|
|
|
@ -276,7 +276,9 @@ func Test_validityValidator_Valid(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_profileLimitDuration_Option(t *testing.T) {
|
|
|
|
|
n := now()
|
|
|
|
|
n, fn := mockNow()
|
|
|
|
|
defer fn()
|
|
|
|
|
|
|
|
|
|
type test struct {
|
|
|
|
|
pld profileLimitDuration
|
|
|
|
|
so Options
|
|
|
|
@ -310,7 +312,7 @@ func Test_profileLimitDuration_Option(t *testing.T) {
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
return test{
|
|
|
|
|
pld: profileLimitDuration{def: 4 * time.Hour, notAfter: n.Add(6 * time.Hour)},
|
|
|
|
|
so: Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour)), NotAfter: d},
|
|
|
|
|
so: Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour)), NotAfter: d, Backdate: 1 * time.Minute},
|
|
|
|
|
cert: new(x509.Certificate),
|
|
|
|
|
valid: func(cert *x509.Certificate) {
|
|
|
|
|
assert.Equals(t, cert.NotBefore, n.Add(3*time.Hour))
|
|
|
|
@ -321,7 +323,7 @@ func Test_profileLimitDuration_Option(t *testing.T) {
|
|
|
|
|
"ok/valid-notAfter-nil-limit-over-default": func() test {
|
|
|
|
|
return test{
|
|
|
|
|
pld: profileLimitDuration{def: 1 * time.Hour, notAfter: n.Add(6 * time.Hour)},
|
|
|
|
|
so: Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour))},
|
|
|
|
|
so: Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour)), Backdate: 1 * time.Minute},
|
|
|
|
|
cert: new(x509.Certificate),
|
|
|
|
|
valid: func(cert *x509.Certificate) {
|
|
|
|
|
assert.Equals(t, cert.NotBefore, n.Add(3*time.Hour))
|
|
|
|
@ -332,7 +334,7 @@ func Test_profileLimitDuration_Option(t *testing.T) {
|
|
|
|
|
"ok/valid-notAfter-nil-limit-under-default": func() test {
|
|
|
|
|
return test{
|
|
|
|
|
pld: profileLimitDuration{def: 4 * time.Hour, notAfter: n.Add(6 * time.Hour)},
|
|
|
|
|
so: Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour))},
|
|
|
|
|
so: Options{NotBefore: NewTimeDuration(n.Add(3 * time.Hour)), Backdate: 1 * time.Minute},
|
|
|
|
|
cert: new(x509.Certificate),
|
|
|
|
|
valid: func(cert *x509.Certificate) {
|
|
|
|
|
assert.Equals(t, cert.NotBefore, n.Add(3*time.Hour))
|
|
|
|
@ -340,6 +342,28 @@ func Test_profileLimitDuration_Option(t *testing.T) {
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"ok/over-limit-with-backdate": func() test {
|
|
|
|
|
return test{
|
|
|
|
|
pld: profileLimitDuration{def: 24 * time.Hour, notAfter: n.Add(6 * time.Hour)},
|
|
|
|
|
so: Options{Backdate: 1 * time.Minute},
|
|
|
|
|
cert: new(x509.Certificate),
|
|
|
|
|
valid: func(cert *x509.Certificate) {
|
|
|
|
|
assert.Equals(t, cert.NotBefore, n.Add(-time.Minute))
|
|
|
|
|
assert.Equals(t, cert.NotAfter, n.Add(6*time.Hour))
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"ok/under-limit-with-backdate": func() test {
|
|
|
|
|
return test{
|
|
|
|
|
pld: profileLimitDuration{def: 24 * time.Hour, notAfter: n.Add(30 * time.Hour)},
|
|
|
|
|
so: Options{Backdate: 1 * time.Minute},
|
|
|
|
|
cert: new(x509.Certificate),
|
|
|
|
|
valid: func(cert *x509.Certificate) {
|
|
|
|
|
assert.Equals(t, cert.NotBefore, n.Add(-time.Minute))
|
|
|
|
|
assert.Equals(t, cert.NotAfter, n.Add(24*time.Hour))
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for name, run := range tests {
|
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
|