2020-04-21 15:03:33 +01:00
|
|
|
package pki
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/x509"
|
|
|
|
"crypto/x509/pkix"
|
|
|
|
"encoding/pem"
|
|
|
|
"math/big"
|
|
|
|
"net"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestPrivateKey(t *testing.T) {
|
|
|
|
_, _, err := GenerateKey()
|
2021-02-13 15:35:56 +03:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2020-04-21 15:03:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestCA(t *testing.T) {
|
|
|
|
pub, priv, err := GenerateKey()
|
2021-02-13 15:35:56 +03:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2020-04-21 15:03:33 +01:00
|
|
|
|
|
|
|
serialNumberMax := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
|
|
serialNumber, err := rand.Int(rand.Reader, serialNumberMax)
|
2021-02-13 15:35:56 +03:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2020-04-21 15:03:33 +01:00
|
|
|
|
|
|
|
cert, key, err := CA(
|
|
|
|
KeyPair(pub, priv),
|
|
|
|
Subject(pkix.Name{
|
|
|
|
Organization: []string{"test"},
|
|
|
|
}),
|
|
|
|
DNSNames("localhost"),
|
|
|
|
IPAddresses(net.ParseIP("127.0.0.1")),
|
|
|
|
SerialNumber(serialNumber),
|
|
|
|
NotBefore(time.Now().Add(time.Minute*-1)),
|
|
|
|
NotAfter(time.Now().Add(time.Minute)),
|
|
|
|
)
|
2021-02-13 15:35:56 +03:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2020-04-21 15:03:33 +01:00
|
|
|
asn1Key, _ := pem.Decode(key)
|
2021-02-13 15:35:56 +03:00
|
|
|
if asn1Key == nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if asn1Key.Type != "PRIVATE KEY" {
|
|
|
|
t.Fatal("invalid key type")
|
|
|
|
}
|
2020-04-21 15:03:33 +01:00
|
|
|
decodedKey, err := x509.ParsePKCS8PrivateKey(asn1Key.Bytes)
|
2021-02-13 15:35:56 +03:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
} else if decodedKey == nil {
|
|
|
|
t.Fatal("empty key")
|
|
|
|
}
|
2020-04-21 15:03:33 +01:00
|
|
|
|
|
|
|
asn1Cert, _ := pem.Decode(cert)
|
2021-02-13 15:35:56 +03:00
|
|
|
if asn1Cert == nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
pool := x509.NewCertPool()
|
|
|
|
|
|
|
|
x509cert, err := x509.ParseCertificate(asn1Cert.Bytes)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
chains, err := x509cert.Verify(x509.VerifyOptions{
|
|
|
|
Roots: pool,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(chains) != 1 {
|
|
|
|
t.Fatal("CA should have 1 cert in chain")
|
|
|
|
}
|
|
|
|
*/
|
2020-04-21 15:03:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestCSR(t *testing.T) {
|
|
|
|
pub, priv, err := GenerateKey()
|
2021-02-13 15:35:56 +03:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2020-04-21 15:03:33 +01:00
|
|
|
csr, err := CSR(
|
|
|
|
Subject(
|
|
|
|
pkix.Name{
|
|
|
|
CommonName: "testnode",
|
|
|
|
Organization: []string{"microtest"},
|
|
|
|
OrganizationalUnit: []string{"super-testers"},
|
|
|
|
},
|
|
|
|
),
|
|
|
|
DNSNames("localhost"),
|
|
|
|
IPAddresses(net.ParseIP("127.0.0.1")),
|
|
|
|
KeyPair(pub, priv),
|
|
|
|
)
|
2021-02-13 15:35:56 +03:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2020-04-21 15:03:33 +01:00
|
|
|
|
|
|
|
asn1csr, _ := pem.Decode(csr)
|
2021-02-13 15:35:56 +03:00
|
|
|
if asn1csr == nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2020-04-21 15:03:33 +01:00
|
|
|
decodedcsr, err := x509.ParseCertificateRequest(asn1csr.Bytes)
|
2021-02-13 15:35:56 +03:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2020-04-21 15:03:33 +01:00
|
|
|
expected := pkix.Name{
|
|
|
|
CommonName: "testnode",
|
|
|
|
Organization: []string{"microtest"},
|
|
|
|
OrganizationalUnit: []string{"super-testers"},
|
|
|
|
}
|
2021-02-13 15:35:56 +03:00
|
|
|
if decodedcsr.Subject.String() != expected.String() {
|
|
|
|
t.Fatalf("%s != %s", decodedcsr.Subject.String(), expected.String())
|
|
|
|
}
|
2020-04-21 15:03:33 +01:00
|
|
|
}
|