gmsm/smx509/cfca_csr_test.go

// Copyright 2024 Sun Yimin. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package smx509

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"testing"

	"github.com/emmansun/gmsm/sm2"
)

func TestCreateCFCACertificateRequest(t *testing.T) {
	random := rand.Reader
	certKey, err := sm2.GenerateKey(random)
	if err != nil {
		t.Fatal(err)
	}
	tmpKey, err := sm2.GenerateKey(random)
	if err != nil {
		t.Fatal(err)
	}
	invalidTmpKey, err := ecdsa.GenerateKey(elliptic.P256(), random)
	if err != nil {
		t.Fatal(err)
	}
	template := &x509.CertificateRequest{
		Subject: pkix.Name{
			CommonName:   "certRequisition",
			Organization: []string{"CFCA TEST CA"},
			Country:      []string{"CN"},
		},
	}
	_, err = CreateCFCACertificateRequest(random, template, "", "", "")
	if err == nil || err.Error() != "x509: certificate private key does not implement crypto.Signer" {
		t.Fatalf("expect certificate private key does not implement crypto.Signer, got %v", err)
	}
	_, err = CreateCFCACertificateRequest(random, template, certKey, "", "")
	if err == nil || err.Error() != "x509: only SM2 public key is supported" {
		t.Fatalf("expected only SM2 public key is supported, got %v", err)
	}
	_, err = CreateCFCACertificateRequest(random, template, certKey, invalidTmpKey.Public(), "")
	if err == nil || err.Error() != "x509: only SM2 public key is supported" {
		t.Fatalf("expect only SM2 public key is supported, got %v", err)
	}
	_, err = CreateCFCACertificateRequest(random, template, certKey, tmpKey.Public(), "")
	if err == nil || err.Error() != "x509: challenge password is required" {
		t.Fatalf("expect challenge password is required, got %v", err)
	}
	csrDer, err := CreateCFCACertificateRequest(random, template, certKey, tmpKey.Public(), "111111")
	if err != nil {
		t.Fatal(err)
	}
	csr, err := ParseCFCACertificateRequest(csrDer)
	if err != nil {
		t.Fatal(err)
	}
	if csr.Subject.CommonName != "certRequisition" {
		t.Fatal("common name not match")
	}
	if csr.ChallengePassword != "111111" {
		t.Fatal("challenge password not match")
	}
	if !tmpKey.PublicKey.Equal(csr.TmpPublicKey) {
		t.Fatal("tmp public key not match")
	}
}

var sadkGeneratedCSR = `
-----BEGIN CERTIFICATE REQUEST-----
MIIBtDCCAVgCAQAwPjEYMBYGA1UEAwwPY2VydFJlcXVpc2l0aW9uMRUwEwYDVQQK
DAxDRkNBIFRFU1QgQ0ExCzAJBgNVBAYTAkNOMFkwEwYHKoZIzj0CAQYIKoEcz1UB
gi0DQgAEBtbaBT0KiK9mSUPnTOVCMydUWbSr0DkHi6i3GAuE0d1+/7ROMhVvWpz6
OFP4T6CeZggKwvxwrCL/rj3vR/R6rqCBtzATBgkqhkiG9w0BCQcTBjExMTExMTCB
nwYJKoZIhvcNAQk/BIGRMIGOAgEBBIGIALQAAAABAAAouT7CmwV94vbCwPIwBag6
SSoEh+WxOcV6Sp5xjVSdIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
e0nExPMojCs0CdTvzhh7kakxQBQF6mLFeUGJ9IjIH4IAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAADAMBggqgRzPVQGDdQUAA0gAMEUCIFtu6pSUf8yOxgqo
fpFA45HniI2StqJomsjYqIMH6jEYAiEAuLl7Q42zA8sR7U5nOza88ehpqV0TdzZq
XAZJg0bKNMY=
-----END CERTIFICATE REQUEST-----
`

func TestSADKGeneratedCSR(t *testing.T) {
	block, _ := pem.Decode([]byte(sadkGeneratedCSR))
	csr, err := ParseCFCACertificateRequest(block.Bytes)
	if err != nil {
		t.Fatal(err)
	}
	if csr.Subject.CommonName != "certRequisition" {
		t.Fatal("common name not match")
	}
	if csr.ChallengePassword != "111111" {
		t.Fatal("challenge password not match")
	}
	if pub, ok := csr.TmpPublicKey.(*ecdsa.PublicKey); !ok || pub.X == nil {
		t.Fatal("tmp public key is nil")
	}
}

// https://myssl.com/csr_create.html
// challenge password is empty
var trustAsiaCSR = `
-----BEGIN CERTIFICATE REQUEST-----
MIIB3DCCAYECAQAwRjELMAkGA1UEBhMCQ04xDzANBgNVBAgTBlpodWhhaTESMBAG
A1UEBxMJR3Vhbmdkb25nMRIwEAYDVQQDEwlURVNUIENFUlQwWTATBgcqhkjOPQIB
BggqgRzPVQGCLQNCAARGJcrt6CdYj+keIe3dVUfgFUY4rB9otZg4rneLhtkJbnhX
/NOH7lBYOifxCUpS77WlAmHqZ4X3IxWcq6QCsMpYoIHYMA0GCSqGSIb3DQEJBxMA
MIGfBgkqhkiG9w0BCT8EgZEwgY4CAQEEgYgAtAAAAAEAAJLVPiiG5UmFz2/ZPjgE
E/88SRe2O24QzIC9hpIVDYHyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AACAIx+hRlrU3htrIPZQOxeIyizbX8Y1ZoUQ6sF6l/byRQAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAMCUGCSqGSIb3DQEJDjEYMBYwFAYDVR0RBA0wC4IJ
VEVTVCBDRVJUMAwGCCqBHM9VAYN1BQADRwAwRAIgdAK3Jgs47/ATROPmvh06F0DG
8+esUW+7jahyNvKhLRYCIGKjS7FIYI2qG4scPsHZ+qyBNRIfUP7w8c/PQSaXmzqD
-----END CERTIFICATE REQUEST-----
`

func TestTrustAsiaGeneratedCSR(t *testing.T) {
	block, _ := pem.Decode([]byte(trustAsiaCSR))
	csr, err := ParseCFCACertificateRequest(block.Bytes)
	if err != nil {
		t.Fatal(err)
	}
	if csr.Subject.CommonName != "TEST CERT" {
		t.Fatal("common name not match")
	}
	if csr.ChallengePassword != "" {
		t.Fatal("challenge password not match")
	}
	if pub, ok := csr.TmpPublicKey.(*ecdsa.PublicKey); !ok || pub.X == nil {
		t.Fatal("tmp public key is nil")
	}
}
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`// Copyright 2024 Sun Yimin. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package smx509`

			`import (`
			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"crypto/rand"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
cfca: test trustAsia generated csr 2024-12-13 15:37:27 +08:00			`"encoding/pem"`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`"testing"`

			`"github.com/emmansun/gmsm/sm2"`
			`)`

			`func TestCreateCFCACertificateRequest(t *testing.T) {`
			`random := rand.Reader`
			`certKey, err := sm2.GenerateKey(random)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`tmpKey, err := sm2.GenerateKey(random)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`invalidTmpKey, err := ecdsa.GenerateKey(elliptic.P256(), random)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`template := &x509.CertificateRequest{`
			`Subject: pkix.Name{`
			`CommonName: "certRequisition",`
			`Organization: []string{"CFCA TEST CA"},`
			`Country: []string{"CN"},`
			`},`
			`}`
			`_, err = CreateCFCACertificateRequest(random, template, "", "", "")`
			`if err == nil \|\| err.Error() != "x509: certificate private key does not implement crypto.Signer" {`
cfca: update test error message 2024-12-13 08:20:48 +08:00			`t.Fatalf("expect certificate private key does not implement crypto.Signer, got %v", err)`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`}`
			`_, err = CreateCFCACertificateRequest(random, template, certKey, "", "")`
cfca csr with tmp publickey and parse returned encryption key #286 2024-12-11 08:36:55 +08:00			`if err == nil \|\| err.Error() != "x509: only SM2 public key is supported" {`
cfca: update test error message 2024-12-13 08:20:48 +08:00			`t.Fatalf("expected only SM2 public key is supported, got %v", err)`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`}`
cfca csr with tmp publickey and parse returned encryption key #286 2024-12-11 08:36:55 +08:00			`_, err = CreateCFCACertificateRequest(random, template, certKey, invalidTmpKey.Public(), "")`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`if err == nil \|\| err.Error() != "x509: only SM2 public key is supported" {`
cfca: update test error message 2024-12-13 08:20:48 +08:00			`t.Fatalf("expect only SM2 public key is supported, got %v", err)`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`}`
cfca csr with tmp publickey and parse returned encryption key #286 2024-12-11 08:36:55 +08:00			`_, err = CreateCFCACertificateRequest(random, template, certKey, tmpKey.Public(), "")`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`if err == nil \|\| err.Error() != "x509: challenge password is required" {`
cfca: update test error message 2024-12-13 08:20:48 +08:00			`t.Fatalf("expect challenge password is required, got %v", err)`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`}`
cfca csr with tmp publickey and parse returned encryption key #286 2024-12-11 08:36:55 +08:00			`csrDer, err := CreateCFCACertificateRequest(random, template, certKey, tmpKey.Public(), "111111")`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
support cfca certificate request #286 2024-12-10 10:13:51 +08:00			`csr, err := ParseCFCACertificateRequest(csrDer)`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if csr.Subject.CommonName != "certRequisition" {`
			`t.Fatal("common name not match")`
			`}`
support cfca certificate request #286 2024-12-10 10:13:51 +08:00			`if csr.ChallengePassword != "111111" {`
			`t.Fatal("challenge password not match")`
			`}`
cfca: test sadk generated csr #286 2024-12-12 17:55:57 +08:00			`if !tmpKey.PublicKey.Equal(csr.TmpPublicKey) {`
support cfca certificate request #286 2024-12-10 10:13:51 +08:00			`t.Fatal("tmp public key not match")`
			`}`
support cfca certificate request #286 2024-12-10 09:01:21 +08:00			`}`
cfca: test sadk generated csr #286 2024-12-12 17:55:57 +08:00
cfca: test trustAsia generated csr 2024-12-13 15:37:27 +08:00			var sadkGeneratedCSR = `
			`-----BEGIN CERTIFICATE REQUEST-----`
			`MIIBtDCCAVgCAQAwPjEYMBYGA1UEAwwPY2VydFJlcXVpc2l0aW9uMRUwEwYDVQQK`
			`DAxDRkNBIFRFU1QgQ0ExCzAJBgNVBAYTAkNOMFkwEwYHKoZIzj0CAQYIKoEcz1UB`
			`gi0DQgAEBtbaBT0KiK9mSUPnTOVCMydUWbSr0DkHi6i3GAuE0d1+/7ROMhVvWpz6`
			`OFP4T6CeZggKwvxwrCL/rj3vR/R6rqCBtzATBgkqhkiG9w0BCQcTBjExMTExMTCB`
			`nwYJKoZIhvcNAQk/BIGRMIGOAgEBBIGIALQAAAABAAAouT7CmwV94vbCwPIwBag6`
			`SSoEh+WxOcV6Sp5xjVSdIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`
			`e0nExPMojCs0CdTvzhh7kakxQBQF6mLFeUGJ9IjIH4IAAAAAAAAAAAAAAAAAAAAA`
			`AAAAAAAAAAAAAAAAAAAAADAMBggqgRzPVQGDdQUAA0gAMEUCIFtu6pSUf8yOxgqo`
			`fpFA45HniI2StqJomsjYqIMH6jEYAiEAuLl7Q42zA8sR7U5nOza88ehpqV0TdzZq`
			`XAZJg0bKNMY=`
			`-----END CERTIFICATE REQUEST-----`
			`
cfca: test sadk generated csr #286 2024-12-12 17:55:57 +08:00
			`func TestSADKGeneratedCSR(t *testing.T) {`
cfca: test trustAsia generated csr 2024-12-13 15:37:27 +08:00			`block, _ := pem.Decode([]byte(sadkGeneratedCSR))`
			`csr, err := ParseCFCACertificateRequest(block.Bytes)`
cfca: test sadk generated csr #286 2024-12-12 17:55:57 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
cfca: test trustAsia generated csr 2024-12-13 15:37:27 +08:00			`if csr.Subject.CommonName != "certRequisition" {`
			`t.Fatal("common name not match")`
			`}`
			`if csr.ChallengePassword != "111111" {`
			`t.Fatal("challenge password not match")`
			`}`
			`if pub, ok := csr.TmpPublicKey.(*ecdsa.PublicKey); !ok \|\| pub.X == nil {`
			`t.Fatal("tmp public key is nil")`
			`}`
			`}`

			`// https://myssl.com/csr_create.html`
			`// challenge password is empty`
			var trustAsiaCSR = `
			`-----BEGIN CERTIFICATE REQUEST-----`
			`MIIB3DCCAYECAQAwRjELMAkGA1UEBhMCQ04xDzANBgNVBAgTBlpodWhhaTESMBAG`
			`A1UEBxMJR3Vhbmdkb25nMRIwEAYDVQQDEwlURVNUIENFUlQwWTATBgcqhkjOPQIB`
			`BggqgRzPVQGCLQNCAARGJcrt6CdYj+keIe3dVUfgFUY4rB9otZg4rneLhtkJbnhX`
			`/NOH7lBYOifxCUpS77WlAmHqZ4X3IxWcq6QCsMpYoIHYMA0GCSqGSIb3DQEJBxMA`
			`MIGfBgkqhkiG9w0BCT8EgZEwgY4CAQEEgYgAtAAAAAEAAJLVPiiG5UmFz2/ZPjgE`
			`E/88SRe2O24QzIC9hpIVDYHyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`
			`AACAIx+hRlrU3htrIPZQOxeIyizbX8Y1ZoUQ6sF6l/byRQAAAAAAAAAAAAAAAAAA`
			`AAAAAAAAAAAAAAAAAAAAAAAAMCUGCSqGSIb3DQEJDjEYMBYwFAYDVR0RBA0wC4IJ`
			`VEVTVCBDRVJUMAwGCCqBHM9VAYN1BQADRwAwRAIgdAK3Jgs47/ATROPmvh06F0DG`
			`8+esUW+7jahyNvKhLRYCIGKjS7FIYI2qG4scPsHZ+qyBNRIfUP7w8c/PQSaXmzqD`
			`-----END CERTIFICATE REQUEST-----`
			`

			`func TestTrustAsiaGeneratedCSR(t *testing.T) {`
			`block, _ := pem.Decode([]byte(trustAsiaCSR))`
			`csr, err := ParseCFCACertificateRequest(block.Bytes)`
cfca: test sadk generated csr #286 2024-12-12 17:55:57 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
cfca: test trustAsia generated csr 2024-12-13 15:37:27 +08:00			`if csr.Subject.CommonName != "TEST CERT" {`
cfca: test sadk generated csr #286 2024-12-12 17:55:57 +08:00			`t.Fatal("common name not match")`
			`}`
cfca: test trustAsia generated csr 2024-12-13 15:37:27 +08:00			`if csr.ChallengePassword != "" {`
cfca: test sadk generated csr #286 2024-12-12 17:55:57 +08:00			`t.Fatal("challenge password not match")`
			`}`
cfca: test trustAsia generated csr 2024-12-13 15:37:27 +08:00			`if pub, ok := csr.TmpPublicKey.(*ecdsa.PublicKey); !ok \|\| pub.X == nil {`
cfca: test sadk generated csr #286 2024-12-12 17:55:57 +08:00			`t.Fatal("tmp public key is nil")`
			`}`
			`}`