1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
package rfc
import (
"testing"
"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/test"
)
func TestECDSAInvalidKU(t *testing.T) {
testCases := []struct {
name string
filename string
expectedStatus lint.LintStatus
expectedDetails string
}{
{
name: "non-ecdsa ee cert",
filename: "rsaKeyWithParameters.pem",
expectedStatus: lint.NA,
},
{
name: "ecdsa ee cert, valid key usage",
filename: "ecdsaP256ValidKUs.pem",
expectedStatus: lint.Pass,
},
{
name: "ecdsa ee cert, invalid key usage",
filename: "ecdsaP384InvalidKUs.pem",
expectedStatus: lint.Notice,
expectedDetails: "Certificate had unexpected key usage(s): KeyUsageKeyEncipherment",
},
{
name: "ecdsa ee cert, multiple invalid key usages",
filename: "ecdsaP256.pem",
expectedStatus: lint.Notice,
expectedDetails: "Certificate had unexpected key usage(s): KeyUsageCRLSign, KeyUsageCertSign",
},
{
name: "ecdsa ee cert, without key usage",
filename: "CNWithoutSANSeptember2021.pem",
expectedStatus: lint.NA,
},
}
for _, tc := range testCases {
result := test.TestLint("n_ecdsa_ee_invalid_ku", tc.filename)
if result.Status != tc.expectedStatus {
t.Errorf("expected result %v. actual result was %v",
tc.expectedStatus, result.Status)
}
if result.Details != tc.expectedDetails {
t.Errorf("expected details %q. actual result was %q",
tc.expectedDetails, result.Details)
}
}
}
|
