pkcs7: fallback change

emmansun · web-flow · commit 1cf878287039 · 2024-12-09T19:54:01.000+08:00
diff --git a/pkcs7/pkcs7_test.go b/pkcs7/pkcs7_test.go
@@ -83,7 +83,7 @@ func fromBase10(base10 string) *big.Int {
 
 type certKeyPair struct {
 	Certificate *smx509.Certificate
-	PrivateKey  crypto.PrivateKey
+	PrivateKey  *crypto.PrivateKey
 }
 
 func createTestCertificate(sigAlg x509.SignatureAlgorithm, allCA bool) (certKeyPair, error) {
diff --git a/pkcs7/sign_enveloped_test.go b/pkcs7/sign_enveloped_test.go
@@ -171,7 +171,7 @@ func TestCreateSignedEvnvelopedDataSM(t *testing.T) {
 		t.Fatal(err)
 	}
 	privKey := make([]byte, 32)
-	sm2Key, ok := (encryptKey.PrivateKey).(*sm2.PrivateKey)
+	sm2Key, ok := (*encryptKey.PrivateKey).(*sm2.PrivateKey)
 	if !ok {
 		t.Fatal("should be sm2 private key")
 	}
@@ -183,7 +183,7 @@ func TestCreateSignedEvnvelopedDataSM(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		err = saed.AddSigner(rootCert.Certificate, rootCert.PrivateKey)
+		err = saed.AddSigner(rootCert.Certificate, *rootCert.PrivateKey)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -203,7 +203,7 @@ func TestCreateSignedEvnvelopedDataSM(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, recipient.PrivateKey, func() error {
+		encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, *recipient.PrivateKey, func() error {
 			return p7Data.Verify()
 		})
 		if err != nil {
@@ -234,7 +234,7 @@ func TestCreateSignedEvnvelopedData(t *testing.T) {
 		t.Fatal(err)
 	}
 	privKey := make([]byte, 32)
-	ecdsaKey, ok := (encryptKey.PrivateKey).(*ecdsa.PrivateKey)
+	ecdsaKey, ok := (*encryptKey.PrivateKey).(*ecdsa.PrivateKey)
 	if !ok {
 		t.Fatal("should be ecdsa private key")
 	}
@@ -247,7 +247,7 @@ func TestCreateSignedEvnvelopedData(t *testing.T) {
 			t.Fatal(err)
 		}
 		saed.SetDigestAlgorithm(OIDDigestAlgorithmSHA256)
-		err = saed.AddSigner(rootCert.Certificate, rootCert.PrivateKey)
+		err = saed.AddSigner(rootCert.Certificate, *rootCert.PrivateKey)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -288,7 +288,7 @@ func TestCreateSignedEvnvelopedData(t *testing.T) {
 			t.Errorf("Recipient issuer name does not match.\n\tExpected:%x\n\tActual:%x", recipient.Certificate.RawIssuer, recipients[0].RawIssuer)
 		}
 
-		encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, recipient.PrivateKey, func() error {
+		encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, *recipient.PrivateKey, func() error {
 			return p7Data.Verify()
 		})
 		if err != nil {
diff --git a/pkcs7/sign_test.go b/pkcs7/sign_test.go
@@ -51,7 +51,7 @@ func testSign(t *testing.T, isSM bool, content []byte, sigalgs []x509.SignatureA
 					signerDigest, _ := getDigestOIDForSignatureAlgorithm(sigalgsigner)
 					toBeSigned.SetDigestAlgorithm(signerDigest)
 
-					if err := toBeSigned.AddSignerChain(signerCert.Certificate, signerCert.PrivateKey, parents, SignerInfoConfig{}); err != nil {
+					if err := toBeSigned.AddSignerChain(signerCert.Certificate, *signerCert.PrivateKey, parents, SignerInfoConfig{}); err != nil {
 						t.Fatalf("test %s/%s/%s: cannot add signer: %s", sigalgroot, sigalginter, sigalgsigner, err)
 					}
 					if testDetach {
@@ -152,7 +152,7 @@ func TestUnmarshalSignedAttribute(t *testing.T) {
 	}
 	oidTest := asn1.ObjectIdentifier{2, 3, 4, 5, 6, 7}
 	testValue := "TestValue"
-	if err := toBeSigned.AddSigner(cert.Certificate, cert.PrivateKey, SignerInfoConfig{
+	if err := toBeSigned.AddSigner(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{
 		ExtraSignedAttributes: []Attribute{{Type: oidTest, Value: testValue}},
 	}); err != nil {
 		t.Fatalf("Cannot add signer: %s", err)
@@ -190,7 +190,7 @@ func TestSkipCertificates(t *testing.T) {
 		t.Fatalf("Cannot initialize signed data: %s", err)
 	}
 
-	if err := toBeSigned.AddSigner(cert.Certificate, cert.PrivateKey, SignerInfoConfig{}); err != nil {
+	if err := toBeSigned.AddSigner(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{}); err != nil {
 		t.Fatalf("Cannot add signer: %s", err)
 	}
 	signed, err := toBeSigned.Finish()
@@ -209,7 +209,7 @@ func TestSkipCertificates(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Cannot initialize signed data: %s", err)
 	}
-	if err := toBeSigned2.AddSigner(cert.Certificate, cert.PrivateKey, SignerInfoConfig{SkipCertificates: true}); err != nil {
+	if err := toBeSigned2.AddSigner(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{SkipCertificates: true}); err != nil {
 		t.Fatalf("Cannot add signer: %s", err)
 	}
 	signed, err = toBeSigned2.Finish()
@@ -313,7 +313,7 @@ func TestSignWithoutAttr(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Cannot initialize signed data: %s", err)
 		}
-		if err := toBeSigned.SignWithoutAttr(cert.Certificate, cert.PrivateKey, SignerInfoConfig{SkipCertificates: sigalg.skipCert}); err != nil {
+		if err := toBeSigned.SignWithoutAttr(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{SkipCertificates: sigalg.skipCert}); err != nil {
 			t.Fatalf("Cannot add signer: %s", err)
 		}
 		signed, err := toBeSigned.Finish()
diff --git a/pkcs7/verify_test.go b/pkcs7/verify_test.go
@@ -527,7 +527,7 @@ but that's not what ships are built for.
 					t.Fatal(err)
 				}
 				var derKey []byte
-				priv := signerCert.PrivateKey
+				priv := *signerCert.PrivateKey
 				switch priv := priv.(type) {
 				case *rsa.PrivateKey:
 					derKey = x509.MarshalPKCS1PrivateKey(priv)

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ func fromBase10(base10 string) *big.Int {`
`83`	`83`
`84`	`84`	`type certKeyPair struct {`
`85`	`85`	`Certificate *smx509.Certificate`
`86`		`- PrivateKey crypto.PrivateKey`
	`86`	`+ PrivateKey *crypto.PrivateKey`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`func createTestCertificate(sigAlg x509.SignatureAlgorithm, allCA bool) (certKeyPair, error) {`
Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,7 @@ func TestCreateSignedEvnvelopedDataSM(t *testing.T) {`
`171`	`171`	`t.Fatal(err)`
`172`	`172`	`}`
`173`	`173`	`privKey := make([]byte, 32)`
`174`		`- sm2Key, ok := (encryptKey.PrivateKey).(*sm2.PrivateKey)`
	`174`	`+ sm2Key, ok := (encryptKey.PrivateKey).(sm2.PrivateKey)`
`175`	`175`	`if !ok {`
`176`	`176`	`t.Fatal("should be sm2 private key")`
`177`	`177`	`}`
`@@ -183,7 +183,7 @@ func TestCreateSignedEvnvelopedDataSM(t *testing.T) {`
`183`	`183`	`if err != nil {`
`184`	`184`	`t.Fatal(err)`
`185`	`185`	`}`
`186`		`- err = saed.AddSigner(rootCert.Certificate, rootCert.PrivateKey)`
	`186`	`+ err = saed.AddSigner(rootCert.Certificate, *rootCert.PrivateKey)`
`187`	`187`	`if err != nil {`
`188`	`188`	`t.Fatal(err)`
`189`	`189`	`}`
`@@ -203,7 +203,7 @@ func TestCreateSignedEvnvelopedDataSM(t *testing.T) {`
`203`	`203`	`if err != nil {`
`204`	`204`	`t.Fatal(err)`
`205`	`205`	`}`
`206`		`- encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, recipient.PrivateKey, func() error {`
	`206`	`+ encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, *recipient.PrivateKey, func() error {`
`207`	`207`	`return p7Data.Verify()`
`208`	`208`	`})`
`209`	`209`	`if err != nil {`
`@@ -234,7 +234,7 @@ func TestCreateSignedEvnvelopedData(t *testing.T) {`
`234`	`234`	`t.Fatal(err)`
`235`	`235`	`}`
`236`	`236`	`privKey := make([]byte, 32)`
`237`		`- ecdsaKey, ok := (encryptKey.PrivateKey).(*ecdsa.PrivateKey)`
	`237`	`+ ecdsaKey, ok := (encryptKey.PrivateKey).(ecdsa.PrivateKey)`
`238`	`238`	`if !ok {`
`239`	`239`	`t.Fatal("should be ecdsa private key")`
`240`	`240`	`}`
`@@ -247,7 +247,7 @@ func TestCreateSignedEvnvelopedData(t *testing.T) {`
`247`	`247`	`t.Fatal(err)`
`248`	`248`	`}`
`249`	`249`	`saed.SetDigestAlgorithm(OIDDigestAlgorithmSHA256)`
`250`		`- err = saed.AddSigner(rootCert.Certificate, rootCert.PrivateKey)`
	`250`	`+ err = saed.AddSigner(rootCert.Certificate, *rootCert.PrivateKey)`
`251`	`251`	`if err != nil {`
`252`	`252`	`t.Fatal(err)`
`253`	`253`	`}`
`@@ -288,7 +288,7 @@ func TestCreateSignedEvnvelopedData(t *testing.T) {`
`288`	`288`	`t.Errorf("Recipient issuer name does not match.\n\tExpected:%x\n\tActual:%x", recipient.Certificate.RawIssuer, recipients[0].RawIssuer)`
`289`	`289`	`}`
`290`	`290`
`291`		`- encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, recipient.PrivateKey, func() error {`
	`291`	`+ encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, *recipient.PrivateKey, func() error {`
`292`	`292`	`return p7Data.Verify()`
`293`	`293`	`})`
`294`	`294`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ func testSign(t *testing.T, isSM bool, content []byte, sigalgs []x509.SignatureA`
`51`	`51`	`signerDigest, _ := getDigestOIDForSignatureAlgorithm(sigalgsigner)`
`52`	`52`	`toBeSigned.SetDigestAlgorithm(signerDigest)`
`53`	`53`
`54`		`- if err := toBeSigned.AddSignerChain(signerCert.Certificate, signerCert.PrivateKey, parents, SignerInfoConfig{}); err != nil {`
	`54`	`+ if err := toBeSigned.AddSignerChain(signerCert.Certificate, *signerCert.PrivateKey, parents, SignerInfoConfig{}); err != nil {`
`55`	`55`	`t.Fatalf("test %s/%s/%s: cannot add signer: %s", sigalgroot, sigalginter, sigalgsigner, err)`
`56`	`56`	`}`
`57`	`57`	`if testDetach {`
`@@ -152,7 +152,7 @@ func TestUnmarshalSignedAttribute(t *testing.T) {`
`152`	`152`	`}`
`153`	`153`	`oidTest := asn1.ObjectIdentifier{2, 3, 4, 5, 6, 7}`
`154`	`154`	`testValue := "TestValue"`
`155`		`- if err := toBeSigned.AddSigner(cert.Certificate, cert.PrivateKey, SignerInfoConfig{`
	`155`	`+ if err := toBeSigned.AddSigner(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{`
`156`	`156`	`ExtraSignedAttributes: []Attribute{{Type: oidTest, Value: testValue}},`
`157`	`157`	`}); err != nil {`
`158`	`158`	`t.Fatalf("Cannot add signer: %s", err)`
`@@ -190,7 +190,7 @@ func TestSkipCertificates(t *testing.T) {`
`190`	`190`	`t.Fatalf("Cannot initialize signed data: %s", err)`
`191`	`191`	`}`
`192`	`192`
`193`		`- if err := toBeSigned.AddSigner(cert.Certificate, cert.PrivateKey, SignerInfoConfig{}); err != nil {`
	`193`	`+ if err := toBeSigned.AddSigner(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{}); err != nil {`
`194`	`194`	`t.Fatalf("Cannot add signer: %s", err)`
`195`	`195`	`}`
`196`	`196`	`signed, err := toBeSigned.Finish()`
`@@ -209,7 +209,7 @@ func TestSkipCertificates(t *testing.T) {`
`209`	`209`	`if err != nil {`
`210`	`210`	`t.Fatalf("Cannot initialize signed data: %s", err)`
`211`	`211`	`}`
`212`		`- if err := toBeSigned2.AddSigner(cert.Certificate, cert.PrivateKey, SignerInfoConfig{SkipCertificates: true}); err != nil {`
	`212`	`+ if err := toBeSigned2.AddSigner(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{SkipCertificates: true}); err != nil {`
`213`	`213`	`t.Fatalf("Cannot add signer: %s", err)`
`214`	`214`	`}`
`215`	`215`	`signed, err = toBeSigned2.Finish()`
`@@ -313,7 +313,7 @@ func TestSignWithoutAttr(t *testing.T) {`
`313`	`313`	`if err != nil {`
`314`	`314`	`t.Fatalf("Cannot initialize signed data: %s", err)`
`315`	`315`	`}`
`316`		`- if err := toBeSigned.SignWithoutAttr(cert.Certificate, cert.PrivateKey, SignerInfoConfig{SkipCertificates: sigalg.skipCert}); err != nil {`
	`316`	`+ if err := toBeSigned.SignWithoutAttr(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{SkipCertificates: sigalg.skipCert}); err != nil {`
`317`	`317`	`t.Fatalf("Cannot add signer: %s", err)`
`318`	`318`	`}`
`319`	`319`	`signed, err := toBeSigned.Finish()`
Original file line number	Diff line number	Diff line change
`@@ -527,7 +527,7 @@ but that's not what ships are built for.`
`527`	`527`	`t.Fatal(err)`
`528`	`528`	`}`
`529`	`529`	`var derKey []byte`
`530`		`- priv := signerCert.PrivateKey`
	`530`	`+ priv := *signerCert.PrivateKey`
`531`	`531`	`switch priv := priv.(type) {`
`532`	`532`	`case *rsa.PrivateKey:`
`533`	`533`	`derKey = x509.MarshalPKCS1PrivateKey(priv)`