1
2
3 package pkcs7
4
5 import (
6 "crypto/x509"
7 "encoding/pem"
8 "fmt"
9 "io/ioutil"
10 "os"
11 "os/exec"
12 "testing"
13 )
14
15 func TestVerifyEC2(t *testing.T) {
16 fixture := UnmarshalDSATestFixture(EC2IdentityDocumentFixture)
17 p7, err := Parse(fixture.Input)
18 if err != nil {
19 t.Errorf("Parse encountered unexpected error: %v", err)
20 }
21 p7.Certificates = []*x509.Certificate{fixture.Certificate}
22 if err := p7.Verify(); err != nil {
23 t.Errorf("Verify failed with error: %v", err)
24 }
25 }
26
27 var EC2IdentityDocumentFixture = `
28 -----BEGIN PKCS7-----
29 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA
30 JIAEggGmewogICJwcml2YXRlSXAiIDogIjE3Mi4zMC4wLjI1MiIsCiAgImRldnBh
31 eVByb2R1Y3RDb2RlcyIgOiBudWxsLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1
32 cy1lYXN0LTFhIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3Rh
33 bmNlSWQiIDogImktZjc5ZmU1NmMiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVs
34 bCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIg
35 OiAiMTIxNjU5MDE0MzM0IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwK
36 ICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDhUMDM6MDE6MzhaIiwKICAiYXJj
37 aGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJy
38 YW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAA
39 AAAxggEYMIIBFAIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5n
40 dG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2Vi
41 IFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0B
42 CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDgwMzAxNDRaMCMG
43 CSqGSIb3DQEJBDEWBBTuUc28eBXmImAautC+wOjqcFCBVjAJBgcqhkjOOAQDBC8w
44 LQIVAKA54NxGHWWCz5InboDmY/GHs33nAhQ6O/ZI86NwjA9Vz3RNMUJrUPU5tAAA
45 AAAAAA==
46 -----END PKCS7-----
47 -----BEGIN CERTIFICATE-----
48 MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw
49 FwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYD
50 VQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQzAeFw0xMjAxMDUxMjU2MTJaFw0z
51 ODAxMDUxMjU2MTJaMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9u
52 IFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNl
53 cnZpY2VzIExMQzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQCjkvcS2bb1VQ4yt/5e
54 ih5OO6kK/n1Lzllr7D8ZwtQP8fOEpp5E2ng+D6Ud1Z1gYipr58Kj3nssSNpI6bX3
55 VyIQzK7wLclnd/YozqNNmgIyZecN7EglK9ITHJLP+x8FtUpt3QbyYXJdmVMegN6P
56 hviYt5JH/nYl4hh3Pa1HJdskgQIVALVJ3ER11+Ko4tP6nwvHwh6+ERYRAoGBAI1j
57 k+tkqMVHuAFcvAGKocTgsjJem6/5qomzJuKDmbJNu9Qxw3rAotXau8Qe+MBcJl/U
58 hhy1KHVpCGl9fueQ2s6IL0CaO/buycU1CiYQk40KNHCcHfNiZbdlx1E9rpUp7bnF
59 lRa2v1ntMX3caRVDdbtPEWmdxSCYsYFDk4mZrOLBA4GEAAKBgEbmeve5f8LIE/Gf
60 MNmP9CM5eovQOGx5ho8WqD+aTebs+k2tn92BBPqeZqpWRa5P/+jrdKml1qx4llHW
61 MXrs3IgIb6+hUIB+S8dz8/mmO0bpr76RoZVCXYab2CZedFut7qc3WUH9+EUAH5mw
62 vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
63 7HX32MxXYruse9ACFBNGmdX2ZBrVNGrN9N2f6ROk0k9K
64 -----END CERTIFICATE-----`
65
66 func TestDSASignWithOpenSSLAndVerify(t *testing.T) {
67 content := []byte(`
68 A ship in port is safe,
69 but that's not what ships are built for.
70 -- Grace Hopper`)
71
72 tmpContentFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_content")
73 if err != nil {
74 t.Fatal(err)
75 }
76 ioutil.WriteFile(tmpContentFile.Name(), content, 0755)
77
78
79 tmpSignerCertFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signer")
80 if err != nil {
81 t.Fatal(err)
82 }
83 ioutil.WriteFile(tmpSignerCertFile.Name(), dsaPublicCert, 0755)
84
85
86 tmpSignerKeyFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_key")
87 if err != nil {
88 t.Fatal(err)
89 }
90 ioutil.WriteFile(tmpSignerKeyFile.Name(), dsaPrivateKey, 0755)
91
92 tmpSignedFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signature")
93 if err != nil {
94 t.Fatal(err)
95 }
96
97 opensslCMD := exec.Command("openssl", "smime", "-sign", "-nodetach", "-md", "sha1",
98 "-in", tmpContentFile.Name(), "-out", tmpSignedFile.Name(),
99 "-signer", tmpSignerCertFile.Name(), "-inkey", tmpSignerKeyFile.Name(),
100 "-certfile", tmpSignerCertFile.Name(), "-outform", "PEM")
101 out, err := opensslCMD.CombinedOutput()
102 if err != nil {
103 t.Fatalf("openssl command failed with %s: %s", err, out)
104 }
105
106
107 pemSignature, err := ioutil.ReadFile(tmpSignedFile.Name())
108 if err != nil {
109 t.Fatal(err)
110 }
111 fmt.Printf("%s\n", pemSignature)
112 derBlock, _ := pem.Decode(pemSignature)
113 if derBlock == nil {
114 t.Fatalf("failed to read DER block from signature PEM %s", tmpSignedFile.Name())
115 }
116 p7, err := Parse(derBlock.Bytes)
117 if err != nil {
118 t.Fatalf("Parse encountered unexpected error: %v", err)
119 }
120 if err := p7.Verify(); err != nil {
121 t.Fatalf("Verify failed with error: %v", err)
122 }
123 os.Remove(tmpSignerCertFile.Name())
124 os.Remove(tmpSignerKeyFile.Name())
125 os.Remove(tmpContentFile.Name())
126 }
127
128 var dsaPrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
129 MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
130 PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
131 pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
132 1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
133 vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
134 zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
135 g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUfW4aPdQBn9gJZp2KuNpzgHzvfsE=
136 -----END PRIVATE KEY-----`)
137
138 var dsaPublicCert = []byte(`-----BEGIN CERTIFICATE-----
139 MIIDOjCCAvWgAwIBAgIEPCY/UDANBglghkgBZQMEAwIFADBsMRAwDgYDVQQGEwdV
140 bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
141 VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
142 MB4XDTE4MTAyMjEzNDMwN1oXDTQ2MDMwOTEzNDMwN1owbDEQMA4GA1UEBhMHVW5r
143 bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
144 ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
145 AbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADD
146 Hj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gE
147 exAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/Ii
148 Axmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4
149 V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozI
150 puE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl
151 nwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDCriMPbEVBoRK4SOUeFwg7+VRf4TTp
152 rcOQC9IVVoCjXzuWEGrp3ZI7YWJSpFnSch4lk29RH8O0HpI/NOzKnOBtnKr782pt
153 1k/bJVMH9EaLd6MKnAVjrCDMYBB0MhebZ8QHY2elZZCWoqDYAcIDOsEx+m4NLErT
154 ypPnjS5M0jm1PKMhMB8wHQYDVR0OBBYEFC0Yt5XdM0Kc95IX8NQ8XRssGPx7MA0G
155 CWCGSAFlAwQDAgUAAzAAMC0CFQCIgQtrZZ9hdZG1ROhR5hc8nYEmbgIUAIlgC688
156 qzy/7yePTlhlpj+ahMM=
157 -----END CERTIFICATE-----`)
158
159 type DSATestFixture struct {
160 Input []byte
161 Certificate *x509.Certificate
162 }
163
164 func UnmarshalDSATestFixture(testPEMBlock string) DSATestFixture {
165 var result DSATestFixture
166 var derBlock *pem.Block
167 var pemBlock = []byte(testPEMBlock)
168 for {
169 derBlock, pemBlock = pem.Decode(pemBlock)
170 if derBlock == nil {
171 break
172 }
173 switch derBlock.Type {
174 case "PKCS7":
175 result.Input = derBlock.Bytes
176 case "CERTIFICATE":
177 result.Certificate, _ = x509.ParseCertificate(derBlock.Bytes)
178 }
179 }
180
181 return result
182 }
183
View as plain text