(t *testing.T)
| 354 | } |
| 355 | |
| 356 | func TestRevokedCert(t *testing.T) { |
| 357 | revokedIntChain := makeChain(t, testdata.Path("crl/revokedInt.pem")) |
| 358 | revokedLeafChain := makeChain(t, testdata.Path("crl/revokedLeaf.pem")) |
| 359 | validChain := makeChain(t, testdata.Path("crl/unrevoked.pem")) |
| 360 | rawCRLs := make([][]byte, 6) |
| 361 | for i := 1; i <= 6; i++ { |
| 362 | rawCRL, err := os.ReadFile(testdata.Path(fmt.Sprintf("crl/%d.crl", i))) |
| 363 | if err != nil { |
| 364 | t.Fatalf("readFile(%v) failed err = %v", fmt.Sprintf("crl/%d.crl", i), err) |
| 365 | } |
| 366 | rawCRLs = append(rawCRLs, rawCRL) |
| 367 | } |
| 368 | staticCRLProvider := NewStaticCRLProvider(rawCRLs) |
| 369 | directoryCRLProvider, err := NewFileWatcherCRLProvider(FileWatcherOptions{CRLDirectory: testdata.Path("crl")}) |
| 370 | if err != nil { |
| 371 | t.Fatalf("NewFileWatcherCRLProvider: err = %v", err) |
| 372 | } |
| 373 | defer directoryCRLProvider.Close() |
| 374 | |
| 375 | var revocationTests = []struct { |
| 376 | desc string |
| 377 | in tls.ConnectionState |
| 378 | revoked bool |
| 379 | denyUndetermined bool |
| 380 | }{ |
| 381 | { |
| 382 | desc: "Single unrevoked", |
| 383 | in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{validChain}}, |
| 384 | revoked: false, |
| 385 | }, |
| 386 | { |
| 387 | desc: "Single revoked intermediate", |
| 388 | in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{revokedIntChain}}, |
| 389 | revoked: true, |
| 390 | }, |
| 391 | { |
| 392 | desc: "Single revoked leaf", |
| 393 | in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{revokedLeafChain}}, |
| 394 | revoked: true, |
| 395 | }, |
| 396 | { |
| 397 | desc: "Multi one revoked", |
| 398 | in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{validChain, revokedLeafChain}}, |
| 399 | revoked: false, |
| 400 | }, |
| 401 | { |
| 402 | desc: "Multi revoked", |
| 403 | in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{revokedLeafChain, revokedIntChain}}, |
| 404 | revoked: true, |
| 405 | }, |
| 406 | { |
| 407 | desc: "Multi unrevoked", |
| 408 | in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{validChain, validChain}}, |
| 409 | revoked: false, |
| 410 | }, |
| 411 | { |
| 412 | desc: "Undetermined revoked", |
| 413 | in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{ |
nothing calls this directly
no test coverage detected