star/utils/cert_test.go

package utils

import (
	"b612.me/starcrypto"
	"crypto"
	"crypto/rand"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/hex"
	"encoding/pem"
	"errors"
	"fmt"
	"math/big"
	"os"
	"testing"
	"time"
)

func TestGenerateRootCA(t *testing.T) {
	hexStr := "B61220050612B612"
	data, _ := hex.DecodeString(hexStr)
	num := new(big.Int).SetBytes(data)
	var rootCsr = &x509.Certificate{
		Version:      3,
		SerialNumber: num,
		Subject: pkix.Name{
			Country:            []string{"CN"},
			Locality:           []string{"Asteroid B612"},
			Organization:       []string{"B612.ME"},
			OrganizationalUnit: []string{"CA.B612.ME"},
			PostalCode:         []string{"B612", "Star"},
			CommonName:         "B612 Tools Root CA",
			SerialNumber:       "B612TOOLSROOTCA",
		},
		NotBefore:             time.Date(2000, 01, 01, 00, 00, 00, 00, time.UTC),
		NotAfter:              time.Date(2100, 01, 01, 00, 00, 00, 00, time.UTC),
		BasicConstraintsValid: true,
		IsCA:                  true,
		MaxPathLenZero:        false,
		ExtKeyUsage: []x509.ExtKeyUsage{
			x509.ExtKeyUsageAny,
			x509.ExtKeyUsageServerAuth,
			x509.ExtKeyUsageClientAuth,
			x509.ExtKeyUsageCodeSigning,
			x509.ExtKeyUsageEmailProtection,
			x509.ExtKeyUsageIPSECEndSystem,
			x509.ExtKeyUsageIPSECTunnel,
			x509.ExtKeyUsageIPSECUser,
			x509.ExtKeyUsageTimeStamping,
			x509.ExtKeyUsageOCSPSigning,
			x509.ExtKeyUsageMicrosoftServerGatedCrypto,
			x509.ExtKeyUsageNetscapeServerGatedCrypto,
			x509.ExtKeyUsageMicrosoftCommercialCodeSigning,
			x509.ExtKeyUsageMicrosoftKernelCodeSigning,
		},
		KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement | x509.KeyUsageDigitalSignature,
	}
	key, _, err := starcrypto.GenerateRsaKey(4096)
	if err != nil {
		t.Fatal(err)
	}
	cert, err := MakeCert(key, rootCsr, rootCsr, key.Public())
	if err != nil {
		t.Fatal(err)
	}
	priv, _ := starcrypto.EncodePrivateKey(key, "")
	fmt.Println(os.WriteFile("../bin/b612toolca.key", priv, 0644))
	fmt.Println(os.WriteFile("../bin/b612toolca.crt", cert, 0644))
}

func TestGenerateMiddleCA(t *testing.T) {
	var interCsr = &x509.Certificate{
		Version:      3,
		SerialNumber: big.NewInt(time.Now().Unix()),
		Subject: pkix.Name{
			Country:            []string{"CN"},
			Locality:           []string{"Asteroid B612"},
			Organization:       []string{"B612.ME"},
			OrganizationalUnit: []string{"CA.B612.ME"},
			CommonName:         "B612 Inter Tool CA",
		},
		NotBefore:             time.Date(2000, 01, 01, 8, 00, 00, 00, time.UTC),
		NotAfter:              time.Date(2077, 12, 31, 23, 59, 59, 00, time.UTC),
		BasicConstraintsValid: true,
		IsCA:                  true,
		MaxPathLen:            0,
		MaxPathLenZero:        true,
		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny, x509.ExtKeyUsageServerAuth,
			x509.ExtKeyUsageClientAuth},
		KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement | x509.KeyUsageDigitalSignature,
	}
	rsa, _, err := starcrypto.GenerateRsaKey(4096)
	if err != nil {
		t.Fatal(err)
	}
	caKey, caCrt, err := LoadB612CA()
	if err != nil {
		t.Fatal(err)
	}
	cert, err := MakeCert(caKey, caCrt, interCsr, rsa.Public())
	if err != nil {
		t.Fatal(err)
	}
	priv, _ := starcrypto.EncodePrivateKey(rsa, "")
	os.WriteFile("../bin/toolinter.key", priv, 0644)
	os.WriteFile("../bin/toolinter.crt", cert, 0644)
}

func MakeCert(caKey any, caCrt *x509.Certificate, csr *x509.Certificate, pub any) ([]byte, error) {
	der, err := x509.CreateCertificate(rand.Reader, csr, caCrt, pub, caKey)
	if err != nil {
		return nil, err
	}
	cert, err := x509.ParseCertificate(der)
	if err != nil {
		return nil, err
	}
	certBlock := &pem.Block{
		Type:  "CERTIFICATE",
		Bytes: cert.Raw,
	}
	pemData := pem.EncodeToMemory(certBlock)
	return pemData, nil
}

func LoadB612CA() (crypto.PrivateKey, *x509.Certificate, error) {
	caRootK, _ := os.ReadFile("../bin/b612toolca.key")
	caRootC, _ := os.ReadFile("../bin/b612toolca.crt")
	caKey, err := starcrypto.DecodePrivateKey(caRootK, "")
	if err != nil {
		return nil, nil, err
	}
	block, _ := pem.Decode(caRootC)
	if block == nil || block.Type != "CERTIFICATE" {
		return nil, nil, errors.New("Failed to decode PEM block containing the certificate")
	}
	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return nil, nil, err
	}
	return caKey, cert, nil
}
1.新增自动颁发证书 2.更新Go到1.23 2025-06-13 13:05:50 +08:00			`package utils`

			`import (`
			`"b612.me/starcrypto"`
			`"crypto"`
			`"crypto/rand"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"encoding/hex"`
			`"encoding/pem"`
			`"errors"`
			`"fmt"`
			`"math/big"`
			`"os"`
			`"testing"`
			`"time"`
			`)`

			`func TestGenerateRootCA(t *testing.T) {`
			`hexStr := "B61220050612B612"`
			`data, _ := hex.DecodeString(hexStr)`
			`num := new(big.Int).SetBytes(data)`
			`var rootCsr = &x509.Certificate{`
			`Version: 3,`
			`SerialNumber: num,`
			`Subject: pkix.Name{`
			`Country: []string{"CN"},`
			`Locality: []string{"Asteroid B612"},`
			`Organization: []string{"B612.ME"},`
			`OrganizationalUnit: []string{"CA.B612.ME"},`
			`PostalCode: []string{"B612", "Star"},`
			`CommonName: "B612 Tools Root CA",`
			`SerialNumber: "B612TOOLSROOTCA",`
			`},`
			`NotBefore: time.Date(2000, 01, 01, 00, 00, 00, 00, time.UTC),`
			`NotAfter: time.Date(2100, 01, 01, 00, 00, 00, 00, time.UTC),`
			`BasicConstraintsValid: true,`
			`IsCA: true,`
			`MaxPathLenZero: false,`
			`ExtKeyUsage: []x509.ExtKeyUsage{`
			`x509.ExtKeyUsageAny,`
			`x509.ExtKeyUsageServerAuth,`
			`x509.ExtKeyUsageClientAuth,`
			`x509.ExtKeyUsageCodeSigning,`
			`x509.ExtKeyUsageEmailProtection,`
			`x509.ExtKeyUsageIPSECEndSystem,`
			`x509.ExtKeyUsageIPSECTunnel,`
			`x509.ExtKeyUsageIPSECUser,`
			`x509.ExtKeyUsageTimeStamping,`
			`x509.ExtKeyUsageOCSPSigning,`
			`x509.ExtKeyUsageMicrosoftServerGatedCrypto,`
			`x509.ExtKeyUsageNetscapeServerGatedCrypto,`
			`x509.ExtKeyUsageMicrosoftCommercialCodeSigning,`
			`x509.ExtKeyUsageMicrosoftKernelCodeSigning,`
			`},`
			`KeyUsage: x509.KeyUsageCertSign \| x509.KeyUsageCRLSign \| x509.KeyUsageKeyEncipherment \| x509.KeyUsageKeyAgreement \| x509.KeyUsageDigitalSignature,`
			`}`
			`key, _, err := starcrypto.GenerateRsaKey(4096)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`cert, err := MakeCert(key, rootCsr, rootCsr, key.Public())`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`priv, _ := starcrypto.EncodePrivateKey(key, "")`
			`fmt.Println(os.WriteFile("../bin/b612toolca.key", priv, 0644))`
			`fmt.Println(os.WriteFile("../bin/b612toolca.crt", cert, 0644))`
			`}`

			`func TestGenerateMiddleCA(t *testing.T) {`
			`var interCsr = &x509.Certificate{`
			`Version: 3,`
			`SerialNumber: big.NewInt(time.Now().Unix()),`
			`Subject: pkix.Name{`
			`Country: []string{"CN"},`
			`Locality: []string{"Asteroid B612"},`
			`Organization: []string{"B612.ME"},`
			`OrganizationalUnit: []string{"CA.B612.ME"},`
			`CommonName: "B612 Inter Tool CA",`
			`},`
			`NotBefore: time.Date(2000, 01, 01, 8, 00, 00, 00, time.UTC),`
			`NotAfter: time.Date(2077, 12, 31, 23, 59, 59, 00, time.UTC),`
			`BasicConstraintsValid: true,`
			`IsCA: true,`
			`MaxPathLen: 0,`
			`MaxPathLenZero: true,`
			`ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny, x509.ExtKeyUsageServerAuth,`
			`x509.ExtKeyUsageClientAuth},`
			`KeyUsage: x509.KeyUsageCertSign \| x509.KeyUsageCRLSign \| x509.KeyUsageKeyEncipherment \| x509.KeyUsageKeyAgreement \| x509.KeyUsageDigitalSignature,`
			`}`
			`rsa, _, err := starcrypto.GenerateRsaKey(4096)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`caKey, caCrt, err := LoadB612CA()`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`cert, err := MakeCert(caKey, caCrt, interCsr, rsa.Public())`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`priv, _ := starcrypto.EncodePrivateKey(rsa, "")`
			`os.WriteFile("../bin/toolinter.key", priv, 0644)`
			`os.WriteFile("../bin/toolinter.crt", cert, 0644)`
			`}`

			`func MakeCert(caKey any, caCrt x509.Certificate, csr x509.Certificate, pub any) ([]byte, error) {`
			`der, err := x509.CreateCertificate(rand.Reader, csr, caCrt, pub, caKey)`
			`if err != nil {`
			`return nil, err`
			`}`
			`cert, err := x509.ParseCertificate(der)`
			`if err != nil {`
			`return nil, err`
			`}`
			`certBlock := &pem.Block{`
			`Type: "CERTIFICATE",`
			`Bytes: cert.Raw,`
			`}`
			`pemData := pem.EncodeToMemory(certBlock)`
			`return pemData, nil`
			`}`

			`func LoadB612CA() (crypto.PrivateKey, *x509.Certificate, error) {`
			`caRootK, _ := os.ReadFile("../bin/b612toolca.key")`
			`caRootC, _ := os.ReadFile("../bin/b612toolca.crt")`
			`caKey, err := starcrypto.DecodePrivateKey(caRootK, "")`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`block, _ := pem.Decode(caRootC)`
			`if block == nil \|\| block.Type != "CERTIFICATE" {`
			`return nil, nil, errors.New("Failed to decode PEM block containing the certificate")`
			`}`
			`cert, err := x509.ParseCertificate(block.Bytes)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`return caKey, cert, nil`
			`}`