59 lines
1.5 KiB
Go
59 lines
1.5 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto"
|
|
"testing"
|
|
|
|
"github.com/letsencrypt/boulder/core"
|
|
"github.com/letsencrypt/boulder/test"
|
|
)
|
|
|
|
func TestKeyBlocking(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
certPath string
|
|
jwkPath string
|
|
expected string
|
|
}{
|
|
// NOTE(@cpu): The JWKs and certificates were generated with the same
|
|
// keypair within an algorithm/parameter family. E.g. the RSA JWK public key
|
|
// matches the RSA certificate public key. The ECDSA JWK public key matches
|
|
// the ECDSA certificate public key.
|
|
{
|
|
name: "P-256 ECDSA JWK",
|
|
jwkPath: "test/test.ecdsa.jwk.json",
|
|
expected: "cuwGhNNI6nfob5aqY90e7BleU6l7rfxku4X3UTJ3Z7M=",
|
|
},
|
|
{
|
|
name: "2048 RSA JWK",
|
|
jwkPath: "test/test.rsa.jwk.json",
|
|
expected: "Qebc1V3SkX3izkYRGNJilm9Bcuvf0oox4U2Rn+b4JOE=",
|
|
},
|
|
{
|
|
name: "P-256 ECDSA Certificate",
|
|
certPath: "test/test.ecdsa.cert.pem",
|
|
expected: "cuwGhNNI6nfob5aqY90e7BleU6l7rfxku4X3UTJ3Z7M=",
|
|
},
|
|
{
|
|
name: "2048 RSA Certificate",
|
|
certPath: "test/test.rsa.cert.pem",
|
|
expected: "Qebc1V3SkX3izkYRGNJilm9Bcuvf0oox4U2Rn+b4JOE=",
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
var key crypto.PublicKey
|
|
var err error
|
|
if tc.jwkPath != "" {
|
|
key, err = keyFromJWK(tc.jwkPath)
|
|
} else {
|
|
key, err = keyFromCert(tc.certPath)
|
|
}
|
|
test.AssertNotError(t, err, "error getting key from input file")
|
|
spkiHash, err := core.KeyDigestB64(key)
|
|
test.AssertNotError(t, err, "error computing spki hash")
|
|
test.AssertEquals(t, spkiHash, tc.expected)
|
|
})
|
|
}
|
|
}
|