github.com/pion/webrtc/v3@v3.2.24/certificate_test.go (about)

     1  // SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
     2  // SPDX-License-Identifier: MIT
     3  
     4  //go:build !js
     5  // +build !js
     6  
     7  package webrtc
     8  
     9  import (
    10  	"crypto/ecdsa"
    11  	"crypto/elliptic"
    12  	"crypto/rand"
    13  	"crypto/rsa"
    14  	"crypto/tls"
    15  	"crypto/x509"
    16  	"encoding/pem"
    17  	"testing"
    18  	"time"
    19  
    20  	"github.com/stretchr/testify/assert"
    21  )
    22  
    23  func TestGenerateCertificateRSA(t *testing.T) {
    24  	sk, err := rsa.GenerateKey(rand.Reader, 2048)
    25  	assert.Nil(t, err)
    26  
    27  	skPEM := pem.EncodeToMemory(&pem.Block{
    28  		Type:  "RSA PRIVATE KEY",
    29  		Bytes: x509.MarshalPKCS1PrivateKey(sk),
    30  	})
    31  
    32  	cert, err := GenerateCertificate(sk)
    33  	assert.Nil(t, err)
    34  
    35  	certPEM := pem.EncodeToMemory(&pem.Block{
    36  		Type:  "CERTIFICATE",
    37  		Bytes: cert.x509Cert.Raw,
    38  	})
    39  
    40  	_, err = tls.X509KeyPair(certPEM, skPEM)
    41  	assert.Nil(t, err)
    42  }
    43  
    44  func TestGenerateCertificateECDSA(t *testing.T) {
    45  	sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    46  	assert.Nil(t, err)
    47  
    48  	skDER, err := x509.MarshalECPrivateKey(sk)
    49  	assert.Nil(t, err)
    50  
    51  	skPEM := pem.EncodeToMemory(&pem.Block{
    52  		Type:  "EC PRIVATE KEY",
    53  		Bytes: skDER,
    54  	})
    55  
    56  	cert, err := GenerateCertificate(sk)
    57  	assert.Nil(t, err)
    58  
    59  	certPEM := pem.EncodeToMemory(&pem.Block{
    60  		Type:  "CERTIFICATE",
    61  		Bytes: cert.x509Cert.Raw,
    62  	})
    63  
    64  	_, err = tls.X509KeyPair(certPEM, skPEM)
    65  	assert.Nil(t, err)
    66  }
    67  
    68  func TestGenerateCertificateEqual(t *testing.T) {
    69  	sk1, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    70  	assert.Nil(t, err)
    71  
    72  	sk3, err := rsa.GenerateKey(rand.Reader, 2048)
    73  	assert.NoError(t, err)
    74  
    75  	cert1, err := GenerateCertificate(sk1)
    76  	assert.Nil(t, err)
    77  
    78  	sk2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    79  	assert.Nil(t, err)
    80  
    81  	cert2, err := GenerateCertificate(sk2)
    82  	assert.Nil(t, err)
    83  
    84  	cert3, err := GenerateCertificate(sk3)
    85  	assert.NoError(t, err)
    86  
    87  	assert.True(t, cert1.Equals(*cert1))
    88  	assert.False(t, cert1.Equals(*cert2))
    89  	assert.True(t, cert3.Equals(*cert3))
    90  }
    91  
    92  func TestGenerateCertificateExpires(t *testing.T) {
    93  	sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    94  	assert.Nil(t, err)
    95  
    96  	cert, err := GenerateCertificate(sk)
    97  	assert.Nil(t, err)
    98  
    99  	now := time.Now()
   100  	assert.False(t, cert.Expires().IsZero() || now.After(cert.Expires()))
   101  
   102  	x509Cert := CertificateFromX509(sk, &x509.Certificate{})
   103  	assert.NotNil(t, x509Cert)
   104  	assert.Contains(t, x509Cert.statsID, "certificate")
   105  }
   106  
   107  func TestBadCertificate(t *testing.T) {
   108  	var nokey interface{}
   109  	badcert, err := NewCertificate(nokey, x509.Certificate{})
   110  	assert.Nil(t, badcert)
   111  	assert.Error(t, err)
   112  
   113  	sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
   114  	assert.Nil(t, err)
   115  
   116  	badcert, err = NewCertificate(sk, x509.Certificate{})
   117  	assert.Nil(t, badcert)
   118  	assert.Error(t, err)
   119  
   120  	c0 := Certificate{}
   121  	c1 := Certificate{}
   122  	assert.False(t, c0.Equals(c1))
   123  }
   124  
   125  func TestPEM(t *testing.T) {
   126  	sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
   127  	assert.Nil(t, err)
   128  	cert, err := GenerateCertificate(sk)
   129  	assert.Nil(t, err)
   130  
   131  	pem, err := cert.PEM()
   132  	assert.Nil(t, err)
   133  	cert2, err := CertificateFromPEM(pem)
   134  	assert.Nil(t, err)
   135  	pem2, err := cert2.PEM()
   136  	assert.Nil(t, err)
   137  	assert.Equal(t, pem, pem2)
   138  }