ZeroTierOne/cmd/zt_service_tests/certificate.go

/*
 * Copyright (C)2013-2020 ZeroTier, Inc.
 *
 * Use of this software is governed by the Business Source License included
 * in the LICENSE.TXT file in the project's root directory.
 *
 * Change Date: 2025-01-01
 *
 * On the date above, in accordance with the Business Source License, use
 * of this software will be governed by version 2.0 of the Apache License.
 */
/****/

package main

import (
	"bytes"
	"fmt"
	"zerotier/pkg/zerotier"
)

func TestCertificate() bool {
	id, err := zerotier.NewIdentityFromString("8e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e")
	if err != nil {
		fmt.Printf("FATAL: error deserializing test identity: %s\n", err.Error())
		return false
	}

	uniqueId, uniqueIdPrivate, err := zerotier.NewCertificateSubjectUniqueId(zerotier.CertificateUniqueIdTypeNistP384)
	if err != nil {
		fmt.Printf("FATAL: error generating unique ID: %s", err.Error())
		return false
	}

	var c zerotier.Certificate

	c.SerialNo = make([]byte, 48)
	for i := 0; i < 48; i++ {
		c.SerialNo[i] = byte(i)
	}
	c.Flags = 1234
	c.Timestamp = 5678
	c.Validity[0] = 1010
	c.Validity[1] = 2020

	c.Subject.Timestamp = 31337
	c.Subject.Identities = append(c.Subject.Identities, zerotier.CertificateIdentity{
		Identity: id,
		Locator:  nil,
	})
	c.Subject.Networks = append(c.Subject.Networks, zerotier.CertificateNetwork{
		ID: 1111,
		Controller: zerotier.Fingerprint{
			Address: zerotier.Address(2222),
			Hash:    c.SerialNo,
		},
	})
	c.Subject.Certificates = append(c.Subject.Certificates, c.SerialNo)
	c.Subject.UpdateURLs = append(c.Subject.UpdateURLs, "https://www.zerotier.com/asdfasdf")
	c.Subject.Name.SerialNo = "a"
	c.Subject.Name.CommonName = "b"
	c.Subject.Name.StreetAddress = "c"
	c.Subject.Name.Locality = "d"
	c.Subject.Name.Province = "e"
	c.Subject.Name.PostalCode = "f"
	c.Subject.Name.Country = "g"
	c.Subject.Name.Organization = "h"
	c.Subject.Name.Unit = "i"
	c.Subject.Name.Email = "j"
	c.Subject.Name.URL = "k"
	c.Subject.Name.Host = "l"
	c.Subject.UniqueID = uniqueId

	c.Issuer = id
	c.IssuerName.SerialNo = "m"
	c.IssuerName.CommonName = "n"
	c.IssuerName.StreetAddress = "o"
	c.IssuerName.Locality = "p"
	c.IssuerName.Province = "q"
	c.IssuerName.PostalCode = "r"
	c.IssuerName.Country = "s"
	c.IssuerName.Organization = "t"
	c.IssuerName.Unit = "u"
	c.IssuerName.Email = "v"
	c.IssuerName.URL = "w"
	c.IssuerName.Host = "x"

	c.ExtendedAttributes = c.SerialNo
	c.MaxPathLength = 9999
	c.Signature = []byte("qwerty")

	fmt.Printf("Checking certificate marshal/unmarshal (10000 tests)... ")
	for k := 0; k < 10000; k++ {
		cb, err := c.Marshal()
		if err != nil {
			fmt.Printf("marshal FAILED (%s)\n", err.Error())
			return false
		}
		c2, err := zerotier.NewCertificateFromBytes(cb, false)
		if err != nil {
			fmt.Printf("unmarshal FAILED (%s)\n", err.Error())
			return false
		}
		cb2, err := c2.Marshal()
		if err != nil {
			fmt.Printf("second marshal FAILED (%s)\n", err.Error())
			return false
		}
		if !bytes.Equal(cb, cb2) {
			fmt.Printf("FAILED (results not equal)\n")
			return false
		}
	}
	fmt.Println("OK")

	fmt.Printf("Checking certificate CSR sign/verify (100 tests)... ")
	for k := 0; k < 100; k++ {
		csr, err := zerotier.NewCertificateCSR(&c.Subject, uniqueId, uniqueIdPrivate)
		if err != nil {
			fmt.Printf("CSR generate FAILED (%s)\n", err.Error())
			return false
		}
		//fmt.Printf("CSR size: %d ", len(csr))
		csr2, err := zerotier.NewCertificateFromBytes(csr, false)
		if err != nil {
			fmt.Printf("CSR decode FAILED (%s)\n", err.Error())
			return false
		}
		signedCert, err := csr2.Sign(id)
		if err != nil {
			fmt.Printf("CSR sign FAILED (%s)\n", err.Error())
			return false
		}
		if len(signedCert.Signature) == 0 {
			fmt.Println("CSR sign FAILED (no signature found)", err.Error())
			return false
		}
	}
	fmt.Println("OK")

	return true
}