github.com/annwntech/go-micro/v2@v2.9.5/util/pki/pki_test.go

github.com/annwntech/go-micro/v2@v2.9.5/util/pki/pki_test.go (about)

     1  package pki
     2  
     3  import (
     4  	"crypto/ed25519"
     5  	"crypto/rand"
     6  	"crypto/x509"
     7  	"crypto/x509/pkix"
     8  	"encoding/pem"
     9  	"math/big"
    10  	"net"
    11  	"testing"
    12  	"time"
    13  
    14  	"github.com/stretchr/testify/assert"
    15  )
    16  
    17  func TestPrivateKey(t *testing.T) {
    18  	_, _, err := GenerateKey()
    19  	assert.NoError(t, err)
    20  }
    21  
    22  func TestCA(t *testing.T) {
    23  	pub, priv, err := GenerateKey()
    24  	assert.NoError(t, err)
    25  
    26  	serialNumberMax := new(big.Int).Lsh(big.NewInt(1), 128)
    27  	serialNumber, err := rand.Int(rand.Reader, serialNumberMax)
    28  	assert.NoError(t, err, "Couldn't generate serial")
    29  
    30  	cert, key, err := CA(
    31  		KeyPair(pub, priv),
    32  		Subject(pkix.Name{
    33  			Organization: []string{"test"},
    34  		}),
    35  		DNSNames("localhost"),
    36  		IPAddresses(net.ParseIP("127.0.0.1")),
    37  		SerialNumber(serialNumber),
    38  		NotBefore(time.Now().Add(time.Minute*-1)),
    39  		NotAfter(time.Now().Add(time.Minute)),
    40  	)
    41  	assert.NoError(t, err, "Couldn't sign CA")
    42  	asn1Key, _ := pem.Decode(key)
    43  	assert.NotNil(t, asn1Key, "Couldn't decode key")
    44  	assert.Equal(t, "PRIVATE KEY", asn1Key.Type)
    45  	decodedKey, err := x509.ParsePKCS8PrivateKey(asn1Key.Bytes)
    46  	assert.NoError(t, err, "Couldn't decode ASN1 Key")
    47  	assert.Equal(t, priv, decodedKey.(ed25519.PrivateKey))
    48  
    49  	pool := x509.NewCertPool()
    50  	assert.True(t, pool.AppendCertsFromPEM(cert), "Coudn't parse cert")
    51  
    52  	asn1Cert, _ := pem.Decode(cert)
    53  	assert.NotNil(t, asn1Cert, "Couldn't parse pem cert")
    54  	x509cert, err := x509.ParseCertificate(asn1Cert.Bytes)
    55  	assert.NoError(t, err, "Couldn't parse asn1 cert")
    56  	chains, err := x509cert.Verify(x509.VerifyOptions{
    57  		Roots: pool,
    58  	})
    59  	assert.NoError(t, err, "Cert didn't verify")
    60  	assert.Len(t, chains, 1, "CA should have 1 cert in chain")
    61  }
    62  
    63  func TestCSR(t *testing.T) {
    64  	pub, priv, err := GenerateKey()
    65  	assert.NoError(t, err)
    66  	csr, err := CSR(
    67  		Subject(
    68  			pkix.Name{
    69  				CommonName:         "testnode",
    70  				Organization:       []string{"microtest"},
    71  				OrganizationalUnit: []string{"super-testers"},
    72  			},
    73  		),
    74  		DNSNames("localhost"),
    75  		IPAddresses(net.ParseIP("127.0.0.1")),
    76  		KeyPair(pub, priv),
    77  	)
    78  	assert.NoError(t, err, "CSR couldn't be encoded")
    79  
    80  	asn1csr, _ := pem.Decode(csr)
    81  	assert.NotNil(t, asn1csr)
    82  	decodedcsr, err := x509.ParseCertificateRequest(asn1csr.Bytes)
    83  	assert.NoError(t, err)
    84  	expected := pkix.Name{
    85  		CommonName:         "testnode",
    86  		Organization:       []string{"microtest"},
    87  		OrganizationalUnit: []string{"super-testers"},
    88  	}
    89  	assert.Equal(t, decodedcsr.Subject.String(), expected.String())
    90  }