登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

oG_Go/goproxy

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
signer_test.go 4.47 KB
一键复制 编辑 原始数据 按行查看 历史
johnerikhalse 提交于 2019-05-08 08:25 . Add support for signing with ecdsa keys
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165
package goproxy



import (

	"crypto/tls"

	"crypto/x509"

	"io/ioutil"

	"net/http"

	"net/http/httptest"

	"os"

	"os/exec"

	"strings"

	"testing"

	"time"

)



func orFatal(msg string, err error, t *testing.T) {

	if err != nil {

		t.Fatal(msg, err)

	}

}



type ConstantHanlder string



func (h ConstantHanlder) ServeHTTP(w http.ResponseWriter, r *http.Request) {

	w.Write([]byte(h))

}



func getBrowser(args []string) string {

	for i, arg := range args {

		if arg == "-browser" && i+1 < len(arg) {

			return args[i+1]

		}

		if strings.HasPrefix(arg, "-browser=") {

			return arg[len("-browser="):]

		}

	}

	return ""

}



func testSignerX509(t *testing.T, ca tls.Certificate) {

	cert, err := signHost(ca, []string{"example.com", "1.1.1.1", "localhost"})

	orFatal("singHost", err, t)

	cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])

	orFatal("ParseCertificate", err, t)

	certpool := x509.NewCertPool()

	certpool.AddCert(ca.Leaf)

	orFatal("VerifyHostname", cert.Leaf.VerifyHostname("example.com"), t)

	orFatal("CheckSignatureFrom", cert.Leaf.CheckSignatureFrom(ca.Leaf), t)

	_, err = cert.Leaf.Verify(x509.VerifyOptions{

		DNSName: "example.com",

		Roots:   certpool,

	})

	orFatal("Verify", err, t)

}



func testSignerTls(t *testing.T, ca tls.Certificate) {

	cert, err := signHost(ca, []string{"example.com", "1.1.1.1", "localhost"})

	orFatal("singHost", err, t)

	cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])

	orFatal("ParseCertificate", err, t)

	expected := "key verifies with Go"

	server := httptest.NewUnstartedServer(ConstantHanlder(expected))

	defer server.Close()

	server.TLS = &tls.Config{Certificates: []tls.Certificate{*cert, ca}}

	server.TLS.BuildNameToCertificate()

	server.StartTLS()

	certpool := x509.NewCertPool()

	certpool.AddCert(ca.Leaf)

	tr := &http.Transport{

		TLSClientConfig: &tls.Config{RootCAs: certpool},

	}

	asLocalhost := strings.Replace(server.URL, "127.0.0.1", "localhost", -1)

	req, err := http.NewRequest("GET", asLocalhost, nil)

	orFatal("NewRequest", err, t)

	resp, err := tr.RoundTrip(req)

	orFatal("RoundTrip", err, t)

	txt, err := ioutil.ReadAll(resp.Body)

	orFatal("ioutil.ReadAll", err, t)

	if string(txt) != expected {

		t.Errorf("Expected '%s' got '%s'", expected, string(txt))

	}

	browser := getBrowser(os.Args)

	if browser != "" {

		exec.Command(browser, asLocalhost).Run()

		time.Sleep(10 * time.Second)

	}

}



func TestSignerRsaTls(t *testing.T) {

	testSignerTls(t, GoproxyCa)

}



func TestSignerRsaX509(t *testing.T) {

	testSignerX509(t, GoproxyCa)

}



func TestSignerEcdsaTls(t *testing.T) {

	testSignerTls(t, EcdsaCa)

}



func TestSignerEcdsaX509(t *testing.T) {

	testSignerX509(t, EcdsaCa)

}



var c *tls.Certificate

var e error



func BenchmarkSignRsa(b *testing.B) {

	var cert *tls.Certificate

	var err error

	for n := 0; n < b.N; n++ {

		cert, err = signHost(GoproxyCa, []string{"example.com", "1.1.1.1", "localhost"})



	}

	c = cert

	e = err

}



func BenchmarkSignEcdsa(b *testing.B) {

	var cert *tls.Certificate

	var err error

	for n := 0; n < b.N; n++ {

		cert, err = signHost(EcdsaCa, []string{"example.com", "1.1.1.1", "localhost"})



	}

	c = cert

	e = err

}



//

// Eliptic Curve certificate and key for testing

//



var ECDSA_CA_CERT = []byte(`-----BEGIN CERTIFICATE-----

MIICGDCCAb8CFEkSgqYhlT0+Yyr9anQNJgtclTL0MAoGCCqGSM49BAMDMIGOMQsw

CQYDVQQGEwJJTDEPMA0GA1UECAwGQ2VudGVyMQwwCgYDVQQHDANMb2QxEDAOBgNV

BAoMB0dvUHJveHkxEDAOBgNVBAsMB0dvUHJveHkxGjAYBgNVBAMMEWdvcHJveHku

Z2l0aHViLmlvMSAwHgYJKoZIhvcNAQkBFhFlbGF6YXJsQGdtYWlsLmNvbTAeFw0x

OTA1MDcxMTUwMThaFw0zOTA1MDIxMTUwMThaMIGOMQswCQYDVQQGEwJJTDEPMA0G

A1UECAwGQ2VudGVyMQwwCgYDVQQHDANMb2QxEDAOBgNVBAoMB0dvUHJveHkxEDAO

BgNVBAsMB0dvUHJveHkxGjAYBgNVBAMMEWdvcHJveHkuZ2l0aHViLmlvMSAwHgYJ

KoZIhvcNAQkBFhFlbGF6YXJsQGdtYWlsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49

AwEHA0IABDlH4YrdukPFAjbO8x+gR9F8ID7eCU8Orhba/MIblSRrRVedpj08lK+2

svyoAcrcDsynClO9aQtsC9ivZ+Pmr3MwCgYIKoZIzj0EAwMDRwAwRAIgGRSSJVSE

1b1KVU0+w+SRtnR5Wb7jkwnaDNxQ3c3FXoICIBJV/l1hFM7mbd68Oi5zLq/4ZsrL

98Bb3nddk2xys6a9

-----END CERTIFICATE-----`)



var ECDSA_CA_KEY = []byte(`-----BEGIN PRIVATE KEY-----

MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEsc8m+2aZfagnesg

qMgXe8ph4LtVu2VOUYhHttuEDsChRANCAAQ5R+GK3bpDxQI2zvMfoEfRfCA+3glP

Dq4W2vzCG5Uka0VXnaY9PJSvtrL8qAHK3A7MpwpTvWkLbAvYr2fj5q9z

-----END PRIVATE KEY-----`)



var EcdsaCa, ecdsaCaErr = tls.X509KeyPair(ECDSA_CA_CERT, ECDSA_CA_KEY)



func init() {

	if ecdsaCaErr != nil {

		panic("Error parsing ecdsa CA " + ecdsaCaErr.Error())

	}

	var err error

	if EcdsaCa.Leaf, err = x509.ParseCertificate(EcdsaCa.Certificate[0]); err != nil {

		panic("Error parsing ecdsa CA " + err.Error())

	}

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/oG_Go/goproxy.git
git@gitee.com:oG_Go/goproxy.git
oG_Go
goproxy
goproxy
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部