X7ROOT File Manager
Current Path:
/opt/golang/1.22.0/src/crypto/x509
opt
/
golang
/
1.22.0
/
src
/
crypto
/
x509
/
📁
..
📄
boring.go
(993 B)
📄
boring_test.go
(3.75 KB)
📄
cert_pool.go
(8.93 KB)
📄
cert_pool_test.go
(2.25 KB)
📄
example_test.go
(5.32 KB)
📄
hybrid_pool_test.go
(3.72 KB)
📁
internal
📄
name_constraints_test.go
(44.92 KB)
📄
notboring.go
(258 B)
📄
oid.go
(5.75 KB)
📄
oid_test.go
(3.7 KB)
📄
parser.go
(36.57 KB)
📄
parser_test.go
(2.63 KB)
📄
pem_decrypt.go
(7.2 KB)
📄
pem_decrypt_test.go
(8.92 KB)
📄
pkcs1.go
(4.66 KB)
📄
pkcs8.go
(5.8 KB)
📄
pkcs8_test.go
(8.95 KB)
📁
pkix
📄
platform_root_cert.pem
(749 B)
📄
platform_root_key.pem
(227 B)
📄
platform_test.go
(7.28 KB)
📄
root.go
(2.03 KB)
📄
root_aix.go
(410 B)
📄
root_bsd.go
(748 B)
📄
root_darwin.go
(3.48 KB)
📄
root_darwin_test.go
(3.7 KB)
📄
root_linux.go
(1.11 KB)
📄
root_plan9.go
(828 B)
📄
root_solaris.go
(538 B)
📄
root_test.go
(2.62 KB)
📄
root_unix.go
(2.67 KB)
📄
root_unix_test.go
(6.07 KB)
📄
root_wasm.go
(373 B)
📄
root_windows.go
(8.74 KB)
📄
root_windows_test.go
(3.43 KB)
📄
sec1.go
(4.58 KB)
📄
sec1_test.go
(5.36 KB)
📄
test-file.crt
(1.9 KB)
📁
testdata
📄
verify.go
(35.3 KB)
📄
verify_test.go
(108.97 KB)
📄
x509.go
(82.3 KB)
📄
x509_test.go
(159.96 KB)
📄
x509_test_import.go
(1.7 KB)
Editing: hybrid_pool_test.go
// Copyright 2011 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package x509_test import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/tls" "crypto/x509" "crypto/x509/pkix" "internal/testenv" "math/big" "runtime" "testing" "time" ) func TestHybridPool(t *testing.T) { t.Parallel() if !(runtime.GOOS == "windows" || runtime.GOOS == "darwin" || runtime.GOOS == "ios") { t.Skipf("platform verifier not available on %s", runtime.GOOS) } if !testenv.HasExternalNetwork() { t.Skip() } if runtime.GOOS == "windows" { // NOTE(#51599): on the Windows builders we sometimes see that the state // of the root pool is not fully initialized, causing an expected // platform verification to fail. In part this is because Windows // dynamically populates roots into its local trust store at time of // use. We can attempt to prime the pool by attempting TLS connections // to google.com until it works, suggesting the pool has been properly // updated. If after we hit the dealine, the pool has _still_ not been // populated with the expected root, it's unlikely we are ever going to // get into a good state, and so we just fail the test. #52108 suggests // a better possible long term solution. deadline := time.Now().Add(time.Second * 10) nextSleep := 10 * time.Millisecond for i := 0; ; i++ { c, err := tls.Dial("tcp", "google.com:443", nil) if err == nil { c.Close() break } nextSleep = nextSleep * time.Duration(i) if time.Until(deadline) < nextSleep { t.Fatal("windows root pool appears to be in an uninitialized state (missing root that chains to google.com)") } time.Sleep(nextSleep) } } // Get the google.com chain, which should be valid on all platforms we // are testing c, err := tls.Dial("tcp", "google.com:443", &tls.Config{InsecureSkipVerify: true}) if err != nil { t.Fatalf("tls connection failed: %s", err) } googChain := c.ConnectionState().PeerCertificates rootTmpl := &x509.Certificate{ SerialNumber: big.NewInt(1), Subject: pkix.Name{CommonName: "Go test root"}, IsCA: true, BasicConstraintsValid: true, NotBefore: time.Now().Add(-time.Hour), NotAfter: time.Now().Add(time.Hour * 10), } k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { t.Fatalf("failed to generate test key: %s", err) } rootDER, err := x509.CreateCertificate(rand.Reader, rootTmpl, rootTmpl, k.Public(), k) if err != nil { t.Fatalf("failed to create test cert: %s", err) } root, err := x509.ParseCertificate(rootDER) if err != nil { t.Fatalf("failed to parse test cert: %s", err) } pool, err := x509.SystemCertPool() if err != nil { t.Fatalf("SystemCertPool failed: %s", err) } opts := x509.VerifyOptions{Roots: pool} _, err = googChain[0].Verify(opts) if err != nil { t.Fatalf("verification failed for google.com chain (system only pool): %s", err) } pool.AddCert(root) _, err = googChain[0].Verify(opts) if err != nil { t.Fatalf("verification failed for google.com chain (hybrid pool): %s", err) } certTmpl := &x509.Certificate{ SerialNumber: big.NewInt(1), NotBefore: time.Now().Add(-time.Hour), NotAfter: time.Now().Add(time.Hour * 10), DNSNames: []string{"example.com"}, } certDER, err := x509.CreateCertificate(rand.Reader, certTmpl, rootTmpl, k.Public(), k) if err != nil { t.Fatalf("failed to create test cert: %s", err) } cert, err := x509.ParseCertificate(certDER) if err != nil { t.Fatalf("failed to parse test cert: %s", err) } _, err = cert.Verify(opts) if err != nil { t.Fatalf("verification failed for custom chain (hybrid pool): %s", err) } }
Upload File
Create Folder