Почетна Преглед Помоћ
Регистрација Пријавите се
Apq
/
sftpgo
огледало од https://github.com/drakkan/sftpgo.git
1
0
Креирај огранак 0
Датотеке Дискусије 0 Вики
Дрво: v2.6.0
Гране Ознаке
sftpgo
/
internal
/
common
/
tlsutils_test.go

tlsutils_test.go 23 KB
Пермалинк Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526 
  1. // Copyright (C) 2019 Nicola Murino
    2. 

  2. //
    3. 

  3. // This program is free software: you can redistribute it and/or modify
    4. 

  4. // it under the terms of the GNU Affero General Public License as published
    5. 

  5. // by the Free Software Foundation, version 3.
    6. 

  6. //
    7. 

  7. // This program is distributed in the hope that it will be useful,
    8. 

  8. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    9. 

  9. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    10. 

  10. // GNU Affero General Public License for more details.
    11. 

  11. //
    12. 

  12. // You should have received a copy of the GNU Affero General Public License
    13. 

  13. // along with this program. If not, see <https://www.gnu.org/licenses/>.
    14. 

  14. 

  15. package common
    16. 

  16. 

  17. import (
    18. 

  18. 	"crypto/tls"
    19. 

  19. 	"crypto/x509"
    20. 

  20. 	"os"
    21. 

  21. 	"path/filepath"
    22. 

  22. 	"testing"
    23. 

  23. 	"time"
    24. 

  24. 

  25. 	"github.com/stretchr/testify/assert"
    26. 

  26. 	"github.com/stretchr/testify/require"
    27. 

  27. )
    28. 

  28. 

  29. const (
    30. 

  30. 	serverCert = `-----BEGIN CERTIFICATE-----
    31. 

  31. MIIEIjCCAgqgAwIBAgIQfxHX0pnvRtkmtfLklgrcNzANBgkqhkiG9w0BAQsFADAT
    32. 

  32. MREwDwYDVQQDEwhDZXJ0QXV0aDAeFw0yMzAxMDMxMDIyMDdaFw0zMzAxMDMxMDMw
    33. 

  33. NDVaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
    34. 

  34. ADCCAQoCggEBAKbMWjMhyjMnDsq/19J9D44Y13uPSMN26NFOCfjVgV23zcqvI8W1
    35. 

  35. csosYj89gSmIRxpcL2FtX7NjIT4vaqXob/en1lYy8hstacOs2cy2LcVZHfxu/hv3
    36. 

  36. 6hEKLY28tOD41L1CYZesBt3yV8vGcYIOnnAdIiG52SChnduTafBVE9Pq5P7qJ1gZ
    37. 

  37. d4uBYxe8/Za0metKDvMN6FTK+THq56eD830iRwFOdSw3Z4NS/nQNeVW263E4CC4u
    38. 

  38. BVxgwIHu6giqEfIoV6oVTY64y8X2YlwqvbVN/OtWNIJBLu+mN2EhR2ygpZdAyc82
    39. 

  39. 1yrk/X2/Dd3OiKSrrvXL1fOuNGlLNGD+3vUCAwEAAaNxMG8wDgYDVR0PAQH/BAQD
    40. 

  40. AgO4MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUabrE
    41. 

  41. 6ATHRqEf/CDQiNWI+0e/nhIwHwYDVR0jBBgwFoAUKPyWZxHuWgH3MA/996i3V4gd
    42. 

  42. aYgwDQYJKoZIhvcNAQELBQADggIBAHFtnPXxCCeeGw4RiIai3bavGtyK5qooZUia
    43. 

  43. hN8abJp9VJKYthLwF75c0wn8W0ZMTY8z9xgmFK9afWHCBNyK+0KCpd/LdDUfwvIn
    44. 

  44. 3RwR4HRFjNG+n1UZBA4l1W6X6kCq9/x7YaKLrek9aBHfxwMnoMrOeMUybm6D+B5E
    45. 

  45. lSkAyJRq5VHVatM7UGmdux2MXK5IMpzlIBzz1pXddnzF3f9nfS54xt6ilWst9bMi
    46. 

  46. 6mBxisJmqc51L/Fyb2SoCJoO/6kv+3V5HnRNBcZuVE8G5/Uc+WRnyy9dh996W83b
    47. 

  47. jNvSJ9UpspqMtKx7DKU4fC/3xYDjRimZvZ3akfIdkf3j5GVWMtVbx+QVSZ8aKBSM
    48. 

  48. Zx35p8aF0zppTjp2JvBpiQlGIXKfPkmmH4bLpU7Z7qLXFFnp+fs3CjcIng19gGgi
    49. 

  49. XQldgHVsl8FtIebxgW6wc5jb2y/fXjgx9c0SKEeeA3Pp6fExH8PdQdyHHmkHKQzO
    50. 

  50. ozon1tZhQbcjkNz8kXFp3x3X/0i4TsR6vsUigSFHXT7DgusBK8eAiRVOLSpbfIyp
    51. 

  51. 7Ul/9DjhtYxcZjNI/xNJcECPGazNDdKh4TdLh35pnQHOsRXDWB873rr5xkJIUXbU
    52. 

  52. ubo+q0VpmF7OtfPO9PrPilWAUhVDRx7CCTW3YUsWrYJkr8d6F/n6y7QPKMtB9Y2P
    53. 

  53. jRJ4LDqX
    54. 

  54. -----END CERTIFICATE-----`
    55. 

  55. 	serverKey = `-----BEGIN RSA PRIVATE KEY-----
    56. 

  56. MIIEowIBAAKCAQEApsxaMyHKMycOyr/X0n0PjhjXe49Iw3bo0U4J+NWBXbfNyq8j
    57. 

  57. xbVyyixiPz2BKYhHGlwvYW1fs2MhPi9qpehv96fWVjLyGy1pw6zZzLYtxVkd/G7+
    58. 

  58. G/fqEQotjby04PjUvUJhl6wG3fJXy8Zxgg6ecB0iIbnZIKGd25Np8FUT0+rk/uon
    59. 

  59. WBl3i4FjF7z9lrSZ60oO8w3oVMr5Mernp4PzfSJHAU51LDdng1L+dA15VbbrcTgI
    60. 

  60. Li4FXGDAge7qCKoR8ihXqhVNjrjLxfZiXCq9tU3861Y0gkEu76Y3YSFHbKCll0DJ
    61. 

  61. zzbXKuT9fb8N3c6IpKuu9cvV8640aUs0YP7e9QIDAQABAoIBADbD9gG/4HH3KwYr
    62. 

  62. AyPbaBYR1f59xzhWfI7sfp2zDGzHAsy/wJETyILVG9UDzrriQeZHyk7E6J0vuSR/
    63. 

  63. 0RZ0QP8hnmBjDdcajBVxVXm/fzvCzPOrRcfNGI9LtjVJdmI/kSoq93wjQYXyIh2I
    64. 

  64. JJC9WAwbpK9KJB5wsjH8LtZ4OLBlcdeB8jcvO6FzGij6HwyxqyPctxetlvpcmc/w
    65. 

  65. zNJhps6t+TJ8PpNtEmTpOOmx85V6HMb3QJexwmUYygRaOoiQKBKZSNaOnGoC8w1d
    66. 

  66. WahyyXJk4B3OUllqG1TLUgabFGqq2PeJSP8RvYFH8DUj+fdxD78qDHAygrL8ELLZ
    67. 

  67. 2O3Wi0ECgYEAyREnS/kylyIcAsyKczsKEDMIDUF9rGvm2B+QG7cLKHTu24oiNg5B
    68. 

  68. Ik5nkaYmSSrC3O2/s4v47mYzMtWbLxlogiNK6ljLPpdU5/JaeHncZC+18seBoePQ
    69. 

  69. 9nOW3AvY2A6ihzy8sKRMfl3FUx/1rcXLdNwkMQo0FWR7nqVPUme9QkkCgYEA1F5n
    70. 

  70. lhfDptiHekagKMTf9SGw4B2UiG6SLjMWhcG2AEFeXpZlsk7Qubnuzk0krjYp+JAI
    71. 

  71. brlzMOkmBXBQywKLe3SG0s0McbRGWVFbEA1SA+WZV5rwJe5PO7W6ndCF2+slyZ5T
    72. 

  72. dPwOY1RybV6R07EvjtfnE8Wtdyko4X22sTkyd00CgYA5MYnuEHqVhvxUx33yfS7F
    73. 

  73. oN5/dsuayi6l94R0fcLMxUZUaJyGp9NbQNYxFgP5+BHp6i8HkZ9DoQqbQSudYCrc
    74. 

  74. KdHbi1p0+XMLb2LQtkk8rl2hK6LyO+1qzUJyYWRTQQZ2VY6O6I1hvKaumH636XWQ
    75. 

  75. TjZ1RKPAGg8X94nytNOfEQKBgQC/+TL0iDjyGyykyTFAiW/WXQVSIwtBJYr5Pm9u
    76. 

  76. rESFCJJxOM1nmT2vlrecQDoXTZk1O6aTyQqrPSeEpRoz2fISwKyb5IYKRyeM2DFU
    77. 

  77. WmY4ZZXvjnzmHP39APNYc8Z9nZzEHF5fEvdCrXTfDy0Ny08tdlhKFFkRreBprkW3
    78. 

  78. APhwxQKBgDBdionnjdB9jdGbYHrsPaweMGdQNXkrTTCFfBA47F+qZswfon12yu4A
    79. 

  79. +cBKCnQe2dQHl8AV3IeUKpmNghu4iICOASQEO9dS6OWZI5vBxZMePBm6+bjTOuf6
    80. 

  80. ozecw3yR55tKpPImt87rhrWlwp35uWuhOr9GHYBdFSwgrEkVMw++
    81. 

  81. -----END RSA PRIVATE KEY-----`
    82. 

  82. 	caCRT = `-----BEGIN CERTIFICATE-----
    83. 

  83. MIIE5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhDZXJ0
    84. 

  84. QXV0aDAeFw0yNDAxMTAxODEyMDRaFw0zNDAxMTAxODIxNTRaMBMxETAPBgNVBAMT
    85. 

  85. CENlcnRBdXRoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7WHW216m
    86. 

  86. fi4uF8cx6HWf8wvAxaEWgCHTOi2MwFIzOrOtuT7xb64rkpdzx1aWetSiCrEyc3D1
    87. 

  87. v03k0Akvlz1gtnDtO64+MA8bqlTnCydZJY4cCTvDOBUYZgtMqHZzpE6xRrqQ84zh
    88. 

  88. yzjKQ5bR0st+XGfIkuhjSuf2n/ZPS37fge9j6AKzn/2uEVt33qmO85WtN3RzbSqL
    89. 

  89. CdOJ6cQ216j3la1C5+NWvzIKC7t6NE1bBGI4+tRj7B5P5MeamkkogwbExUjdHp3U
    90. 

  90. 4yasvoGcCHUQDoa4Dej1faywz6JlwB6rTV4ys4aZDe67V/Q8iB2May1k7zBz1Ztb
    91. 

  91. KF5Em3xewP1LqPEowF1uc4KtPGcP4bxdaIpSpmObcn8AIfH6smLQrn0C3cs7CYfo
    92. 

  92. NlFuTbwzENUhjz0X6EsoM4w4c87lO+dRNR7YpHLqR/BJTbbyXUB0imne1u00fuzb
    93. 

  93. S7OtweiA9w7DRCkr2gU4lmHe7l0T+SA9pxIeVLb78x7ivdyXSF5LVQJ1JvhhWu6i
    94. 

  94. M6GQdLHat/0fpRFUbEe34RQSDJ2eOBifMJqvsvpBP8d2jcRZVUVrSXGc2mAGuGOY
    95. 

  95. /tmnCJGW8Fd+sgpCVAqM0pxCM+apqrvJYUqqQZ2ZxugCXULtRWJ9p4C9zUl40HEy
    96. 

  96. OQ+AaiiwFll/doXELglcJdNg8AZPGhugfxMCAwEAAaNFMEMwDgYDVR0PAQH/BAQD
    97. 

  97. AgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFNoJhIvDZQrEf/VQbWuu
    98. 

  98. XgNnt2m5MA0GCSqGSIb3DQEBCwUAA4ICAQCYhT5SRqk19hGrQ09hVSZOzynXAa5F
    99. 

  99. sYkEWJzFyLg9azhnTPE1bFM18FScnkd+dal6mt+bQiJvdh24NaVkDghVB7GkmXki
    100. 

  100. pAiZwEDHMqtbhiPxY8LtSeCBAz5JqXVU2Q0TpAgNSH4W7FbGWNThhxcJVOoIrXKE
    101. 

  101. jbzhwl1Etcaf0DBKWliUbdlxQQs65DLy+rNBYtOeK0pzhzn1vpehUlJ4eTFzP9KX
    102. 

  102. y2Mksuq9AspPbqnqpWW645MdTxMb5T57MCrY3GDKw63z5z3kz88LWJF3nOxZmgQy
    103. 

  103. WFUhbLmZm7x6N5eiu6Wk8/B4yJ/n5UArD4cEP1i7nqu+mbbM/SZlq1wnGpg/sbRV
    104. 

  104. oUF+a7pRcSbfxEttle4pLFhS+ErKatjGcNEab2OlU3bX5UoBs+TYodnCWGKOuBKV
    105. 

  105. L/CYc65QyeYZ+JiwYn9wC8YkzOnnVIQjiCEkLgSL30h9dxpnTZDLrdAA8ItelDn5
    106. 

  106. DvjuQq58CGDsaVqpSobiSC1DMXYWot4Ets1wwovUNEq1l0MERB+2olE+JU/8E23E
    107. 

  107. eL1/aA7Kw/JibkWz1IyzClpFDKXf6kR2onJyxerdwUL+is7tqYFLysiHxZDL1bli
    108. 

  108. SXbW8hMa5gvo0IilFP9Rznn8PplIfCsvBDVv6xsRr5nTAFtwKaMBVgznE2ghs69w
    109. 

  109. kK8u1YiiVenmoQ==
    110. 

  110. -----END CERTIFICATE-----`
    111. 

  111. 	caKey = `-----BEGIN RSA PRIVATE KEY-----
    112. 

  112. MIIJKgIBAAKCAgEA7WHW216mfi4uF8cx6HWf8wvAxaEWgCHTOi2MwFIzOrOtuT7x
    113. 

  113. b64rkpdzx1aWetSiCrEyc3D1v03k0Akvlz1gtnDtO64+MA8bqlTnCydZJY4cCTvD
    114. 

  114. OBUYZgtMqHZzpE6xRrqQ84zhyzjKQ5bR0st+XGfIkuhjSuf2n/ZPS37fge9j6AKz
    115. 

  115. n/2uEVt33qmO85WtN3RzbSqLCdOJ6cQ216j3la1C5+NWvzIKC7t6NE1bBGI4+tRj
    116. 

  116. 7B5P5MeamkkogwbExUjdHp3U4yasvoGcCHUQDoa4Dej1faywz6JlwB6rTV4ys4aZ
    117. 

  117. De67V/Q8iB2May1k7zBz1ZtbKF5Em3xewP1LqPEowF1uc4KtPGcP4bxdaIpSpmOb
    118. 

  118. cn8AIfH6smLQrn0C3cs7CYfoNlFuTbwzENUhjz0X6EsoM4w4c87lO+dRNR7YpHLq
    119. 

  119. R/BJTbbyXUB0imne1u00fuzbS7OtweiA9w7DRCkr2gU4lmHe7l0T+SA9pxIeVLb7
    120. 

  120. 8x7ivdyXSF5LVQJ1JvhhWu6iM6GQdLHat/0fpRFUbEe34RQSDJ2eOBifMJqvsvpB
    121. 

  121. P8d2jcRZVUVrSXGc2mAGuGOY/tmnCJGW8Fd+sgpCVAqM0pxCM+apqrvJYUqqQZ2Z
    122. 

  122. xugCXULtRWJ9p4C9zUl40HEyOQ+AaiiwFll/doXELglcJdNg8AZPGhugfxMCAwEA
    123. 

  123. AQKCAgEA4x0OoceG54ZrVxifqVaQd8qw3uRmUKUMIMdfuMlsdideeLO97ynmSlRY
    124. 

  124. 00kGo/I4Lp6mNEjI9gUie9+uBrcUhri4YLcujHCH+YlNnCBDbGjwbe0ds9SLCWaa
    125. 

  125. KztZHMSlW5Q4Bqytgu+MpOnxSgqjlOk+vz9TcGFKVnUkHIkAcqKFJX8gOFxPZA/t
    126. 

  126. Ob1kJaz4kuv5W2Kur/ISKvQtvFvOtQeV0aJyZm8LqXnvS4cPI7yN4329NDU0HyDR
    127. 

  127. y/deqS2aqV4zII3FFqbz8zix/m1xtVQzWCugZGMKrz0iuJMfNeCABb8rRGc6GsZz
    128. 

  128. +465v/kobqgeyyneJ1s5rMFrLp2o+dwmnIVMNsFDUiN1lIZDHLvlgonaUO3IdTZc
    129. 

  129. 9asamFWKFKUMgWqM4zB1vmUO12CKowLNIIKb0L+kf1ixaLLDRGf/f9vLtSHE+oyx
    130. 

  130. lATiS18VNA8+CGsHF6uXMRwf2auZdRI9+s6AAeyRISSbO1khyWKHo+bpOvmPAkDR
    131. 

  131. nknTjbYgkoZOV+mrsU5oxV8s6vMkuvA3rwFhT2gie8pokuACFcCRrZi9MVs4LmUQ
    132. 

  132. u0GYTHvp2WJUjMWBm6XX7Hk3g2HV842qpk/mdtTjNsXws81djtJPn4I/soIXSgXz
    133. 

  133. pY3SvKTuOckP9OZVF0yqKGeZXKpD288PKpC+MAg3GvEJaednagECggEBAPsfLwuP
    134. 

  134. L1kiDjXyMcRoKlrQ6Q/zBGyBmJbZ5uVGa02+XtYtDAzLoVupPESXL0E7+r8ZpZ39
    135. 

  135. 0dV4CEJKpbVS/BBtTEkPpTK5kz778Ib04TAyj+YLhsZjsnuja3T5bIBZXFDeDVDM
    136. 

  136. 0ZaoFoKpIjTu2aO6pzngsgXs6EYbo2MTuJD3h0nkGZsICL7xvT9Mw0P1p2Ftt/hN
    137. 

  137. +jKk3vN220wTWUsq43AePi45VwK+PNP12ZXv9HpWDxlPo3j0nXtgYXittYNAT92u
    138. 

  138. BZbFAzldEIX9WKKZgsWtIzLaASjVRntpxDCTby/nlzQ5dw3DHU1DV3PIqxZS2+Oe
    139. 

  139. KV+7XFWgZ44YjYECggEBAPH+VDu3QSrqSahkZLkgBtGRkiZPkZFXYvU6kL8qf5wO
    140. 

  140. Z/uXMeqHtznAupLea8I4YZLfQim/NfC0v1cAcFa9Ckt9g3GwTSirVcN0AC1iOyv3
    141. 

  141. /hMZCA1zIyIcuUplNr8qewoX71uPOvCNH0dix77423mKFkJmNwzy4Q+rV+qkRdLn
    142. 

  142. v+AAgh7g5N91pxNd6LQJjoyfi1Ka6rRP2yGXM5v7QOwD16eN4JmExUxX1YQ7uNuX
    143. 

  143. pVS+HRxnBquA+3/DB1LtBX6pa2cUa+LRUmE/NCPHMvJcyuNkYpJKlNTd9vnbfo0H
    144. 

  144. RNSJSWm+aGxDFMjuPjV3JLj2OdKMPwpnXdh2vBZCPpMCggEAM+yTvrEhmi2HgLIO
    145. 

  145. hkz/jP2rYyfdn04ArhhqPLgd0dpuI5z24+Jq/9fzZT9ZfwSW6VK1QwDLlXcXRhXH
    146. 

  146. Q8Hf6smev3CjuORURO61IkKaGWwrAucZPAY7ToNQ4cP9ImDXzMTNPgrLv3oMBYJR
    147. 

  147. V16X09nxX+9NABqnQG/QjdjzDc6Qw7+NZ9f2bvzvI5qMuY2eyW91XbtJ45ThoLfP
    148. 

  148. ymAp03gPxQwL0WT7z85kJ3OrROxzwaPvxU0JQSZbNbqNDPXmFTiECxNDhpRAAWlz
    149. 

  149. 1DC5Vg2l05fkMkyPdtD6nOQWs/CYSfB5/EtxiX/xnBszhvZUIe6KFvuKFIhaJD5h
    150. 

  150. iykagQKCAQEAoBRm8k3KbTIo4ZzvyEq4V/+dF3zBRczx6FkCkYLygXBCNvsQiR2Y
    151. 

  151. BjtI8Ijz7bnQShEoOmeDriRTAqGGrspEuiVgQ1+l2wZkKHRe/aaij/Zv+4AuhH8q
    152. 

  152. uZEYvW7w5Uqbs9SbgQzhp2kjTNy6V8lVnjPLf8cQGZ+9Y9krwktC6T5m/i435WdN
    153. 

  153. 38h7amNP4XEE/F86Eb3rDrZYtgLIoCF4E+iCyxMehU+AGH1uABhls9XAB6vvo+8/
    154. 

  154. SUp8lEqWWLP0U5KNOtYWfCeOAEiIHDbUq+DYUc4BKtbtV1cx3pzlPTOWw6XBi5Lq
    155. 

  155. jttdL4HyYvnasAQpwe8GcMJqIRyCVZMiwwKCAQEAhQTTS3CC8PwcoYrpBdTjW1ck
    156. 

  156. vVFeF1YbfqPZfYxASCOtdx6wRnnEJ+bjqntagns9e88muxj9UhxSL6q9XaXQBD8+
    157. 

  157. 2AmKUxphCZQiYFZcTucjQEQEI2nN+nAKgRrUSMMGiR8Ekc2iFrcxBU0dnSohw+aB
    158. 

  158. PbMKVypQCREu9PcDFIp9rXQTeElbaNsIg1C1w/SQjODbmN/QFHTVbRODYqLeX1J/
    159. 

  159. VcGsykSIq7hv6bjn7JGkr2JTdANbjk9LnMjMdJFsKRYxPKkOQfYred6Hiojp5Sor
    160. 

  160. PW5am8ejnNSPhIfqQp3uV3KhwPDKIeIpzvrB4uPfTjQWhekHCb8cKSWux3flqw==
    161. 

  161. -----END RSA PRIVATE KEY-----`
    162. 

  162. 	caCRL = `-----BEGIN X509 CRL-----
    163. 

  163. MIICpzCBkAIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhDZXJ0QXV0aBcN
    164. 

  164. MjQwMTEwMTgyMjU4WhcNMjYwMTA5MTgyMjU4WjAkMCICEQDOaeHbjY4pEj8WBmqg
    165. 

  165. ZuRRFw0yNDAxMTAxODIyNThaoCMwITAfBgNVHSMEGDAWgBTaCYSLw2UKxH/1UG1r
    166. 

  166. rl4DZ7dpuTANBgkqhkiG9w0BAQsFAAOCAgEAZzZ4aBqCcAJigR9e/mqKpJa4B6FV
    167. 

  167. +jZmnWXolGeUuVkjdiG9w614x7mB2S768iioJyALejjCZjqsp6ydxtn0epQw4199
    168. 

  168. XSfPIxA9lxc7w79GLe0v3ztojvxDPh5V1+lwPzGf9i8AsGqb2BrcBqgxDeatndnE
    169. 

  169. jF+18bY1saXOBpukNLjtRScUXzy5YcSuO6mwz4548v+1ebpF7W4Yh+yh0zldJKcF
    170. 

  170. DouuirZWujJwTwxxfJ+2+yP7GAuefXUOhYs/1y9ylvUgvKFqSyokv6OaVgTooKYD
    171. 

  171. MSADzmNcbRvwyAC5oL2yJTVVoTFeP6fXl/BdFH3sO/hlKXGy4Wh1AjcVE6T0CSJ4
    172. 

  172. iYFX3gLFh6dbP9IQWMlIM5DKtAKSjmgOywEaWii3e4M0NFSf/Cy17p2E5/jXSLlE
    173. 

  173. ypDileK0aALkx2twGWwogh6sY1dQ6R3GpKSRPD2muQxVOG6wXvuJce0E9WLx1Ud4
    174. 

  174. hVUdUEMlKUvm77/15U5awarH2cCJQxzS/GMeIintQiG7hUlgRzRdmWVe3vOOvt94
    175. 

  175. cp8+ZUH/QSDOo41ATTHpFeC/XqF5E2G/ahXqra+O5my52V/FP0bSJnkorJ8apy67
    176. 

  176. sn6DFbkqX9khTXGtacczh2PcqVjcQjBniYl2sPO3qIrrrY3tic96tMnM/u3JRdcn
    177. 

  177. w7bXJGfJcIMrrKs=
    178. 

  178. -----END X509 CRL-----`
    179. 

  179. 	client1Crt = `-----BEGIN CERTIFICATE-----
    180. 

  180. MIIEITCCAgmgAwIBAgIRAJr32nHRlhyPiS7IfZ/ZWYowDQYJKoZIhvcNAQELBQAw
    181. 

  181. EzERMA8GA1UEAxMIQ2VydEF1dGgwHhcNMjQwMTEwMTgxMjM3WhcNMzQwMTEwMTgy
    182. 

  182. MTUzWjASMRAwDgYDVQQDEwdjbGllbnQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
    183. 

  183. MIIBCgKCAQEAtuQFiqvdjd8WLxP0FgPDyDEJ1/uJ+Aoj6QllNV7svWxwW+kiJ3X6
    184. 

  184. HUVNWhhCsNfly4pGW4erF4fZzmesElGx1PoWgQCWZKsa/N08bznelWgdmkyi85xE
    185. 

  185. OkTj6e/cTWHFSOBURNJaXkGHZ0ROSh7qu0Ld+eqNo3k9W+NqZaqYvs2K7MLWeYl7
    186. 

  186. Qie8Ctuq5Qaz/jm0XwR2PFBROVQSaCPCukancPQ21ftqHPhAbjxoxvvN5QP4ZdRf
    187. 

  187. XlH/LDLhlFnJzPZdHnVy9xisSPPRfFApJiwyfjRYdtslpJOcNgP6oPlpX/dybbhO
    188. 

  188. c9FEUgj/Q90Je8EfioBYFYsqVD6/dFv9SwIDAQABo3EwbzAOBgNVHQ8BAf8EBAMC
    189. 

  189. A7gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRUh5Xo
    190. 

  190. Gzjh6iReaPSOgGatqOw9bDAfBgNVHSMEGDAWgBTaCYSLw2UKxH/1UG1rrl4DZ7dp
    191. 

  191. uTANBgkqhkiG9w0BAQsFAAOCAgEAyAK7cOTWqjyLgFM0kyyx1fNPvm2GwKep3MuU
    192. 

  192. OrSnLuWjoxzb7WcbKNVMlnvnmSUAWuErxsY0PUJNfcuqWiGmEp4d/SWfWPigG6DC
    193. 

  193. sDej35BlSfX8FCufYrfC74VNk4yBS2LVYmIqcpqUrfay0I2oZA8+ToLEpdUvEv2I
    194. 

  194. l59eOhJO2jsC3JbOyZZmK2Kv7d94fR+1tg2Rq1Wbnmc9AZKq7KDReAlIJh4u2KHb
    195. 

  195. BbtF79idusMwZyP777tqSQ4THBMa+VAEc2UrzdZqTIAwqlKQOvO2fRz2P+ARR+Tz
    196. 

  196. MYJMdCdmPZ9qAc8U1OcFBG6qDDltO8wf/Nu/PsSI5LGCIhIuPPIuKfm0rRfTqCG7
    197. 

  197. QPQPWjRoXtGGhwjdIuWbX9fIB+c+NpAEKHgLtV+Rxj8s5IVxqG9a5TtU9VkfVXJz
    198. 

  198. J20naoz/G+vDsVINpd3kH0ziNvdrKfGRM5UgtnUOPCXB22fVmkIsMH2knI10CKK+
    199. 

  199. offI56NTkLRu00xvg98/wdukhkwIAxg6PQI/BHY5mdvoacEHHHdOhMq+GSAh7DDX
    200. 

  200. G8+HdbABM1ExkPnZLat15q706ztiuUpQv1C2DI8YviUVkMqCslj4cD4F8EFPo4kr
    201. 

  201. kvme0Cuc9Qlf7N5rjdV3cjwavhFx44dyXj9aesft2Q1okPiIqbGNpcjHcIRlj4Au
    202. 

  202. MU3Bo0A=
    203. 

  203. -----END CERTIFICATE-----`
    204. 

  204. 	client1Key = `-----BEGIN RSA PRIVATE KEY-----
    205. 

  205. MIIEpAIBAAKCAQEAtuQFiqvdjd8WLxP0FgPDyDEJ1/uJ+Aoj6QllNV7svWxwW+ki
    206. 

  206. J3X6HUVNWhhCsNfly4pGW4erF4fZzmesElGx1PoWgQCWZKsa/N08bznelWgdmkyi
    207. 

  207. 85xEOkTj6e/cTWHFSOBURNJaXkGHZ0ROSh7qu0Ld+eqNo3k9W+NqZaqYvs2K7MLW
    208. 

  208. eYl7Qie8Ctuq5Qaz/jm0XwR2PFBROVQSaCPCukancPQ21ftqHPhAbjxoxvvN5QP4
    209. 

  209. ZdRfXlH/LDLhlFnJzPZdHnVy9xisSPPRfFApJiwyfjRYdtslpJOcNgP6oPlpX/dy
    210. 

  210. bbhOc9FEUgj/Q90Je8EfioBYFYsqVD6/dFv9SwIDAQABAoIBAFjSHK7gENVZxphO
    211. 

  211. hHg8k9ShnDo8eyDvK8l9Op3U3/yOsXKxolivvyx//7UFmz3vXDahjNHe7YScAXdw
    212. 

  212. eezbqBXa7xrvghqZzp2HhFYwMJ0210mcdncBKVFzK4ztZHxgQ0PFTqet0R19jZjl
    213. 

  213. X3A325/eNZeuBeOied4qb/24AD6JGc6A0J55f5/QUQtdwYwrL15iC/KZXDL90PPJ
    214. 

  214. CFJyrSzcXvOMEvOfXIFxhDVKRCppyIYXG7c80gtNC37I6rxxMNQ4mxjwUI2IVhxL
    215. 

  215. j+nZDu0JgRZ4NaGjOq2e79QxUVm/GG3z25XgmBFBrXkEVV+sCZE1VDyj6kQfv9FU
    216. 

  216. NhOrwGECgYEAzq47r/HwXifuGYBV/mvInFw3BNLrKry+iUZrJ4ms4g+LfOi0BAgf
    217. 

  217. sXsWXulpBo2YgYjFdO8G66f69GlB4B7iLscpABXbRtpDZEnchQpaF36/+4g3i8gB
    218. 

  218. Z29XHNDB8+7t4wbXvlSnLv1tZWey2fS4hPosc2YlvS87DMmnJMJqhs8CgYEA4oiB
    219. 

  219. LGQP6VNdX0Uigmh5fL1g1k95eC8GP1ylczCcIwsb2OkAq0MT7SHRXOlg3leEq4+g
    220. 

  220. mCHk1NdjkSYxDL2ZeTKTS/gy4p1jlcDa6Ilwi4pVvatNvu4o80EYWxRNNb1mAn67
    221. 

  221. T8TN9lzc6mEi+LepQM3nYJ3F+ZWTKgxH8uoJwMUCgYEArpumE1vbjUBAuEyi2eGn
    222. 

  222. RunlFW83fBCfDAxw5KM8anNlja5uvuU6GU/6s06QCxg+2lh5MPPrLdXpfukZ3UVa
    223. 

  223. Itjg+5B7gx1MSALaiY8YU7cibFdFThM3lHIM72wyH2ogkWcrh0GvSFSUQlJcWCSW
    224. 

  224. asmMGiYXBgBL697FFZomMyMCgYEAkAnp0JcDQwHd4gDsk2zoqnckBsDb5J5J46n+
    225. 

  225. DYNAFEww9bgZ08u/9MzG+cPu8xFE621U2MbcYLVfuuBE2ewIlPaij/COMmeO9Z59
    226. 

  226. 0tPpOuDH6eTtd1SptxqR6P+8pEn8feOlKHBj4Z1kXqdK/EiTlwAVeep4Al2oCFls
    227. 

  227. ujkz4F0CgYAe8vHnVFHlWi16zAqZx4ZZZhNuqPtgFkvPg9LfyNTA4dz7F9xgtUaY
    228. 

  228. nXBPyCe/8NtgBfT79HkPiG3TM0xRZY9UZgsJKFtqAu5u4ManuWDnsZI9RK2QTLHe
    229. 

  229. yEbH5r3Dg3n9k/3GbjXFIWdU9UaYsdnSKHHtMw9ZODc14LaAogEQug==
    230. 

  230. -----END RSA PRIVATE KEY-----`
    231. 

  231. 	// client 2 crt is revoked
    232. 

  232. 	client2Crt = `-----BEGIN CERTIFICATE-----
    233. 

  233. MIIEITCCAgmgAwIBAgIRAM5p4duNjikSPxYGaqBm5FEwDQYJKoZIhvcNAQELBQAw
    234. 

  234. EzERMA8GA1UEAxMIQ2VydEF1dGgwHhcNMjQwMTEwMTgxMjUyWhcNMzQwMTEwMTgy
    235. 

  235. MTUzWjASMRAwDgYDVQQDEwdjbGllbnQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
    236. 

  236. MIIBCgKCAQEApNYpNZVmXZtAObpRRIuP2o/7z04H2E161vKZvJ3LSLlUTImVjm/b
    237. 

  237. Qe6DTNCUVLnzQuanmUlu2rUnN3lDSfYoBcJWbvC3y1OCPRkCjDV6KiYMA9TPkZua
    238. 

  238. eq6y3+bFFfEmyumsVEe0bSuzNHXCOIBT7PqYMdovECcwBh/RZCA5mqO5omEKh4LQ
    239. 

  239. cr6+sVVkvD3nsyx0Alz/kTLFqc0mVflmpJq+0BpdetHRg4n5vy/I/08jZ81PQAmT
    240. 

  240. A0kyl0Jh132JBGFdA8eyugPPP8n5edU4f3HXV/nR7XLwBrpSt8KgEg8cwfAu4Ic0
    241. 

  241. 6tGzB0CH8lSGtU0tH2/cOlDuguDD7VvokQIDAQABo3EwbzAOBgNVHQ8BAf8EBAMC
    242. 

  242. A7gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR5mf0f
    243. 

  243. Zjf8ZCGXqU2+45th7VkkLDAfBgNVHSMEGDAWgBTaCYSLw2UKxH/1UG1rrl4DZ7dp
    244. 

  244. uTANBgkqhkiG9w0BAQsFAAOCAgEARhFxNAouwbpEfN1M90+ao5rwyxEewerSoCCz
    245. 

  245. PQzeUZ66MA/FkS/tFUGgGGG+wERN+WLbe1cN6q/XFr0FSMLuUxLXDNV02oUL/FnY
    246. 

  246. xcyNLaZUZ0pP7sA+Hmx2AdTA6baIwQbyIY9RLAaz6hzo1YbI8yeis645F1bxgL2D
    247. 

  247. EP5kXa3Obv0tqWByMZtrmJPv3p0W5GJKXVDn51GR/E5KI7pliZX2e0LmMX9mxfPB
    248. 

  248. 4sXFUggMHXxWMMSAmXPVsxC2KX6gMnajO7JUraTwuGm+6V371FzEX+UKXHI+xSvO
    249. 

  249. 78TseTIYsBGLjeiA8UjkKlD3T9qsQm2mb2PlKyqjvIm4i2ilM0E2w4JZmd45b925
    250. 

  250. 7q/QLV3NZ/zZMi6AMyULu28DWKfAx3RLKwnHWSFcR4lVkxQrbDhEUMhAhLAX+2+e
    251. 

  251. qc7qZm3dTabi7ZJiiOvYK/yNgFHa/XtZp5uKPB5tigPIa+34hbZF7s2/ty5X3O1N
    252. 

  252. f5Ardz7KNsxJjZIt6HvB28E/PPOvBqCKJc1Y08J9JbZi8p6QS1uarGoR7l7rT1Hv
    253. 

  253. /ZXkNTw2bw1VpcWdzDBLLVHYNnJmS14189LVk11PcJJpSmubwCqg+ZZULdgtVr3S
    254. 

  254. ANas2dgMPVwXhnAalgkcc+lb2QqaEz06axfbRGBsgnyqR5/koKCg1Hr0+vThHSsR
    255. 

  255. E0+r2+4=
    256. 

  256. -----END CERTIFICATE-----`
    257. 

  257. 	client2Key = `-----BEGIN RSA PRIVATE KEY-----
    258. 

  258. MIIEowIBAAKCAQEApNYpNZVmXZtAObpRRIuP2o/7z04H2E161vKZvJ3LSLlUTImV
    259. 

  259. jm/bQe6DTNCUVLnzQuanmUlu2rUnN3lDSfYoBcJWbvC3y1OCPRkCjDV6KiYMA9TP
    260. 

  260. kZuaeq6y3+bFFfEmyumsVEe0bSuzNHXCOIBT7PqYMdovECcwBh/RZCA5mqO5omEK
    261. 

  261. h4LQcr6+sVVkvD3nsyx0Alz/kTLFqc0mVflmpJq+0BpdetHRg4n5vy/I/08jZ81P
    262. 

  262. QAmTA0kyl0Jh132JBGFdA8eyugPPP8n5edU4f3HXV/nR7XLwBrpSt8KgEg8cwfAu
    263. 

  263. 4Ic06tGzB0CH8lSGtU0tH2/cOlDuguDD7VvokQIDAQABAoIBAQCMnEeg9uXQmdvq
    264. 

  264. op4qi6bV+ZcDWvvkLwvHikFMnYpIaheYBpF2ZMKzdmO4xgCSWeFCQ4Hah8KxfHCM
    265. 

  265. qLuWvw2bBBE5J8yQ/JaPyeLbec7RX41GQ2YhPoxDdP0PdErREdpWo4imiFhH/Ewt
    266. 

  266. Rvq7ufRdpdLoS8dzzwnvX3r+H2MkHoC/QANW2AOuVoZK5qyCH5N8yEAAbWKaQaeL
    267. 

  267. VBhAYEVKbAkWEtXw7bYXzxRR7WIM3f45v3ncRusDIG+Hf75ZjatoH0lF1gHQNofO
    268. 

  268. qkCVZVzjkLFuzDic2KZqsNORglNs4J6t5Dahb9v3hnoK963YMnVSUjFvqQ+/RZZy
    269. 

  269. VILFShilAoGBANucwZU61eJ0tLKBYEwmRY/K7Gu1MvvcYJIOoX8/BL3zNmNO0CLl
    270. 

  270. NiABtNt9WOVwZxDsxJXdo1zvMtAegNqS6W11R1VAZbL6mQ/krScbLDE6JKA5DmA7
    271. 

  271. 4nNi1gJOW1ziAfdBAfhe4cLbQOb94xkOK5xM1YpO0xgDJLwrZbehDMmPAoGBAMAl
    272. 

  272. /owPDAvcXz7JFynT0ieYVc64MSFiwGYJcsmxSAnbEgQ+TR5FtkHYe91OSqauZcCd
    273. 

  273. aoKXQNyrYKIhyounRPFTdYQrlx6KtEs7LU9wOxuphhpJtGjRnhmA7IqvX703wNvu
    274. 

  274. khrEavn86G5boH8R80371SrN0Rh9UeAlQGuNBdvfAoGAEAmokW9Ug08miwqrr6Pz
    275. 

  275. 3IZjMZJwALidTM1IufQuMnj6ddIhnQrEIx48yPKkdUz6GeBQkuk2rujA+zXfDxc/
    276. 

  276. eMDhzrX/N0zZtLFse7ieR5IJbrH7/MciyG5lVpHGVkgjAJ18uVikgAhm+vd7iC7i
    277. 

  277. vG1YAtuyysQgAKXircBTIL0CgYAHeTLWVbt9NpwJwB6DhPaWjalAug9HIiUjktiB
    278. 

  278. GcEYiQnBWn77X3DATOA8clAa/Yt9m2HKJIHkU1IV3ESZe+8Fh955PozJJlHu3yVb
    279. 

  279. Ap157PUHTriSnxyMF2Sb3EhX/rQkmbnbCqqygHC14iBy8MrKzLG00X6BelZV5n0D
    280. 

  280. 8d85dwKBgGWY2nsaemPH/TiTVF6kW1IKSQoIyJChkngc+Xj/2aCCkkmAEn8eqncl
    281. 

  281. RKjnkiEZeG4+G91Xu7+HmcBLwV86k5I+tXK9O1Okomr6Zry8oqVcxU5TB6VRS+rA
    282. 

  282. ubwF00Drdvk2+kDZfxIM137nBiy7wgCJi2Ksm5ihN3dUF6Q0oNPl
    283. 

  283. -----END RSA PRIVATE KEY-----`
    284. 

  284. )
    285. 

  285. 

  286. func TestLoadCertificate(t *testing.T) {
    287. 

  287. 	startEventScheduler()
    288. 

  288. 	caCrtPath := filepath.Join(os.TempDir(), "testca.crt")
    289. 

  289. 	caCrlPath := filepath.Join(os.TempDir(), "testcrl.crt")
    290. 

  290. 	certPath := filepath.Join(os.TempDir(), "test.crt")
    291. 

  291. 	keyPath := filepath.Join(os.TempDir(), "test.key")
    292. 

  292. 	err := os.WriteFile(caCrtPath, []byte(caCRT), os.ModePerm)
    293. 

  293. 	assert.NoError(t, err)
    294. 

  294. 	err = os.WriteFile(caCrlPath, []byte(caCRL), os.ModePerm)
    295. 

  295. 	assert.NoError(t, err)
    296. 

  296. 	err = os.WriteFile(certPath, []byte(serverCert), os.ModePerm)
    297. 

  297. 	assert.NoError(t, err)
    298. 

  298. 	err = os.WriteFile(keyPath, []byte(serverKey), os.ModePerm)
    299. 

  299. 	assert.NoError(t, err)
    300. 

  300. 	keyPairs := []TLSKeyPair{
    301. 

  301. 		{
    302. 

  302. 			Cert: certPath,
    303. 

  303. 			Key:  keyPath,
    304. 

  304. 			ID:   DefaultTLSKeyPaidID,
    305. 

  305. 		},
    306. 

  306. 		{
    307. 

  307. 			Cert: certPath,
    308. 

  308. 			Key:  keyPath,
    309. 

  309. 			ID:   DefaultTLSKeyPaidID,
    310. 

  310. 		},
    311. 

  311. 	}
    312. 

  312. 	certManager, err := NewCertManager(keyPairs, configDir, logSenderTest)
    313. 

  313. 	if assert.Error(t, err) {
    314. 

  314. 		assert.Contains(t, err.Error(), "is duplicated")
    315. 

  315. 	}
    316. 

  316. 	assert.Nil(t, certManager)
    317. 

  317. 

  318. 	keyPairs = []TLSKeyPair{
    319. 

  319. 		{
    320. 

  320. 			Cert: certPath,
    321. 

  321. 			Key:  keyPath,
    322. 

  322. 			ID:   DefaultTLSKeyPaidID,
    323. 

  323. 		},
    324. 

  324. 	}
    325. 

  325. 

  326. 	certManager, err = NewCertManager(keyPairs, configDir, logSenderTest)
    327. 

  327. 	assert.NoError(t, err)
    328. 

  328. 	assert.True(t, certManager.HasCertificate(DefaultTLSKeyPaidID))
    329. 

  329. 	assert.False(t, certManager.HasCertificate("unknownID"))
    330. 

  330. 	certFunc := certManager.GetCertificateFunc(DefaultTLSKeyPaidID)
    331. 

  331. 	if assert.NotNil(t, certFunc) {
    332. 

  332. 		hello := &tls.ClientHelloInfo{
    333. 

  333. 			ServerName:   "localhost",
    334. 

  334. 			CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305},
    335. 

  335. 		}
    336. 

  336. 		cert, err := certFunc(hello)
    337. 

  337. 		assert.NoError(t, err)
    338. 

  338. 		assert.Equal(t, certManager.certs[DefaultTLSKeyPaidID], cert)
    339. 

  339. 	}
    340. 

  340. 	certFunc = certManager.GetCertificateFunc("unknownID")
    341. 

  341. 	if assert.NotNil(t, certFunc) {
    342. 

  342. 		hello := &tls.ClientHelloInfo{
    343. 

  343. 			ServerName:   "localhost",
    344. 

  344. 			CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305},
    345. 

  345. 		}
    346. 

  346. 		_, err = certFunc(hello)
    347. 

  347. 		if assert.Error(t, err) {
    348. 

  348. 			assert.Contains(t, err.Error(), "no certificate for id unknownID")
    349. 

  349. 		}
    350. 

  350. 	}
    351. 

  351. 	certManager.SetCACertificates(nil)
    352. 

  352. 	err = certManager.LoadRootCAs()
    353. 

  353. 	assert.NoError(t, err)
    354. 

  354. 

  355. 	certManager.SetCACertificates([]string{""})
    356. 

  356. 	err = certManager.LoadRootCAs()
    357. 

  357. 	assert.Error(t, err)
    358. 

  358. 

  359. 	certManager.SetCACertificates([]string{"invalid"})
    360. 

  360. 	err = certManager.LoadRootCAs()
    361. 

  361. 	assert.Error(t, err)
    362. 

  362. 

  363. 	// laoding the key as root CA must fail
    364. 

  364. 	certManager.SetCACertificates([]string{keyPath})
    365. 

  365. 	err = certManager.LoadRootCAs()
    366. 

  366. 	assert.Error(t, err)
    367. 

  367. 

  368. 	certManager.SetCACertificates([]string{certPath})
    369. 

  369. 	err = certManager.LoadRootCAs()
    370. 

  370. 	assert.NoError(t, err)
    371. 

  371. 

  372. 	rootCa := certManager.GetRootCAs()
    373. 

  373. 	assert.NotNil(t, rootCa)
    374. 

  374. 

  375. 	err = certManager.Reload()
    376. 

  376. 	assert.NoError(t, err)
    377. 

  377. 

  378. 	certManager.SetCARevocationLists(nil)
    379. 

  379. 	err = certManager.LoadCRLs()
    380. 

  380. 	assert.NoError(t, err)
    381. 

  381. 

  382. 	certManager.SetCARevocationLists([]string{""})
    383. 

  383. 	err = certManager.LoadCRLs()
    384. 

  384. 	assert.Error(t, err)
    385. 

  385. 

  386. 	certManager.SetCARevocationLists([]string{"invalid crl"})
    387. 

  387. 	err = certManager.LoadCRLs()
    388. 

  388. 	assert.Error(t, err)
    389. 

  389. 

  390. 	// this is not a crl and must fail
    391. 

  391. 	certManager.SetCARevocationLists([]string{caCrtPath})
    392. 

  392. 	err = certManager.LoadCRLs()
    393. 

  393. 	assert.Error(t, err)
    394. 

  394. 

  395. 	certManager.SetCARevocationLists([]string{caCrlPath})
    396. 

  396. 	err = certManager.LoadCRLs()
    397. 

  397. 	assert.NoError(t, err)
    398. 

  398. 

  399. 	crt, err := tls.X509KeyPair([]byte(caCRT), []byte(caKey))
    400. 

  400. 	assert.NoError(t, err)
    401. 

  401. 

  402. 	x509CAcrt, err := x509.ParseCertificate(crt.Certificate[0])
    403. 

  403. 	assert.NoError(t, err)
    404. 

  404. 

  405. 	crt, err = tls.X509KeyPair([]byte(client1Crt), []byte(client1Key))
    406. 

  406. 	assert.NoError(t, err)
    407. 

  407. 	x509crt, err := x509.ParseCertificate(crt.Certificate[0])
    408. 

  408. 	if assert.NoError(t, err) {
    409. 

  409. 		assert.False(t, certManager.IsRevoked(x509crt, x509CAcrt))
    410. 

  410. 	}
    411. 

  411. 

  412. 	crt, err = tls.X509KeyPair([]byte(client2Crt), []byte(client2Key))
    413. 

  413. 	assert.NoError(t, err)
    414. 

  414. 	x509crt, err = x509.ParseCertificate(crt.Certificate[0])
    415. 

  415. 	if assert.NoError(t, err) {
    416. 

  416. 		assert.True(t, certManager.IsRevoked(x509crt, x509CAcrt))
    417. 

  417. 	}
    418. 

  418. 

  419. 	assert.True(t, certManager.IsRevoked(nil, nil))
    420. 

  420. 

  421. 	err = os.Remove(caCrlPath)
    422. 

  422. 	assert.NoError(t, err)
    423. 

  423. 	err = certManager.Reload()
    424. 

  424. 	assert.Error(t, err)
    425. 

  425. 

  426. 	err = os.Remove(certPath)
    427. 

  427. 	assert.NoError(t, err)
    428. 

  428. 	err = os.Remove(keyPath)
    429. 

  429. 	assert.NoError(t, err)
    430. 

  430. 	err = certManager.Reload()
    431. 

  431. 	assert.Error(t, err)
    432. 

  432. 

  433. 	err = os.Remove(caCrtPath)
    434. 

  434. 	assert.NoError(t, err)
    435. 

  435. 	stopEventScheduler()
    436. 

  436. }
    437. 

  437. 

  438. func TestLoadInvalidCert(t *testing.T) {
    439. 

  439. 	startEventScheduler()
    440. 

  440. 	certManager, err := NewCertManager(nil, configDir, logSenderTest)
    441. 

  441. 	if assert.Error(t, err) {
    442. 

  442. 		assert.Contains(t, err.Error(), "no key pairs defined")
    443. 

  443. 	}
    444. 

  444. 	assert.Nil(t, certManager)
    445. 

  445. 

  446. 	keyPairs := []TLSKeyPair{
    447. 

  447. 		{
    448. 

  448. 			Cert: "test.crt",
    449. 

  449. 			Key:  "test.key",
    450. 

  450. 			ID:   DefaultTLSKeyPaidID,
    451. 

  451. 		},
    452. 

  452. 	}
    453. 

  453. 	certManager, err = NewCertManager(keyPairs, configDir, logSenderTest)
    454. 

  454. 	assert.Error(t, err)
    455. 

  455. 	assert.Nil(t, certManager)
    456. 

  456. 

  457. 	keyPairs = []TLSKeyPair{
    458. 

  458. 		{
    459. 

  459. 			Cert: "test.crt",
    460. 

  460. 			Key:  "test.key",
    461. 

  461. 		},
    462. 

  462. 	}
    463. 

  463. 	certManager, err = NewCertManager(keyPairs, configDir, logSenderTest)
    464. 

  464. 	if assert.Error(t, err) {
    465. 

  465. 		assert.Contains(t, err.Error(), "TLS certificate without ID")
    466. 

  466. 	}
    467. 

  467. 	assert.Nil(t, certManager)
    468. 

  468. 	stopEventScheduler()
    469. 

  469. }
    470. 

  470. 

  471. func TestCertificateMonitor(t *testing.T) {
    472. 

  472. 	startEventScheduler()
    473. 

  473. 	defer stopEventScheduler()
    474. 

  474. 

  475. 	certPath := filepath.Join(os.TempDir(), "test.crt")
    476. 

  476. 	keyPath := filepath.Join(os.TempDir(), "test.key")
    477. 

  477. 	caCrlPath := filepath.Join(os.TempDir(), "testcrl.crt")
    478. 

  478. 	err := os.WriteFile(certPath, []byte(serverCert), os.ModePerm)
    479. 

  479. 	assert.NoError(t, err)
    480. 

  480. 	err = os.WriteFile(keyPath, []byte(serverKey), os.ModePerm)
    481. 

  481. 	assert.NoError(t, err)
    482. 

  482. 	err = os.WriteFile(caCrlPath, []byte(caCRL), os.ModePerm)
    483. 

  483. 	assert.NoError(t, err)
    484. 

  484. 

  485. 	keyPairs := []TLSKeyPair{
    486. 

  486. 		{
    487. 

  487. 			Cert: certPath,
    488. 

  488. 			Key:  keyPath,
    489. 

  489. 			ID:   DefaultTLSKeyPaidID,
    490. 

  490. 		},
    491. 

  491. 	}
    492. 

  492. 	certManager, err := NewCertManager(keyPairs, configDir, logSenderTest)
    493. 

  493. 	assert.NoError(t, err)
    494. 

  494. 	assert.Len(t, certManager.monitorList, 1)
    495. 

  495. 	require.Len(t, certManager.certsInfo, 1)
    496. 

  496. 	info := certManager.certsInfo[certPath]
    497. 

  497. 	require.NotNil(t, info)
    498. 

  498. 	certManager.SetCARevocationLists([]string{caCrlPath})
    499. 

  499. 	err = certManager.LoadCRLs()
    500. 

  500. 	assert.NoError(t, err)
    501. 

  501. 	assert.Len(t, certManager.monitorList, 2)
    502. 

  502. 	certManager.monitor()
    503. 

  503. 	require.Len(t, certManager.certsInfo, 2)
    504. 

  504. 

  505. 	err = os.Remove(certPath)
    506. 

  506. 	assert.NoError(t, err)
    507. 

  507. 	certManager.monitor()
    508. 

  508. 

  509. 	time.Sleep(100 * time.Millisecond)
    510. 

  510. 	err = os.WriteFile(certPath, []byte(serverCert), os.ModePerm)
    511. 

  511. 	assert.NoError(t, err)
    512. 

  512. 	certManager.monitor()
    513. 

  513. 	require.Len(t, certManager.certsInfo, 2)
    514. 

  514. 	newInfo := certManager.certsInfo[certPath]
    515. 

  515. 	require.NotNil(t, newInfo)
    516. 

  516. 	assert.Equal(t, info.Size(), newInfo.Size())
    517. 

  517. 	assert.NotEqual(t, info.ModTime(), newInfo.ModTime())
    518. 

  518. 

  519. 	err = os.Remove(caCrlPath)
    520. 

  520. 	assert.NoError(t, err)
    521. 

  521. 

  522. 	err = os.Remove(certPath)
    523. 

  523. 	assert.NoError(t, err)
    524. 

  524. 	err = os.Remove(keyPath)
    525. 

  525. 	assert.NoError(t, err)
    526. 

  526. }
    527.