From 4649719eaa212d4ad2b1bf0f1db21b16cb016e98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E6=A1=82=E5=86=9B?= Date: Fri, 15 Jan 2021 01:10:51 +0800 Subject: [PATCH 1/3] support tls test single-cert and double-cert MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 陈桂军 --- tls/testtls/asserts/sm2-cert/ca.crt | 16 ++ tls/testtls/asserts/sm2-cert/ca.key | 5 + tls/testtls/asserts/sm2-cert/client.crt | 16 ++ tls/testtls/asserts/sm2-cert/client.key | 5 + tls/testtls/asserts/sm2-cert/server.crt | 16 ++ tls/testtls/asserts/sm2-cert/server.key | 5 + tls/testtls/asserts/sm2-double-cert/CA.crt | 15 ++ tls/testtls/asserts/sm2-double-cert/CE.crt | 14 ++ tls/testtls/asserts/sm2-double-cert/CE.key | 5 + tls/testtls/asserts/sm2-double-cert/CS.crt | 14 ++ tls/testtls/asserts/sm2-double-cert/CS.key | 5 + tls/testtls/asserts/sm2-double-cert/SE.crt | 14 ++ tls/testtls/asserts/sm2-double-cert/SE.key | 5 + tls/testtls/asserts/sm2-double-cert/SS.crt | 14 ++ tls/testtls/asserts/sm2-double-cert/SS.key | 5 + tls/testtls/tls-double-cert/client.go | 63 ++++++++ tls/testtls/tls-double-cert/server.go | 81 ++++++++++ .../tls-double-cert/tls-double-cert_test.go | 143 ++++++++++++++++++ tls/testtls/tls-single-cert/client.go | 56 +++++++ tls/testtls/tls-single-cert/server.go | 74 +++++++++ .../tls-single-cert/tls-single-cert_test.go | 133 ++++++++++++++++ 21 files changed, 704 insertions(+) create mode 100644 tls/testtls/asserts/sm2-cert/ca.crt create mode 100644 tls/testtls/asserts/sm2-cert/ca.key create mode 100644 tls/testtls/asserts/sm2-cert/client.crt create mode 100644 tls/testtls/asserts/sm2-cert/client.key create mode 100644 tls/testtls/asserts/sm2-cert/server.crt create mode 100644 tls/testtls/asserts/sm2-cert/server.key create mode 100644 tls/testtls/asserts/sm2-double-cert/CA.crt create mode 100644 tls/testtls/asserts/sm2-double-cert/CE.crt create mode 100644 tls/testtls/asserts/sm2-double-cert/CE.key create mode 100644 tls/testtls/asserts/sm2-double-cert/CS.crt create mode 100644 tls/testtls/asserts/sm2-double-cert/CS.key create mode 100644 tls/testtls/asserts/sm2-double-cert/SE.crt create mode 100644 tls/testtls/asserts/sm2-double-cert/SE.key create mode 100644 tls/testtls/asserts/sm2-double-cert/SS.crt create mode 100644 tls/testtls/asserts/sm2-double-cert/SS.key create mode 100644 tls/testtls/tls-double-cert/client.go create mode 100644 tls/testtls/tls-double-cert/server.go create mode 100644 tls/testtls/tls-double-cert/tls-double-cert_test.go create mode 100644 tls/testtls/tls-single-cert/client.go create mode 100644 tls/testtls/tls-single-cert/server.go create mode 100644 tls/testtls/tls-single-cert/tls-single-cert_test.go diff --git a/tls/testtls/asserts/sm2-cert/ca.crt b/tls/testtls/asserts/sm2-cert/ca.crt new file mode 100644 index 0000000..424803e --- /dev/null +++ b/tls/testtls/asserts/sm2-cert/ca.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICmDCCAj6gAwIBAgIJAKsqJz5wdG3pMAoGCCqBHM9VAYN1MIGhMQswCQYDVQQG +EwJDTjELMAkGA1UECAwCR0QxDjAMBgNVBAcMBUx1b2h1MRMwEQYDVQQKDApHaG9z +dCBMVEQuMRQwEgYDVQQLDAtzZWxmIHNtMiBjYTEpMCcGA1UEAwwgbG9jYWxob3N0 +LDEyNy4wLjAuMSwxMC42LjIyOC4yNDcxHzAdBgkqhkiG9w0BCQEWEDg3NzAyMDkw +N0BxcS5jb20wHhcNMjEwMTA4MDc1MTExWhcNMzEwMTA2MDc1MTExWjCBoTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkdEMQ4wDAYDVQQHDAVMdW9odTETMBEGA1UECgwK +R2hvc3QgTFRELjEUMBIGA1UECwwLc2VsZiBzbTIgY2ExKTAnBgNVBAMMIGxvY2Fs +aG9zdCwxMjcuMC4wLjEsMTAuNi4yMjguMjQ3MR8wHQYJKoZIhvcNAQkBFhA4Nzcw +MjA5MDdAcXEuY29tMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEocskaRODzNi7 +stP+q8hQ7j+SA3y0A0XrRHlszK2o8y4ucMDxOKR3tXIKIHez1RSD2JPtJPLwX1Q2 +yjbgNfcWiqNdMFswHQYDVR0OBBYEFFFAQnDNiDkxNFtkTAR5aH7mOT1DMB8GA1Ud +IwQYMBaAFFFAQnDNiDkxNFtkTAR5aH7mOT1DMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgEGMAoGCCqBHM9VAYN1A0gAMEUCIQC2hfINFWIJJPjTLV8AzdhABqrGCMYx +OqtI/CE7ga7aeQIgIg1FBsfW6wZmMcNr2vAZ4WQ9hu0ovH+uveL5d6FvrXE= +-----END CERTIFICATE----- diff --git a/tls/testtls/asserts/sm2-cert/ca.key b/tls/testtls/asserts/sm2-cert/ca.key new file mode 100644 index 0000000..1db1c9e --- /dev/null +++ b/tls/testtls/asserts/sm2-cert/ca.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgfFTmGP5uhGmimoNa +eLsGJeIpS1EvRQMnw/8EqISWgFqhRANCAAShyyRpE4PM2Luy0/6ryFDuP5IDfLQD +RetEeWzMrajzLi5wwPE4pHe1cgogd7PVFIPYk+0k8vBfVDbKNuA19xaK +-----END PRIVATE KEY----- diff --git a/tls/testtls/asserts/sm2-cert/client.crt b/tls/testtls/asserts/sm2-cert/client.crt new file mode 100644 index 0000000..0fbba66 --- /dev/null +++ b/tls/testtls/asserts/sm2-cert/client.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICizCCAjKgAwIBAgIJAJUMxIKQKAjxMAoGCCqBHM9VAYN1MIGhMQswCQYDVQQG +EwJDTjELMAkGA1UECAwCR0QxDjAMBgNVBAcMBUx1b2h1MRMwEQYDVQQKDApHaG9z +dCBMVEQuMRQwEgYDVQQLDAtzZWxmIHNtMiBjYTEpMCcGA1UEAwwgbG9jYWxob3N0 +LDEyNy4wLjAuMSwxMC42LjIyOC4yNDcxHzAdBgkqhkiG9w0BCQEWEDg3NzAyMDkw +N0BxcS5jb20wHhcNMjEwMTA4MDc1NzAyWhcNMzEwMTA2MDc1NzAyWjCBpTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkdEMQ4wDAYDVQQHDAVMdW9odTETMBEGA1UECgwK +R2hvc3QgTFRELjEYMBYGA1UECwwPdGVzdCBTTTIgY2xpZW50MSkwJwYDVQQDDCBs +b2NhbGhvc3QsMTI3LjAuMC4xLDEwLjYuMjI4LjI0NzEfMB0GCSqGSIb3DQEJARYQ +ODc3MDIwOTA3QHFxLmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPX2f0SN +5sWRnrFHTpjYLZ7FWdPuebvaMl3wPu10e81m8GSS1cfkNkywzY+hAg+BGN36YzJC +rUC2cFmWbU/GzaujTTBLMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMDEGA1UdEQQq +MCiCCWxvY2FsaG9zdIIPd3d3LmV4YW1wbGUuY29thwR/AAABhwQKBuT3MAoGCCqB +HM9VAYN1A0cAMEQCIBkyUzAmvRfr9eu5DXhnUqv/phqsQ6YKQQXah4VT79SlAiBv +Tnv5HrQmyodbzlAkFoHsPYWmJ1MZ4d1LWNwlValXTw== +-----END CERTIFICATE----- diff --git a/tls/testtls/asserts/sm2-cert/client.key b/tls/testtls/asserts/sm2-cert/client.key new file mode 100644 index 0000000..cdbc2ae --- /dev/null +++ b/tls/testtls/asserts/sm2-cert/client.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgQcdwt82tejD8TfSP +5/KCeqnCbfgaa2i/HBinjpiyinShRANCAAT19n9EjebFkZ6xR06Y2C2exVnT7nm7 +2jJd8D7tdHvNZvBkktXH5DZMsM2PoQIPgRjd+mMyQq1AtnBZlm1Pxs2r +-----END PRIVATE KEY----- diff --git a/tls/testtls/asserts/sm2-cert/server.crt b/tls/testtls/asserts/sm2-cert/server.crt new file mode 100644 index 0000000..47172f8 --- /dev/null +++ b/tls/testtls/asserts/sm2-cert/server.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjTCCAjKgAwIBAgIJAJUMxIKQKAjwMAoGCCqBHM9VAYN1MIGhMQswCQYDVQQG +EwJDTjELMAkGA1UECAwCR0QxDjAMBgNVBAcMBUx1b2h1MRMwEQYDVQQKDApHaG9z +dCBMVEQuMRQwEgYDVQQLDAtzZWxmIHNtMiBjYTEpMCcGA1UEAwwgbG9jYWxob3N0 +LDEyNy4wLjAuMSwxMC42LjIyOC4yNDcxHzAdBgkqhkiG9w0BCQEWEDg3NzAyMDkw +N0BxcS5jb20wHhcNMjEwMTA4MDc1MzI2WhcNMzEwMTA2MDc1MzI2WjCBpTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkdEMQ4wDAYDVQQHDAVMdW9odTETMBEGA1UECgwK +R2hvc3QgTFRELjEYMBYGA1UECwwPdGVzdCBTTTIgc2VydmVyMSkwJwYDVQQDDCBs +b2NhbGhvc3QsMTI3LjAuMC4xLDEwLjYuMjI4LjI0NzEfMB0GCSqGSIb3DQEJARYQ +ODc3MDIwOTA3QHFxLmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABCARGkdq +cPb+LsgzdHiomAgm4hVGBBXrzTvNz3Aj4qXx5v76ILz9wlc/RyrUEZ98DonTD93l +MKI/0YHaPAraAYijTTBLMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMDEGA1UdEQQq +MCiCCWxvY2FsaG9zdIIPd3d3LmV4YW1wbGUuY29thwR/AAABhwQKBuT3MAoGCCqB +HM9VAYN1A0kAMEYCIQDtCd5f3FG7QtGRtE2GYUAnyTGQXpP7ktFuQunax4kEmQIh +AMBbD/6itquu3ryg/IvtkOQPLX9zQBK0vl0Z/G46u9ux +-----END CERTIFICATE----- diff --git a/tls/testtls/asserts/sm2-cert/server.key b/tls/testtls/asserts/sm2-cert/server.key new file mode 100644 index 0000000..6215243 --- /dev/null +++ b/tls/testtls/asserts/sm2-cert/server.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgFhpPBBnsAStWk38U +PZXfSy3ooYPlp+k0abnTjCwykjKhRANCAAQgERpHanD2/i7IM3R4qJgIJuIVRgQV +6807zc9wI+Kl8eb++iC8/cJXP0cq1BGffA6J0w/d5TCiP9GB2jwK2gGI +-----END PRIVATE KEY----- diff --git a/tls/testtls/asserts/sm2-double-cert/CA.crt b/tls/testtls/asserts/sm2-double-cert/CA.crt new file mode 100644 index 0000000..13c7d51 --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/CA.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWzCCAgCgAwIBAgIJAILix2ZGxRBLMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG +EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl +aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT +UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy +MjAwMjQzMDJaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM +B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x +FTATBgNVBAsMDFNPUkIgb2YgVEFTUzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTBZ +MBMGByqGSM49AgEGCCqBHM9VAYItA0IABJ4uySAukcBihh14/ada2Gm282G0KxZ0 +lnKL2bDwgfGC6BLVmmfZVe64Yi0+qDlqa1ew1REQBRtgK5144WngfWWjXTBbMB0G +A1UdDgQWBBTkAQ5kQqitTZchpKZlXsZVdKbOcDAfBgNVHSMEGDAWgBTkAQ5kQqit +TZchpKZlXsZVdKbOcDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzP +VQGDdQNJADBGAiEAnMAJq++PNyE9eBnPbsK5jb5rIWdF2MXhNZBm7pE5OAACIQCt +UxfT4oi7FO8aYoLeX5bCIzwcFeGO33IJZ9CN4vXxbg== +-----END CERTIFICATE----- diff --git a/tls/testtls/asserts/sm2-double-cert/CE.crt b/tls/testtls/asserts/sm2-double-cert/CE.crt new file mode 100644 index 0000000..4dd4a31 --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/CE.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGzCCAcGgAwIBAgIJANwIELtod96iMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG +EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl +aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT +UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy +MjAwMjQzMDJaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM +B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x +FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRY2xpZW50IHNpZ24gKFNN +MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAS0KSePCA5PuS3YBgtORbZLYGNd +Q5AbCJJL4/URDiZrrRI9Ih9n72FMlcYK9WbwrZIrWgEupP/JqSiJjk2rwdeMoxow +GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDODAKBggqgRzPVQGDdQNIADBFAiA4p9Vg +1MTmqlBXQBjX0hx0C95pwJKJa0Hob68j8cIZFwIhAMND00VsxMuAggU1dNpS3t/j +yTHe2XSlOpTwvyTXvQaV +-----END CERTIFICATE----- diff --git a/tls/testtls/asserts/sm2-double-cert/CE.key b/tls/testtls/asserts/sm2-double-cert/CE.key new file mode 100644 index 0000000..fe4a922 --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/CE.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgptf/oaiTIt/sJ6VD +zpE6kv2a5CCuIion0ZYyjFdVRQ6hRANCAAS0KSePCA5PuS3YBgtORbZLYGNdQ5Ab +CJJL4/URDiZrrRI9Ih9n72FMlcYK9WbwrZIrWgEupP/JqSiJjk2rwdeM +-----END PRIVATE KEY----- diff --git a/tls/testtls/asserts/sm2-double-cert/CS.crt b/tls/testtls/asserts/sm2-double-cert/CS.crt new file mode 100644 index 0000000..d8253e4 --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/CS.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHDCCAcGgAwIBAgIJANwIELtod96hMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG +EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl +aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT +UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy +MjAwMjQzMDJaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM +B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x +FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRY2xpZW50IHNpZ24gKFNN +MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAARP6AVDkIRYM+2HOX4TTRuoZ/uI +PD0FqKjuIq/bxh+7OD5P2b8/mb562UQ270OR81iHt3jk+L8J8qm5lrT+5qpsoxow +GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNJADBGAiEAz4EA +CQEWkBzKsvzEzt+u/30WA0iuUVAjBN5Ca5Ar25oCIQDRTQGBMb3A/qWlrtlfS5ff +j4t7YkGGOVpiuCEgyaIpsQ== +-----END CERTIFICATE----- diff --git a/tls/testtls/asserts/sm2-double-cert/CS.key b/tls/testtls/asserts/sm2-double-cert/CS.key new file mode 100644 index 0000000..ecec4f6 --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/CS.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgnXmZdW9d8UmIjq13 +0jWR3ZFNGXSNe+kqn0pEn4kLJVShRANCAARP6AVDkIRYM+2HOX4TTRuoZ/uIPD0F +qKjuIq/bxh+7OD5P2b8/mb562UQ270OR81iHt3jk+L8J8qm5lrT+5qps +-----END PRIVATE KEY----- diff --git a/tls/testtls/asserts/sm2-double-cert/SE.crt b/tls/testtls/asserts/sm2-double-cert/SE.crt new file mode 100644 index 0000000..0a84017 --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/SE.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGjCCAcCgAwIBAgIJANwIELtod96gMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG +EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl +aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT +UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy +MjAwMjQzMDJaMIGFMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM +B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x +FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEZMBcGA1UEAwwQc2VydmVyIGVuYyAoU00y +KTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABJMN0lJB3cCuwhxcv7YXui6qhHKg +WsXzP+Tt+/GarY4Eq2Vku4jrjEELnliKKpLUf1B9OFcxUeX6DvN0HqfCLQyjGjAY +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgM4MAoGCCqBHM9VAYN1A0gAMEUCIEuHK3jD +hRByrwNsHUQHQZykWYbvyRaNhqqC+wRPSe85AiEArbzMe23S7u0ZKdDsbACQdYun +9e0vrR6IkRkoZfRqlMI= +-----END CERTIFICATE----- diff --git a/tls/testtls/asserts/sm2-double-cert/SE.key b/tls/testtls/asserts/sm2-double-cert/SE.key new file mode 100644 index 0000000..3bc86c6 --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/SE.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg7nHT72XH1BGWhPj1 +ACsSzidahaBVLItk9f7LYubyFgOhRANCAASTDdJSQd3ArsIcXL+2F7ouqoRyoFrF +8z/k7fvxmq2OBKtlZLuI64xBC55YiiqS1H9QfThXMVHl+g7zdB6nwi0M +-----END PRIVATE KEY----- diff --git a/tls/testtls/asserts/sm2-double-cert/SS.crt b/tls/testtls/asserts/sm2-double-cert/SS.crt new file mode 100644 index 0000000..913307b --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/SS.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGzCCAcGgAwIBAgIJANwIELtod96fMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG +EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl +aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT +UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy +MjAwMjQzMDJaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM +B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x +FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRc2VydmVyIHNpZ24gKFNN +MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAARbyYnV/Z4LzRMaFn9YSnarqfsu +X8GE15xqApL+bjluqsvsFwWWLS1J0NWxPdHn+3hNehlB/2Ae2Ze2kpyyonCSoxow +GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiBoT5qV +s7tpYVSdHUfNkFSBHmI4zNSs6+RyKi/pVAUIvgIhAJm2VZ62wbUC4IkfpATTM9W2 +BkzEaNLlHK/hq3IiJfjo +-----END CERTIFICATE----- diff --git a/tls/testtls/asserts/sm2-double-cert/SS.key b/tls/testtls/asserts/sm2-double-cert/SS.key new file mode 100644 index 0000000..da81ad4 --- /dev/null +++ b/tls/testtls/asserts/sm2-double-cert/SS.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgMHgTzjoT9Db7IMif +TImlZILlsf40g/R0Gl2vhSJvnm+hRANCAARbyYnV/Z4LzRMaFn9YSnarqfsuX8GE +15xqApL+bjluqsvsFwWWLS1J0NWxPdHn+3hNehlB/2Ae2Ze2kpyyonCS +-----END PRIVATE KEY----- diff --git a/tls/testtls/tls-double-cert/client.go b/tls/testtls/tls-double-cert/client.go new file mode 100644 index 0000000..5c3b533 --- /dev/null +++ b/tls/testtls/tls-double-cert/client.go @@ -0,0 +1,63 @@ +package main + +import ( + "fmt" + "github.com/Hyperledger-TWGC/ccs-gm/tls" + "github.com/Hyperledger-TWGC/ccs-gm/x509" + "io/ioutil" + "log" +) + +func main() { + const address = "127.0.0.1:6443" + const caFile = "../asserts/sm2-double-cert/CA.crt" + const signCertFile = "../asserts/sm2-double-cert/CS.crt" + const signKeyFile = "../asserts/sm2-double-cert/CS.key" + const encCertFile = "../asserts/sm2-double-cert/CE.crt" + const encKeyFile = "../asserts/sm2-double-cert/CE.key" + + clientRun(address, caFile, signCertFile, signKeyFile, encCertFile, encKeyFile) +} + +func clientRun(address, caFile, signCertFile, signKeyFile, encCertFile, encKeyFile string) { + signCert, err := tls.LoadX509KeyPair(signCertFile, signKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + encCert, err := tls.LoadX509KeyPair(encCertFile, encKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + certBytes, err := ioutil.ReadFile(caFile) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM(certBytes) + if !ok { + log.Fatalln("Failed to parse root certificate") + } + conf := &tls.Config{ + RootCAs: clientCertPool, + Certificates: []tls.Certificate{signCert, encCert}, + InsecureSkipVerify: true, + GMSupport: &tls.GMSupport{}, + } + conn, err := tls.Dial("tcp", address, conf) + if err != nil { + log.Fatalf("Cannot to connect: %v", err) + } else { + log.Printf("Connecting to %s\n", address) + } + defer conn.Close() + n, err := conn.Write([]byte("client hello\n")) + if err != nil { + log.Fatalf("Failed to write num: %v, err:%v", n, err) + } + buf := make([]byte, 100) + n, err = conn.Read(buf) + if err != nil { + log.Fatalf("Failed to read num: %v, err:%v", n, err) + } + fmt.Printf("Receive server message: %s\n", string(buf[:n])) +} diff --git a/tls/testtls/tls-double-cert/server.go b/tls/testtls/tls-double-cert/server.go new file mode 100644 index 0000000..d818918 --- /dev/null +++ b/tls/testtls/tls-double-cert/server.go @@ -0,0 +1,81 @@ +package main + +import ( + "bufio" + "fmt" + "github.com/Hyperledger-TWGC/ccs-gm/tls" + "github.com/Hyperledger-TWGC/ccs-gm/x509" + "io/ioutil" + "log" + "net" +) + +func main() { + const address = "127.0.0.1:6443" + const caFile = "../asserts/sm2-double-cert/CA.crt" + const signCertFile = "../asserts/sm2-double-cert/SS.crt" + const signKeyFile = "../asserts/sm2-double-cert/SS.key" + const encCertFile = "../asserts/sm2-double-cert/SE.crt" + const encKeyFile = "../asserts/sm2-double-cert/SE.key" + + serverRun(address, caFile, signCertFile, signKeyFile, encCertFile, encKeyFile) +} + +func serverRun(address, caFile, signCertFile, signKeyFile, encCertFile, encKeyFile string) { + signCert, err := tls.LoadX509KeyPair(signCertFile, signKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + encCert, err := tls.LoadX509KeyPair(encCertFile, encKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + + certBytes, err := ioutil.ReadFile(caFile) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM(certBytes) + if !ok { + log.Fatalln("Failed to parse root certificate") + } + config := &tls.Config{ + Certificates: []tls.Certificate{signCert, encCert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: clientCertPool, + GMSupport: &tls.GMSupport{}, + } + ln, err := tls.Listen("tcp", address, config) + if err != nil { + log.Fatalf("Failed to listen: %v", err) + } else { + log.Println("Starting server...") + } + defer ln.Close() + for { + conn, err := ln.Accept() + if err != nil { + log.Println(err) + continue + } + go handleConn(conn) + } +} + +func handleConn(conn net.Conn) { + defer conn.Close() + r := bufio.NewReader(conn) + for { + msg, err := r.ReadString('\n') + if err != nil { + log.Println(err) + return + } + fmt.Printf("Receive client message:%s\n", msg) + n, err := conn.Write([]byte("server hello\n")) + if err != nil { + log.Fatalf("Failed to Write num: %v, err: %v", n, err) + } + } +} diff --git a/tls/testtls/tls-double-cert/tls-double-cert_test.go b/tls/testtls/tls-double-cert/tls-double-cert_test.go new file mode 100644 index 0000000..91b009d --- /dev/null +++ b/tls/testtls/tls-double-cert/tls-double-cert_test.go @@ -0,0 +1,143 @@ +package main + +import ( + "bufio" + "fmt" + "github.com/Hyperledger-TWGC/ccs-gm/tls" + "github.com/Hyperledger-TWGC/ccs-gm/x509" + "io/ioutil" + "log" + "net" + "testing" + "time" +) + +var end chan bool + +const ( + address = "127.0.0.1:6443" + caFile = "../asserts/sm2-double-cert/CA.crt" + serverSignCertFile = "../asserts/sm2-double-cert/SS.crt" + serverSignKeyFile = "../asserts/sm2-double-cert/SS.key" + serverEncCertFile = "../asserts/sm2-double-cert/SE.crt" + serverEncKeyFile = "../asserts/sm2-double-cert/SE.key" + clientSignCertFile = "../asserts/sm2-double-cert/CS.crt" + clientSignKeyFile = "../asserts/sm2-double-cert/CS.key" + clientEncCertFile = "../asserts/sm2-double-cert/CE.crt" + clientEncKeyFile = "../asserts/sm2-double-cert/CE.key" +) + +func Test(t *testing.T) { + end = make(chan bool, 64) + go testServerRun() + time.Sleep(1000000) + go testClientChanRun() + <-end +} + +func testClientChanRun() { + testClientRun() + end <- true +} + +func testClientRun() { + signCert, err := tls.LoadX509KeyPair(clientSignCertFile, clientSignKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + encCert, err := tls.LoadX509KeyPair(clientEncCertFile, clientEncKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + certBytes, err := ioutil.ReadFile(caFile) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM(certBytes) + if !ok { + log.Fatalln("Failed to parse root certificate") + } + conf := &tls.Config{ + RootCAs: clientCertPool, + Certificates: []tls.Certificate{signCert, encCert}, + InsecureSkipVerify: true, + GMSupport: &tls.GMSupport{}, + } + conn, err := tls.Dial("tcp", address, conf) + if err != nil { + log.Fatalf("Cannot to connect: %v", err) + } else { + log.Printf("Connecting to %s\n", address) + } + defer conn.Close() + n, err := conn.Write([]byte("client hello\n")) + if err != nil { + log.Fatalf("Failed to write num: %v, err:%v", n, err) + } + buf := make([]byte, 100) + n, err = conn.Read(buf) + if err != nil { + log.Fatalf("Failed to read num: %v, err:%v", n, err) + } + fmt.Printf("Receive server message: %s\n", string(buf[:n])) +} + +func testServerRun() { + signCert, err := tls.LoadX509KeyPair(serverSignCertFile, serverSignKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + encCert, err := tls.LoadX509KeyPair(serverEncCertFile, serverEncKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + + certBytes, err := ioutil.ReadFile(caFile) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM(certBytes) + if !ok { + log.Fatalln("Failed to parse root certificate") + } + config := &tls.Config{ + Certificates: []tls.Certificate{signCert, encCert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: clientCertPool, + GMSupport: &tls.GMSupport{}, + } + ln, err := tls.Listen("tcp", address, config) + if err != nil { + log.Fatalf("Failed to listen: %v", err) + } else { + log.Println("Starting server...") + } + defer ln.Close() + for { + conn, err := ln.Accept() + if err != nil { + log.Println(err) + continue + } + go handleServerConn(conn) + } +} + +func handleServerConn(conn net.Conn) { + defer conn.Close() + r := bufio.NewReader(conn) + for { + msg, err := r.ReadString('\n') + if err != nil { + log.Println(err) + return + } + fmt.Printf("Receive client message:%s\n", msg) + n, err := conn.Write([]byte("server hello\n")) + if err != nil { + log.Fatalf("Failed to Write num: %v, err: %v", n, err) + } + } +} diff --git a/tls/testtls/tls-single-cert/client.go b/tls/testtls/tls-single-cert/client.go new file mode 100644 index 0000000..bcbfc69 --- /dev/null +++ b/tls/testtls/tls-single-cert/client.go @@ -0,0 +1,56 @@ +package main + +import ( + "fmt" + "github.com/Hyperledger-TWGC/ccs-gm/tls" + "github.com/Hyperledger-TWGC/ccs-gm/x509" + "io/ioutil" + "log" +) + +func main() { + const address = "127.0.0.1:6443" + const certFile = "../asserts/sm2-cert/client.crt" + const keyFile = "../asserts/sm2-cert/client.key" + const caFile = "../asserts/sm2-cert/ca.crt" + clientRun(address, caFile, certFile, keyFile) +} + +func clientRun(address , caFile , certFile , keyFile string) { + cert, err := tls.LoadX509KeyPair(certFile, keyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + certBytes, err := ioutil.ReadFile(caFile) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM(certBytes) + if !ok { + log.Fatalln("Failed to parse root certificate") + } + conf := &tls.Config{ + RootCAs: clientCertPool, + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: true, + GMSupport: &tls.GMSupport{}, + } + conn, err := tls.Dial("tcp", address, conf) + if err != nil { + log.Fatalf("Cannot to connect: %v", err) + } else { + log.Printf("Connecting to %s\n", address) + } + defer conn.Close() + n, err := conn.Write([]byte("client hello\n")) + if err != nil { + log.Fatalf("Failed to write num: %v, err:%v", n, err) + } + buf := make([]byte, 100) + n, err = conn.Read(buf) + if err != nil { + log.Fatalf("Failed to read num: %v, err:%v", n, err) + } + fmt.Printf("Receive server message: %s\n", string(buf[:n])) +} diff --git a/tls/testtls/tls-single-cert/server.go b/tls/testtls/tls-single-cert/server.go new file mode 100644 index 0000000..41ea2a2 --- /dev/null +++ b/tls/testtls/tls-single-cert/server.go @@ -0,0 +1,74 @@ +package main + +import ( + "bufio" + "fmt" + "github.com/Hyperledger-TWGC/ccs-gm/tls" + "github.com/Hyperledger-TWGC/ccs-gm/x509" + "io/ioutil" + "log" + "net" +) + +func main() { + const address = "127.0.0.1:6443" + const certFile = "../asserts/sm2-cert/server.crt" + const keyFile = "../asserts/sm2-cert/server.key" + const caFile = "../asserts/sm2-cert/ca.crt" + + serverRun(address, caFile, certFile, keyFile) +} + +func serverRun(address , caFile , certFile , keyFile string) { + cert, err := tls.LoadX509KeyPair(certFile, keyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + certBytes, err := ioutil.ReadFile(caFile) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM(certBytes) + if !ok { + log.Fatalln("Failed to parse root certificate") + } + config := &tls.Config{ + Certificates: []tls.Certificate{cert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: clientCertPool, + GMSupport: &tls.GMSupport{}, + } + ln, err := tls.Listen("tcp", address, config) + if err != nil { + log.Fatalf("Failed to listen: %v", err) + } else { + log.Println("Starting server...") + } + defer ln.Close() + for { + conn, err := ln.Accept() + if err != nil { + log.Println(err) + continue + } + go handleConn(conn) + } +} + +func handleConn(conn net.Conn) { + defer conn.Close() + r := bufio.NewReader(conn) + for { + msg, err := r.ReadString('\n') + if err != nil { + log.Println(err) + return + } + fmt.Printf("Receive client message:%s\n", msg) + n, err := conn.Write([]byte("server hello\n")) + if err != nil { + log.Fatalf("Failed to Write num: %v, err: %v", n, err) + } + } +} diff --git a/tls/testtls/tls-single-cert/tls-single-cert_test.go b/tls/testtls/tls-single-cert/tls-single-cert_test.go new file mode 100644 index 0000000..cf69bac --- /dev/null +++ b/tls/testtls/tls-single-cert/tls-single-cert_test.go @@ -0,0 +1,133 @@ +package main + +import ( + "bufio" + "github.com/Hyperledger-TWGC/ccs-gm/tls" + "github.com/Hyperledger-TWGC/ccs-gm/x509" + "fmt" + "io/ioutil" + "log" + "net" + "testing" + "time" +) + +var end chan bool + +const ( + address = "127.0.0.1:6443" + caFile = "../asserts/sm2-cert/ca.crt" + serverCertFile = "../asserts/sm2-cert/server.crt" + serverKeyFile = "../asserts/sm2-cert/server.key" + clientCertFile = "../asserts/sm2-cert/client.crt" + clientKeyFile = "../asserts/sm2-cert/client.key" +) + +func Test(t *testing.T) { + end = make(chan bool, 64) + go testServerRun() + time.Sleep(1000000) + go testClientChanRun() + <-end +} + +func testClientChanRun() { + testClientRun() + end <- true +} + +func testClientRun() { + cert, err := tls.LoadX509KeyPair(clientCertFile, clientKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + certBytes, err := ioutil.ReadFile(caFile) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM(certBytes) + if !ok { + log.Fatalln("Failed to parse root certificate") + } + conf := &tls.Config{ + RootCAs: clientCertPool, + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: false, + GMSupport: &tls.GMSupport{}, + } + conn, err := tls.Dial("tcp", address, conf) + if err != nil { + log.Fatalf("Cannot to connect: %v", err) + } else { + log.Printf("Connecting to %s\n", address) + } + defer conn.Close() + n, err := conn.Write([]byte("client hello\n")) + if err != nil { + log.Fatalf("Failed to write num: %v, err:%v", n, err) + } + buf := make([]byte, 100) + n, err = conn.Read(buf) + if err != nil { + log.Fatalf("Failed to read num: %v, err:%v", n, err) + } + fmt.Printf("Receive server message: %s\n", string(buf[:n])) +} + +func testServerRun() { + cert, err := tls.LoadX509KeyPair(serverCertFile, serverKeyFile) + if err != nil { + log.Fatalf("Failed to load LoadX509KeyPair: %v", err) + } + certBytes, err := ioutil.ReadFile(caFile) + if err != nil { + log.Fatalf("Failed to read certificate file: %v", err) + } + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM(certBytes) + if !ok { + log.Fatalln("Failed to parse root certificate") + } + config := &tls.Config{ + Certificates: []tls.Certificate{cert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: clientCertPool, + GMSupport: &tls.GMSupport{}, + } + ln, err := tls.Listen("tcp", address, config) + if err != nil { + log.Fatalf("Failed to listen: %v", err) + } else { + log.Println("Starting server...") + } + defer ln.Close() + for { + conn, err := ln.Accept() + if err != nil { + log.Println(err) + continue + } + go handleServerConn(conn) + } +} + +func handleServerConn(conn net.Conn) { + defer conn.Close() + r := bufio.NewReader(conn) + for { + msg, err := r.ReadString('\n') + if err != nil { + log.Println(err) + return + } + fmt.Printf("Receive client message:%s\n", msg) + n, err := conn.Write([]byte("server hello\n")) + if err != nil { + log.Fatalf("Failed to Write num: %v, err: %v", n, err) + } + } +} + + + From 1d1c127dc39217b93fce9eebdf1bca152a523782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E6=A1=82=E5=86=9B?= Date: Fri, 15 Jan 2021 01:16:15 +0800 Subject: [PATCH 2/3] support azure tls test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 陈桂军 --- azure-pipelines.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 8f64899..52b1df8 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -21,6 +21,8 @@ steps: - script: go test -v ./sm4/... --bench=. -cover - script: go test -v ./utils/... --bench=. -cover - script: go test -v ./internal/... --bench=. -cover + - script: go test -v -tags=single_cert ./tls/testtls/tls-single-cert/tls-single-cert_test.go + - script: go test -v ./tls/testtls/tls-double-cert/tls-double-cert_test.go # TODO: this lib has error #- script: go test -v ./x509/... --bench=. -cover # TODO: this lib testing hang up From 8c2d4a75bda28d96034067547d98ee1173e15cdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E6=A1=82=E5=86=9B?= Date: Tue, 9 Mar 2021 09:23:16 +0800 Subject: [PATCH 3/3] repair -- handshake error : tls: first record does not look like a TLS handshake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 陈桂军 --- tls/gm_handshake_client.go | 2 +- tls/gm_handshake_client_double.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tls/gm_handshake_client.go b/tls/gm_handshake_client.go index d5b5312..98cda18 100644 --- a/tls/gm_handshake_client.go +++ b/tls/gm_handshake_client.go @@ -320,7 +320,7 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error { certRequested = true hs.finishedHash.Write(certReq.marshal()) - if chainToSend, err = hs.getCertificate(certReq); err != nil || chainToSend.Certificate == nil { + if chainToSend, err = hs.getCertificate(certReq); err != nil { c.sendAlert(alertInternalError) return err } diff --git a/tls/gm_handshake_client_double.go b/tls/gm_handshake_client_double.go index 55920fc..e65bb3d 100644 --- a/tls/gm_handshake_client_double.go +++ b/tls/gm_handshake_client_double.go @@ -313,7 +313,7 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error { certRequested = true hs.finishedHash.Write(certReq.marshal()) - if chainToSend, err = hs.getCertificate(certReq); err != nil || chainToSend.Certificate == nil { + if chainToSend, err = hs.getCertificate(certReq); err != nil { c.sendAlert(alertInternalError) return err }