Skip to content

Commit f1c68a8

Browse files
nitram509nitram509
committed
rework as table tests
1 parent 195a211 commit f1c68a8

File tree

1 file changed

+126
-136
lines changed

1 file changed

+126
-136
lines changed

pkcs12_test.go

Lines changed: 126 additions & 136 deletions
Original file line numberDiff line numberDiff line change
@@ -14,165 +14,155 @@ import (
1414
"testing"
1515
)
1616

17+
//go:embed test-data/testing_at_example_com.p12
18+
var fileTestingAtExampleCom []byte
19+
20+
//go:embed test-data/windows_azure_tools.p12
21+
var fileWindowsAzureTools []byte
22+
23+
var testdata = map[string][]byte{
24+
// 'null' password test case
25+
"Windows Azure Tools": fileWindowsAzureTools,
26+
// empty string password test case
27+
"[email protected]": fileTestingAtExampleCom,
28+
}
29+
1730
func TestPfx(t *testing.T) {
1831
for commonName, p12 := range testdata {
19-
priv, cert, err := Decode(p12, "")
20-
if err != nil {
21-
t.Fatal(err)
22-
}
23-
24-
if err := priv.(*rsa.PrivateKey).Validate(); err != nil {
25-
t.Errorf("error while validating private key: %v", err)
26-
}
27-
28-
if cert.Subject.CommonName != commonName {
29-
t.Errorf("expected common name to be %q, but found %q", commonName, cert.Subject.CommonName)
30-
}
32+
t.Run(commonName, func(t *testing.T) {
33+
priv, cert, err := Decode(p12, "")
34+
if err != nil {
35+
t.Fatal(err)
36+
}
37+
38+
if err := priv.(*rsa.PrivateKey).Validate(); err != nil {
39+
t.Errorf("error while validating private key: %v", err)
40+
}
41+
42+
if cert.Subject.CommonName != commonName {
43+
t.Errorf("expected common name to be %q, but found %q", commonName, cert.Subject.CommonName)
44+
}
45+
})
3146
}
3247
}
3348

3449
func TestPEM(t *testing.T) {
3550
for commonName, p12 := range testdata {
36-
blocks, err := ToPEM(p12, "")
37-
if err != nil {
38-
t.Fatalf("error while converting to PEM: %s", err)
39-
}
40-
41-
var pemData []byte
42-
for _, b := range blocks {
43-
pemData = append(pemData, pem.EncodeToMemory(b)...)
44-
}
45-
46-
cert, err := tls.X509KeyPair(pemData, pemData)
47-
if err != nil {
48-
t.Errorf("err while converting to key pair: %v", err)
49-
}
50-
config := tls.Config{
51-
Certificates: []tls.Certificate{cert},
52-
}
53-
config.BuildNameToCertificate()
54-
55-
if _, exists := config.NameToCertificate[commonName]; !exists {
56-
t.Errorf("did not find our cert in PEM?: %v", config.NameToCertificate)
57-
}
51+
t.Run(commonName, func(t *testing.T) {
52+
blocks, err := ToPEM(p12, "")
53+
if err != nil {
54+
t.Fatalf("error while converting to PEM: %s", err)
55+
}
56+
57+
var pemData []byte
58+
for _, b := range blocks {
59+
pemData = append(pemData, pem.EncodeToMemory(b)...)
60+
}
61+
62+
cert, err := tls.X509KeyPair(pemData, pemData)
63+
if err != nil {
64+
t.Errorf("err while converting to key pair: %v", err)
65+
}
66+
config := tls.Config{
67+
Certificates: []tls.Certificate{cert},
68+
}
69+
config.BuildNameToCertificate()
70+
71+
if _, exists := config.NameToCertificate[commonName]; !exists {
72+
t.Errorf("did not find our cert in PEM?: %v", config.NameToCertificate)
73+
}
74+
})
5875
}
5976
}
6077

6178
func TestTrustStore(t *testing.T) {
6279
for commonName, p12 := range testdata {
63-
_, cert, err := Decode(p12, "")
64-
if err != nil {
65-
t.Fatal(err)
66-
}
67-
68-
pfxData, err := EncodeTrustStore(rand.Reader, []*x509.Certificate{cert}, "password")
69-
if err != nil {
70-
t.Fatal(err)
71-
}
72-
73-
decodedCerts, err := DecodeTrustStore(pfxData, "password")
74-
if err != nil {
75-
t.Fatal(err)
76-
}
77-
78-
if len(decodedCerts) != 1 {
79-
t.Fatal("Unexpected number of certs")
80-
}
81-
82-
if decodedCerts[0].Subject.CommonName != commonName {
83-
t.Errorf("expected common name to be %q, but found %q", commonName, decodedCerts[0].Subject.CommonName)
84-
}
80+
t.Run(commonName, func(t *testing.T) {
81+
_, cert, err := Decode(p12, "")
82+
if err != nil {
83+
t.Fatal(err)
84+
}
85+
86+
pfxData, err := EncodeTrustStore(rand.Reader, []*x509.Certificate{cert}, "password")
87+
if err != nil {
88+
t.Fatal(err)
89+
}
90+
91+
decodedCerts, err := DecodeTrustStore(pfxData, "password")
92+
if err != nil {
93+
t.Fatal(err)
94+
}
95+
96+
if len(decodedCerts) != 1 {
97+
t.Fatal("Unexpected number of certs")
98+
}
99+
100+
if decodedCerts[0].Subject.CommonName != commonName {
101+
t.Errorf("expected common name to be %q, but found %q", commonName, decodedCerts[0].Subject.CommonName)
102+
}
103+
})
85104
}
86105
}
87106

88107
//go:embed test-data/example_com_aescbc128.p12
89108
var fileExampleComAesCbc128 []byte
90109

91-
func TestPBES2_AES128CBC(t *testing.T) {
92-
//PKCS7 Encrypted data: PBES2, PBKDF2, AES-128-CBC, Iteration 2048, PRF hmacWithSHA256
93-
commonName := "example-com"
94-
pk, cert, caCerts, err := DecodeChain(fileExampleComAesCbc128, "rHyQTJsubhfxcpH5JttyilHE6BBsNoZp")
95-
if err != nil {
96-
t.Fatal(err)
97-
}
98-
99-
rsaPk, ok := pk.(*rsa.PrivateKey)
100-
if !ok {
101-
t.Error("could not cast to rsa private key")
102-
}
103-
if !rsaPk.PublicKey.Equal(cert.PublicKey) {
104-
t.Error("public key embedded in private key not equal to public key of certificate")
105-
}
106-
if cert.Subject.CommonName != commonName {
107-
t.Errorf("unexpected leaf cert common name, got %s, want %s", cert.Subject.CommonName, commonName)
108-
}
109-
if len(caCerts) != 0 {
110-
t.Errorf("unexpected # of caCerts: got %d, want 0", len(caCerts))
111-
}
112-
}
113-
114110
//go:embed test-data/example_com_aescbc192.p12
115111
var fileExampleComAesCbc192 []byte
116112

117-
func TestPBES2_AES192CBC(t *testing.T) {
118-
//PKCS7 Encrypted data: PBES2, PBKDF2, AES-192-CBC, Iteration 2048, PRF hmacWithSHA256
119-
commonName := "example-com"
120-
pk, cert, caCerts, err := DecodeChain(fileExampleComAesCbc192, "password")
121-
if err != nil {
122-
t.Fatal(err)
123-
}
124-
125-
rsaPk, ok := pk.(*rsa.PrivateKey)
126-
if !ok {
127-
t.Error("could not cast to rsa private key")
128-
}
129-
if !rsaPk.PublicKey.Equal(cert.PublicKey) {
130-
t.Error("public key embedded in private key not equal to public key of certificate")
131-
}
132-
if cert.Subject.CommonName != commonName {
133-
t.Errorf("unexpected leaf cert common name, got %s, want %s", cert.Subject.CommonName, commonName)
134-
}
135-
if len(caCerts) != 0 {
136-
t.Errorf("unexpected # of caCerts: got %d, want 0", len(caCerts))
137-
}
138-
}
139-
140113
//go:embed test-data/ad_standalone_com_aescbc256.p12
141114
var fileAdStandaloneComAesCbc256 []byte
142115

143-
func TestPBES2_AES256CBC(t *testing.T) {
144-
// This P12 PDU is a self-signed certificate exported via Windows certmgr.
145-
// It is encrypted with the following options (verified via openssl): PBES2, PBKDF2, AES-256-CBC, Iteration 2000, PRF hmacWithSHA256
146-
commonName := "*.ad.standalone.com"
147-
pk, cert, caCerts, err := DecodeChain(fileAdStandaloneComAesCbc256, "password")
148-
if err != nil {
149-
t.Fatal(err)
116+
func Test_DecodeChain_PBES2(t *testing.T) {
117+
tests := []struct {
118+
testName string
119+
storeData []byte
120+
password string
121+
commonName string
122+
testDescription string
123+
}{
124+
{
125+
testName: "AES128CBC",
126+
storeData: fileExampleComAesCbc128,
127+
password: "rHyQTJsubhfxcpH5JttyilHE6BBsNoZp",
128+
commonName: "example-com",
129+
testDescription: "PKCS7 Encrypted data: PBES2, PBKDF2, AES-128-CBC, Iteration 2048, PRF hmacWithSHA256",
130+
},
131+
{
132+
testName: "AES192CBC",
133+
storeData: fileExampleComAesCbc192,
134+
password: "password",
135+
commonName: "example-com",
136+
testDescription: "PKCS7 Encrypted data: PBES2, PBKDF2, AES-192-CBC, Iteration 2048, PRF hmacWithSHA256",
137+
},
138+
{
139+
testName: "AES256CBC",
140+
storeData: fileAdStandaloneComAesCbc256,
141+
password: "password",
142+
commonName: "*.ad.standalone.com",
143+
testDescription: "This P12 PDU is a self-signed certificate exported via Windows certmgr. It is encrypted with the following options (verified via openssl): PBES2, PBKDF2, AES-256-CBC, Iteration 2000, PRF hmacWithSHA256",
144+
},
145+
}
146+
for _, tt := range tests {
147+
t.Run(tt.testName, func(t *testing.T) {
148+
pk, cert, caCerts, err := DecodeChain(tt.storeData, tt.password)
149+
if err != nil {
150+
t.Fatal(err)
151+
}
152+
153+
rsaPk, ok := pk.(*rsa.PrivateKey)
154+
if !ok {
155+
t.Error("could not cast to rsa private key")
156+
}
157+
if !rsaPk.PublicKey.Equal(cert.PublicKey) {
158+
t.Error("public key embedded in private key not equal to public key of certificate")
159+
}
160+
if cert.Subject.CommonName != tt.commonName {
161+
t.Errorf("unexpected leaf cert common name, got %s, want %s", cert.Subject.CommonName, tt.commonName)
162+
}
163+
if len(caCerts) != 0 {
164+
t.Errorf("unexpected # of caCerts: got %d, want 0", len(caCerts))
165+
}
166+
})
150167
}
151-
152-
rsaPk, ok := pk.(*rsa.PrivateKey)
153-
if !ok {
154-
t.Error("could not cast to rsa private key")
155-
}
156-
if !rsaPk.PublicKey.Equal(cert.PublicKey) {
157-
t.Error("public key embedded in private key not equal to public key of certificate")
158-
}
159-
if cert.Subject.CommonName != commonName {
160-
t.Errorf("unexpected leaf cert common name, got %s, want %s", cert.Subject.CommonName, commonName)
161-
}
162-
if len(caCerts) != 0 {
163-
t.Errorf("unexpected # of caCerts: got %d, want 0", len(caCerts))
164-
}
165-
}
166-
167-
//go:embed test-data/testing_at_example_com.p12
168-
var fileTestingAtExampleCom []byte
169-
170-
//go:embed test-data/windows_azure_tools.p12
171-
var fileWindowsAzureTools []byte
172-
173-
var testdata = map[string][]byte{
174-
// 'null' password test case
175-
"Windows Azure Tools": fileWindowsAzureTools,
176-
// empty string password test case
177-
"[email protected]": fileTestingAtExampleCom,
178168
}

0 commit comments

Comments
 (0)