github
/
certstore
зеркало из https://github.com/github/certstore.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
certstore/certstore_windows_test.go

304 строки
5.8 KiB
Go
Исходник Ответственный История

package main
import (
"crypto"
"crypto/md5"
"crypto/rand"
"crypto/sha1"
"crypto/sha256"
"crypto/sha512"
"crypto/x509"
"testing"
)
func TestWindowsCNGRSA(t *testing.T) {
// Use CNG API.
winAPIFlag = 0x00040000 // CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG
store, err := importCertStore(rsaPFX, "asdf")
if err != nil {
t.Fatal(err)
}
defer store.Close()
idents, err := findIdentities(store)
if err != nil {
t.Fatal(err)
}
for _, ident := range idents {
defer ident.Close()
}
if len(idents) != 1 {
t.Fatalf("expected 1 identity. got %d", len(idents))
}
ident := idents[0]
crt, err := ident.GetCertificate()
if err != nil {
t.Fatal(err)
}
if crt.Subject.CommonName != "Ben Toews" {
t.Fatalf("expected CN='Ben Toews'. Got CN='%s'", crt.Subject.CommonName)
}
signer, err := ident.GetSigner()
if err != nil {
t.Fatal(err)
}
// SHA1WithRSA
msg := []byte("hello world")
digest1 := sha1.Sum(msg)
sig, err := signer.Sign(rand.Reader, digest1[:], crypto.SHA1)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.SHA1WithRSA, msg, sig); err != nil {
t.Fatal(err)
}
// SHA256WithRSA
digest256 := sha256.Sum256(msg)
sig, err = signer.Sign(rand.Reader, digest256[:], crypto.SHA256)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.SHA256WithRSA, msg, sig); err != nil {
t.Fatal(err)
}
// SHA384WithRSA
digest384 := sha512.Sum384(msg)
sig, err = signer.Sign(rand.Reader, digest384[:], crypto.SHA384)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.SHA384WithRSA, msg, sig); err != nil {
t.Fatal(err)
}
// SHA512WithRSA
digest512 := sha512.Sum512(msg)
sig, err = signer.Sign(rand.Reader, digest512[:], crypto.SHA512)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.SHA512WithRSA, msg, sig); err != nil {
t.Fatal(err)
}
// Unimplemented hash algo
digestmd5 := md5.Sum(msg)
_, err = signer.Sign(rand.Reader, digestmd5[:], crypto.SHA512)
if err == nil {
t.Fatal("expected an error using md5 digest")
}
}
func TestWindowsCNGECDSA(t *testing.T) {
// Use CNG API.
winAPIFlag = 0x00040000 // CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG
store, err := importCertStore(ecPFX, "asdf")
if err != nil {
t.Fatal(err)
}
defer store.Close()
idents, err := findIdentities(store)
if err != nil {
t.Fatal(err)
}
for _, ident := range idents {
defer ident.Close()
}
if len(idents) != 1 {
t.Fatalf("expected 1 identity. got %d", len(idents))
}
ident := idents[0]
crt, err := ident.GetCertificate()
if err != nil {
t.Fatal(err)
}
if crt.Subject.CommonName != "Ben Toews" {
t.Fatalf("expected CN='Ben Toews'. Got CN='%s'", crt.Subject.CommonName)
}
signer, err := ident.GetSigner()
if err != nil {
t.Fatal(err)
}
// ECDSAWithSHA1
msg := []byte("hello world")
digest1 := sha1.Sum(msg)
sig, err := signer.Sign(rand.Reader, digest1[:], crypto.SHA1)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.ECDSAWithSHA1, msg, sig); err != nil {
t.Fatal(err)
}
// ECDSAWithSHA256
digest256 := sha256.Sum256(msg)
sig, err = signer.Sign(rand.Reader, digest256[:], crypto.SHA256)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.ECDSAWithSHA256, msg, sig); err != nil {
t.Fatal(err)
}
// ECDSAWithSHA384
digest384 := sha512.Sum384(msg)
sig, err = signer.Sign(rand.Reader, digest384[:], crypto.SHA384)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.ECDSAWithSHA384, msg, sig); err != nil {
t.Fatal(err)
}
// ECDSAWithSHA512
digest512 := sha512.Sum512(msg)
sig, err = signer.Sign(rand.Reader, digest512[:], crypto.SHA512)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.ECDSAWithSHA512, msg, sig); err != nil {
t.Fatal(err)
}
// Unimplemented hash algo
digestmd5 := md5.Sum(msg)
_, err = signer.Sign(rand.Reader, digestmd5[:], crypto.SHA512)
if err == nil {
t.Fatal("expected an error using md5 digest")
}
}
func TestWindowsCryptoAPIRSA(t *testing.T) {
// Use CryptoAPI API.
winAPIFlag = 0x00000000
store, err := importCertStore(rsaPFX, "asdf")
if err != nil {
t.Fatal(err)
}
defer store.Close()
idents, err := findIdentities(store)
if err != nil {
t.Fatal(err)
}
for _, ident := range idents {
defer ident.Close()
}
if len(idents) != 1 {
t.Fatalf("expected 1 identity. got %d", len(idents))
}
ident := idents[0]
crt, err := ident.GetCertificate()
if err != nil {
t.Fatal(err)
}
if crt.Subject.CommonName != "Ben Toews" {
t.Fatalf("expected CN='Ben Toews'. Got CN='%s'", crt.Subject.CommonName)
}
signer, err := ident.GetSigner()
if err != nil {
t.Fatal(err)
}
// SHA1WithRSA
msg := []byte("hello world")
digest1 := sha1.Sum(msg)
sig, err := signer.Sign(rand.Reader, digest1[:], crypto.SHA1)
if err != nil {
t.Fatal(err)
}
if err = crt.CheckSignature(x509.SHA1WithRSA, msg, sig); err != nil {
t.Fatal(err)
}
// SHA256 -> SHA512 don't work with Microsoft Base Cryptographic Provider.
// Unimplemented hash algo
digestmd5 := md5.Sum(msg)
_, err = signer.Sign(rand.Reader, digestmd5[:], crypto.SHA512)
if err == nil {
t.Fatal("expected an error using md5 digest")
}
}
func TestWindowsCryptoAPIECDSA(t *testing.T) {
// Use CryptoAPI API.
winAPIFlag = 0x00000000
store, err := importCertStore(ecPFX, "asdf")
if err != nil {
t.Fatal(err)
}
defer store.Close()
idents, err := findIdentities(store)
if err != nil {
t.Fatal(err)
}
for _, ident := range idents {
defer ident.Close()
}
if len(idents) != 1 {
t.Fatalf("expected 1 identity. got %d", len(idents))
}
ident := idents[0]
crt, err := ident.GetCertificate()
if err != nil {
t.Fatal(err)
}
if crt.Subject.CommonName != "Ben Toews" {
t.Fatalf("expected CN='Ben Toews'. Got CN='%s'", crt.Subject.CommonName)
}
_, err := ident.GetSigner()
if err != nil {
t.Fatal(err)
}
// ECDSA doesn't actually work with Microsoft Base Cryptographic Provider.
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку