MCPcopy
hub / github.com/grpc/grpc-go / TestRevokedCert

Function TestRevokedCert

security/advancedtls/crl_test.go:356–454  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

354}
355
356func TestRevokedCert(t *testing.T) {
357 revokedIntChain := makeChain(t, testdata.Path("crl/revokedInt.pem"))
358 revokedLeafChain := makeChain(t, testdata.Path("crl/revokedLeaf.pem"))
359 validChain := makeChain(t, testdata.Path("crl/unrevoked.pem"))
360 rawCRLs := make([][]byte, 6)
361 for i := 1; i <= 6; i++ {
362 rawCRL, err := os.ReadFile(testdata.Path(fmt.Sprintf("crl/%d.crl", i)))
363 if err != nil {
364 t.Fatalf("readFile(%v) failed err = %v", fmt.Sprintf("crl/%d.crl", i), err)
365 }
366 rawCRLs = append(rawCRLs, rawCRL)
367 }
368 staticCRLProvider := NewStaticCRLProvider(rawCRLs)
369 directoryCRLProvider, err := NewFileWatcherCRLProvider(FileWatcherOptions{CRLDirectory: testdata.Path("crl")})
370 if err != nil {
371 t.Fatalf("NewFileWatcherCRLProvider: err = %v", err)
372 }
373 defer directoryCRLProvider.Close()
374
375 var revocationTests = []struct {
376 desc string
377 in tls.ConnectionState
378 revoked bool
379 denyUndetermined bool
380 }{
381 {
382 desc: "Single unrevoked",
383 in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{validChain}},
384 revoked: false,
385 },
386 {
387 desc: "Single revoked intermediate",
388 in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{revokedIntChain}},
389 revoked: true,
390 },
391 {
392 desc: "Single revoked leaf",
393 in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{revokedLeafChain}},
394 revoked: true,
395 },
396 {
397 desc: "Multi one revoked",
398 in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{validChain, revokedLeafChain}},
399 revoked: false,
400 },
401 {
402 desc: "Multi revoked",
403 in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{revokedLeafChain, revokedIntChain}},
404 revoked: true,
405 },
406 {
407 desc: "Multi unrevoked",
408 in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{validChain, validChain}},
409 revoked: false,
410 },
411 {
412 desc: "Undetermined revoked",
413 in: tls.ConnectionState{VerifiedChains: [][]*x509.Certificate{

Callers

nothing calls this directly

Calls 9

CloseMethod · 0.95
PathFunction · 0.92
makeChainFunction · 0.85
NewStaticCRLProviderFunction · 0.85
checkRevocationFunction · 0.85
FatalfMethod · 0.65
LogfMethod · 0.65
ErrorMethod · 0.65

Tested by

no test coverage detected