MCPcopy
hub / github.com/grpc/grpc-go / TestVerifyCrl

Function TestVerifyCrl

security/advancedtls/crl_test.go:268–354  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

266}
267
268func TestVerifyCrl(t *testing.T) {
269 tamperedSignature := loadCRL(t, testdata.Path("crl/1.crl"))
270 // Change the signature so it won't verify
271 tamperedSignature.certList.Signature[0]++
272 tamperedContent := loadCRL(t, testdata.Path("crl/provider_crl_empty.pem"))
273 // Change the content so it won't find a match
274 tamperedContent.rawIssuer[0]++
275
276 verifyTests := []struct {
277 desc string
278 crl *CRL
279 certs []*x509.Certificate
280 cert *x509.Certificate
281 errWant string
282 }{
283 {
284 desc: "Pass intermediate",
285 crl: loadCRL(t, testdata.Path("crl/1.crl")),
286 certs: makeChain(t, testdata.Path("crl/unrevoked.pem")),
287 cert: makeChain(t, testdata.Path("crl/unrevoked.pem"))[1],
288 errWant: "",
289 },
290 {
291 desc: "Pass leaf",
292 crl: loadCRL(t, testdata.Path("crl/2.crl")),
293 certs: makeChain(t, testdata.Path("crl/unrevoked.pem")),
294 cert: makeChain(t, testdata.Path("crl/unrevoked.pem"))[2],
295 errWant: "",
296 },
297 {
298 desc: "Fail wrong cert chain",
299 crl: loadCRL(t, testdata.Path("crl/3.crl")),
300 certs: makeChain(t, testdata.Path("crl/unrevoked.pem")),
301 cert: makeChain(t, testdata.Path("crl/revokedInt.pem"))[1],
302 errWant: "No certificates matched",
303 },
304 {
305 desc: "Fail no certs",
306 crl: loadCRL(t, testdata.Path("crl/1.crl")),
307 certs: []*x509.Certificate{},
308 cert: makeChain(t, testdata.Path("crl/unrevoked.pem"))[1],
309 errWant: "No certificates matched",
310 },
311 {
312 desc: "Fail Tampered signature",
313 crl: tamperedSignature,
314 certs: makeChain(t, testdata.Path("crl/unrevoked.pem")),
315 cert: makeChain(t, testdata.Path("crl/unrevoked.pem"))[1],
316 errWant: "verification failure",
317 },
318 {
319 desc: "Fail Tampered content",
320 crl: tamperedContent,
321 certs: makeChain(t, testdata.Path("crl/provider_client_trust_cert.pem")),
322 cert: makeChain(t, testdata.Path("crl/provider_client_trust_cert.pem"))[0],
323 errWant: "No certificates",
324 },
325 {

Callers

nothing calls this directly

Calls 6

PathFunction · 0.92
loadCRLFunction · 0.85
makeChainFunction · 0.85
verifyCRLFunction · 0.85
ErrorfMethod · 0.65
ErrorMethod · 0.65

Tested by

no test coverage detected