x509_test.go

Documentation: github.com/tjfoc/gmsm/x509

     1  /*
     2  Copyright Suzhou Tongji Fintech Research Institute 2017 All Rights Reserved.
     3  Licensed under the Apache License, Version 2.0 (the "License");
     4  you may not use this file except in compliance with the License.
     5  You may obtain a copy of the License at
     6  
     7                   http://www.apache.org/licenses/LICENSE-2.0
     8  
     9  Unless required by applicable law or agreed to in writing, software
    10  distributed under the License is distributed on an "AS IS" BASIS,
    11  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  See the License for the specific language governing permissions and
    13  limitations under the License.
    14  */
    15  
    16  package x509
    17  
    18  import (
    19  	"crypto/x509/pkix"
    20  	"encoding/asn1"
    21  	"fmt"
    22  	"math/big"
    23  	"net"
    24  	"testing"
    25  	"time"
    26  
    27  	"github.com/tjfoc/gmsm/sm2"
    28  )
    29  
    30  func TestX509(t *testing.T) {
    31  	priv, err := sm2.GenerateKey(nil) // 生成密钥对
    32  	if err != nil {
    33  		t.Fatal(err)
    34  	}
    35  	privPem, err := WritePrivateKeyToPem(priv, nil) // 生成密钥文件
    36  	if err != nil {
    37  		t.Fatal(err)
    38  	}
    39  	pubKey, _ := priv.Public().(*sm2.PublicKey)
    40  	pubkeyPem, err := WritePublicKeyToPem(pubKey)       // 生成公钥文件
    41  	privKey, err := ReadPrivateKeyFromPem(privPem, nil) // 读取密钥
    42  	if err != nil {
    43  		t.Fatal(err)
    44  	}
    45  	pubKey, err = ReadPublicKeyFromPem(pubkeyPem) // 读取公钥
    46  	if err != nil {
    47  		t.Fatal(err)
    48  	}
    49  	templateReq := CertificateRequest{
    50  		Subject: pkix.Name{
    51  			CommonName:   "test.example.com",
    52  			Organization: []string{"Test"},
    53  		},
    54  		//		SignatureAlgorithm: ECDSAWithSHA256,
    55  		SignatureAlgorithm: SM2WithSM3,
    56  	}
    57  	reqPem, err := CreateCertificateRequestToPem(&templateReq, privKey)
    58  	if err != nil {
    59  		t.Fatal(err)
    60  	}
    61  	req, err := ReadCertificateRequestFromPem(reqPem)
    62  	if err != nil {
    63  		t.Fatal(err)
    64  	}
    65  	err = req.CheckSignature()
    66  	if err != nil {
    67  		t.Fatalf("Request CheckSignature error:%v", err)
    68  	} else {
    69  		fmt.Printf("CheckSignature ok\n")
    70  	}
    71  	testExtKeyUsage := []ExtKeyUsage{ExtKeyUsageClientAuth, ExtKeyUsageServerAuth}
    72  	testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{2, 59, 1}}
    73  	extraExtensionData := []byte("extra extension")
    74  	commonName := "test.example.com"
    75  	template := Certificate{
    76  		// SerialNumber is negative to ensure that negative
    77  		// values are parsed. This is due to the prevalence of
    78  		// buggy code that produces certificates with negative
    79  		// serial numbers.
    80  		SerialNumber: big.NewInt(-1),
    81  		Subject: pkix.Name{
    82  			CommonName:   commonName,
    83  			Organization: []string{"TEST"},
    84  			Country:      []string{"China"},
    85  			ExtraNames: []pkix.AttributeTypeAndValue{
    86  				{
    87  					Type:  []int{2, 5, 4, 42},
    88  					Value: "Gopher",
    89  				},
    90  				// This should override the Country, above.
    91  				{
    92  					Type:  []int{2, 5, 4, 6},
    93  					Value: "NL",
    94  				},
    95  			},
    96  		},
    97  		NotBefore: time.Now(),
    98  		NotAfter:  time.Date(2021, time.October, 10, 12, 1, 1, 1, time.UTC),
    99  
   100  		//		SignatureAlgorithm: ECDSAWithSHA256,
   101  		SignatureAlgorithm: SM2WithSM3,
   102  
   103  		SubjectKeyId: []byte{1, 2, 3, 4},
   104  		KeyUsage:     KeyUsageCertSign,
   105  
   106  		ExtKeyUsage:        testExtKeyUsage,
   107  		UnknownExtKeyUsage: testUnknownExtKeyUsage,
   108  
   109  		BasicConstraintsValid: true,
   110  		IsCA:                  true,
   111  
   112  		OCSPServer:            []string{"http://ocsp.example.com"},
   113  		IssuingCertificateURL: []string{"http://crt.example.com/ca1.crt"},
   114  
   115  		DNSNames:       []string{"test.example.com"},
   116  		EmailAddresses: []string{"gopher@golang.org"},
   117  		IPAddresses:    []net.IP{net.IPv4(127, 0, 0, 1).To4(), net.ParseIP("2001:4860:0:2001::68")},
   118  
   119  		PolicyIdentifiers:   []asn1.ObjectIdentifier{[]int{1, 2, 3}},
   120  		PermittedDNSDomains: []string{".example.com", "example.com"},
   121  
   122  		CRLDistributionPoints: []string{"http://crl1.example.com/ca1.crl", "http://crl2.example.com/ca1.crl"},
   123  
   124  		ExtraExtensions: []pkix.Extension{
   125  			{
   126  				Id:    []int{1, 2, 3, 4},
   127  				Value: extraExtensionData,
   128  			},
   129  			// This extension should override the SubjectKeyId, above.
   130  			{
   131  				Id:       oidExtensionSubjectKeyId,
   132  				Critical: false,
   133  				Value:    []byte{0x04, 0x04, 4, 3, 2, 1},
   134  			},
   135  		},
   136  	}
   137  	pubKey, _ = priv.Public().(*sm2.PublicKey)
   138  	certpem, err := CreateCertificateToPem(&template, &template, pubKey, privKey)
   139  	if err != nil {
   140  		t.Fatal("failed to create cert file")
   141  	}
   142  	cert, err := ReadCertificateFromPem(certpem)
   143  	if err != nil {
   144  		t.Fatal("failed to read cert file")
   145  	}
   146  	err = cert.CheckSignature(cert.SignatureAlgorithm, cert.RawTBSCertificate, cert.Signature)
   147  	if err != nil {
   148  		t.Fatal(err)
   149  	} else {
   150  		fmt.Printf("CheckSignature ok\n")
   151  	}
   152  }
   153
View as plain text