github.com/extrame/fabric-ca@v2.0.0-alpha+incompatible/lib/tcert/util_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package tcert 18 19 import ( 20 "crypto/rand" 21 "io/ioutil" 22 "math/big" 23 "testing" 24 ) 25 26 func TestGenNumber(t *testing.T) { 27 num, _ := GenNumber(big.NewInt(20)) 28 if num == nil { 29 t.Fatal("Failed in GenNumber") 30 } 31 } 32 33 func TestECCertificate(t *testing.T) { 34 publicKeyBuff, err := ioutil.ReadFile("../../testdata/ec.pem") 35 if err != nil { 36 t.Fatal("Cannot read EC Certificate from file system") 37 } 38 _, err = GetCertificate(publicKeyBuff) 39 if err != nil { 40 t.Fatalf("Cannot create EC Certificate \t [%v]", err) 41 } 42 } 43 44 func TestCBCPKCS7EncryptCBCPKCS7Decrypt(t *testing.T) { 45 46 // Note: The purpose of this test is not to test AES-256 in CBC mode's strength 47 // ... but rather to verify the code wrapping/unwrapping the cipher. 48 key := make([]byte, AESKeyLength) 49 rand.Reader.Read(key) 50 51 var ptext = []byte("a message with arbitrary length (42 bytes)") 52 53 encrypted, encErr := CBCPKCS7Encrypt(key, ptext) 54 if encErr != nil { 55 t.Fatalf("Error encrypting '%s': %s", ptext, encErr) 56 } 57 58 decrypted, dErr := CBCPKCS7Decrypt(key, encrypted) 59 if dErr != nil { 60 t.Fatalf("Error decrypting the encrypted '%s': %v", ptext, dErr) 61 } 62 63 if string(ptext[:]) != string(decrypted[:]) { 64 t.Fatal("Decrypt( Encrypt( ptext ) ) != ptext: Ciphertext decryption with the same key must result in the original plaintext!") 65 } 66 67 } 68 69 func TestPreKey(t *testing.T) { 70 rootKey := CreateRootPreKey() 71 if len(rootKey) == 0 { 72 t.Fatal("Root Key Cannot be generated") 73 } 74 75 } 76 77 func TestSerialNumber(t *testing.T) { 78 publicKeyBuff, err := ioutil.ReadFile("../../testdata/ec.pem") 79 if err != nil { 80 t.Fatal("Cannot read EC Certificate from file system") 81 } 82 _, err = GetCertitificateSerialNumber(publicKeyBuff) 83 84 if err != nil { 85 t.Fatalf("Cannot create EC Certificate \t [%v]", err) 86 } 87 88 publicKeyBuff, err = ioutil.ReadFile("../../testdata/expiredcert.pem") 89 if err != nil { 90 t.Fatal("Cannot read Certificate from file system") 91 } 92 _, err = GetCertitificateSerialNumber(publicKeyBuff) 93 t.Logf("GetCertitificateSerialNumber error %v", err) 94 if err == nil { 95 t.Fatal("GetCertitificateSerialNumber should have failed reading non-certificate") 96 } 97 } 98 99 func TestGetBadCertificate(t *testing.T) { 100 // Wrong file type 101 buf, err := ioutil.ReadFile("../../testdata/server-config.json") 102 if err != nil { 103 t.Error("Cannot read certificate from file system") 104 } 105 _, err = GetCertificate([]byte(buf)) 106 t.Logf("GetCertitificate error %v", err) 107 if err == nil { 108 t.Error("Should have failed since file is json") 109 } 110 111 // pem Cert Expired 112 buf, err = ioutil.ReadFile("../../testdata/expiredcert.pem") 113 if err != nil { 114 t.Error("Cannot read certificate from file system") 115 } 116 _, err = GetCertificate([]byte(buf)) 117 t.Logf("GetCertitificate error %v", err) 118 if err == nil { 119 t.Error("Should have failed since certificate is expired") 120 } 121 122 // der Cert Expired 123 buf, err = ioutil.ReadFile("../../testdata/expiredcert.der") 124 if err != nil { 125 t.Error("Cannot read certificate from file system") 126 } 127 _, err = GetCertificate([]byte(buf)) 128 t.Logf("GetCertitificate error %v", err) 129 if err == nil { 130 t.Error("Should have failed since certificate is expired") 131 } 132 } 133 134 func TestGenerateUUID(t *testing.T) { 135 _, err := GenerateIntUUID() 136 if err != nil { 137 t.Errorf("GenerateIntUUID failed: %s", err) 138 } 139 } 140 141 func TestDerToPem(t *testing.T) { 142 143 buf, err := ioutil.ReadFile("../../testdata/ecTest.der") 144 if err != nil { 145 t.Fatalf("Cannot read Certificate in DER format: %s", err) 146 } 147 cert := ConvertDERToPEM(buf, "CERTIFICATE") 148 if cert == nil { 149 t.Fatal("Failed to ConvertDERToPEM") 150 } 151 } 152 153 func TestGetPrivateKey(t *testing.T) { 154 // PKCS1 EC 155 _, err := LoadKey("../../testdata/ec-key.pem") 156 if err != nil { 157 t.Errorf("Cannot load PKCS1 EC Key: %v", err) 158 } 159 160 // PKCS1 RSA 161 _, err = LoadKey("../../testdata/rsa-key.pem") 162 if err != nil { 163 t.Errorf("Cannot load PKCS1 RSA Key: %v", err) 164 } 165 166 // PKCS8 EC 167 _, err = LoadKey("../../testdata/pkcs8eckey.pem") 168 if err != nil { 169 t.Errorf("Cannot load PKCS8 key: %v", err) 170 } 171 172 // DER 173 _, err = LoadKey("../../testdata/ecTest.der") 174 t.Logf("LoadKey error %v", err) 175 if err == nil { 176 t.Errorf("LoadKey should have failed loading DER") 177 } 178 179 // non-existent file 180 _, err = LoadKey("/tmp/xxxxxxxxxxxxxxxxxxxxx.pem") 181 t.Logf("LoadKey error %v", err) 182 if err == nil { 183 t.Errorf("LoadKey should have failed loading non-existent file") 184 } 185 186 // non-key file 187 _, err = LoadKey("../../testdata/dsa-cert.pem") 188 t.Logf("LoadKey error %v", err) 189 if err == nil { 190 t.Errorf("LoadKey should have failed loading dsa cert file") 191 } 192 193 // encrypted key file 194 _, err = LoadKey("../../testdata/dsa-key.pem") 195 t.Logf("LoadKey error %v", err) 196 if err == nil { 197 t.Errorf("LoadKey should have failed loading encrypted dsa key file") 198 } 199 } 200 201 func TestCBCEncrypt(t *testing.T) { 202 // only 16, 24 and 32 are valid key lengths 203 _, err := CBCPKCS7Encrypt(make([]byte, 31), make([]byte, 0)) 204 t.Logf("CBCPKCS7Encrypt error: %v", err) 205 if err == nil { 206 t.Errorf("CBCPKCS7Encrypt should have failed with invalid key size") 207 } 208 209 _, err = CBCPKCS7Encrypt(make([]byte, 0), make([]byte, 0)) 210 t.Logf("CBCPKCS7Encrypt error: %v", err) 211 if err == nil { 212 t.Errorf("CBCPKCS7Encrypt should have failed with invalid key size") 213 } 214 215 _, err = CBCPKCS7Encrypt(make([]byte, 24), make([]byte, 0)) 216 if err != nil { 217 t.Errorf("CBCPKCS7Encrypt failed with AES-128, %v", err) 218 } 219 220 _, err = CBCPKCS7Encrypt(make([]byte, 16), make([]byte, 0)) 221 if err != nil { 222 t.Errorf("CBCPKCS7Encrypt failed with AES-192, %v", err) 223 } 224 225 _, err = CBCPKCS7Encrypt(make([]byte, 32), make([]byte, 0)) 226 if err != nil { 227 t.Errorf("CBCPKCS7Encrypt failed with AES-256, %v", err) 228 } 229 } 230 231 func TestCBCPKCS7Decrypt(t *testing.T) { 232 // only 16, 24 and 32 are valid key lengths 233 _, err := CBCPKCS7Decrypt(make([]byte, 31), make([]byte, 16)) 234 t.Logf("CBCPKCS7Decrypt error: %v", err) 235 if err == nil { 236 t.Errorf("CBCPKCS7Decrypt should have failed: invalid key size") 237 } 238 239 _, err = CBCPKCS7Decrypt(make([]byte, 0), make([]byte, 16)) 240 t.Logf("CBCPKCS7Decrypt error: %v", err) 241 if err == nil { 242 t.Errorf("CBCPKCS7Decrypt should have failed: invalid key size") 243 } 244 245 // invalid ciphertext 246 _, err = CBCPKCS7Decrypt(make([]byte, 24), make([]byte, 0)) 247 t.Logf("CBCPKCS7Decrypt error: %v", err) 248 if err == nil { 249 t.Errorf("CBCPKCS7Decrypt should have failed: cipher text size < aes.BlockSize") 250 } 251 252 _, err = CBCPKCS7Decrypt(make([]byte, 16), make([]byte, 31)) 253 t.Logf("CBCPKCS7Decrypt error: %v", err) 254 if err == nil { 255 t.Errorf("CBCPKCS7Decrypt should have failed: cipher_text_size%%aes.BlockSize != 0") 256 } 257 258 _, err = CBCPKCS7Decrypt(make([]byte, 32), make([]byte, 32)) 259 t.Logf("CBCPKCS7Decrypt error: %v", err) 260 if err == nil { 261 t.Errorf("CBCPKCS7Decrypt should have failed: invalid padding") 262 } 263 }