File Manager

X7ROOT File Manager

Current Path: /opt/golang/1.22.0/src/crypto/x509

opt / golang / 1.22.0 / src / crypto / x509 /

📁 ..
📄 boring.go(993 B)
📄 boring_test.go(3.75 KB)
📄 cert_pool.go(8.93 KB)
📄 cert_pool_test.go(2.25 KB)
📄 example_test.go(5.32 KB)
📄 hybrid_pool_test.go(3.72 KB)
📁 internal
📄 name_constraints_test.go(44.92 KB)
📄 notboring.go(258 B)
📄 oid.go(5.75 KB)
📄 oid_test.go(3.7 KB)
📄 parser.go(36.57 KB)
📄 parser_test.go(2.63 KB)
📄 pem_decrypt.go(7.2 KB)
📄 pem_decrypt_test.go(8.92 KB)
📄 pkcs1.go(4.66 KB)
📄 pkcs8.go(5.8 KB)
📄 pkcs8_test.go(8.95 KB)
📁 pkix
📄 platform_root_cert.pem(749 B)
📄 platform_root_key.pem(227 B)
📄 platform_test.go(7.28 KB)
📄 root.go(2.03 KB)
📄 root_aix.go(410 B)
📄 root_bsd.go(748 B)
📄 root_darwin.go(3.48 KB)
📄 root_darwin_test.go(3.7 KB)
📄 root_linux.go(1.11 KB)
📄 root_plan9.go(828 B)
📄 root_solaris.go(538 B)
📄 root_test.go(2.62 KB)
📄 root_unix.go(2.67 KB)
📄 root_unix_test.go(6.07 KB)
📄 root_wasm.go(373 B)
📄 root_windows.go(8.74 KB)
📄 root_windows_test.go(3.43 KB)
📄 sec1.go(4.58 KB)
📄 sec1_test.go(5.36 KB)
📄 test-file.crt(1.9 KB)
📁 testdata
📄 verify.go(35.3 KB)
📄 verify_test.go(108.97 KB)
📄 x509.go(82.3 KB)
📄 x509_test.go(159.96 KB)
📄 x509_test_import.go(1.7 KB)

Editing: root_darwin_test.go

// Copyright 2013 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509_test

import (
	"crypto/tls"
	"crypto/x509"
	"internal/testenv"
	"testing"
	"time"
)

func TestPlatformVerifierLegacy(t *testing.T) {
	// TODO(#52108): This can be removed once the synthetic test root is deployed on
	// builders.
	if !testenv.HasExternalNetwork() {
		t.Skip()
	}

getChain := func(host string) []*x509.Certificate {
		t.Helper()
		c, err := tls.Dial("tcp", host+":443", &tls.Config{InsecureSkipVerify: true})
		if err != nil {
			t.Fatalf("tls connection failed: %s", err)
		}
		return c.ConnectionState().PeerCertificates
	}

tests := []struct {
		name        string
		host        string
		verifyName  string
		verifyTime  time.Time
		verifyEKU   []x509.ExtKeyUsage
		expectedErr string
		skip        string
	}{
		{
			// whatever google.com serves should, hopefully, be trusted
			name: "valid chain",
			host: "google.com",
		},
		{
			name:        "expired leaf",
			host:        "expired.badssl.com",
			expectedErr: "x509: certificate has expired or is not yet valid: “*.badssl.com” certificate is expired",
		},
		{
			name:        "wrong host for leaf",
			host:        "wrong.host.badssl.com",
			verifyName:  "wrong.host.badssl.com",
			expectedErr: "x509: certificate is valid for *.badssl.com, badssl.com, not wrong.host.badssl.com",
		},
		{
			name:        "self-signed leaf",
			host:        "self-signed.badssl.com",
			expectedErr: "x509: certificate signed by unknown authority",
		},
		{
			name:        "untrusted root",
			host:        "untrusted-root.badssl.com",
			expectedErr: "x509: certificate signed by unknown authority",
		},
		{
			name:        "revoked leaf",
			host:        "revoked.badssl.com",
			expectedErr: "x509: “revoked.badssl.com” certificate is revoked",
			skip:        "skipping; broken on recent versions of macOS. See issue 57428.",
		},
		{
			name:        "leaf missing SCTs",
			host:        "no-sct.badssl.com",
			expectedErr: "x509: “no-sct.badssl.com” certificate is not standards compliant",
			skip:        "skipping; broken on recent versions of macOS. See issue 57428.",
		},
		{
			name:        "expired leaf (custom time)",
			host:        "google.com",
			verifyTime:  time.Time{}.Add(time.Hour),
			expectedErr: "x509: certificate has expired or is not yet valid: “*.google.com” certificate is expired",
		},
		{
			name:       "valid chain (custom time)",
			host:       "google.com",
			verifyTime: time.Now(),
		},
		{
			name:        "leaf doesn't have acceptable ExtKeyUsage",
			host:        "google.com",
			expectedErr: "x509: certificate specifies an incompatible key usage",
			verifyEKU:   []x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection},
		},
	}

for _, tc := range tests {
		t.Run(tc.name, func(t *testing.T) {
			if tc.skip != "" {
				t.Skip(tc.skip)
			}

chain := getChain(tc.host)
			var opts x509.VerifyOptions
			if len(chain) > 1 {
				opts.Intermediates = x509.NewCertPool()
				for _, c := range chain[1:] {
					opts.Intermediates.AddCert(c)
				}
			}
			if tc.verifyName != "" {
				opts.DNSName = tc.verifyName
			}
			if !tc.verifyTime.IsZero() {
				opts.CurrentTime = tc.verifyTime
			}
			if len(tc.verifyEKU) > 0 {
				opts.KeyUsages = tc.verifyEKU
			}

_, err := chain[0].Verify(opts)
			if err != nil && tc.expectedErr == "" {
				t.Errorf("unexpected verification error: %s", err)
			} else if err != nil && err.Error() != tc.expectedErr {
				t.Errorf("unexpected verification error: got %q, want %q", err.Error(), tc.expectedErr)
			} else if err == nil && tc.expectedErr != "" {
				t.Errorf("unexpected verification success: want %q", tc.expectedErr)
			}
		})
	}
}

X7ROOT File Manager

Editing: root_darwin_test.go

Upload File

Create Folder