MCPcopy
hub / github.com/grpc/grpc-go / TestStaticCRLProvider

Method TestStaticCRLProvider

security/advancedtls/crl_provider_test.go:39–89  ·  view source on GitHub ↗

TestStaticCRLProvider tests how StaticCRLProvider handles the major four cases for CRL checks. It loads the CRLs under crl directory, constructs unrevoked, revoked leaf, and revoked intermediate chains, as well as a chain without CRL for issuer, and checks that it’s correctly processed.

(t *testing.T)

Source from the content-addressed store, hash-verified

37// unrevoked, revoked leaf, and revoked intermediate chains, as well as a chain
38// without CRL for issuer, and checks that it’s correctly processed.
39func (s) TestStaticCRLProvider(t *testing.T) {
40 rawCRLs := make([][]byte, 6)
41 for i := 1; i <= 6; i++ {
42 rawCRL, err := os.ReadFile(testdata.Path(fmt.Sprintf("crl/%d.crl", i)))
43 if err != nil {
44 t.Fatalf("readFile(%v) failed err = %v", fmt.Sprintf("crl/%d.crl", i), err)
45 }
46 rawCRLs = append(rawCRLs, rawCRL)
47 }
48 p := NewStaticCRLProvider(rawCRLs)
49
50 // Each test data entry contains a description of a certificate chain,
51 // certificate chain itself, and if CRL is not expected to be found.
52 tests := []struct {
53 desc string
54 certs []*x509.Certificate
55 expectNoCRL bool
56 }{
57 {
58 desc: "Unrevoked chain",
59 certs: makeChain(t, testdata.Path("crl/unrevoked.pem")),
60 },
61 {
62 desc: "Revoked Intermediate chain",
63 certs: makeChain(t, testdata.Path("crl/revokedInt.pem")),
64 },
65 {
66 desc: "Revoked leaf chain",
67 certs: makeChain(t, testdata.Path("crl/revokedLeaf.pem")),
68 },
69 {
70 desc: "Chain with no CRL for issuer",
71 certs: makeChain(t, testdata.Path("client_cert_1.pem")),
72 expectNoCRL: true,
73 },
74 }
75
76 for _, tt := range tests {
77 t.Run(tt.desc, func(t *testing.T) {
78 for _, c := range tt.certs {
79 crl, err := p.CRL(c)
80 if err != nil {
81 t.Fatalf("Expected error fetch from provider: %v", err)
82 }
83 if crl == nil && !tt.expectNoCRL {
84 t.Fatalf("CRL is unexpectedly nil")
85 }
86 }
87 })
88 }
89}
90
91// TestFileWatcherCRLProviderConfig checks creation of FileWatcherCRLProvider,
92// and the validation of FileWatcherOptions configuration. The configurations include empty

Callers

nothing calls this directly

Calls 5

CRLMethod · 0.95
PathFunction · 0.92
NewStaticCRLProviderFunction · 0.85
makeChainFunction · 0.85
FatalfMethod · 0.65

Tested by

no test coverage detected