sign_test.go 2.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. package cert
  2. import (
  3. "crypto/ecdsa"
  4. "crypto/ed25519"
  5. "crypto/elliptic"
  6. "crypto/rand"
  7. "net/netip"
  8. "testing"
  9. "time"
  10. "github.com/stretchr/testify/assert"
  11. "github.com/stretchr/testify/require"
  12. )
  13. func TestCertificateV1_Sign(t *testing.T) {
  14. before := time.Now().Add(time.Second * -60).Round(time.Second)
  15. after := time.Now().Add(time.Second * 60).Round(time.Second)
  16. pubKey := []byte("1234567890abcedfghij1234567890ab")
  17. tbs := TBSCertificate{
  18. Version: Version1,
  19. Name: "testing",
  20. Networks: []netip.Prefix{
  21. mustParsePrefixUnmapped("10.1.1.1/24"),
  22. mustParsePrefixUnmapped("10.1.1.2/16"),
  23. },
  24. UnsafeNetworks: []netip.Prefix{
  25. mustParsePrefixUnmapped("9.1.1.2/24"),
  26. mustParsePrefixUnmapped("9.1.1.3/24"),
  27. },
  28. Groups: []string{"test-group1", "test-group2", "test-group3"},
  29. NotBefore: before,
  30. NotAfter: after,
  31. PublicKey: pubKey,
  32. IsCA: false,
  33. }
  34. pub, priv, err := ed25519.GenerateKey(rand.Reader)
  35. require.NoError(t, err)
  36. c, err := tbs.Sign(&certificateV1{details: detailsV1{notBefore: before, notAfter: after}}, Curve_CURVE25519, priv)
  37. require.NoError(t, err)
  38. assert.NotNil(t, c)
  39. assert.True(t, c.CheckSignature(pub))
  40. b, err := c.Marshal()
  41. require.NoError(t, err)
  42. uc, err := unmarshalCertificateV1(b, nil)
  43. require.NoError(t, err)
  44. assert.NotNil(t, uc)
  45. }
  46. func TestCertificateV1_SignP256(t *testing.T) {
  47. before := time.Now().Add(time.Second * -60).Round(time.Second)
  48. after := time.Now().Add(time.Second * 60).Round(time.Second)
  49. pubKey := []byte("01234567890abcedfghij1234567890ab1234567890abcedfghij1234567890ab")
  50. tbs := TBSCertificate{
  51. Version: Version1,
  52. Name: "testing",
  53. Networks: []netip.Prefix{
  54. mustParsePrefixUnmapped("10.1.1.1/24"),
  55. mustParsePrefixUnmapped("10.1.1.2/16"),
  56. },
  57. UnsafeNetworks: []netip.Prefix{
  58. mustParsePrefixUnmapped("9.1.1.2/24"),
  59. mustParsePrefixUnmapped("9.1.1.3/16"),
  60. },
  61. Groups: []string{"test-group1", "test-group2", "test-group3"},
  62. NotBefore: before,
  63. NotAfter: after,
  64. PublicKey: pubKey,
  65. IsCA: false,
  66. Curve: Curve_P256,
  67. }
  68. priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
  69. require.NoError(t, err)
  70. pub := elliptic.Marshal(elliptic.P256(), priv.PublicKey.X, priv.PublicKey.Y)
  71. rawPriv := priv.D.FillBytes(make([]byte, 32))
  72. c, err := tbs.Sign(&certificateV1{details: detailsV1{notBefore: before, notAfter: after}}, Curve_P256, rawPriv)
  73. require.NoError(t, err)
  74. assert.NotNil(t, c)
  75. assert.True(t, c.CheckSignature(pub))
  76. b, err := c.Marshal()
  77. require.NoError(t, err)
  78. uc, err := unmarshalCertificateV1(b, nil)
  79. require.NoError(t, err)
  80. assert.NotNil(t, uc)
  81. }