Merge #64: certdehydrate: Add tests for known valid and invalid signatures.

cb55a50 certdehydrate: Add tests for known valid and invalid signatures. (JeremyRand) Pull request description: Tree-SHA512: d64fc786c6d5206bf7e814e9b5a3cae3cf680f840449d02acf3f0cfa9e0286b9637ae6162b18a1645d0b406493d307daba63cd4320b64ddad4a384edc8131cb0
6 years ago · 6c7e9659ec
parent 3f68d1d616 cb55a50bef
commit 6c7e9659ec
1 changed files with 73 additions and 0 deletions
--- a/certdehydrate/certdehydrate_test.go
+++ b/certdehydrate/certdehydrate_test.go
@ -3,6 +3,7 @@ package certdehydrate_test
 import (
 	"encoding/json"
 	"github.com/namecoin/ncdns/certdehydrate"
+	"github.com/namecoin/ncdns/x509"
 	"reflect"
 	"testing"
 )
@ -36,3 +37,75 @@ func TestDehydratedCertIdentityOperation(t *testing.T) {
 		t.Error(dehydrated, "!=", dehydrated2)
 	}
 }
+
+func TestDehydratedCertSignatureValid(t *testing.T) {
+	bytesJson := []byte(`[1,"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGm0zZlzrnwEYvub3BG3+VTKjvXWdMntoTanw3cwGAqcb0ALFrt5MdChT9t4josaefnGdVHa+ZBNmSEIaNZNhnw==",4944096,5154336,10,"MEUCIQCEkb4Q+AV8FsQgRoWSZ3S+1Ww/SySl4238SjTv5d/WAgIgX2rAhfCQ3gGG1Abhme8mDTG641vIYHJuz8d6m7IrgJo="]`)
+
+	var parsedJson []interface{}
+
+	if err := json.Unmarshal(bytesJson, &parsedJson); err != nil {
+		t.Error("Error parsing JSON:", err)
+	}
+
+	dehydrated, err := certdehydrate.ParseDehydratedCert(parsedJson)
+	if err != nil {
+		t.Error("Error parsing dehydrated certificate:", err)
+	}
+
+	template, err := certdehydrate.RehydrateCert(dehydrated)
+	if err != nil {
+		t.Error("Error rehydrating certificate:", err)
+	}
+
+	derBytes, err := certdehydrate.FillRehydratedCertTemplate(*template, "www.veclabs.bit")
+	if err != nil {
+		t.Error("Error filling domain into rehydrated certificate template:", err)
+	}
+
+	cert, err := x509.ParseCertificate(derBytes)
+	if err != nil {
+		t.Error("Error parsing DER certificate:", err)
+	}
+
+	// cert.CheckSignatureFrom(cert) won't work because the CA bit is disabled
+	err = cert.CheckSignature(cert.SignatureAlgorithm, cert.RawTBSCertificate, cert.Signature)
+	if err != nil {
+		t.Error("Valid signature rejected:", err)
+	}
+}
+
+func TestDehydratedCertSignatureInvalid(t *testing.T) {
+	bytesJson := []byte(`[1,"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGm0zZlzrnwEYvub3BG3+VTKjvXWdMntoTanw3cwGAqcb0ALFrt5MdChT9t4josaefnGdVHa+ZBNmSEIaNZNhnw==",4944096,5154336,10,"MEUCIQCEkb4Q+AV8FsQgRoWSZ3S+1Ww/SySl4238SjTv5d/WAgIgX2rAhfCQ3gGG1Abhme8mDTG641vIYHJuz8d6m7IrgJo="]`)
+
+	var parsedJson []interface{}
+
+	if err := json.Unmarshal(bytesJson, &parsedJson); err != nil {
+		t.Error("Error parsing JSON:", err)
+	}
+
+	dehydrated, err := certdehydrate.ParseDehydratedCert(parsedJson)
+	if err != nil {
+		t.Error("Error parsing dehydrated certificate:", err)
+	}
+
+	template, err := certdehydrate.RehydrateCert(dehydrated)
+	if err != nil {
+		t.Error("Error rehydrating certificate:", err)
+	}
+
+	derBytes, err := certdehydrate.FillRehydratedCertTemplate(*template, "www2.veclabs.bit")
+	if err != nil {
+		t.Error("Error filling domain into rehydrated certificate template:", err)
+	}
+
+	cert, err := x509.ParseCertificate(derBytes)
+	if err != nil {
+		t.Error("Error parsing DER certificate:", err)
+	}
+
+	// cert.CheckSignatureFrom(cert) won't work because the CA bit is disabled
+	err = cert.CheckSignature(cert.SignatureAlgorithm, cert.RawTBSCertificate, cert.Signature)
+	if err == nil {
+		t.Error("Invalid signature accepted:", err)
+	}
+}