podman
182 строки · 6.9 Кб
1// +build go1.11 go1.12 go1.13 go1.14 go1.15
2
3package pkcs74
5import (6"crypto/x509"7"encoding/pem"8"fmt"9"io/ioutil"10"os"11"os/exec"12"testing"13)
14
15func TestVerifyEC2(t *testing.T) {16fixture := UnmarshalDSATestFixture(EC2IdentityDocumentFixture)17p7, err := Parse(fixture.Input)18if err != nil {19t.Errorf("Parse encountered unexpected error: %v", err)20}21p7.Certificates = []*x509.Certificate{fixture.Certificate}22if err := p7.Verify(); err != nil {23t.Errorf("Verify failed with error: %v", err)24}25}
26
27var EC2IdentityDocumentFixture = `28-----BEGIN PKCS7-----
29MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA
30JIAEggGmewogICJwcml2YXRlSXAiIDogIjE3Mi4zMC4wLjI1MiIsCiAgImRldnBh
31eVByb2R1Y3RDb2RlcyIgOiBudWxsLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1
32cy1lYXN0LTFhIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3Rh
33bmNlSWQiIDogImktZjc5ZmU1NmMiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVs
34bCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIg
35OiAiMTIxNjU5MDE0MzM0IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwK
36ICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDhUMDM6MDE6MzhaIiwKICAiYXJj
37aGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJy
38YW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAA
39AAAxggEYMIIBFAIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5n
40dG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2Vi
41IFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0B
42CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDgwMzAxNDRaMCMG
43CSqGSIb3DQEJBDEWBBTuUc28eBXmImAautC+wOjqcFCBVjAJBgcqhkjOOAQDBC8w
44LQIVAKA54NxGHWWCz5InboDmY/GHs33nAhQ6O/ZI86NwjA9Vz3RNMUJrUPU5tAAA
45AAAAAA==
46-----END PKCS7-----
47-----BEGIN CERTIFICATE-----
48MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw
49FwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYD
50VQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQzAeFw0xMjAxMDUxMjU2MTJaFw0z
51ODAxMDUxMjU2MTJaMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9u
52IFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNl
53cnZpY2VzIExMQzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQCjkvcS2bb1VQ4yt/5e
54ih5OO6kK/n1Lzllr7D8ZwtQP8fOEpp5E2ng+D6Ud1Z1gYipr58Kj3nssSNpI6bX3
55VyIQzK7wLclnd/YozqNNmgIyZecN7EglK9ITHJLP+x8FtUpt3QbyYXJdmVMegN6P
56hviYt5JH/nYl4hh3Pa1HJdskgQIVALVJ3ER11+Ko4tP6nwvHwh6+ERYRAoGBAI1j
57k+tkqMVHuAFcvAGKocTgsjJem6/5qomzJuKDmbJNu9Qxw3rAotXau8Qe+MBcJl/U
58hhy1KHVpCGl9fueQ2s6IL0CaO/buycU1CiYQk40KNHCcHfNiZbdlx1E9rpUp7bnF
59lRa2v1ntMX3caRVDdbtPEWmdxSCYsYFDk4mZrOLBA4GEAAKBgEbmeve5f8LIE/Gf
60MNmP9CM5eovQOGx5ho8WqD+aTebs+k2tn92BBPqeZqpWRa5P/+jrdKml1qx4llHW
61MXrs3IgIb6+hUIB+S8dz8/mmO0bpr76RoZVCXYab2CZedFut7qc3WUH9+EUAH5mw
62vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
637HX32MxXYruse9ACFBNGmdX2ZBrVNGrN9N2f6ROk0k9K
64-----END CERTIFICATE-----`
65
66func TestDSASignWithOpenSSLAndVerify(t *testing.T) {67content := []byte(`68A ship in port is safe,
69but that's not what ships are built for.
70-- Grace Hopper`)71// write the content to a temp file72tmpContentFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_content")73if err != nil {74t.Fatal(err)75}76ioutil.WriteFile(tmpContentFile.Name(), content, 0755)77
78// write the signer cert to a temp file79tmpSignerCertFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signer")80if err != nil {81t.Fatal(err)82}83ioutil.WriteFile(tmpSignerCertFile.Name(), dsaPublicCert, 0755)84
85// write the signer key to a temp file86tmpSignerKeyFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_key")87if err != nil {88t.Fatal(err)89}90ioutil.WriteFile(tmpSignerKeyFile.Name(), dsaPrivateKey, 0755)91
92tmpSignedFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signature")93if err != nil {94t.Fatal(err)95}96// call openssl to sign the content97opensslCMD := exec.Command("openssl", "smime", "-sign", "-nodetach", "-md", "sha1",98"-in", tmpContentFile.Name(), "-out", tmpSignedFile.Name(),99"-signer", tmpSignerCertFile.Name(), "-inkey", tmpSignerKeyFile.Name(),100"-certfile", tmpSignerCertFile.Name(), "-outform", "PEM")101out, err := opensslCMD.CombinedOutput()102if err != nil {103t.Fatalf("openssl command failed with %s: %s", err, out)104}105
106// verify the signed content107pemSignature, err := ioutil.ReadFile(tmpSignedFile.Name())108if err != nil {109t.Fatal(err)110}111fmt.Printf("%s\n", pemSignature)112derBlock, _ := pem.Decode(pemSignature)113if derBlock == nil {114t.Fatalf("failed to read DER block from signature PEM %s", tmpSignedFile.Name())115}116p7, err := Parse(derBlock.Bytes)117if err != nil {118t.Fatalf("Parse encountered unexpected error: %v", err)119}120if err := p7.Verify(); err != nil {121t.Fatalf("Verify failed with error: %v", err)122}123os.Remove(tmpSignerCertFile.Name()) // clean up124os.Remove(tmpSignerKeyFile.Name()) // clean up125os.Remove(tmpContentFile.Name()) // clean up126}
127
128var dsaPrivateKey = []byte(`-----BEGIN PRIVATE KEY-----129MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
130PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
131pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
1321yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
133vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
134zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
135g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUfW4aPdQBn9gJZp2KuNpzgHzvfsE=
136-----END PRIVATE KEY-----`)137
138var dsaPublicCert = []byte(`-----BEGIN CERTIFICATE-----139MIIDOjCCAvWgAwIBAgIEPCY/UDANBglghkgBZQMEAwIFADBsMRAwDgYDVQQGEwdV
140bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
141VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
142MB4XDTE4MTAyMjEzNDMwN1oXDTQ2MDMwOTEzNDMwN1owbDEQMA4GA1UEBhMHVW5r
143bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
144ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
145AbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADD
146Hj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gE
147exAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/Ii
148Axmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4
149V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozI
150puE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl
151nwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDCriMPbEVBoRK4SOUeFwg7+VRf4TTp
152rcOQC9IVVoCjXzuWEGrp3ZI7YWJSpFnSch4lk29RH8O0HpI/NOzKnOBtnKr782pt
1531k/bJVMH9EaLd6MKnAVjrCDMYBB0MhebZ8QHY2elZZCWoqDYAcIDOsEx+m4NLErT
154ypPnjS5M0jm1PKMhMB8wHQYDVR0OBBYEFC0Yt5XdM0Kc95IX8NQ8XRssGPx7MA0G
155CWCGSAFlAwQDAgUAAzAAMC0CFQCIgQtrZZ9hdZG1ROhR5hc8nYEmbgIUAIlgC688
156qzy/7yePTlhlpj+ahMM=
157-----END CERTIFICATE-----`)158
159type DSATestFixture struct {160Input []byte161Certificate *x509.Certificate162}
163
164func UnmarshalDSATestFixture(testPEMBlock string) DSATestFixture {165var result DSATestFixture166var derBlock *pem.Block167var pemBlock = []byte(testPEMBlock)168for {169derBlock, pemBlock = pem.Decode(pemBlock)170if derBlock == nil {171break172}173switch derBlock.Type {174case "PKCS7":175result.Input = derBlock.Bytes176case "CERTIFICATE":177result.Certificate, _ = x509.ParseCertificate(derBlock.Bytes)178}179}180
181return result182}
183