Source file src/github.com/letsencrypt/boulder/linter/lints/cpcps/lint_crl_has_idp_test.go

Documentation: github.com/letsencrypt/boulder/linter/lints/cpcps

     1  package cpcps
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  	"testing"
     7  
     8  	linttest "github.com/letsencrypt/boulder/linter/lints/test"
     9  	"github.com/zmap/zlint/v3/lint"
    10  )
    11  
    12  func TestCrlHasIDP(t *testing.T) {
    13  	t.Parallel()
    14  
    15  	testCases := []struct {
    16  		name       string
    17  		want       lint.LintStatus
    18  		wantSubStr string
    19  	}{
    20  		{
    21  			name: "good", // CRL for subscriber certs
    22  			want: lint.Pass,
    23  		},
    24  		{
    25  			name: "good_subordinate_ca",
    26  			want: lint.Pass,
    27  		},
    28  		{
    29  			name:       "no_idp",
    30  			want:       lint.Warn,
    31  			wantSubStr: "CRL missing IssuingDistributionPoint",
    32  		},
    33  
    34  		{
    35  			name:       "idp_no_uri",
    36  			want:       lint.Error,
    37  			wantSubStr: "IssuingDistributionPoint should have both DistributionPointName and onlyContainsUserCerts: TRUE",
    38  		},
    39  		{
    40  			name:       "idp_two_uris",
    41  			want:       lint.Warn,
    42  			wantSubStr: "IssuingDistributionPoint should contain only one distributionPoint",
    43  		},
    44  		{
    45  			name:       "idp_https",
    46  			want:       lint.Error,
    47  			wantSubStr: "IssuingDistributionPoint URI MUST use http scheme",
    48  		},
    49  		{
    50  			name:       "idp_no_usercerts",
    51  			want:       lint.Error,
    52  			wantSubStr: "Neither onlyContainsUserCerts nor onlyContainsCACerts was set",
    53  		},
    54  		{
    55  			name:       "idp_some_reasons", // Subscriber cert
    56  			want:       lint.Error,
    57  			wantSubStr: "Unexpected IssuingDistributionPoint fields were found",
    58  		},
    59  		{
    60  			name:       "idp_distributionPoint_and_onlyCA",
    61  			want:       lint.Error,
    62  			wantSubStr: "IssuingDistributionPoint should not have both DistributionPointName and onlyContainsCACerts: TRUE",
    63  		},
    64  		{
    65  			name:       "idp_distributionPoint_and_onlyUser_and_onlyCA",
    66  			want:       lint.Error,
    67  			wantSubStr: "IssuingDistributionPoint should not have both onlyContainsUserCerts: TRUE and onlyContainsCACerts: TRUE",
    68  		},
    69  	}
    70  
    71  	for _, tc := range testCases {
    72  		t.Run(tc.name, func(t *testing.T) {
    73  			l := NewCrlHasIDP()
    74  			c := linttest.LoadPEMCRL(t, fmt.Sprintf("testdata/crl_%s.pem", tc.name))
    75  			r := l.Execute(c)
    76  
    77  			if r.Status != tc.want {
    78  				t.Errorf("expected %q, got %q", tc.want, r.Status)
    79  			}
    80  			if !strings.Contains(r.Details, tc.wantSubStr) {
    81  				t.Errorf("expected %q, got %q", tc.wantSubStr, r.Details)
    82  			}
    83  		})
    84  	}
    85  }
    86  

View as plain text