mirror of
https://github.com/ehang-io/nps.git
synced 2025-07-02 04:00:42 +00:00
63 lines
1.3 KiB
Go
63 lines
1.3 KiB
Go
package cert
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"testing"
|
|
)
|
|
|
|
func TestCreateCert(t *testing.T) {
|
|
dnsName := "ehang.io"
|
|
g := NewX509Generator(pkix.Name{
|
|
Country: []string{"CN"},
|
|
Organization: []string{"ehang.io"},
|
|
OrganizationalUnit: []string{"nps"},
|
|
Province: []string{"Beijing"},
|
|
CommonName: "nps",
|
|
Locality: []string{"Beijing"},
|
|
})
|
|
// generate root ca
|
|
rootCa, rootKey, err := g.CreateRootCa()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = g.InitRootCa(rootCa, rootKey)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// generate npc cert
|
|
clientCa, _, err := g.CreateCert(dnsName)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// verify npc cert by root cert
|
|
roots := x509.NewCertPool()
|
|
ok := roots.AppendCertsFromPEM(rootCa)
|
|
if !ok {
|
|
panic("failed to parse root certificate")
|
|
}
|
|
|
|
block, _ := pem.Decode(clientCa)
|
|
if block == nil {
|
|
t.Fatal("failed to parse certificate PEM")
|
|
}
|
|
cert, err := x509.ParseCertificate(block.Bytes)
|
|
if err != nil {
|
|
t.Fatal("failed to parse certificate: " + err.Error())
|
|
}
|
|
|
|
opts := x509.VerifyOptions{
|
|
Roots: roots,
|
|
DNSName: dnsName,
|
|
Intermediates: x509.NewCertPool(),
|
|
}
|
|
|
|
if _, err := cert.Verify(opts); err != nil {
|
|
t.Fatal("failed to verify certificate: " + err.Error())
|
|
}
|
|
|
|
}
|