diff --git a/cfca/pkcs10.go b/cfca/pkcs10.go index de0d0f3..9f40a5c 100644 --- a/cfca/pkcs10.go +++ b/cfca/pkcs10.go @@ -29,6 +29,7 @@ func CreateCertificateRequest(rand io.Reader, template *x509.CertificateRequest, } // ParseCertificateRequest parses a certificate request from the given DER data. +// This method corresponds to CFCA SADK's cfca.sadk.asn1.pkcs.PKCS10.load. func ParseCertificateRequest(der []byte) (*CertificateRequest, error) { return smx509.ParseCFCACertificateRequest(der) } diff --git a/smx509/cfca_csr_test.go b/smx509/cfca_csr_test.go index b6151be..fdfc81e 100644 --- a/smx509/cfca_csr_test.go +++ b/smx509/cfca_csr_test.go @@ -10,7 +10,7 @@ import ( "crypto/rand" "crypto/x509" "crypto/x509/pkix" - "encoding/base64" + "encoding/pem" "testing" "github.com/emmansun/gmsm/sm2" @@ -72,24 +72,68 @@ func TestCreateCFCACertificateRequest(t *testing.T) { } } -var sadkGeneratedCSR = `MIIBtDCCAVgCAQAwPjEYMBYGA1UEAwwPY2VydFJlcXVpc2l0aW9uMRUwEwYDVQQKDAxDRkNBIFRFU1QgQ0ExCzAJBgNVBAYTAkNOMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEBtbaBT0KiK9mSUPnTOVCMydUWbSr0DkHi6i3GAuE0d1+/7ROMhVvWpz6OFP4T6CeZggKwvxwrCL/rj3vR/R6rqCBtzATBgkqhkiG9w0BCQcTBjExMTExMTCBnwYJKoZIhvcNAQk/BIGRMIGOAgEBBIGIALQAAAABAAAouT7CmwV94vbCwPIwBag6SSoEh+WxOcV6Sp5xjVSdIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe0nExPMojCs0CdTvzhh7kakxQBQF6mLFeUGJ9IjIH4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAMBggqgRzPVQGDdQUAA0gAMEUCIFtu6pSUf8yOxgqofpFA45HniI2StqJomsjYqIMH6jEYAiEAuLl7Q42zA8sR7U5nOza88ehpqV0TdzZqXAZJg0bKNMY=` +var sadkGeneratedCSR = ` +-----BEGIN CERTIFICATE REQUEST----- +MIIBtDCCAVgCAQAwPjEYMBYGA1UEAwwPY2VydFJlcXVpc2l0aW9uMRUwEwYDVQQK +DAxDRkNBIFRFU1QgQ0ExCzAJBgNVBAYTAkNOMFkwEwYHKoZIzj0CAQYIKoEcz1UB +gi0DQgAEBtbaBT0KiK9mSUPnTOVCMydUWbSr0DkHi6i3GAuE0d1+/7ROMhVvWpz6 +OFP4T6CeZggKwvxwrCL/rj3vR/R6rqCBtzATBgkqhkiG9w0BCQcTBjExMTExMTCB +nwYJKoZIhvcNAQk/BIGRMIGOAgEBBIGIALQAAAABAAAouT7CmwV94vbCwPIwBag6 +SSoEh+WxOcV6Sp5xjVSdIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +e0nExPMojCs0CdTvzhh7kakxQBQF6mLFeUGJ9IjIH4IAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAADAMBggqgRzPVQGDdQUAA0gAMEUCIFtu6pSUf8yOxgqo +fpFA45HniI2StqJomsjYqIMH6jEYAiEAuLl7Q42zA8sR7U5nOza88ehpqV0TdzZq +XAZJg0bKNMY= +-----END CERTIFICATE REQUEST----- +` func TestSADKGeneratedCSR(t *testing.T) { - data, err := base64.StdEncoding.DecodeString(sadkGeneratedCSR) + block, _ := pem.Decode([]byte(sadkGeneratedCSR)) + csr, err := ParseCFCACertificateRequest(block.Bytes) if err != nil { t.Fatal(err) } - csr, err := ParseCFCACertificateRequest(data) + if csr.Subject.CommonName != "certRequisition" { + t.Fatal("common name not match") + } + if csr.ChallengePassword != "111111" { + t.Fatal("challenge password not match") + } + if pub, ok := csr.TmpPublicKey.(*ecdsa.PublicKey); !ok || pub.X == nil { + t.Fatal("tmp public key is nil") + } +} + +// https://myssl.com/csr_create.html +// challenge password is empty +var trustAsiaCSR = ` +-----BEGIN CERTIFICATE REQUEST----- +MIIB3DCCAYECAQAwRjELMAkGA1UEBhMCQ04xDzANBgNVBAgTBlpodWhhaTESMBAG +A1UEBxMJR3Vhbmdkb25nMRIwEAYDVQQDEwlURVNUIENFUlQwWTATBgcqhkjOPQIB +BggqgRzPVQGCLQNCAARGJcrt6CdYj+keIe3dVUfgFUY4rB9otZg4rneLhtkJbnhX +/NOH7lBYOifxCUpS77WlAmHqZ4X3IxWcq6QCsMpYoIHYMA0GCSqGSIb3DQEJBxMA +MIGfBgkqhkiG9w0BCT8EgZEwgY4CAQEEgYgAtAAAAAEAAJLVPiiG5UmFz2/ZPjgE +E/88SRe2O24QzIC9hpIVDYHyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AACAIx+hRlrU3htrIPZQOxeIyizbX8Y1ZoUQ6sF6l/byRQAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAMCUGCSqGSIb3DQEJDjEYMBYwFAYDVR0RBA0wC4IJ +VEVTVCBDRVJUMAwGCCqBHM9VAYN1BQADRwAwRAIgdAK3Jgs47/ATROPmvh06F0DG +8+esUW+7jahyNvKhLRYCIGKjS7FIYI2qG4scPsHZ+qyBNRIfUP7w8c/PQSaXmzqD +-----END CERTIFICATE REQUEST----- +` + +func TestTrustAsiaGeneratedCSR(t *testing.T) { + block, _ := pem.Decode([]byte(trustAsiaCSR)) + csr, err := ParseCFCACertificateRequest(block.Bytes) if err != nil { t.Fatal(err) } - if csr.Subject.CommonName != "certRequisition" { + if csr.Subject.CommonName != "TEST CERT" { t.Fatal("common name not match") } - if csr.ChallengePassword != "111111" { + if csr.ChallengePassword != "" { t.Fatal("challenge password not match") } - if csr.TmpPublicKey == nil { + if pub, ok := csr.TmpPublicKey.(*ecdsa.PublicKey); !ok || pub.X == nil { t.Fatal("tmp public key is nil") } }