github.com/pion/webrtc/v4@v4.0.1/certificate_test.go (about) 1 // SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly> 2 // SPDX-License-Identifier: MIT 3 4 //go:build !js 5 // +build !js 6 7 package webrtc 8 9 import ( 10 "crypto/ecdsa" 11 "crypto/elliptic" 12 "crypto/rand" 13 "crypto/rsa" 14 "crypto/tls" 15 "crypto/x509" 16 "encoding/pem" 17 "testing" 18 "time" 19 20 "github.com/stretchr/testify/assert" 21 ) 22 23 func TestGenerateCertificateRSA(t *testing.T) { 24 sk, err := rsa.GenerateKey(rand.Reader, 2048) 25 assert.Nil(t, err) 26 27 skPEM := pem.EncodeToMemory(&pem.Block{ 28 Type: "RSA PRIVATE KEY", 29 Bytes: x509.MarshalPKCS1PrivateKey(sk), 30 }) 31 32 cert, err := GenerateCertificate(sk) 33 assert.Nil(t, err) 34 35 certPEM := pem.EncodeToMemory(&pem.Block{ 36 Type: "CERTIFICATE", 37 Bytes: cert.x509Cert.Raw, 38 }) 39 40 _, err = tls.X509KeyPair(certPEM, skPEM) 41 assert.Nil(t, err) 42 } 43 44 func TestGenerateCertificateECDSA(t *testing.T) { 45 sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 46 assert.Nil(t, err) 47 48 skDER, err := x509.MarshalECPrivateKey(sk) 49 assert.Nil(t, err) 50 51 skPEM := pem.EncodeToMemory(&pem.Block{ 52 Type: "EC PRIVATE KEY", 53 Bytes: skDER, 54 }) 55 56 cert, err := GenerateCertificate(sk) 57 assert.Nil(t, err) 58 59 certPEM := pem.EncodeToMemory(&pem.Block{ 60 Type: "CERTIFICATE", 61 Bytes: cert.x509Cert.Raw, 62 }) 63 64 _, err = tls.X509KeyPair(certPEM, skPEM) 65 assert.Nil(t, err) 66 } 67 68 func TestGenerateCertificateEqual(t *testing.T) { 69 sk1, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 70 assert.Nil(t, err) 71 72 sk3, err := rsa.GenerateKey(rand.Reader, 2048) 73 assert.NoError(t, err) 74 75 cert1, err := GenerateCertificate(sk1) 76 assert.Nil(t, err) 77 78 sk2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 79 assert.Nil(t, err) 80 81 cert2, err := GenerateCertificate(sk2) 82 assert.Nil(t, err) 83 84 cert3, err := GenerateCertificate(sk3) 85 assert.NoError(t, err) 86 87 assert.True(t, cert1.Equals(*cert1)) 88 assert.False(t, cert1.Equals(*cert2)) 89 assert.True(t, cert3.Equals(*cert3)) 90 } 91 92 func TestGenerateCertificateExpires(t *testing.T) { 93 sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 94 assert.Nil(t, err) 95 96 cert, err := GenerateCertificate(sk) 97 assert.Nil(t, err) 98 99 now := time.Now() 100 assert.False(t, cert.Expires().IsZero() || now.After(cert.Expires())) 101 102 x509Cert := CertificateFromX509(sk, &x509.Certificate{}) 103 assert.NotNil(t, x509Cert) 104 assert.Contains(t, x509Cert.statsID, "certificate") 105 } 106 107 func TestBadCertificate(t *testing.T) { 108 var nokey interface{} 109 badcert, err := NewCertificate(nokey, x509.Certificate{}) 110 assert.Nil(t, badcert) 111 assert.Error(t, err) 112 113 sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 114 assert.Nil(t, err) 115 116 badcert, err = NewCertificate(sk, x509.Certificate{}) 117 assert.Nil(t, badcert) 118 assert.Error(t, err) 119 120 c0 := Certificate{} 121 c1 := Certificate{} 122 assert.False(t, c0.Equals(c1)) 123 } 124 125 func TestPEM(t *testing.T) { 126 sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 127 assert.Nil(t, err) 128 cert, err := GenerateCertificate(sk) 129 assert.Nil(t, err) 130 131 pem, err := cert.PEM() 132 assert.Nil(t, err) 133 cert2, err := CertificateFromPEM(pem) 134 assert.Nil(t, err) 135 pem2, err := cert2.PEM() 136 assert.Nil(t, err) 137 assert.Equal(t, pem, pem2) 138 }