github.com/amanya/packer@v0.12.1-0.20161117214323-902ac5ab2eb6/builder/azure/pkcs12/pkcs12_test.go

github.com/amanya/packer@v0.12.1-0.20161117214323-902ac5ab2eb6/builder/azure/pkcs12/pkcs12_test.go (about)

     1  package pkcs12
     2  
     3  import (
     4  	"crypto/ecdsa"
     5  	"crypto/elliptic"
     6  	"crypto/rand"
     7  	"crypto/rsa"
     8  	"crypto/x509"
     9  	"crypto/x509/pkix"
    10  	"fmt"
    11  	"math/big"
    12  	"testing"
    13  	"time"
    14  
    15  	gopkcs12 "golang.org/x/crypto/pkcs12"
    16  )
    17  
    18  func TestPfxRoundTriRsa(t *testing.T) {
    19  	privateKey, err := rsa.GenerateKey(rand.Reader, 512)
    20  	if err != nil {
    21  		t.Fatal(err.Error())
    22  	}
    23  
    24  	key := testPfxRoundTrip(t, privateKey)
    25  
    26  	actualPrivateKey, ok := key.(*rsa.PrivateKey)
    27  	if !ok {
    28  		t.Fatal("failed to decode private key")
    29  	}
    30  
    31  	if privateKey.D.Cmp(actualPrivateKey.D) != 0 {
    32  		t.Errorf("priv.D")
    33  	}
    34  }
    35  
    36  func TestPfxRoundTriEcdsa(t *testing.T) {
    37  	privateKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
    38  	if err != nil {
    39  		t.Fatal(err.Error())
    40  	}
    41  
    42  	key := testPfxRoundTrip(t, privateKey)
    43  
    44  	actualPrivateKey, ok := key.(*ecdsa.PrivateKey)
    45  	if !ok {
    46  		t.Fatalf("failed to decode private key")
    47  	}
    48  
    49  	if privateKey.D.Cmp(actualPrivateKey.D) != 0 {
    50  		t.Errorf("priv.D")
    51  	}
    52  }
    53  
    54  func testPfxRoundTrip(t *testing.T, privateKey interface{}) interface{} {
    55  	certificateBytes, err := newCertificate("hostname", privateKey)
    56  	if err != nil {
    57  		t.Fatal(err.Error())
    58  	}
    59  
    60  	bytes, err := Encode(certificateBytes, privateKey, "sesame")
    61  	if err != nil {
    62  		t.Fatal(err.Error())
    63  	}
    64  
    65  	key, _, err := gopkcs12.Decode(bytes, "sesame")
    66  	if err != nil {
    67  		t.Fatalf(err.Error())
    68  	}
    69  
    70  	return key
    71  }
    72  
    73  func newCertificate(hostname string, privateKey interface{}) ([]byte, error) {
    74  	t, _ := time.Parse("2006-01-02", "2016-01-01")
    75  	notBefore := t
    76  	notAfter := notBefore.Add(365 * 24 * time.Hour)
    77  
    78  	serialNumber, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
    79  	if err != nil {
    80  		err := fmt.Errorf("Failed to Generate Serial Number: %v", err)
    81  		return nil, err
    82  	}
    83  
    84  	template := x509.Certificate{
    85  		SerialNumber: serialNumber,
    86  		Issuer: pkix.Name{
    87  			CommonName: hostname,
    88  		},
    89  		Subject: pkix.Name{
    90  			CommonName: hostname,
    91  		},
    92  
    93  		NotBefore: notBefore,
    94  		NotAfter:  notAfter,
    95  
    96  		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
    97  		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
    98  		BasicConstraintsValid: true,
    99  	}
   100  
   101  	var publicKey interface{}
   102  	switch key := privateKey.(type) {
   103  	case *rsa.PrivateKey:
   104  		publicKey = key.Public()
   105  	case *ecdsa.PrivateKey:
   106  		publicKey = key.Public()
   107  	default:
   108  		panic(fmt.Sprintf("unsupported private key type: %T", privateKey))
   109  	}
   110  
   111  	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey, privateKey)
   112  	if err != nil {
   113  		return nil, fmt.Errorf("Failed to Generate derBytes: " + err.Error())
   114  	}
   115  
   116  	return derBytes, nil
   117  }