github.com/yoctocloud/packer@v0.6.2-0.20160520224004-e11a0a18423f/builder/azure/pkcs12/safebags_test.go

github.com/yoctocloud/packer@v0.6.2-0.20160520224004-e11a0a18423f/builder/azure/pkcs12/safebags_test.go (about)

     1  package pkcs12
     2  
     3  import (
     4  	"crypto/rand"
     5  	"crypto/rsa"
     6  	"crypto/x509"
     7  	"encoding/asn1"
     8  	"fmt"
     9  	"testing"
    10  )
    11  
    12  func decodePkcs8ShroudedKeyBag(asn1Data, password []byte) (privateKey interface{}, err error) {
    13  	pkinfo := new(encryptedPrivateKeyInfo)
    14  	if _, err = asn1.Unmarshal(asn1Data, pkinfo); err != nil {
    15  		err = fmt.Errorf("error decoding PKCS8 shrouded key bag: %v", err)
    16  		return nil, err
    17  	}
    18  
    19  	pkData, err := pbDecrypt(pkinfo, password)
    20  	if err != nil {
    21  		err = fmt.Errorf("error decrypting PKCS8 shrouded key bag: %v", err)
    22  		return
    23  	}
    24  
    25  	rv := new(asn1.RawValue)
    26  	if _, err = asn1.Unmarshal(pkData, rv); err != nil {
    27  		err = fmt.Errorf("could not decode decrypted private key data")
    28  	}
    29  
    30  	if privateKey, err = x509.ParsePKCS8PrivateKey(pkData); err != nil {
    31  		err = fmt.Errorf("error parsing PKCS8 private key: %v", err)
    32  		return nil, err
    33  	}
    34  	return
    35  }
    36  
    37  // Assert the default algorithm parameters are in the correct order,
    38  // and default to the correct value.  Defaults are based on OpenSSL.
    39  //  1. IterationCount, defaults to 2,048 long.
    40  //  2. Salt, is 8 bytes long.
    41  func TestDefaultAlgorithmParametersPkcs8ShroudedKeyBag(t *testing.T) {
    42  	privateKey, err := rsa.GenerateKey(rand.Reader, 512)
    43  	if err != nil {
    44  		t.Fatalf("failed to generate a private key: %s", err)
    45  	}
    46  
    47  	password := []byte("sesame")
    48  	bytes, err := encodePkcs8ShroudedKeyBag(privateKey, password)
    49  	if err != nil {
    50  		t.Fatalf("failed to encode PKCS#8 shrouded key bag: %s", err)
    51  	}
    52  
    53  	var pkinfo encryptedPrivateKeyInfo
    54  	rest, err := asn1.Unmarshal(bytes, &pkinfo)
    55  	if err != nil {
    56  		t.Fatalf("failed to unmarshal encryptedPrivateKeyInfo %s", err)
    57  	}
    58  
    59  	if len(rest) != 0 {
    60  		t.Fatalf("unexpected trailing bytes of len=%d, bytes=%x", len(rest), rest)
    61  	}
    62  
    63  	var params pbeParams
    64  	rest, err = asn1.Unmarshal(pkinfo.GetAlgorithm().Parameters.FullBytes, &params)
    65  	if err != nil {
    66  		t.Fatalf("failed to unmarshal encryptedPrivateKeyInfo %s", err)
    67  	}
    68  
    69  	if len(rest) != 0 {
    70  		t.Fatalf("unexpected trailing bytes of len=%d, bytes=%x", len(rest), rest)
    71  	}
    72  
    73  	if params.Iterations != pbeIterationCount {
    74  		t.Errorf("expected iteration count to be %d, but actual=%d", pbeIterationCount, params.Iterations)
    75  	}
    76  	if len(params.Salt) != pbeSaltSizeBytes {
    77  		t.Errorf("expected the number of salt bytes to be %d, but actual=%d", pbeSaltSizeBytes, len(params.Salt))
    78  	}
    79  }
    80  
    81  func TestRoundTripPkcs8ShroudedKeyBag(t *testing.T) {
    82  	privateKey, err := rsa.GenerateKey(rand.Reader, 512)
    83  	if err != nil {
    84  		t.Fatalf("failed to generate a private key: %s", err)
    85  	}
    86  
    87  	password := []byte("sesame")
    88  	bytes, err := encodePkcs8ShroudedKeyBag(privateKey, password)
    89  	if err != nil {
    90  		t.Fatalf("failed to encode PKCS#8 shrouded key bag: %s", err)
    91  	}
    92  
    93  	key, err := decodePkcs8ShroudedKeyBag(bytes, password)
    94  	if err != nil {
    95  		t.Fatalf("failed to decode PKCS#8 shrouded key bag: %s", err)
    96  	}
    97  
    98  	actualPrivateKey := key.(*rsa.PrivateKey)
    99  	if actualPrivateKey.D.Cmp(privateKey.D) != 0 {
   100  		t.Fatalf("failed to round-trip rsa.PrivateKey.D")
   101  	}
   102  }