...

Source file src/github.com/ThalesIgnite/crypto11/certificates_test.go

Documentation: github.com/ThalesIgnite/crypto11 

     1  // Copyright 2018 Thales e-Security, Inc
     2  //
     3  // Permission is hereby granted, free of charge, to any person obtaining
     4  // a copy of this software and associated documentation files (the
     5  // "Software"), to deal in the Software without restriction, including
     6  // without limitation the rights to use, copy, modify, merge, publish,
     7  // distribute, sublicense, and/or sell copies of the Software, and to
     8  // permit persons to whom the Software is furnished to do so, subject to
     9  // the following conditions:
    10  //
    11  // The above copyright notice and this permission notice shall be
    12  // included in all copies or substantial portions of the Software.
    13  //
    14  // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
    15  // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
    16  // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
    17  // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
    18  // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    19  // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
    20  // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    21  
    22  package crypto11
    23  
    24  import (
    25  	"crypto/rand"
    26  	"crypto/rsa"
    27  	"crypto/x509"
    28  	"crypto/x509/pkix"
    29  	"encoding/asn1"
    30  	"math/big"
    31  	"testing"
    32  	"time"
    33  
    34  	"github.com/stretchr/testify/assert"
    35  	"github.com/stretchr/testify/require"
    36  )
    37  
    38  func TestCertificate(t *testing.T) {
    39  	skipTest(t, skipTestCert)
    40  
    41  	ctx, err := ConfigureFromFile("config")
    42  	require.NoError(t, err)
    43  
    44  	defer func() {
    45  		require.NoError(t, ctx.Close())
    46  	}()
    47  
    48  	id := randomBytes()
    49  	label := randomBytes()
    50  
    51  	cert := generateRandomCert(t)
    52  
    53  	err = ctx.ImportCertificateWithLabel(id, label, cert)
    54  	require.NoError(t, err)
    55  
    56  	cert2, err := ctx.FindCertificate(nil, label, nil)
    57  	require.NoError(t, err)
    58  	require.NotNil(t, cert2)
    59  
    60  	assert.Equal(t, cert.Signature, cert2.Signature)
    61  
    62  	cert2, err = ctx.FindCertificate(nil, []byte("test2"), nil)
    63  	require.NoError(t, err)
    64  	assert.Nil(t, cert2)
    65  
    66  	cert2, err = ctx.FindCertificate(nil, nil, cert.SerialNumber)
    67  	require.NoError(t, err)
    68  	require.NotNil(t, cert2)
    69  
    70  	assert.Equal(t, cert.Signature, cert2.Signature)
    71  }
    72  
    73  // Test that provided attributes override default values
    74  func TestCertificateAttributes(t *testing.T) {
    75  	skipTest(t, skipTestCert)
    76  
    77  	ctx, err := ConfigureFromFile("config")
    78  	require.NoError(t, err)
    79  
    80  	defer func() {
    81  		require.NoError(t, ctx.Close())
    82  	}()
    83  
    84  	cert := generateRandomCert(t)
    85  
    86  	// We import this with a different serial number, to test this is obeyed
    87  	ourSerial := new(big.Int)
    88  	ourSerial.Add(cert.SerialNumber, big.NewInt(1))
    89  
    90  	derSerial, err := asn1.Marshal(ourSerial)
    91  	require.NoError(t, err)
    92  
    93  	template := NewAttributeSet()
    94  	err = template.Set(CkaSerialNumber, derSerial)
    95  	require.NoError(t, err)
    96  
    97  	err = ctx.ImportCertificateWithAttributes(template, cert)
    98  	require.NoError(t, err)
    99  
   100  	// Try to find with old serial
   101  	c, err := ctx.FindCertificate(nil, nil, cert.SerialNumber)
   102  	assert.Nil(t, c)
   103  
   104  	// Find with new serial
   105  	c, err = ctx.FindCertificate(nil, nil, ourSerial)
   106  	assert.NotNil(t, c)
   107  }
   108  
   109  func TestCertificateRequiredArgs(t *testing.T) {
   110  	skipTest(t, skipTestCert)
   111  
   112  	ctx, err := ConfigureFromFile("config")
   113  	require.NoError(t, err)
   114  
   115  	defer func() {
   116  		require.NoError(t, ctx.Close())
   117  	}()
   118  
   119  	cert := generateRandomCert(t)
   120  
   121  	val := randomBytes()
   122  
   123  	err = ctx.ImportCertificateWithLabel(nil, val, cert)
   124  	require.Error(t, err)
   125  
   126  	err = ctx.ImportCertificateWithLabel(val, nil, cert)
   127  	require.Error(t, err)
   128  
   129  	err = ctx.ImportCertificateWithLabel(val, val, nil)
   130  	require.Error(t, err)
   131  }
   132  
   133  func TestDeleteCertificate(t *testing.T) {
   134  	skipTest(t, skipTestCert)
   135  
   136  	ctx, err := ConfigureFromFile("config")
   137  	require.NoError(t, err)
   138  
   139  	defer func() {
   140  		require.NoError(t, ctx.Close())
   141  	}()
   142  
   143  	randomCert := func() ([]byte, []byte, *x509.Certificate) {
   144  		id := randomBytes()
   145  		label := randomBytes()
   146  		cert := generateRandomCert(t)
   147  		return id, label, cert
   148  	}
   149  	importCertificate := func() ([]byte, []byte, *big.Int) {
   150  		id, label, cert := randomCert()
   151  		err = ctx.ImportCertificateWithLabel(id, label, cert)
   152  		require.NoError(t, err)
   153  
   154  		cert2, err := ctx.FindCertificate(id, label, cert.SerialNumber)
   155  		require.NoError(t, err)
   156  		require.NotNil(t, cert2)
   157  		assert.Equal(t, cert.Signature, cert2.Signature)
   158  
   159  		return id, label, cert.SerialNumber
   160  	}
   161  
   162  	err = ctx.DeleteCertificate(nil, nil, nil)
   163  	require.Error(t, err)
   164  
   165  	id, label, cert := randomCert()
   166  	err = ctx.DeleteCertificate(id, label, cert.SerialNumber)
   167  	require.NoError(t, err)
   168  
   169  	id, label, serial := importCertificate()
   170  	err = ctx.DeleteCertificate(id, label, serial)
   171  	require.NoError(t, err)
   172  
   173  	cert, err = ctx.FindCertificate(id, label, serial)
   174  	require.NoError(t, err)
   175  	require.Nil(t, cert)
   176  
   177  	id, label, serial = importCertificate()
   178  	err = ctx.DeleteCertificate(id, label, nil)
   179  	require.NoError(t, err)
   180  
   181  	cert, err = ctx.FindCertificate(id, label, serial)
   182  	require.NoError(t, err)
   183  	require.Nil(t, cert)
   184  
   185  	id, label, serial = importCertificate()
   186  	err = ctx.DeleteCertificate(id, nil, nil)
   187  	require.NoError(t, err)
   188  
   189  	cert, err = ctx.FindCertificate(id, label, serial)
   190  	require.NoError(t, err)
   191  	require.Nil(t, cert)
   192  
   193  	id, label, serial = importCertificate()
   194  	err = ctx.DeleteCertificate(nil, label, nil)
   195  	require.NoError(t, err)
   196  
   197  	cert, err = ctx.FindCertificate(id, label, serial)
   198  	require.NoError(t, err)
   199  	require.Nil(t, cert)
   200  
   201  	id, label, serial = importCertificate()
   202  	err = ctx.DeleteCertificate(nil, nil, serial)
   203  	require.NoError(t, err)
   204  
   205  	cert, err = ctx.FindCertificate(id, label, serial)
   206  	require.NoError(t, err)
   207  	require.Nil(t, cert)
   208  }
   209  
   210  func generateRandomCert(t *testing.T) *x509.Certificate {
   211  	serial, err := rand.Int(rand.Reader, big.NewInt(20000))
   212  	require.NoError(t, err)
   213  
   214  	ca := &x509.Certificate{
   215  		Subject: pkix.Name{
   216  			CommonName: "Foo",
   217  		},
   218  		SerialNumber:          serial,
   219  		NotAfter:              time.Now().Add(365 * 24 * time.Hour),
   220  		IsCA:                  true,
   221  		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
   222  		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
   223  		BasicConstraintsValid: true,
   224  	}
   225  
   226  	key, err := rsa.GenerateKey(rand.Reader, 4096)
   227  	require.NoError(t, err)
   228  
   229  	csr := &key.PublicKey
   230  	certBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, csr, key)
   231  	require.NoError(t, err)
   232  
   233  	cert, err := x509.ParseCertificate(certBytes)
   234  	require.NoError(t, err)
   235  
   236  	return cert
   237  }
   238  

View as plain text