 119 t.Run("test certificate issuingcertificateurl", func(t *testing.T) { 120 res := x.TestQuery(t, "parse.certificates('/etc/ssl/cert.pem').list[0].issuingCertificateUrl") 121 require.NotEmpty(t, res) 122 assert.Empty(t, res[0].Result().Error) 123 assert.Equal(t, []interface{}{}, res[0].Data.Value) 124 }) 125 126 t.Run("test certificate loading from content", func(t *testing.T) { 127 cert := `-----BEGIN CERTIFICATE----- 128 MIIFWDCCBECgAwIBAgIQaMJ5PP8vl9sQAAAAAAEvHjANBgkqhkiG9w0BAQsFADBG 129 MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM 130 QzETMBEGA1UEAxMKR1RTIENBIDFENDAeFw0yMjAyMDYwOTI3MzJaFw0yMjA1MDcw 131 OTI3MzFaMBUxEzARBgNVBAMTCm1vbmRvby5jb20wggEiMA0GCSqGSIb3DQEBAQUA 132 A4IBDwAwggEKAoIBAQC4oVPC4ORJlZt/FEfrJ4g8gCBPKW0m9rH/e4J78jZTrsye 133 7w7tXFY7ZeHGQizEsJtfpsipwsldTOoCygDKWI/7xnx9AKe79wRfZecijV11s5MN 134 TfSlNSgaKZ5DAha8oVszAmPDxD6dDWqMPGL0XHw86aaBimnrh48930qBFwoKyf5I 135 cWCz77McF0PYNk57VDMB7BVIlthEvVmrSp9zloHOa78LoiexPOTHQSjAZTvnUiMn 136 EMRL3J9ZFYyshw56oE9hR3getBvlpwOKpS+5MSorOI5/ZSApn6ZF8c0F5IJVlTNR 137 T3ffKYz02Y4Rz348cgZkpo8t8Gp5/5OYoxjBRm81AgMBAAGjggJxMIICbTAOBgNV 138 HQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAd 139 BgNVHQ4EFgQU5TBHEo55zzpw6/s3QckdsaprbtYwHwYDVR0jBBgwFoAUJeIYDrJX 140 kZQq5dRdhpCD3lOzuJIweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRw 141 Oi8vb2NzcC5wa2kuZ29vZy9zL2d0czFkNC9za0xzTXRrWUpUczAxBggrBgEFBQcw 142 AoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMWQ0LmRlcjAVBgNVHREE 143 DjAMggptb25kb28uY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQIBMAwGCisGAQQB1nkC 144 BQMwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybHMucGtpLmdvb2cvZ3RzMWQ0 145 L0VVQzBtUTR5TVBjLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AFGjsPX9 146 AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXlAAABfs6aMmoAAAQDAEcwRQIhAMy2 147 aufiYVITPFDElL1aWVMTo0rBEmQ520rXbTcfzI4JAiAawIFvNix2Vp3Ybuk7doHp 148 q/sICyNRt+Zrz/wNNfziegB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw 149 /m1HAAABfs6aMoMAAAQDAEcwRQIhAJXJReJyMJskegnWDmfq0ovGZ90A7c9lYebj 150 7jfJyGGlAiABVuFTV0/jxdAV5XNOyUxN3Y3qhdeSfVM/82qPTub26zANBgkqhkiG 151 9w0BAQsFAAOCAQEAagCxD1/ctRgSA96MLhIKAey6CHmkECgGb4B+liuO1PwG+Ft9 152 x4KigQjZ193+z7aSb6CSxIEzUyDfGTMqmER1MOmN5wJhzw7pnZ0VXDLePcTJPqtA 153 q5uRwWdrXRKsoXPbizcs25btZNgcswHLOzNYxCT5Qf9pprxTcMoIlROFF6WT0wxq 154 pmYrmQ+eJ9Ny8Fi6ovMWlUch4qg3bcj6QQ0FZ3zPX/6kI9FXGvJ+4rL/WE3Ouc+b 155 XjazfGmfrd3uVevgxgkfeMsKtKgHCpr7f0qpqgko9F5De68JZg+lV/ganyOxKi5M 156 ym+AS505m2l07i2SYbM82nyP74qYD3b3QmrZSQ== 157 -----END CERTIFICATE-----` 158 159 res := x.TestQuery(t, "parse.certificates(content: '"+cert+"').list[0].issuer.commonName") 160 require.NotEmpty(t, res) 161 assert.Empty(t, res[0].Result().Error) 162 assert.Equal(t, "GTS CA 1D4", res[0].Data.Value) 163 }) 164 }