summaryrefslogtreecommitdiff
path: root/caddytest/integration/pki_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'caddytest/integration/pki_test.go')
-rw-r--r--caddytest/integration/pki_test.go101
1 files changed, 101 insertions, 0 deletions
diff --git a/caddytest/integration/pki_test.go b/caddytest/integration/pki_test.go
new file mode 100644
index 0000000..5e9928c
--- /dev/null
+++ b/caddytest/integration/pki_test.go
@@ -0,0 +1,101 @@
+package integration
+
+import (
+ "testing"
+
+ "github.com/caddyserver/caddy/v2/caddytest"
+)
+
+func TestLeafCertLifetimeLessThanIntermediate(t *testing.T) {
+ caddytest.AssertLoadError(t, `
+ {
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "handle": [
+ {
+ "handler": "subroute",
+ "routes": [
+ {
+ "handle": [
+ {
+ "ca": "internal",
+ "handler": "acme_server",
+ "lifetime": 604800000000000
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ }
+ },
+ "pki": {
+ "certificate_authorities": {
+ "internal": {
+ "install_trust": false,
+ "intermediate_lifetime": 604800000000000,
+ "name": "Internal CA"
+ }
+ }
+ }
+ }
+ }
+ `, "json", "certificate lifetime (168h0m0s) should be less than intermediate certificate lifetime (168h0m0s)")
+}
+
+func TestIntermediateLifetimeLessThanRoot(t *testing.T) {
+ caddytest.AssertLoadError(t, `
+ {
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "handle": [
+ {
+ "handler": "subroute",
+ "routes": [
+ {
+ "handle": [
+ {
+ "ca": "internal",
+ "handler": "acme_server",
+ "lifetime": 2592000000000000
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ }
+ },
+ "pki": {
+ "certificate_authorities": {
+ "internal": {
+ "install_trust": false,
+ "intermediate_lifetime": 311040000000000000,
+ "name": "Internal CA"
+ }
+ }
+ }
+ }
+ }
+ `, "json", "intermediate certificate lifetime must be less than root certificate lifetime (86400h0m0s)")
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 04:56:56 +0000