github.com/codingeasygo/util@v0.0.0-20231206062002-1ce2f004b7d9/xcrypto/xcrypto_test.go (about) 1 package xcrypto 2 3 import ( 4 "crypto/tls" 5 "crypto/x509" 6 "fmt" 7 "io/ioutil" 8 "net" 9 "net/http" 10 "testing" 11 "time" 12 ) 13 14 func init() { 15 // exec.Command("bash", "-c", "./openssl.sh").Output() 16 } 17 18 func testWebCert(t *testing.T, caPEM []byte, serverCert, clientCert tls.Certificate) { 19 certPool := x509.NewCertPool() 20 ok := certPool.AppendCertsFromPEM([]byte(caPEM)) 21 if !ok { 22 panic("failed to parse ca certificate") 23 } 24 var server *http.Server 25 { 26 server = &http.Server{} 27 server.Addr = ":8122" 28 server.TLSConfig = &tls.Config{ 29 Certificates: []tls.Certificate{serverCert}, 30 ClientAuth: tls.RequireAndVerifyClientCert, 31 ClientCAs: certPool, 32 } 33 server.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 34 fmt.Fprintf(w, "ok") 35 }) 36 go server.ListenAndServeTLS("", "") 37 defer server.Close() 38 time.Sleep(10 * time.Millisecond) 39 } 40 { 41 transport := &http.Transport{ 42 TLSClientConfig: &tls.Config{ 43 Certificates: []tls.Certificate{clientCert}, 44 RootCAs: certPool, 45 }, 46 Dial: func(network, addr string) (net.Conn, error) { 47 return net.Dial(network, server.Addr) 48 }, 49 } 50 client := &http.Client{Transport: transport} 51 resp, err := client.Get("https://a.test.com") 52 if err != nil { 53 t.Error(err) 54 return 55 } 56 data, err := ioutil.ReadAll(resp.Body) 57 if err != nil { 58 t.Error(err) 59 return 60 } 61 if string(data) != "ok" { 62 t.Errorf("%v", string(data)) 63 return 64 } 65 fmt.Println("-->", string(data)) 66 } 67 { 68 transport := &http.Transport{ 69 TLSClientConfig: &tls.Config{ 70 Certificates: []tls.Certificate{clientCert}, 71 RootCAs: certPool, 72 }, 73 Dial: func(network, addr string) (net.Conn, error) { 74 return net.Dial(network, server.Addr) 75 }, 76 } 77 client := &http.Client{Transport: transport} 78 resp, err := client.Get("https://127.0.0.1") 79 if err != nil { 80 t.Error(err) 81 return 82 } 83 data, err := ioutil.ReadAll(resp.Body) 84 if err != nil { 85 t.Error(err) 86 return 87 } 88 if string(data) != "ok" { 89 t.Errorf("%v", string(data)) 90 return 91 } 92 fmt.Println("-->", string(data)) 93 } 94 } 95 96 // func TestGenerateWeb(t *testing.T) { 97 // cert, certPEM, _, err := GenerateWeb(nil, nil, "a.test.com", "127.0.0.1", 2048) 98 // if err != nil { 99 // t.Error(err) 100 // return 101 // } 102 // testWebCert(t, cert, certPEM) 103 // } 104 105 func TestGenerateRoot(t *testing.T) { 106 rootCert, rootPriv, rootCertPEM, _, err := GenerateRootCA([]string{"test"}, "Root CA", 2048) 107 if err != nil { 108 t.Error(err) 109 return 110 } 111 serverCert, _, _, err := GenerateWeb(rootCert, rootPriv, false, "test", "a.test.com", "127.0.0.1", 2048) 112 if err != nil { 113 t.Error(err) 114 return 115 } 116 clientCert, _, _, err := GenerateWeb(rootCert, rootPriv, true, "test", "a.test.com", "127.0.0.1", 2048) 117 if err != nil { 118 t.Error(err) 119 return 120 } 121 testWebCert(t, rootCertPEM, serverCert, clientCert) 122 } 123 124 // func TestOpensslRoot(t *testing.T) { 125 // certPEM, err := ioutil.ReadFile("ca.pem") 126 // if err != nil { 127 // t.Error(err) 128 // return 129 // } 130 // cert, err := tls.LoadX509KeyPair("server.pem", "server.key") 131 // if err != nil { 132 // t.Error(err) 133 // return 134 // } 135 // testWebCert(t, cert, certPEM) 136 // } 137 138 func TestGenerateWebServerClient(t *testing.T) { 139 _, _, _, _, _, _, _, _, _, _, err := GenerateWebServerClient("test", "ca", "test", "", 2048) 140 if err != nil { 141 t.Error(err) 142 return 143 } 144 } 145 146 func TestLoadX509KeyPair(t *testing.T) { 147 _, _, err := LoadX509KeyPair("ca.pem", "ca.key") 148 if err != nil { 149 t.Error(err) 150 return 151 } 152 _, _, err = LoadX509KeyPair("ca.pem", "ca.keyxx") 153 if err == nil { 154 t.Error(err) 155 return 156 } 157 _, _, err = LoadX509KeyPair("ca.pemxx", "ca.key") 158 if err == nil { 159 t.Error(err) 160 return 161 } 162 }