|
|
|
@ -3,6 +3,7 @@ package certdehydrate_test
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"github.com/namecoin/ncdns/certdehydrate"
|
|
|
|
|
"github.com/namecoin/ncdns/x509"
|
|
|
|
|
"reflect"
|
|
|
|
|
"testing"
|
|
|
|
|
)
|
|
|
|
@ -36,3 +37,75 @@ func TestDehydratedCertIdentityOperation(t *testing.T) {
|
|
|
|
|
t.Error(dehydrated, "!=", dehydrated2)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestDehydratedCertSignatureValid(t *testing.T) {
|
|
|
|
|
bytesJson := []byte(`[1,"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGm0zZlzrnwEYvub3BG3+VTKjvXWdMntoTanw3cwGAqcb0ALFrt5MdChT9t4josaefnGdVHa+ZBNmSEIaNZNhnw==",4944096,5154336,10,"MEUCIQCEkb4Q+AV8FsQgRoWSZ3S+1Ww/SySl4238SjTv5d/WAgIgX2rAhfCQ3gGG1Abhme8mDTG641vIYHJuz8d6m7IrgJo="]`)
|
|
|
|
|
|
|
|
|
|
var parsedJson []interface{}
|
|
|
|
|
|
|
|
|
|
if err := json.Unmarshal(bytesJson, &parsedJson); err != nil {
|
|
|
|
|
t.Error("Error parsing JSON:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dehydrated, err := certdehydrate.ParseDehydratedCert(parsedJson)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Error parsing dehydrated certificate:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template, err := certdehydrate.RehydrateCert(dehydrated)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Error rehydrating certificate:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
derBytes, err := certdehydrate.FillRehydratedCertTemplate(*template, "www.veclabs.bit")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Error filling domain into rehydrated certificate template:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cert, err := x509.ParseCertificate(derBytes)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Error parsing DER certificate:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// cert.CheckSignatureFrom(cert) won't work because the CA bit is disabled
|
|
|
|
|
err = cert.CheckSignature(cert.SignatureAlgorithm, cert.RawTBSCertificate, cert.Signature)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Valid signature rejected:", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestDehydratedCertSignatureInvalid(t *testing.T) {
|
|
|
|
|
bytesJson := []byte(`[1,"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGm0zZlzrnwEYvub3BG3+VTKjvXWdMntoTanw3cwGAqcb0ALFrt5MdChT9t4josaefnGdVHa+ZBNmSEIaNZNhnw==",4944096,5154336,10,"MEUCIQCEkb4Q+AV8FsQgRoWSZ3S+1Ww/SySl4238SjTv5d/WAgIgX2rAhfCQ3gGG1Abhme8mDTG641vIYHJuz8d6m7IrgJo="]`)
|
|
|
|
|
|
|
|
|
|
var parsedJson []interface{}
|
|
|
|
|
|
|
|
|
|
if err := json.Unmarshal(bytesJson, &parsedJson); err != nil {
|
|
|
|
|
t.Error("Error parsing JSON:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dehydrated, err := certdehydrate.ParseDehydratedCert(parsedJson)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Error parsing dehydrated certificate:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template, err := certdehydrate.RehydrateCert(dehydrated)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Error rehydrating certificate:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
derBytes, err := certdehydrate.FillRehydratedCertTemplate(*template, "www2.veclabs.bit")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Error filling domain into rehydrated certificate template:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cert, err := x509.ParseCertificate(derBytes)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("Error parsing DER certificate:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// cert.CheckSignatureFrom(cert) won't work because the CA bit is disabled
|
|
|
|
|
err = cert.CheckSignature(cert.SignatureAlgorithm, cert.RawTBSCertificate, cert.Signature)
|
|
|
|
|
if err == nil {
|
|
|
|
|
t.Error("Invalid signature accepted:", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|