1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
//go:build !integration
// +build !integration
package ca_chain
import (
"crypto/x509"
"encoding/pem"
"errors"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func loadCertificate(t *testing.T, dump string) *x509.Certificate {
block, _ := pem.Decode([]byte(dump))
cert, err := x509.ParseCertificate(block.Bytes)
require.NoError(t, err)
return cert
}
func TestErrorInvalidCertificate_Error(t *testing.T) {
testError := errors.New("test-error")
tests := map[string]struct {
err *ErrorInvalidCertificate
expectedOutput string
}{
"no details provided": {
err: new(ErrorInvalidCertificate),
expectedOutput: "invalid certificate",
},
"inner specified": {
err: &ErrorInvalidCertificate{
inner: testError,
},
expectedOutput: "invalid certificate: test-error",
},
"marked with nonCertBlockType": {
err: &ErrorInvalidCertificate{
inner: testError,
nonCertBlockType: true,
},
expectedOutput: "invalid certificate: non-certificate PEM block",
},
"marked with nilBlock": {
err: &ErrorInvalidCertificate{
inner: testError,
nonCertBlockType: true,
nilBlock: true,
},
expectedOutput: "invalid certificate: empty PEM block",
},
}
for tn, tc := range tests {
t.Run(tn, func(t *testing.T) {
assert.EqualError(t, tc.err, tc.expectedOutput)
})
}
}
func TestDecodeCertificate(t *testing.T) {
block, _ := pem.Decode([]byte(testCert))
decodedPEMx509Data := block.Bytes
testX509Certificate, err := x509.ParseCertificate(decodedPEMx509Data)
require.NoError(t, err)
block, _ = pem.Decode([]byte(testCertPKCS7))
decodedPEMPKCS7Data := block.Bytes
emptyBlock, _ := pem.Decode([]byte(testEmptyCertPKCS7))
emptyPEMPKCS7Data := emptyBlock.Bytes
tests := map[string]struct {
data []byte
expectedError string
expectedCertificate *x509.Certificate
}{
"invalid data": {
data: []byte("test"),
expectedError: "invalid certificate: ber2der: BER tag length is more than available data",
expectedCertificate: nil,
},
"invalid PEM type": {
data: []byte(testCertPubKey),
expectedError: "invalid certificate: non-certificate PEM block",
expectedCertificate: nil,
},
"raw PEM x509 data": {
data: []byte(testCert),
expectedError: "",
expectedCertificate: testX509Certificate,
},
"decoded PEM x509 data": {
data: decodedPEMx509Data,
expectedError: "",
expectedCertificate: testX509Certificate,
},
"decoded PEM pkcs7 data": {
data: decodedPEMPKCS7Data,
expectedError: "",
expectedCertificate: testX509Certificate,
},
"empty PEM pkcs7 data": {
data: emptyPEMPKCS7Data,
expectedError: "",
expectedCertificate: nil,
},
}
for tn, tc := range tests {
t.Run(tn, func(t *testing.T) {
cert, err := decodeCertificate(tc.data)
if tc.expectedError != "" {
assert.EqualError(t, err, tc.expectedError)
return
}
assert.NoError(t, err)
if tc.expectedCertificate != nil {
assert.Equal(t, tc.expectedCertificate.SerialNumber, cert.SerialNumber)
return
}
assert.Nil(t, tc.expectedCertificate)
})
}
}
func TestIsPem(t *testing.T) {
assert.True(t, isPEM([]byte(testCert)))
block, _ := pem.Decode([]byte(testCert))
assert.False(t, isPEM(block.Bytes))
}
|
