even more tests

trifid-pki/src/ca.rs

@@ -62,6 +62,8 @@ impl NebulaCAPool {
         let fingerprint = cert.sha256sum()?;
         let expired = cert.expired(SystemTime::now());
 
+        if expired { self.expired = true }
+
         self.cas.insert(fingerprint, cert);
 
        Ok(expired)

trifid-pki/src/test.rs

@@ -11,7 +11,7 @@ use std::str::FromStr;
 use ed25519_dalek::{SigningKey, VerifyingKey};
 use quick_protobuf::{MessageWrite, Writer};
 use rand::rngs::OsRng;
-use crate::ca::NebulaCAPool;
+use crate::ca::{NebulaCAPool};
 use crate::cert_codec::{RawNebulaCertificate, RawNebulaCertificateDetails};
 
 /// This is a cert that we (e3team) actually use in production, and it's a known-good certificate.
@@ -464,6 +464,64 @@ fn cert_private_key() {
     cert2.verify_private_key(&priv_key.to_bytes()).unwrap_err();
 }
 
+#[test]
+fn capool_from_pem() {
+    let no_newlines = b"# Current provisional, Remove once everything moves over to the real root.
+-----BEGIN NEBULA CERTIFICATE-----
+CkAKDm5lYnVsYSByb290IGNhKJfap9AFMJfg1+YGOiCUQGByMuNRhIlQBOyzXWbL
+vcKBwDhov900phEfJ5DN3kABEkDCq5R8qBiu8sl54yVfgRcQXEDt3cHr8UTSLszv
+bzBEr00kERQxxTzTsH8cpYEgRoipvmExvg8WP8NdAJEYJosB
+-----END NEBULA CERTIFICATE-----
+# root-ca01
+-----BEGIN NEBULA CERTIFICATE-----
+CkMKEW5lYnVsYSByb290IGNhIDAxKJL2u9EFMJL86+cGOiDPXMH4oU6HZTk/CqTG
+BVG+oJpAoqokUBbI4U0N8CSfpUABEkB/Pm5A2xyH/nc8mg/wvGUWG3pZ7nHzaDMf
+8/phAUt+FLzqTECzQKisYswKvE3pl9mbEYKbOdIHrxdIp95mo4sF
+-----END NEBULA CERTIFICATE-----";
+    let with_newlines = b"# Current provisional, Remove once everything moves over to the real root.
+-----BEGIN NEBULA CERTIFICATE-----
+CkAKDm5lYnVsYSByb290IGNhKJfap9AFMJfg1+YGOiCUQGByMuNRhIlQBOyzXWbL
+vcKBwDhov900phEfJ5DN3kABEkDCq5R8qBiu8sl54yVfgRcQXEDt3cHr8UTSLszv
+bzBEr00kERQxxTzTsH8cpYEgRoipvmExvg8WP8NdAJEYJosB
+-----END NEBULA CERTIFICATE-----
+# root-ca01
+-----BEGIN NEBULA CERTIFICATE-----
+CkMKEW5lYnVsYSByb290IGNhIDAxKJL2u9EFMJL86+cGOiDPXMH4oU6HZTk/CqTG
+BVG+oJpAoqokUBbI4U0N8CSfpUABEkB/Pm5A2xyH/nc8mg/wvGUWG3pZ7nHzaDMf
+8/phAUt+FLzqTECzQKisYswKvE3pl9mbEYKbOdIHrxdIp95mo4sF
+-----END NEBULA CERTIFICATE-----
+
+";
+    let expired = b"# expired certificate
+-----BEGIN NEBULA CERTIFICATE-----
+CjkKB2V4cGlyZWQouPmWjQYwufmWjQY6ILCRaoCkJlqHgv5jfDN4lzLHBvDzaQm4
+vZxfu144hmgjQAESQG4qlnZi8DncvD/LDZnLgJHOaX1DWCHHEh59epVsC+BNgTie
+WH1M9n4O7cFtGlM6sJJOS+rCVVEJ3ABS7+MPdQs=
+-----END NEBULA CERTIFICATE-----";
+
+    let pool_a = NebulaCAPool::new_from_pem(no_newlines).unwrap();
+    assert_eq!(pool_a.cas["c9bfaf7ce8e84b2eeda2e27b469f4b9617bde192efd214b68891ecda6ed49522"].details.name, "nebula root ca".to_string());
+    assert_eq!(pool_a.cas["5c9c3f23e7ee7fe97637cbd3a0a5b854154d1d9aaaf7b566a51f4a88f76b64cd"].details.name, "nebula root ca 01".to_string());
+    assert!(!pool_a.expired);
+
+    let pool_b = NebulaCAPool::new_from_pem(with_newlines).unwrap();
+    assert_eq!(pool_b.cas["c9bfaf7ce8e84b2eeda2e27b469f4b9617bde192efd214b68891ecda6ed49522"].details.name, "nebula root ca".to_string());
+    assert_eq!(pool_b.cas["5c9c3f23e7ee7fe97637cbd3a0a5b854154d1d9aaaf7b566a51f4a88f76b64cd"].details.name, "nebula root ca 01".to_string());
+    assert!(!pool_b.expired);
+
+    let pool_c = NebulaCAPool::new_from_pem(expired).unwrap();
+    assert!(pool_c.expired);
+    assert_eq!(pool_c.cas["152070be6bb19bc9e3bde4c2f0e7d8f4ff5448b4c9856b8eccb314fade0229b0"].details.name, "expired");
+
+    let mut pool_d = NebulaCAPool::new_from_pem(with_newlines).unwrap();
+    pool_d.add_ca_certificate(expired).unwrap();
+    assert_eq!(pool_d.cas["c9bfaf7ce8e84b2eeda2e27b469f4b9617bde192efd214b68891ecda6ed49522"].details.name, "nebula root ca".to_string());
+    assert_eq!(pool_d.cas["5c9c3f23e7ee7fe97637cbd3a0a5b854154d1d9aaaf7b566a51f4a88f76b64cd"].details.name, "nebula root ca 01".to_string());
+    assert_eq!(pool_d.cas["152070be6bb19bc9e3bde4c2f0e7d8f4ff5448b4c9856b8eccb314fade0229b0"].details.name, "expired");
+    assert!(pool_d.expired);
+    assert_eq!(pool_d.get_fingerprints().len(), 3);
+}
+
 #[macro_export]
 macro_rules! netmask {
     ($ip:expr,$mask:expr) => {