Skip to content

Commit d7c50b9

Browse files
lgarronlgarron
committed
Update tests to allow chains in any order. Fixes #68.
The chain in question is defined in RFC5652 as a CertificateSet, which is a `SET OF` certs: - https://tools.ietf.org/html/rfc5652#section-5.1 - https://tools.ietf.org/html/rfc5652#section-10.2.3 Go 1.15 introduced a change that sorts such sets: https://go.googlesource.com/go/+/f0cea848679b8f8cdc5f76e1b1e36ebb924a68f8 Our tests were implicitly relying on the sets to stay sorted, but the right thing to do at this point is update our tests.
1 parent 7e96b8b commit d7c50b9

File tree

1 file changed

+29
-20
lines changed

1 file changed

+29
-20
lines changed

command_sign_test.go

Lines changed: 29 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,15 @@ import (
99
"github.com/stretchr/testify/require"
1010
)
1111

12+
func chainContains(chain []*x509.Certificate, want *x509.Certificate) bool {
13+
for _, cert := range chain {
14+
if cert.Equal(want) {
15+
return true
16+
}
17+
}
18+
return false
19+
}
20+
1221
func TestSign(t *testing.T) {
1322
defer testSetup(t, "--sign", "-u", certHexFingerprint(leaf.Certificate))()
1423

@@ -37,8 +46,8 @@ func TestSignIncludeCertsAIA(t *testing.T) {
3746
require.NoError(t, err)
3847

3948
require.Equal(t, 2, len(certs))
40-
require.True(t, certs[0].Equal(aiaLeaf.Certificate))
41-
require.True(t, certs[1].Equal(intermediate.Certificate))
49+
require.True(t, chainContains(certs, aiaLeaf.Certificate))
50+
require.True(t, chainContains(certs, intermediate.Certificate))
4251
}
4352

4453
func TestSignIncludeCertsDefault(t *testing.T) {
@@ -57,8 +66,8 @@ func TestSignIncludeCertsDefault(t *testing.T) {
5766
require.NoError(t, err)
5867

5968
require.Equal(t, 2, len(certs))
60-
require.True(t, certs[0].Equal(leaf.Certificate))
61-
require.True(t, certs[1].Equal(intermediate.Certificate))
69+
require.True(t, chainContains(certs, leaf.Certificate))
70+
require.True(t, chainContains(certs, intermediate.Certificate))
6271
}
6372

6473
func TestSignIncludeCertsMinus3(t *testing.T) {
@@ -77,8 +86,8 @@ func TestSignIncludeCertsMinus3(t *testing.T) {
7786
require.NoError(t, err)
7887

7988
require.Equal(t, 2, len(certs))
80-
require.True(t, certs[0].Equal(leaf.Certificate))
81-
require.True(t, certs[1].Equal(intermediate.Certificate))
89+
require.True(t, chainContains(certs, leaf.Certificate))
90+
require.True(t, chainContains(certs, intermediate.Certificate))
8291
}
8392

8493
func TestSignIncludeCertsMinus2(t *testing.T) {
@@ -97,8 +106,8 @@ func TestSignIncludeCertsMinus2(t *testing.T) {
97106
require.NoError(t, err)
98107

99108
require.Equal(t, 2, len(certs))
100-
require.True(t, certs[0].Equal(leaf.Certificate))
101-
require.True(t, certs[1].Equal(intermediate.Certificate))
109+
require.True(t, chainContains(certs, leaf.Certificate))
110+
require.True(t, chainContains(certs, intermediate.Certificate))
102111
}
103112

104113
func TestSignIncludeCertsMinus1(t *testing.T) {
@@ -117,9 +126,9 @@ func TestSignIncludeCertsMinus1(t *testing.T) {
117126
require.NoError(t, err)
118127

119128
require.Equal(t, 3, len(certs))
120-
require.True(t, certs[0].Equal(leaf.Certificate))
121-
require.True(t, certs[1].Equal(intermediate.Certificate))
122-
require.True(t, certs[2].Equal(ca.Certificate))
129+
require.True(t, chainContains(certs, leaf.Certificate))
130+
require.True(t, chainContains(certs, intermediate.Certificate))
131+
require.True(t, chainContains(certs, ca.Certificate))
123132
}
124133

125134
func TestSignIncludeCerts0(t *testing.T) {
@@ -156,7 +165,7 @@ func TestSignIncludeCerts1(t *testing.T) {
156165
require.NoError(t, err)
157166

158167
require.Equal(t, 1, len(certs))
159-
require.True(t, certs[0].Equal(leaf.Certificate))
168+
require.True(t, chainContains(certs, leaf.Certificate))
160169
}
161170

162171
func TestSignIncludeCerts2(t *testing.T) {
@@ -175,8 +184,8 @@ func TestSignIncludeCerts2(t *testing.T) {
175184
require.NoError(t, err)
176185

177186
require.Equal(t, 2, len(certs))
178-
require.True(t, certs[0].Equal(leaf.Certificate))
179-
require.True(t, certs[1].Equal(intermediate.Certificate))
187+
require.True(t, chainContains(certs, leaf.Certificate))
188+
require.True(t, chainContains(certs, intermediate.Certificate))
180189
}
181190

182191
func TestSignIncludeCerts3(t *testing.T) {
@@ -195,9 +204,9 @@ func TestSignIncludeCerts3(t *testing.T) {
195204
require.NoError(t, err)
196205

197206
require.Equal(t, 3, len(certs))
198-
require.True(t, certs[0].Equal(leaf.Certificate))
199-
require.True(t, certs[1].Equal(intermediate.Certificate))
200-
require.True(t, certs[2].Equal(ca.Certificate))
207+
require.True(t, chainContains(certs, leaf.Certificate))
208+
require.True(t, chainContains(certs, intermediate.Certificate))
209+
require.True(t, chainContains(certs, ca.Certificate))
201210
}
202211

203212
func TestSignIncludeCerts4(t *testing.T) {
@@ -216,7 +225,7 @@ func TestSignIncludeCerts4(t *testing.T) {
216225
require.NoError(t, err)
217226

218227
require.Equal(t, 3, len(certs))
219-
require.True(t, certs[0].Equal(leaf.Certificate))
220-
require.True(t, certs[1].Equal(intermediate.Certificate))
221-
require.True(t, certs[2].Equal(ca.Certificate))
228+
require.True(t, chainContains(certs, leaf.Certificate))
229+
require.True(t, chainContains(certs, intermediate.Certificate))
230+
require.True(t, chainContains(certs, ca.Certificate))
222231
}

0 commit comments

Comments
 (0)