1 package cabfbr
2
3 import (
4 "fmt"
5 "strings"
6 "testing"
7
8 "github.com/zmap/zlint/v3/lint"
9
10 "github.com/letsencrypt/boulder/linter/lints/test"
11 )
12
13 func TestCrlValidityPeriod(t *testing.T) {
14 t.Parallel()
15
16 testCases := []struct {
17 name string
18 want lint.LintStatus
19 wantSubStr string
20 }{
21 {
22 name: "good",
23 want: lint.Pass,
24 },
25 {
26 name: "good_subordinate_ca",
27 want: lint.Pass,
28 },
29 {
30 name: "idp_distributionPoint_and_onlyUser_and_onlyCA",
31 want: lint.Error,
32 wantSubStr: "IssuingDistributionPoint should not have both onlyContainsUserCerts: TRUE and onlyContainsCACerts: TRUE",
33 },
34 {
35 name: "negative_validity",
36 want: lint.Warn,
37 wantSubStr: "CRL missing IssuingDistributionPoint",
38 },
39 {
40 name: "negative_validity_subscriber_cert",
41 want: lint.Error,
42 wantSubStr: "at or before",
43 },
44 {
45 name: "negative_validity_subordinate_ca",
46 want: lint.Error,
47 wantSubStr: "at or before",
48 },
49 {
50 name: "long_validity_subscriber_cert",
51 want: lint.Error,
52 wantSubStr: "CRL has validity period greater than 10 days",
53 },
54 {
55 name: "long_validity_subordinate_ca",
56 want: lint.Error,
57 wantSubStr: "CRL has validity period greater than 365 days",
58 },
59 {
60
61
62
63
64 name: "long_validity_distributionPoint_and_subordinate_ca",
65 want: lint.Pass,
66 },
67 }
68
69 for _, tc := range testCases {
70 t.Run(tc.name, func(t *testing.T) {
71 l := NewCrlValidityPeriod()
72 c := test.LoadPEMCRL(t, fmt.Sprintf("testdata/crl_%s.pem", tc.name))
73 r := l.Execute(c)
74
75 if r.Status != tc.want {
76 t.Errorf("expected %q, got %q", tc.want, r.Status)
77 }
78 if !strings.Contains(r.Details, tc.wantSubStr) {
79 t.Errorf("expected %q, got %q", tc.wantSubStr, r.Details)
80 }
81 })
82 }
83 }
84
View as plain text