File Manager

X7ROOT File Manager

Current Path: /opt/golang/1.22.0/src/crypto/x509

opt / golang / 1.22.0 / src / crypto / x509 /

📁 ..
📄 boring.go(993 B)
📄 boring_test.go(3.75 KB)
📄 cert_pool.go(8.93 KB)
📄 cert_pool_test.go(2.25 KB)
📄 example_test.go(5.32 KB)
📄 hybrid_pool_test.go(3.72 KB)
📁 internal
📄 name_constraints_test.go(44.92 KB)
📄 notboring.go(258 B)
📄 oid.go(5.75 KB)
📄 oid_test.go(3.7 KB)
📄 parser.go(36.57 KB)
📄 parser_test.go(2.63 KB)
📄 pem_decrypt.go(7.2 KB)
📄 pem_decrypt_test.go(8.92 KB)
📄 pkcs1.go(4.66 KB)
📄 pkcs8.go(5.8 KB)
📄 pkcs8_test.go(8.95 KB)
📁 pkix
📄 platform_root_cert.pem(749 B)
📄 platform_root_key.pem(227 B)
📄 platform_test.go(7.28 KB)
📄 root.go(2.03 KB)
📄 root_aix.go(410 B)
📄 root_bsd.go(748 B)
📄 root_darwin.go(3.48 KB)
📄 root_darwin_test.go(3.7 KB)
📄 root_linux.go(1.11 KB)
📄 root_plan9.go(828 B)
📄 root_solaris.go(538 B)
📄 root_test.go(2.62 KB)
📄 root_unix.go(2.67 KB)
📄 root_unix_test.go(6.07 KB)
📄 root_wasm.go(373 B)
📄 root_windows.go(8.74 KB)
📄 root_windows_test.go(3.43 KB)
📄 sec1.go(4.58 KB)
📄 sec1_test.go(5.36 KB)
📄 test-file.crt(1.9 KB)
📁 testdata
📄 verify.go(35.3 KB)
📄 verify_test.go(108.97 KB)
📄 x509.go(82.3 KB)
📄 x509_test.go(159.96 KB)
📄 x509_test_import.go(1.7 KB)

Editing: boring_test.go

// Copyright 2022 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build boringcrypto

package x509

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/internal/boring/fipstls"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509/pkix"
	"fmt"
	"math/big"
	"strings"
	"testing"
	"time"
)

const (
	boringCertCA = iota
	boringCertLeaf
	boringCertFIPSOK = 0x80
)

func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey {
	k, err := rsa.GenerateKey(rand.Reader, size)
	if err != nil {
		t.Fatal(err)
	}
	return k
}

func boringECDSAKey(t *testing.T, curve elliptic.Curve) *ecdsa.PrivateKey {
	k, err := ecdsa.GenerateKey(curve, rand.Reader)
	if err != nil {
		t.Fatal(err)
	}
	return k
}

type boringCertificate struct {
	name      string
	org       string
	parentOrg string
	der       []byte
	cert      *Certificate
	key       interface{}
	fipsOK    bool
}

func TestBoringAllowCert(t *testing.T) {
	R1 := testBoringCert(t, "R1", boringRSAKey(t, 2048), nil, boringCertCA|boringCertFIPSOK)
	R2 := testBoringCert(t, "R2", boringRSAKey(t, 512), nil, boringCertCA)
	R3 := testBoringCert(t, "R3", boringRSAKey(t, 4096), nil, boringCertCA|boringCertFIPSOK)

M1_R1 := testBoringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK)
	M2_R1 := testBoringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P224()), R1, boringCertCA)

I_R1 := testBoringCert(t, "I_R1", boringRSAKey(t, 3072), R1, boringCertCA|boringCertFIPSOK)
	testBoringCert(t, "I_R2", I_R1.key, R2, boringCertCA|boringCertFIPSOK)
	testBoringCert(t, "I_M1", I_R1.key, M1_R1, boringCertCA|boringCertFIPSOK)
	testBoringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK)

I_R3 := testBoringCert(t, "I_R3", boringRSAKey(t, 3072), R3, boringCertCA|boringCertFIPSOK)
	testBoringCert(t, "I_R3", I_R3.key, R3, boringCertCA|boringCertFIPSOK)

testBoringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK)
	testBoringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf)
}

func testBoringCert(t *testing.T, name string, key interface{}, parent *boringCertificate, mode int) *boringCertificate {
	org := name
	parentOrg := ""
	if i := strings.Index(org, "_"); i >= 0 {
		org = org[:i]
		parentOrg = name[i+1:]
	}
	tmpl := &Certificate{
		SerialNumber: big.NewInt(1),
		Subject: pkix.Name{
			Organization: []string{org},
		},
		NotBefore: time.Unix(0, 0),
		NotAfter:  time.Unix(0, 0),

KeyUsage:              KeyUsageKeyEncipherment | KeyUsageDigitalSignature,
		ExtKeyUsage:           []ExtKeyUsage{ExtKeyUsageServerAuth, ExtKeyUsageClientAuth},
		BasicConstraintsValid: true,
	}
	if mode&^boringCertFIPSOK == boringCertLeaf {
		tmpl.DNSNames = []string{"example.com"}
	} else {
		tmpl.IsCA = true
		tmpl.KeyUsage |= KeyUsageCertSign
	}

var pcert *Certificate
	var pkey interface{}
	if parent != nil {
		pcert = parent.cert
		pkey = parent.key
	} else {
		pcert = tmpl
		pkey = key
	}

var pub interface{}
	var desc string
	switch k := key.(type) {
	case *rsa.PrivateKey:
		pub = &k.PublicKey
		desc = fmt.Sprintf("RSA-%d", k.N.BitLen())
	case *ecdsa.PrivateKey:
		pub = &k.PublicKey
		desc = "ECDSA-" + k.Curve.Params().Name
	default:
		t.Fatalf("invalid key %T", key)
	}

der, err := CreateCertificate(rand.Reader, tmpl, pcert, pub, pkey)
	if err != nil {
		t.Fatal(err)
	}
	cert, err := ParseCertificate(der)
	if err != nil {
		t.Fatal(err)
	}

// Tell isBoringCertificate to enforce FIPS restrictions for this check.
	fipstls.Force()
	defer fipstls.Abandon()

fipsOK := mode&boringCertFIPSOK != 0
	if boringAllowCert(cert) != fipsOK {
		t.Errorf("boringAllowCert(cert with %s key) = %v, want %v", desc, !fipsOK, fipsOK)
	}
	return &boringCertificate{name, org, parentOrg, der, cert, key, fipsOK}
}

X7ROOT File Manager

Editing: boring_test.go

Upload File

Create Folder