TestFileWatcherCRLProvider tests how FileWatcherCRLProvider handles the major four cases for CRL checks. It scans the CRLs under crl directory to populate the in-memory storage. Then we construct unrevoked, revoked leaf, and revoked intermediate chains, as well as a chain without CRL for issuer, and
(t *testing.T)
| 142 | // that it’s correctly processed. Additionally, we also check if number of |
| 143 | // invocations of custom callback is correct. |
| 144 | func (s) TestFileWatcherCRLProvider(t *testing.T) { |
| 145 | const nonCRLFilesUnderCRLDirectory = 18 |
| 146 | nonCRLFilesSet := make(map[string]struct{}) |
| 147 | customCallback := func(err error) { |
| 148 | if strings.Contains(err.Error(), "BUILD") { |
| 149 | return |
| 150 | } |
| 151 | nonCRLFilesSet[err.Error()] = struct{}{} |
| 152 | } |
| 153 | p, err := NewFileWatcherCRLProvider(FileWatcherOptions{ |
| 154 | CRLDirectory: testdata.Path("crl"), |
| 155 | RefreshDuration: 1 * time.Hour, |
| 156 | CRLReloadingFailedCallback: customCallback, |
| 157 | }) |
| 158 | if err != nil { |
| 159 | t.Fatal("Unexpected error while creating FileWatcherCRLProvider:", err) |
| 160 | } |
| 161 | |
| 162 | // Each test data entry contains a description of a certificate chain, |
| 163 | // certificate chain itself, and if CRL is not expected to be found. |
| 164 | tests := []struct { |
| 165 | desc string |
| 166 | certs []*x509.Certificate |
| 167 | expectNoCRL bool |
| 168 | }{ |
| 169 | { |
| 170 | desc: "Unrevoked chain", |
| 171 | certs: makeChain(t, testdata.Path("crl/unrevoked.pem")), |
| 172 | }, |
| 173 | { |
| 174 | desc: "Revoked Intermediate chain", |
| 175 | certs: makeChain(t, testdata.Path("crl/revokedInt.pem")), |
| 176 | }, |
| 177 | { |
| 178 | desc: "Revoked leaf chain", |
| 179 | certs: makeChain(t, testdata.Path("crl/revokedLeaf.pem")), |
| 180 | }, |
| 181 | { |
| 182 | desc: "Chain with no CRL for issuer", |
| 183 | certs: makeChain(t, testdata.Path("client_cert_1.pem")), |
| 184 | expectNoCRL: true, |
| 185 | }, |
| 186 | } |
| 187 | |
| 188 | for _, tt := range tests { |
| 189 | t.Run(tt.desc, func(t *testing.T) { |
| 190 | for _, c := range tt.certs { |
| 191 | crl, err := p.CRL(c) |
| 192 | if err != nil { |
| 193 | t.Fatalf("Expected error fetch from provider: %v", err) |
| 194 | } |
| 195 | if crl == nil && !tt.expectNoCRL { |
| 196 | t.Fatalf("CRL is unexpectedly nil") |
| 197 | } |
| 198 | } |
| 199 | }) |
| 200 | } |
| 201 | p.Close() |