OXIESEC PANEL
- Current Dir:
/
/
opt
/
golang
/
1.22.0
/
src
/
crypto
/
x509
Server IP: 191.96.63.230
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
02/02/2024 06:09:55 PM
rwxr-xr-x
📄
boring.go
993 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
boring_test.go
3.75 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
cert_pool.go
8.93 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
cert_pool_test.go
2.25 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
example_test.go
5.32 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
hybrid_pool_test.go
3.72 KB
02/02/2024 06:09:55 PM
rw-r--r--
📁
internal
-
02/02/2024 06:09:55 PM
rwxr-xr-x
📄
name_constraints_test.go
44.92 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
notboring.go
258 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
oid.go
5.75 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
oid_test.go
3.7 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
parser.go
36.57 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
parser_test.go
2.63 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pem_decrypt.go
7.2 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pem_decrypt_test.go
8.92 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pkcs1.go
4.66 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pkcs8.go
5.8 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pkcs8_test.go
8.95 KB
02/02/2024 06:09:55 PM
rw-r--r--
📁
pkix
-
02/02/2024 06:09:55 PM
rwxr-xr-x
📄
platform_root_cert.pem
749 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
platform_root_key.pem
227 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
platform_test.go
7.28 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root.go
2.03 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_aix.go
410 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_bsd.go
748 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_darwin.go
3.48 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_darwin_test.go
3.7 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_linux.go
1.11 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_plan9.go
828 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_solaris.go
538 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_test.go
2.62 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_unix.go
2.67 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_unix_test.go
6.07 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_wasm.go
373 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_windows.go
8.74 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_windows_test.go
3.43 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
sec1.go
4.58 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
sec1_test.go
5.36 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
test-file.crt
1.9 KB
02/02/2024 06:09:55 PM
rw-r--r--
📁
testdata
-
02/02/2024 06:09:55 PM
rwxr-xr-x
📄
verify.go
35.3 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
verify_test.go
108.97 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
x509.go
82.3 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
x509_test.go
159.96 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
x509_test_import.go
1.7 KB
02/02/2024 06:09:55 PM
rw-r--r--
Editing: root_unix_test.go
Close
// Copyright 2017 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. //go:build dragonfly || freebsd || linux || netbsd || openbsd || solaris package x509 import ( "bytes" "fmt" "os" "path/filepath" "reflect" "strings" "testing" ) const ( testDir = "testdata" testDirCN = "test-dir" testFile = "test-file.crt" testFileCN = "test-file" testMissing = "missing" ) func TestEnvVars(t *testing.T) { testCases := []struct { name string fileEnv string dirEnv string files []string dirs []string cns []string }{ { // Environment variables override the default locations preventing fall through. name: "override-defaults", fileEnv: testMissing, dirEnv: testMissing, files: []string{testFile}, dirs: []string{testDir}, cns: nil, }, { // File environment overrides default file locations. name: "file", fileEnv: testFile, dirEnv: "", files: nil, dirs: nil, cns: []string{testFileCN}, }, { // Directory environment overrides default directory locations. name: "dir", fileEnv: "", dirEnv: testDir, files: nil, dirs: nil, cns: []string{testDirCN}, }, { // File & directory environment overrides both default locations. name: "file+dir", fileEnv: testFile, dirEnv: testDir, files: nil, dirs: nil, cns: []string{testFileCN, testDirCN}, }, { // Environment variable empty / unset uses default locations. name: "empty-fall-through", fileEnv: "", dirEnv: "", files: []string{testFile}, dirs: []string{testDir}, cns: []string{testFileCN, testDirCN}, }, } // Save old settings so we can restore before the test ends. origCertFiles, origCertDirectories := certFiles, certDirectories origFile, origDir := os.Getenv(certFileEnv), os.Getenv(certDirEnv) defer func() { certFiles = origCertFiles certDirectories = origCertDirectories os.Setenv(certFileEnv, origFile) os.Setenv(certDirEnv, origDir) }() for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { if err := os.Setenv(certFileEnv, tc.fileEnv); err != nil { t.Fatalf("setenv %q failed: %v", certFileEnv, err) } if err := os.Setenv(certDirEnv, tc.dirEnv); err != nil { t.Fatalf("setenv %q failed: %v", certDirEnv, err) } certFiles, certDirectories = tc.files, tc.dirs r, err := loadSystemRoots() if err != nil { t.Fatal("unexpected failure:", err) } if r == nil { t.Fatal("nil roots") } // Verify that the returned certs match, otherwise report where the mismatch is. for i, cn := range tc.cns { if i >= r.len() { t.Errorf("missing cert %v @ %v", cn, i) } else if r.mustCert(t, i).Subject.CommonName != cn { fmt.Printf("%#v\n", r.mustCert(t, 0).Subject) t.Errorf("unexpected cert common name %q, want %q", r.mustCert(t, i).Subject.CommonName, cn) } } if r.len() > len(tc.cns) { t.Errorf("got %v certs, which is more than %v wanted", r.len(), len(tc.cns)) } }) } } // Ensure that "SSL_CERT_DIR" when used as the environment // variable delimited by colons, allows loadSystemRoots to // load all the roots from the respective directories. // See https://golang.org/issue/35325. func TestLoadSystemCertsLoadColonSeparatedDirs(t *testing.T) { origFile, origDir := os.Getenv(certFileEnv), os.Getenv(certDirEnv) origCertFiles := certFiles[:] // To prevent any other certs from being loaded in // through "SSL_CERT_FILE" or from known "certFiles", // clear them all, and they'll be reverting on defer. certFiles = certFiles[:0] os.Setenv(certFileEnv, "") defer func() { certFiles = origCertFiles[:] os.Setenv(certDirEnv, origDir) os.Setenv(certFileEnv, origFile) }() tmpDir := t.TempDir() rootPEMs := []string{ gtsRoot, googleLeaf, startComRoot, } var certDirs []string for i, certPEM := range rootPEMs { certDir := filepath.Join(tmpDir, fmt.Sprintf("cert-%d", i)) if err := os.MkdirAll(certDir, 0755); err != nil { t.Fatalf("Failed to create certificate dir: %v", err) } certOutFile := filepath.Join(certDir, "cert.crt") if err := os.WriteFile(certOutFile, []byte(certPEM), 0655); err != nil { t.Fatalf("Failed to write certificate to file: %v", err) } certDirs = append(certDirs, certDir) } // Sanity check: the number of certDirs should be equal to the number of roots. if g, w := len(certDirs), len(rootPEMs); g != w { t.Fatalf("Failed sanity check: len(certsDir)=%d is not equal to len(rootsPEMS)=%d", g, w) } // Now finally concatenate them with a colon. colonConcatCertDirs := strings.Join(certDirs, ":") os.Setenv(certDirEnv, colonConcatCertDirs) gotPool, err := loadSystemRoots() if err != nil { t.Fatalf("Failed to load system roots: %v", err) } subjects := gotPool.Subjects() // We expect exactly len(rootPEMs) subjects back. if g, w := len(subjects), len(rootPEMs); g != w { t.Fatalf("Invalid number of subjects: got %d want %d", g, w) } wantPool := NewCertPool() for _, certPEM := range rootPEMs { wantPool.AppendCertsFromPEM([]byte(certPEM)) } strCertPool := func(p *CertPool) string { return string(bytes.Join(p.Subjects(), []byte("\n"))) } if !certPoolEqual(gotPool, wantPool) { g, w := strCertPool(gotPool), strCertPool(wantPool) t.Fatalf("Mismatched certPools\nGot:\n%s\n\nWant:\n%s", g, w) } } func TestReadUniqueDirectoryEntries(t *testing.T) { tmp := t.TempDir() temp := func(base string) string { return filepath.Join(tmp, base) } if f, err := os.Create(temp("file")); err != nil { t.Fatal(err) } else { f.Close() } if err := os.Symlink("target-in", temp("link-in")); err != nil { t.Fatal(err) } if err := os.Symlink("../target-out", temp("link-out")); err != nil { t.Fatal(err) } got, err := readUniqueDirectoryEntries(tmp) if err != nil { t.Fatal(err) } gotNames := []string{} for _, fi := range got { gotNames = append(gotNames, fi.Name()) } wantNames := []string{"file", "link-out"} if !reflect.DeepEqual(gotNames, wantNames) { t.Errorf("got %q; want %q", gotNames, wantNames) } }