ctpolicy_test.go

Documentation: github.com/google/certificate-transparency-go/ctpolicy

     1  // Copyright 2018 Google LLC. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //	http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  package ctpolicy
    15  
    16  import (
    17  	"encoding/json"
    18  	"reflect"
    19  	"testing"
    20  	"time"
    21  
    22  	"github.com/google/certificate-transparency-go/loglist3"
    23  	"github.com/google/certificate-transparency-go/testdata"
    24  	"github.com/google/certificate-transparency-go/x509"
    25  	"github.com/google/certificate-transparency-go/x509util"
    26  )
    27  
    28  func getTestCertPEMShort() *x509.Certificate {
    29  	cert, _ := x509util.CertificateFromPEM([]byte(testdata.TestCertPEM))
    30  	cert.NotAfter = time.Date(2013, 1, 1, 0, 0, 0, 0, time.UTC)
    31  	return cert
    32  }
    33  
    34  func getTestCertPEM2Years() *x509.Certificate {
    35  	cert, _ := x509util.CertificateFromPEM([]byte(testdata.TestCertPEM))
    36  	cert.NotAfter = time.Date(2014, 1, 1, 0, 0, 0, 0, time.UTC)
    37  	return cert
    38  }
    39  
    40  func getTestCertPEM3Years() *x509.Certificate {
    41  	cert, _ := x509util.CertificateFromPEM([]byte(testdata.TestCertPEM))
    42  	cert.NotAfter = time.Date(2015, 1, 1, 0, 0, 0, 0, time.UTC)
    43  	return cert
    44  }
    45  
    46  func getTestCertPEMLongOriginal() *x509.Certificate {
    47  	cert, _ := x509util.CertificateFromPEM([]byte(testdata.TestCertPEM))
    48  	return cert
    49  }
    50  
    51  func sampleLogList(t *testing.T) *loglist3.LogList {
    52  	t.Helper()
    53  	var ll loglist3.LogList
    54  	err := json.Unmarshal([]byte(testdata.SampleLogList3), &ll)
    55  	if err != nil {
    56  		t.Fatalf("Unable to Unmarshal testdata.SampleLogList3 %v", err)
    57  	}
    58  	return &ll
    59  }
    60  
    61  func TestLifetimeInMonths(t *testing.T) {
    62  	tests := []struct {
    63  		name      string
    64  		notBefore time.Time
    65  		notAfter  time.Time
    66  		want      int
    67  	}{
    68  		{
    69  			name:      "ExactMonths",
    70  			notBefore: time.Date(2012, 6, 1, 0, 0, 0, 0, time.UTC),
    71  			notAfter:  time.Date(2013, 1, 1, 0, 0, 0, 0, time.UTC),
    72  			want:      7,
    73  		},
    74  		{
    75  			name:      "ExactYears",
    76  			notBefore: time.Date(2012, 6, 1, 0, 0, 0, 0, time.UTC),
    77  			notAfter:  time.Date(2015, 1, 1, 0, 0, 0, 0, time.UTC),
    78  			want:      31,
    79  		},
    80  		{
    81  			name:      "PartialSingleMonth",
    82  			notBefore: time.Date(2012, 6, 1, 0, 0, 0, 0, time.UTC),
    83  			notAfter:  time.Date(2012, 6, 25, 0, 0, 0, 0, time.UTC),
    84  			want:      0,
    85  		},
    86  		{
    87  			name:      "PartialMonths",
    88  			notBefore: time.Date(2012, 6, 25, 0, 0, 0, 0, time.UTC),
    89  			notAfter:  time.Date(2013, 7, 1, 0, 0, 0, 0, time.UTC),
    90  			want:      12,
    91  		},
    92  	}
    93  
    94  	for _, test := range tests {
    95  		t.Run(test.name, func(t *testing.T) {
    96  			cert := getTestCertPEMLongOriginal()
    97  			cert.NotBefore = test.notBefore
    98  			cert.NotAfter = test.notAfter
    99  			got := lifetimeInMonths(cert)
   100  			if got != test.want {
   101  				t.Errorf("lifetimeInMonths(%v, %v)=%d, want %d", test.notBefore, test.notAfter, got, test.want)
   102  			}
   103  		})
   104  	}
   105  }
   106  
   107  func TestGroupByLogs(t *testing.T) {
   108  	tests := []struct {
   109  		name      string
   110  		logGroups LogPolicyData
   111  		want      map[string]GroupSet
   112  	}{
   113  		{
   114  			name: "BaseGroup",
   115  			logGroups: LogPolicyData{
   116  				BaseName: {
   117  					Name: BaseName,
   118  					LogURLs: map[string]bool{
   119  						"ct.googleapis.com/aviator/":   true,
   120  						"ct.googleapis.com/icarus/":    true,
   121  						"ct.googleapis.com/rocketeer/": true,
   122  						"ct.googleapis.com/racketeer/": true,
   123  						"log.bob.io":                   true,
   124  					},
   125  					MinInclusions: 2,
   126  					IsBase:        true,
   127  				},
   128  			},
   129  			want: map[string]GroupSet{
   130  				"ct.googleapis.com/aviator/": {
   131  					BaseName: true,
   132  				},
   133  				"ct.googleapis.com/icarus/": {
   134  					BaseName: true,
   135  				},
   136  				"ct.googleapis.com/rocketeer/": {
   137  					BaseName: true,
   138  				},
   139  				"ct.googleapis.com/racketeer/": {
   140  					BaseName: true,
   141  				},
   142  				"log.bob.io": {
   143  					BaseName: true,
   144  				},
   145  			},
   146  		},
   147  		{
   148  			name: "ChromeLikeGroups",
   149  			logGroups: LogPolicyData{
   150  				"Google-operated": {
   151  					Name: "Google-operated",
   152  					LogURLs: map[string]bool{
   153  						"ct.googleapis.com/aviator/":   true,
   154  						"ct.googleapis.com/icarus/":    true,
   155  						"ct.googleapis.com/rocketeer/": true,
   156  						"ct.googleapis.com/racketeer/": true,
   157  					},
   158  					MinInclusions: 2,
   159  					IsBase:        false,
   160  				},
   161  				"Non-Google-operated": {
   162  					Name: "Non-Google-operated",
   163  					LogURLs: map[string]bool{
   164  						"log.bob.io": true,
   165  					},
   166  					MinInclusions: 1,
   167  					IsBase:        false,
   168  				},
   169  				BaseName: {
   170  					Name: BaseName,
   171  					LogURLs: map[string]bool{
   172  						"ct.googleapis.com/aviator/":   true,
   173  						"ct.googleapis.com/icarus/":    true,
   174  						"ct.googleapis.com/rocketeer/": true,
   175  						"ct.googleapis.com/racketeer/": true,
   176  						"log.bob.io":                   true,
   177  					},
   178  					MinInclusions: 2,
   179  					IsBase:        true,
   180  				},
   181  			},
   182  			want: map[string]GroupSet{
   183  				"ct.googleapis.com/aviator/": {
   184  					BaseName:          true,
   185  					"Google-operated": true,
   186  				},
   187  				"ct.googleapis.com/icarus/": {
   188  					BaseName:          true,
   189  					"Google-operated": true,
   190  				},
   191  				"ct.googleapis.com/rocketeer/": {
   192  					BaseName:          true,
   193  					"Google-operated": true,
   194  				},
   195  				"ct.googleapis.com/racketeer/": {
   196  					BaseName:          true,
   197  					"Google-operated": true,
   198  				},
   199  				"log.bob.io": {
   200  					BaseName:              true,
   201  					"Non-Google-operated": true,
   202  				},
   203  			},
   204  		},
   205  	}
   206  
   207  	for _, test := range tests {
   208  		t.Run(test.name, func(t *testing.T) {
   209  			got := GroupByLogs(test.logGroups)
   210  			if !reflect.DeepEqual(got, test.want) {
   211  				t.Errorf("GroupByLogs()=%v, want %v", got, test.want)
   212  			}
   213  		})
   214  	}
   215  }
   216
View as plain text