File: truststore_test.go

package info (click to toggle)
golang-github-notaryproject-notation-go 1.2.1-4
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,652 kB
  • sloc: makefile: 21
file content (100 lines) | stat: -rw-r--r-- 4,530 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
// Copyright The Notary Project Authors.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package truststore

import (
	"context"
	"errors"
	"fmt"
	"path/filepath"
	"testing"

	corex509 "github.com/notaryproject/notation-core-go/x509"
	"github.com/notaryproject/notation-go/dir"
)

var trustStore = NewX509TrustStore(dir.NewSysFS(filepath.FromSlash("../testdata/")))

// TestLoadTrustStore tests a valid trust store
func TestLoadValidTrustStore(t *testing.T) {
	_, err := trustStore.GetCertificates(context.Background(), "ca", "valid-trust-store")
	if err != nil {
		t.Fatalf("could not get certificates from trust store. %q", err)
	}
}

// TestLoadValidTrustStoreWithSelfSignedSigningCertificate tests a valid trust store with self-signed signing certificate
func TestLoadValidTrustStoreWithSelfSignedSigningCertificate(t *testing.T) {
	certs, err := trustStore.GetCertificates(context.Background(), "ca", "valid-trust-store-self-signed")
	if err != nil {
		t.Fatalf("could not get certificates from trust store. %q", err)
	}
	if len(certs) != 1 {
		t.Fatalf("unexpected number of certificates in the trust store, expected: %d, got: %d", 1, len(certs))
	}
}

func TestLoadTrustStoreWithInvalidCerts(t *testing.T) {
	// testing ../testdata/truststore/x509/ca/trust-store-with-invalid-certs/invalid
	expectedErr := fmt.Errorf("failed to read the trusted certificate %s in trust store %s of type %s", "invalid", "trust-store-with-invalid-certs", "ca")
	_, err := trustStore.GetCertificates(context.Background(), "ca", "trust-store-with-invalid-certs")
	if err == nil || err.Error() != expectedErr.Error() {
		t.Fatalf("invalid certs should return error: %q", expectedErr)
	}
}

func TestLoadTrustStoreWithLeafCerts(t *testing.T) {
	// testing ../testdata/truststore/x509/ca/trust-store-with-leaf-certs/non-ca.crt
	expectedErrMsg := fmt.Sprintf("failed to validate the trusted certificate %s in trust store %s of type %s", "non-ca.crt", "trust-store-with-leaf-certs", "ca")
	_, err := trustStore.GetCertificates(context.Background(), "ca", "trust-store-with-leaf-certs")
	if err == nil || err.Error() != expectedErrMsg {
		t.Fatalf("leaf cert in a trust store should return error: %s, got: %v", expectedErrMsg, err)
	}
}

func TestLoadTrustStoreWithLeafCertsInSingleFile(t *testing.T) {
	// testing ../testdata/truststore/x509/ca/trust-store-with-leaf-certs-in-single-file/RootAndLeafCerts.crt
	expectedErrMsg := fmt.Sprintf("failed to validate the trusted certificate %s in trust store %s of type %s", "RootAndLeafCerts.crt", "trust-store-with-leaf-certs-in-single-file", "ca")
	_, err := trustStore.GetCertificates(context.Background(), "ca", "trust-store-with-leaf-certs-in-single-file")
	if err == nil || err.Error() != expectedErrMsg {
		t.Fatalf("leaf cert in a trust store should return error: %s, got: %v", expectedErrMsg, err)
	}
}

// TestValidCerts tests valid trust store cert
func TestValidateCerts(t *testing.T) {
	joinedPath := filepath.FromSlash("../testdata/truststore/x509/ca/valid-trust-store/GlobalSign.der")
	certs, err := corex509.ReadCertificateFile(joinedPath)
	if err != nil {
		t.Fatalf("failed to read the trusted certificate %q: %q", joinedPath, err)
	}
	err = ValidateCertificates(certs)
	if err != nil {
		t.Fatalf("expected to get nil err, got %v", err)
	}
}

// TestValidateCertsWithLeafCert tests invalid trust store leaf cert
func TestValidateCertsWithLeafCert(t *testing.T) {
	failurePath := filepath.FromSlash("../testdata/truststore/x509/ca/trust-store-with-leaf-certs/non-ca.crt")
	certs, err := corex509.ReadCertificateFile(failurePath)
	if err != nil {
		t.Fatalf("failed to read the trusted certificate %q: %q", failurePath, err)
	}
	expectedErr := errors.New("certificate with subject \"CN=wabbit-networks.io,O=Notary,L=Seattle,ST=WA,C=US\" is not a CA certificate or self-signed signing certificate")
	err = ValidateCertificates(certs)
	if err == nil || err.Error() != expectedErr.Error() {
		t.Fatalf("leaf cert in a trust store should return error %q, got: %v", expectedErr, err)
	}
}