search

fullsailor / pkcs7

Implements a subset of PKCS#7/Crytpographic Message Syntax (rfc2315, rfc5652)
MIT License
123 stars 201 forks source link

why verification error #49

Open liyuan1125 opened 2 years ago

liyuan1125 commented 2 years ago 
package main

import (
    "crypto/rsa"
    "crypto/x509"
    "encoding/pem"
    "fmt"
    "github.com/fullsailor/pkcs7"
)

var (
    // openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt
    certificate = []byte(`-----BEGIN CERTIFICATE-----
MIICtDCCAZwCCQDCsrwD4cccFTANBgkqhkiG9w0BAQsFADAcMRowGAYJKoZIhvcN
AQkBFgtxd2VAcXdlLmNvbTAeFw0yMTA5MjgwNTM5NDdaFw0yMjA5MjgwNTM5NDda
MBwxGjAYBgkqhkiG9w0BCQEWC3F3ZUBxd2UuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwwwhow5LAYMUO4MUa7o67PDlTIwNZbvjP+ABoyoepKU7
KKg6WPG5hv9Z1JvvMEOdV8Oiqg9Xi8JD0RG7N3NgYhLDP1J4AXykFuSOcUTz8bXH
GGvkSWqPXgbqxFC3XPRME8r4x4/wsL9evKKvDPFJnHauub1THKSDPJ16WPXuEHlC
7YqpU0B/9I6fAx4pyCIKgS5E7/QC1+rPMr5yfkO1wIKGeAzZRu4s0a5fngmgc9g7
VxlVWUVmxaDaNY7/i/k0Vel+QhVMuoiaisr/3r4YDJR7TCyTyT/qixXKK9j8YjgQ
vm9+kN+x4J7JDvebaoNsZfos84xoadZWbU5zj+AlaQIDAQABMA0GCSqGSIb3DQEB
CwUAA4IBAQCCT4eXPZE1OUduZnlNkcv8WVU7wa7MNUqVGH+UNA83EAjkthRLsWKt
LE6Y3jC/LL72517XzOjf7RjOQHIyj8ae44UIjirbxl3vJGfMvx9I6fy02oVonITS
3wZafsq7PmnHWtTDvrT00k0xcJeM3QXC1NMdqtdb+/HxnmPLAL2rDmzBJuGCjXSZ
+2+GevvBDytVG5LfCmYAtN31wuqqIKKIZzPHwunmSM6iro0UW/bXI9NyrSe91yQB
nCf+Ift4j+1MDzC4XkeW3WVEKGNZVVq+0aAOmv3txaCzcNMTtLkAC+UwR90mGnEV
spSDvtgkcTIq7JDuXBA+JgZrg1eT3MUi
-----END CERTIFICATE-----
`)

    // openssl genrsa -out rsa_private.key 2048
    privateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAw/17bqFOSGISoY8GQ94dndbJeABbrsS5Sk9E70HAj74MBc/5
Ry5bFa0r80HMieLZl5TW3H/9DWKBwN/r6Bp2DAn4tL+AwAtWlBBacja1kF3xIKw6
MDRN6xLNsNzvZ19NT8HwVGivC++ZATf9cS6UUqd4XqTrmP+u781S8w0eQW/qs7Lb
dBfr2cZONMItNkODNmR/T+H5fSNE0jXisfaZ4Tjkm3oDGH9wdEbstblGOSISvUSh
AUk3gpCtNedltTm1p9wY37M68ZfcoBwZ4FYfFtHXW0jGuGZzA023l3/feVc5YRSf
am3Iu5Ym6uGEkPoMlasJOxt2VhU54W6g+lLHgQIDAQABAoIBAQCjFqCKy7G/q9SD
GegFu6P7fwsBT5L7WHozaskbKyTYuDV69LgjUmC7JfInpz5UEzAr4c/1ho+Ffs4o
OG0vJC3NENMjXSP/KrAt33nUBtCJRJLtNEPrburTzT7aiM6yv2wvDVw2cTIQhZ1V
lUjR0Qfdy7vvTd863rCsnbgDxovBuLHHo70mbKLvokIx1jtlA1QX4LHWJtAYcYBE
s2hMTB91jHC+k6TLs+DmAfCk1ndBAiV3NHb77mXW31rMFmjaZs/9Bk/JmSzKXxsH
vjh//E6Nm05/E1U1G3k5N+Q4SNbkiXhpx2Nat2CGlaul9wSoXhwytMIf1aaoStC6
0/utC9DNAoGBAOOvVGwvi8Gd25ZGlVYYh41FsDBFBy/SGsWhL5em9yr4OMLRc8m5
jQqUY+JAIft5noMq/VBSa41KwYUAXl6nyIy1EtfdwNSIUIdRgYdt6n8+XySSBQ33
ou6inl4tmm/D9idXVKUZcj6rriSaB3fsv4X16Uv5Xwwp/0vq6z9DSnozAoGBANxd
GzIH3b1a0DrPUWXcp5i8O7JMSNVhBps+SFmzIkP+CS0olBPPiiGq+puH7Re+N2dw
UiE6KlsNndTkz/BciWdh6BiOzV2LxIWXtx3WJ61zJauUKNO88bKJmqLh3J107Pfd
10seIGNNUeyG433C5t4G3tqM+x0BBL+gujoMbqt7AoGAcKxjauZckwQ7lrJ3VJPv
AMpr1ndShyfCd+q8UqAd0PXloQNl+X4JfiLRCzYRmxEkkGTF1unyr4k/G0KDcPQ3
GurA2HK06nhK4axEHXEXisCi9MYOGktiJhXzqUeIFac0OWPOT6W4E6uCEjrnV0Gh
xflb6m0NzEc8P6WRpUz3nmECgYEAlIum03j9/rEDAUHTqwitaYYp760Aw+Yd3/SC
LQVWKeNLKEfcWeZjRQLO4J0mNAUjr/TFSGS/PJXXOTXs/ihC74/ONw+8XDzlgvCc
nd5I7OFcGWdMhj8t5p5fwUDjyLiTLRs8EAUE7Cuo9/qNy67glfanr0et1wViwBKG
tq6+w5UCgYAgzxxwBUqPdo0XwTKAuZvASk8Vkp1Y63oIVRiU3AC2DIU0i808VIzs
2ytWYqy61eLRw7ZqQv5QCmEezkxuGZ7F8KUM1DJ0dCmmsR4rLoip/IZ+jvoIeY4M
cBYbJXK056Q0M/eilntDxYRyC6tYYTQGWXSwDeMcuvZ/wXndPRVVJw==
-----END RSA PRIVATE KEY-----
`)
)

func main() {

    sign, err := pkcs7.NewSignedData([]byte("lee"))
    if err != nil {
        fmt.Printf("new sign error: %s \n", err.Error())
        return
    }

    defer sign.Detach()

    pKey, err := decodePk()

    if err != nil {
        fmt.Printf("decodePk error:%s \n", err.Error())
        return
    }

    cert, err := decodeCert()
    if err != nil {
        fmt.Printf("decodeCert error:%s \n", err.Error())
        return
    }

    if err := sign.AddSigner(cert, pKey, pkcs7.SignerInfoConfig{}); err != nil {
        fmt.Printf("add signer error:%s \n", err.Error())
        return
    }

    signValue, err := sign.Finish()
    if err != nil {
        fmt.Printf("sign error:%s \n", err.Error())
        return
    }

    p, err := pkcs7.Parse(signValue)
    if err != nil {
        fmt.Printf("pkcs7 parse error: %s \n", err.Error())
        return
    }

    if err := p.Verify(); err != nil {
        fmt.Printf("verify error: %s\n", err.Error())
        return
    }
}

func decodePk() (*rsa.PrivateKey, error) {
    block, _ := pem.Decode(privateKey)
    return x509.ParsePKCS1PrivateKey(block.Bytes)
}

func decodeCert() (*x509.Certificate, error) {
    block, _ := pem.Decode(certificate)
    return x509.ParseCertificate(block.Bytes)
}