podman

verify_test_dsa.go
182 строки · 6.9 Кб
Перенос по словам
1
// +build go1.11 go1.12 go1.13 go1.14 go1.15
2

3
package pkcs7
4

5
import (
6
	"crypto/x509"
7
	"encoding/pem"
8
	"fmt"
9
	"io/ioutil"
10
	"os"
11
	"os/exec"
12
	"testing"
13
)
14

15
func TestVerifyEC2(t *testing.T) {
16
	fixture := UnmarshalDSATestFixture(EC2IdentityDocumentFixture)
17
	p7, err := Parse(fixture.Input)
18
	if err != nil {
19
		t.Errorf("Parse encountered unexpected error: %v", err)
20
	}
21
	p7.Certificates = []*x509.Certificate{fixture.Certificate}
22
	if err := p7.Verify(); err != nil {
23
		t.Errorf("Verify failed with error: %v", err)
24
	}
25
}
26

27
var EC2IdentityDocumentFixture = `
28
-----BEGIN PKCS7-----
29
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA
30
JIAEggGmewogICJwcml2YXRlSXAiIDogIjE3Mi4zMC4wLjI1MiIsCiAgImRldnBh
31
eVByb2R1Y3RDb2RlcyIgOiBudWxsLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1
32
cy1lYXN0LTFhIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3Rh
33
bmNlSWQiIDogImktZjc5ZmU1NmMiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVs
34
bCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIg
35
OiAiMTIxNjU5MDE0MzM0IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwK
36
ICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDhUMDM6MDE6MzhaIiwKICAiYXJj
37
aGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJy
38
YW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAA
39
AAAxggEYMIIBFAIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5n
40
dG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2Vi
41
IFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0B
42
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDgwMzAxNDRaMCMG
43
CSqGSIb3DQEJBDEWBBTuUc28eBXmImAautC+wOjqcFCBVjAJBgcqhkjOOAQDBC8w
44
LQIVAKA54NxGHWWCz5InboDmY/GHs33nAhQ6O/ZI86NwjA9Vz3RNMUJrUPU5tAAA
45
AAAAAA==
46
-----END PKCS7-----
47
-----BEGIN CERTIFICATE-----
48
MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw
49
FwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYD
50
VQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQzAeFw0xMjAxMDUxMjU2MTJaFw0z
51
ODAxMDUxMjU2MTJaMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9u
52
IFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNl
53
cnZpY2VzIExMQzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQCjkvcS2bb1VQ4yt/5e
54
ih5OO6kK/n1Lzllr7D8ZwtQP8fOEpp5E2ng+D6Ud1Z1gYipr58Kj3nssSNpI6bX3
55
VyIQzK7wLclnd/YozqNNmgIyZecN7EglK9ITHJLP+x8FtUpt3QbyYXJdmVMegN6P
56
hviYt5JH/nYl4hh3Pa1HJdskgQIVALVJ3ER11+Ko4tP6nwvHwh6+ERYRAoGBAI1j
57
k+tkqMVHuAFcvAGKocTgsjJem6/5qomzJuKDmbJNu9Qxw3rAotXau8Qe+MBcJl/U
58
hhy1KHVpCGl9fueQ2s6IL0CaO/buycU1CiYQk40KNHCcHfNiZbdlx1E9rpUp7bnF
59
lRa2v1ntMX3caRVDdbtPEWmdxSCYsYFDk4mZrOLBA4GEAAKBgEbmeve5f8LIE/Gf
60
MNmP9CM5eovQOGx5ho8WqD+aTebs+k2tn92BBPqeZqpWRa5P/+jrdKml1qx4llHW
61
MXrs3IgIb6+hUIB+S8dz8/mmO0bpr76RoZVCXYab2CZedFut7qc3WUH9+EUAH5mw
62
vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
63
7HX32MxXYruse9ACFBNGmdX2ZBrVNGrN9N2f6ROk0k9K
64
-----END CERTIFICATE-----`
65

66
func TestDSASignWithOpenSSLAndVerify(t *testing.T) {
67
	content := []byte(`
68
A ship in port is safe,
69
but that's not what ships are built for.
70
-- Grace Hopper`)
71
	// write the content to a temp file
72
	tmpContentFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_content")
73
	if err != nil {
74
		t.Fatal(err)
75
	}
76
	ioutil.WriteFile(tmpContentFile.Name(), content, 0755)
77

78
	// write the signer cert to a temp file
79
	tmpSignerCertFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signer")
80
	if err != nil {
81
		t.Fatal(err)
82
	}
83
	ioutil.WriteFile(tmpSignerCertFile.Name(), dsaPublicCert, 0755)
84

85
	// write the signer key to a temp file
86
	tmpSignerKeyFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_key")
87
	if err != nil {
88
		t.Fatal(err)
89
	}
90
	ioutil.WriteFile(tmpSignerKeyFile.Name(), dsaPrivateKey, 0755)
91

92
	tmpSignedFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signature")
93
	if err != nil {
94
		t.Fatal(err)
95
	}
96
	// call openssl to sign the content
97
	opensslCMD := exec.Command("openssl", "smime", "-sign", "-nodetach", "-md", "sha1",
98
		"-in", tmpContentFile.Name(), "-out", tmpSignedFile.Name(),
99
		"-signer", tmpSignerCertFile.Name(), "-inkey", tmpSignerKeyFile.Name(),
100
		"-certfile", tmpSignerCertFile.Name(), "-outform", "PEM")
101
	out, err := opensslCMD.CombinedOutput()
102
	if err != nil {
103
		t.Fatalf("openssl command failed with %s: %s", err, out)
104
	}
105

106
	// verify the signed content
107
	pemSignature, err := ioutil.ReadFile(tmpSignedFile.Name())
108
	if err != nil {
109
		t.Fatal(err)
110
	}
111
	fmt.Printf("%s\n", pemSignature)
112
	derBlock, _ := pem.Decode(pemSignature)
113
	if derBlock == nil {
114
		t.Fatalf("failed to read DER block from signature PEM %s", tmpSignedFile.Name())
115
	}
116
	p7, err := Parse(derBlock.Bytes)
117
	if err != nil {
118
		t.Fatalf("Parse encountered unexpected error: %v", err)
119
	}
120
	if err := p7.Verify(); err != nil {
121
		t.Fatalf("Verify failed with error: %v", err)
122
	}
123
	os.Remove(tmpSignerCertFile.Name()) // clean up
124
	os.Remove(tmpSignerKeyFile.Name())  // clean up
125
	os.Remove(tmpContentFile.Name())    // clean up
126
}
127

128
var dsaPrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
129
MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
130
PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
131
pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
132
1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
133
vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
134
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
135
g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUfW4aPdQBn9gJZp2KuNpzgHzvfsE=
136
-----END PRIVATE KEY-----`)
137

138
var dsaPublicCert = []byte(`-----BEGIN CERTIFICATE-----
139
MIIDOjCCAvWgAwIBAgIEPCY/UDANBglghkgBZQMEAwIFADBsMRAwDgYDVQQGEwdV
140
bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
141
VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
142
MB4XDTE4MTAyMjEzNDMwN1oXDTQ2MDMwOTEzNDMwN1owbDEQMA4GA1UEBhMHVW5r
143
bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
144
ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
145
AbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADD
146
Hj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gE
147
exAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/Ii
148
Axmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4
149
V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozI
150
puE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl
151
nwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDCriMPbEVBoRK4SOUeFwg7+VRf4TTp
152
rcOQC9IVVoCjXzuWEGrp3ZI7YWJSpFnSch4lk29RH8O0HpI/NOzKnOBtnKr782pt
153
1k/bJVMH9EaLd6MKnAVjrCDMYBB0MhebZ8QHY2elZZCWoqDYAcIDOsEx+m4NLErT
154
ypPnjS5M0jm1PKMhMB8wHQYDVR0OBBYEFC0Yt5XdM0Kc95IX8NQ8XRssGPx7MA0G
155
CWCGSAFlAwQDAgUAAzAAMC0CFQCIgQtrZZ9hdZG1ROhR5hc8nYEmbgIUAIlgC688
156
qzy/7yePTlhlpj+ahMM=
157
-----END CERTIFICATE-----`)
158

159
type DSATestFixture struct {
160
	Input       []byte
161
	Certificate *x509.Certificate
162
}
163

164
func UnmarshalDSATestFixture(testPEMBlock string) DSATestFixture {
165
	var result DSATestFixture
166
	var derBlock *pem.Block
167
	var pemBlock = []byte(testPEMBlock)
168
	for {
169
		derBlock, pemBlock = pem.Decode(pemBlock)
170
		if derBlock == nil {
171
			break
172
		}
173
		switch derBlock.Type {
174
		case "PKCS7":
175
			result.Input = derBlock.Bytes
176
		case "CERTIFICATE":
177
			result.Certificate, _ = x509.ParseCertificate(derBlock.Bytes)
178
		}
179
	}
180

181
	return result
182
}
183
podman

Использование cookies
