1/*- 2 * Copyright 2014 Square Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package jose 18 19import ( 20 "crypto/ecdsa" 21 "crypto/rand" 22 "crypto/rsa" 23 "encoding/base64" 24 "encoding/hex" 25 "math/big" 26 "regexp" 27 "testing" 28) 29 30// Reset random reader to original value 31func resetRandReader() { 32 randReader = rand.Reader 33} 34 35// Build big int from hex-encoded string. Strips whitespace (for testing). 36func fromHexInt(base16 string) *big.Int { 37 re := regexp.MustCompile(`\s+`) 38 val, ok := new(big.Int).SetString(re.ReplaceAllString(base16, ""), 16) 39 if !ok { 40 panic("Invalid test data") 41 } 42 return val 43} 44 45// Build big int from base64-encoded string. Strips whitespace (for testing). 46func fromBase64Int(base64 string) *big.Int { 47 re := regexp.MustCompile(`\s+`) 48 val, err := base64URLDecode(re.ReplaceAllString(base64, "")) 49 if err != nil { 50 panic("Invalid test data") 51 } 52 return new(big.Int).SetBytes(val) 53} 54 55// Decode hex-encoded string into byte array. Strips whitespace (for testing). 56func fromHexBytes(base16 string) []byte { 57 re := regexp.MustCompile(`\s+`) 58 val, err := hex.DecodeString(re.ReplaceAllString(base16, "")) 59 if err != nil { 60 panic("Invalid test data") 61 } 62 return val 63} 64 65// Decode base64-encoded string into byte array. Strips whitespace (for testing). 66func fromBase64Bytes(b64 string) []byte { 67 re := regexp.MustCompile(`\s+`) 68 val, err := base64.StdEncoding.DecodeString(re.ReplaceAllString(b64, "")) 69 if err != nil { 70 panic("Invalid test data") 71 } 72 return val 73} 74 75// Test vectors below taken from crypto/x509/x509_test.go in the Go std lib. 76 77var pkixPublicKey = `-----BEGIN PUBLIC KEY----- 78MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VoPN9PKUjKFLMwOge6+ 79wnDi8sbETGIx2FKXGgqtAKpzmem53kRGEQg8WeqRmp12wgp74TGpkEXsGae7RS1k 80enJCnma4fii+noGH7R0qKgHvPrI2Bwa9hzsH8tHxpyM3qrXslOmD45EH9SxIDUBJ 81FehNdaPbLP1gFyahKMsdfxFJLUvbUycuZSJ2ZnIgeVxwm4qbSvZInL9Iu4FzuPtg 82fINKcbbovy1qq4KvPIrXzhbY3PWDc6btxCf3SE0JdE1MCPThntB62/bLMSQ7xdDR 83FF53oIpvxe/SCOymfWq/LW849Ytv3Xwod0+wzAP8STXG4HSELS4UedPYeHJJJYcZ 84+QIDAQAB 85-----END PUBLIC KEY-----` 86 87var pkcs1PrivateKey = `-----BEGIN RSA PRIVATE KEY----- 88MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0 89fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu 90/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu 91RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/ 92EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A 93IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS 94tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V 95-----END RSA PRIVATE KEY-----` 96 97var ecdsaSHA256p384CertPem = ` 98-----BEGIN CERTIFICATE----- 99MIICSjCCAdECCQDje/no7mXkVzAKBggqhkjOPQQDAjCBjjELMAkGA1UEBhMCVVMx 100EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS 101BgNVBAoMC0dvb2dsZSwgSW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEG 102CSqGSIb3DQEJARYUZ29sYW5nLWRldkBnbWFpbC5jb20wHhcNMTIwNTIxMDYxMDM0 103WhcNMjIwNTE5MDYxMDM0WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm 104b3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSwg 105SW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEGCSqGSIb3DQEJARYUZ29s 106YW5nLWRldkBnbWFpbC5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARRuzRNIKRK 107jIktEmXanNmrTR/q/FaHXLhWRZ6nHWe26Fw7Rsrbk+VjGy4vfWtNn7xSFKrOu5ze 108qxKnmE0h5E480MNgrUiRkaGO2GMJJVmxx20aqkXOk59U8yGA4CghE6MwCgYIKoZI 109zj0EAwIDZwAwZAIwBZEN8gvmRmfeP/9C1PRLzODIY4JqWub2PLRT4mv9GU+yw3Gr 110PU9A3CHMdEcdw/MEAjBBO1lId8KOCh9UZunsSMfqXiVurpzmhWd6VYZ/32G+M+Mh 1113yILeYQzllt/g0rKVRk= 112-----END CERTIFICATE-----` 113 114var ecdsaSHA256p384CertDer = fromBase64Bytes(` 115MIICSjCCAdECCQDje/no7mXkVzAKBggqhkjOPQQDAjCBjjELMAkGA1UEBhMCVVMx 116EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS 117BgNVBAoMC0dvb2dsZSwgSW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEG 118CSqGSIb3DQEJARYUZ29sYW5nLWRldkBnbWFpbC5jb20wHhcNMTIwNTIxMDYxMDM0 119WhcNMjIwNTE5MDYxMDM0WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm 120b3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSwg 121SW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEGCSqGSIb3DQEJARYUZ29s 122YW5nLWRldkBnbWFpbC5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARRuzRNIKRK 123jIktEmXanNmrTR/q/FaHXLhWRZ6nHWe26Fw7Rsrbk+VjGy4vfWtNn7xSFKrOu5ze 124qxKnmE0h5E480MNgrUiRkaGO2GMJJVmxx20aqkXOk59U8yGA4CghE6MwCgYIKoZI 125zj0EAwIDZwAwZAIwBZEN8gvmRmfeP/9C1PRLzODIY4JqWub2PLRT4mv9GU+yw3Gr 126PU9A3CHMdEcdw/MEAjBBO1lId8KOCh9UZunsSMfqXiVurpzmhWd6VYZ/32G+M+Mh 1273yILeYQzllt/g0rKVRk=`) 128 129var pkcs8ECPrivateKey = ` 130-----BEGIN PRIVATE KEY----- 131MIHtAgEAMBAGByqGSM49AgEGBSuBBAAjBIHVMIHSAgEBBEHqkl65VsjYDQWIHfgv 132zQLPa0JZBsaJI16mjiH8k6VA4lgfK/KNldlEsY433X7wIzo43u8OpX7Nv7n8pVRH 13315XWK6GBiQOBhgAEAfDuikMI4bWsyse7t8iSCmjt9fneW/qStZuIPuVLo7mSJdud 134Cs3J/x9wOnnhLv1u+0atnq5HKKdL4ff3itJPlhmSAQzByKQ5LTvB7d6fn95GJVK/ 135hNuS5qGBpB7qeMXVFoki0/2RZIOway8/fXjmNYwe4v/XB5LLn4hcTvEUGYcF8M9K 136-----END PRIVATE KEY-----` 137 138var ecPrivateKey = ` 139-----BEGIN EC PRIVATE KEY----- 140MIHcAgEBBEIBv2rdY9mWGD/UgiuXB0LJcUzgaB6TXq/Ra1jrZKBV3IGSacM5QDFu 141N8yrywiQaTDEqn1zVcLwrnqoQux3gWN1jxugBwYFK4EEACOhgYkDgYYABAFJgaM/ 1422a3+gE6Khm/1PYftqNwAzQ21HSLp27q2lTN+GBFho691ARFRkr9UzlQ8gRnhkTbu 143yGfASamlHsYlr3Tv+gFc4BY8SU0q8kzpQ0dOHWFk7dfGFmKwhJrSFIIOeRn/LY03 144XsVFctNDsGhobS2JguQrxhGx8Ll7vQCakV/PEmCQJA== 145-----END EC PRIVATE KEY-----` 146 147var ecPrivateKeyDer = fromBase64Bytes(` 148MIHcAgEBBEIBv2rdY9mWGD/UgiuXB0LJcUzgaB6TXq/Ra1jrZKBV3IGSacM5QDFu 149N8yrywiQaTDEqn1zVcLwrnqoQux3gWN1jxugBwYFK4EEACOhgYkDgYYABAFJgaM/ 1502a3+gE6Khm/1PYftqNwAzQ21HSLp27q2lTN+GBFho691ARFRkr9UzlQ8gRnhkTbu 151yGfASamlHsYlr3Tv+gFc4BY8SU0q8kzpQ0dOHWFk7dfGFmKwhJrSFIIOeRn/LY03 152XsVFctNDsGhobS2JguQrxhGx8Ll7vQCakV/PEmCQJA==`) 153 154var invalidPemKey = ` 155-----BEGIN PUBLIC KEY----- 156MIHcAgEBBEIBv2rdY9mWGD/UgiuXB0LJcUzgaB6TXq/Ra1jrZKBV3IGSacM5QDFu 157XsVFctNDsGhobS2JguQrxhGx8Ll7vQCakV/PEmCQJA== 158-----END PUBLIC KEY-----` 159 160func TestLoadPublicKey(t *testing.T) { 161 pub, err := LoadPublicKey([]byte(pkixPublicKey)) 162 switch pub.(type) { 163 case *rsa.PublicKey: 164 default: 165 t.Error("failed to parse RSA PKIX public key:", err) 166 } 167 168 pub, err = LoadPublicKey([]byte(ecdsaSHA256p384CertPem)) 169 switch pub.(type) { 170 case *ecdsa.PublicKey: 171 default: 172 t.Error("failed to parse ECDSA X.509 cert:", err) 173 } 174 175 pub, err = LoadPublicKey([]byte(ecdsaSHA256p384CertDer)) 176 switch pub.(type) { 177 case *ecdsa.PublicKey: 178 default: 179 t.Error("failed to parse ECDSA X.509 cert:", err) 180 } 181 182 pub, err = LoadPublicKey([]byte("###")) 183 if err == nil { 184 t.Error("should not parse invalid key") 185 } 186 187 pub, err = LoadPublicKey([]byte(invalidPemKey)) 188 if err == nil { 189 t.Error("should not parse invalid key") 190 } 191} 192 193func TestLoadPrivateKey(t *testing.T) { 194 priv, err := LoadPrivateKey([]byte(pkcs1PrivateKey)) 195 switch priv.(type) { 196 case *rsa.PrivateKey: 197 default: 198 t.Error("failed to parse RSA PKCS1 private key:", err) 199 } 200 201 priv, err = LoadPrivateKey([]byte(pkcs8ECPrivateKey)) 202 if _, ok := priv.(*ecdsa.PrivateKey); !ok { 203 t.Error("failed to parse EC PKCS8 private key:", err) 204 } 205 206 priv, err = LoadPrivateKey([]byte(ecPrivateKey)) 207 if _, ok := priv.(*ecdsa.PrivateKey); !ok { 208 t.Error("failed to parse EC private key:", err) 209 } 210 211 priv, err = LoadPrivateKey([]byte(ecPrivateKeyDer)) 212 if _, ok := priv.(*ecdsa.PrivateKey); !ok { 213 t.Error("failed to parse EC private key:", err) 214 } 215 216 priv, err = LoadPrivateKey([]byte("###")) 217 if err == nil { 218 t.Error("should not parse invalid key") 219 } 220 221 priv, err = LoadPrivateKey([]byte(invalidPemKey)) 222 if err == nil { 223 t.Error("should not parse invalid key") 224 } 225} 226