diff --git a/msg.go b/msg.go
index 60f758f..7f5bbd9 100644
--- a/msg.go
+++ b/msg.go
@@ -7,7 +7,9 @@ package mail
import (
"bytes"
"context"
+ "crypto/ecdsa"
"crypto/rsa"
+ "crypto/tls"
"crypto/x509"
"embed"
"errors"
@@ -338,9 +340,9 @@ func WithNoDefaultUserAgent() MsgOption {
}
}
-// SignWithSMime configures the Msg to be signed with S/MIME
-func (m *Msg) SignWithSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) error {
- sMime, err := newSMime(privateKey, certificate, intermediateCertificate)
+// SignWithSMimeRSA configures the Msg to be signed with S/MIME
+func (m *Msg) SignWithSMimeRSA(privateKey *rsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) error {
+ sMime, err := newSMimeWithRSA(privateKey, certificate, intermediateCertificate)
if err != nil {
return err
}
@@ -348,6 +350,40 @@ func (m *Msg) SignWithSMime(privateKey *rsa.PrivateKey, certificate *x509.Certif
return nil
}
+// SignWithSMimeECDSA configures the Msg to be signed with S/MIME
+func (m *Msg) SignWithSMimeECDSA(privateKey *ecdsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) error {
+ sMime, err := newSMimeWithECDSA(privateKey, certificate, intermediateCertificate)
+ if err != nil {
+ return err
+ }
+ m.sMime = sMime
+ return nil
+}
+
+// SignWithTLSCertificate signs the Msg with the provided *tls.certificate.
+func (m *Msg) SignWithTLSCertificate(keyPairTlS *tls.Certificate) error {
+ intermediateCertificate, err := x509.ParseCertificate(keyPairTlS.Certificate[1])
+ if err != nil {
+ return fmt.Errorf("failed to parse intermediate certificate: %w", err)
+ }
+
+ switch keyPairTlS.PrivateKey.(type) {
+ case *rsa.PrivateKey:
+ if intermediateCertificate == nil {
+ return m.SignWithSMimeRSA(keyPairTlS.PrivateKey.(*rsa.PrivateKey), keyPairTlS.Leaf, nil)
+ }
+ return m.SignWithSMimeRSA(keyPairTlS.PrivateKey.(*rsa.PrivateKey), keyPairTlS.Leaf, intermediateCertificate)
+
+ case *ecdsa.PrivateKey:
+ if intermediateCertificate == nil {
+ return m.SignWithSMimeECDSA(keyPairTlS.PrivateKey.(*ecdsa.PrivateKey), keyPairTlS.Leaf, nil)
+ }
+ return m.SignWithSMimeECDSA(keyPairTlS.PrivateKey.(*ecdsa.PrivateKey), keyPairTlS.Leaf, intermediateCertificate)
+ default:
+ return fmt.Errorf("unsupported private key type: %T", keyPairTlS.PrivateKey)
+ }
+}
+
// This method allows you to specify a character set for the email message. The charset is
// important for ensuring that the content of the message is correctly interpreted by
// mail clients. Common charset values include UTF-8, ISO-8859-1, and others. If a charset
diff --git a/msg_test.go b/msg_test.go
index 7842cda..2aeab91 100644
--- a/msg_test.go
+++ b/msg_test.go
@@ -1909,14 +1909,14 @@ func TestMsg_hasAlt(t *testing.T) {
// TestMsg_hasAlt tests the hasAlt() method of the Msg with active S/MIME
func TestMsg_hasAltWithSMime(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
m := NewMsg()
m.SetBodyString(TypeTextPlain, "Plain")
m.AddAlternativeString(TypeTextHTML, "HTML")
- if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil {
+ if err := m.SignWithSMimeRSA(privateKey, certificate, intermediateCertificate); err != nil {
t.Errorf("failed to init smime configuration")
}
if m.hasAlt() {
@@ -1926,12 +1926,12 @@ func TestMsg_hasAltWithSMime(t *testing.T) {
// TestMsg_hasSMime tests the hasSMime() method of the Msg
func TestMsg_hasSMime(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
m := NewMsg()
- if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil {
+ if err := m.SignWithSMimeRSA(privateKey, certificate, intermediateCertificate); err != nil {
t.Errorf("failed to init smime configuration")
}
m.SetBodyString(TypeTextPlain, "Plain")
@@ -2009,7 +2009,7 @@ func TestMsg_WriteToSkipMiddleware(t *testing.T) {
// TestMsg_WriteToWithSMIME tests the WriteTo() method of the Msg
func TestMsg_WriteToWithSMIME(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
@@ -2017,7 +2017,7 @@ func TestMsg_WriteToWithSMIME(t *testing.T) {
m := NewMsg()
m.Subject("This is a test")
m.SetBodyString(TypeTextPlain, "Plain")
- if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil {
+ if err := m.SignWithSMimeRSA(privateKey, certificate, intermediateCertificate); err != nil {
t.Errorf("failed to init smime configuration")
}
@@ -3343,17 +3343,35 @@ func TestNewMsgWithNoDefaultUserAgent(t *testing.T) {
}
}
-// TestSignWithSMime_ValidKeyPair tests WithSMimeSinging with given key pair
-func TestSignWithSMime_ValidKeyPair(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+// TestSignWithSMime_ValidRSAKeyPair tests WithSMimeSinging with given rsa key pair
+func TestSignWithSMime_ValidRSAKeyPair(t *testing.T) {
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
m := NewMsg()
- if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil {
+ if err := m.SignWithSMimeRSA(privateKey, certificate, intermediateCertificate); err != nil {
t.Errorf("failed to set sMime. Cause: %v", err)
}
- if m.sMime.privateKey == nil {
+ if m.sMime.privateKey.rsa == nil {
+ t.Errorf("WithSMimeSinging() - no private key is given")
+ }
+ if m.sMime.certificate == nil {
+ t.Errorf("WithSMimeSinging() - no certificate is given")
+ }
+}
+
+// TestSignWithSMime_ValidRSAKeyPair tests WithSMimeSinging with given ecdsa key pair
+func TestSignWithSMime_ValidECDSAKeyPair(t *testing.T) {
+ privateKey, certificate, intermediateCertificate, err := getDummyECDSACryptoMaterial()
+ if err != nil {
+ t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
+ }
+ m := NewMsg()
+ if err := m.SignWithSMimeECDSA(privateKey, certificate, intermediateCertificate); err != nil {
+ t.Errorf("failed to set sMime. Cause: %v", err)
+ }
+ if m.sMime.privateKey.rsa == nil {
t.Errorf("WithSMimeSinging() - no private key is given")
}
if m.sMime.certificate == nil {
@@ -3365,7 +3383,7 @@ func TestSignWithSMime_ValidKeyPair(t *testing.T) {
func TestSignWithSMime_InvalidPrivateKey(t *testing.T) {
m := NewMsg()
- err := m.SignWithSMime(nil, nil, nil)
+ err := m.SignWithSMimeRSA(nil, nil, nil)
if !errors.Is(err, ErrInvalidPrivateKey) {
t.Errorf("failed to pre-check SignWithSMime method values correctly: %s", err)
}
@@ -3373,32 +3391,18 @@ func TestSignWithSMime_InvalidPrivateKey(t *testing.T) {
// TestSignWithSMime_InvalidCertificate tests WithSMimeSinging with given invalid certificate
func TestSignWithSMime_InvalidCertificate(t *testing.T) {
- privateKey, _, _, err := getDummyCryptoMaterial()
+ privateKey, _, _, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
m := NewMsg()
- err = m.SignWithSMime(privateKey, nil, nil)
+ err = m.SignWithSMimeRSA(privateKey, nil, nil)
if !errors.Is(err, ErrInvalidCertificate) {
t.Errorf("failed to pre-check SignWithSMime method values correctly: %s", err)
}
}
-// TestSignWithSMime_InvalidIntermediateCertificate tests WithSMimeSinging with given invalid intermediate certificate
-func TestSignWithSMime_InvalidIntermediateCertificate(t *testing.T) {
- privateKey, certificate, _, err := getDummyCryptoMaterial()
- if err != nil {
- t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
- }
- m := NewMsg()
-
- err = m.SignWithSMime(privateKey, certificate, nil)
- if !errors.Is(err, ErrInvalidIntermediateCertificate) {
- t.Errorf("failed to pre-check SignWithSMime method values correctly: %s", err)
- }
-}
-
// Fuzzing tests
func FuzzMsg_Subject(f *testing.F) {
f.Add("Testsubject")
@@ -3429,12 +3433,12 @@ func FuzzMsg_From(f *testing.F) {
// TestMsg_createSignaturePart tests the Msg.createSignaturePart method
func TestMsg_createSignaturePart(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
m := NewMsg()
- if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil {
+ if err := m.SignWithSMimeRSA(privateKey, certificate, intermediateCertificate); err != nil {
t.Errorf("failed to init smime configuration")
}
body := []byte("This is the body")
@@ -3459,14 +3463,14 @@ func TestMsg_createSignaturePart(t *testing.T) {
// TestMsg_signMessage tests the Msg.signMessage method
func TestMsg_signMessage(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
body := []byte("This is the body")
m := NewMsg()
m.SetBodyString(TypeTextPlain, string(body))
- if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil {
+ if err := m.SignWithSMimeRSA(privateKey, certificate, intermediateCertificate); err != nil {
t.Errorf("failed to init smime configuration")
}
msg, err := m.signMessage(m)
diff --git a/msgwriter_test.go b/msgwriter_test.go
index 6e36c4b..0379cd7 100644
--- a/msgwriter_test.go
+++ b/msgwriter_test.go
@@ -157,13 +157,13 @@ func TestMsgWriter_writeMsg_PGP(t *testing.T) {
// TestMsgWriter_writeMsg_SMime tests the writeMsg method of the msgWriter with S/MIME types set
func TestMsgWriter_writeMsg_SMime(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
m := NewMsg()
- if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil {
+ if err := m.SignWithSMimeRSA(privateKey, certificate, intermediateCertificate); err != nil {
t.Errorf("failed to init smime configuration")
}
_ = m.From(`"Toni Tester" `)
diff --git a/pkcs7.go b/pkcs7.go
index 6522bb6..f16b54f 100644
--- a/pkcs7.go
+++ b/pkcs7.go
@@ -25,7 +25,7 @@ import (
type PKCS7 struct {
Content []byte
Certificates []*x509.Certificate
- CRLs []pkix.CertificateList
+ CRLs []x509.RevocationList
Signers []signerInfo
raw interface{}
}
@@ -47,9 +47,9 @@ type signedData struct {
Version int `asn1:"default:1"`
DigestAlgorithmIdentifiers []pkix.AlgorithmIdentifier `asn1:"set"`
ContentInfo contentInfo
- Certificates rawCertificates `asn1:"optional,tag:0"`
- CRLs []pkix.CertificateList `asn1:"optional,tag:1"`
- SignerInfos []signerInfo `asn1:"set"`
+ Certificates rawCertificates `asn1:"optional,tag:0"`
+ CRLs []x509.RevocationList `asn1:"optional,tag:1"`
+ SignerInfos []signerInfo `asn1:"set"`
}
type rawCertificates struct {
@@ -110,7 +110,9 @@ func marshalAttributes(attrs []attribute) ([]byte, error) {
// Remove the leading sequence octets
var raw asn1.RawValue
- asn1.Unmarshal(encodedAttributes, &raw)
+ if _, err := asn1.Unmarshal(encodedAttributes, &raw); err != nil {
+ return nil, err
+ }
return raw.Bytes, nil
}
@@ -377,7 +379,7 @@ func marshalCertificates(certs []*x509.Certificate) rawCertificates {
// RawContent, we have to encode it into the RawContent. If its missing,
// then `asn1.Marshal()` will strip out the certificate wrapper instead.
func marshalCertificateBytes(certs []byte) (rawCertificates, error) {
- var val = asn1.RawValue{Bytes: certs, Class: 2, Tag: 0, IsCompound: true}
+ val := asn1.RawValue{Bytes: certs, Class: 2, Tag: 0, IsCompound: true}
b, err := asn1.Marshal(val)
if err != nil {
return rawCertificates{}, err
diff --git a/pkcs7_test.go b/pkcs7_test.go
index fa79faf..7a65644 100644
--- a/pkcs7_test.go
+++ b/pkcs7_test.go
@@ -12,7 +12,6 @@ import (
"crypto/x509/pkix"
"encoding/pem"
"fmt"
- "io/ioutil"
"math/big"
"os"
"os/exec"
@@ -75,33 +74,53 @@ func TestOpenSSLVerifyDetachedSignature(t *testing.T) {
}
// write the root cert to a temp file
- tmpRootCertFile, err := ioutil.TempFile("", "pkcs7TestRootCA")
+ tmpRootCertFile, err := os.CreateTemp("", "pkcs7TestRootCA")
if err != nil {
t.Fatal(err)
}
- defer os.Remove(tmpRootCertFile.Name()) // clean up
- fd, err := os.OpenFile(tmpRootCertFile.Name(), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0755)
+ defer func(name string) {
+ if err := os.Remove(name); err != nil {
+ t.Fatalf("Cannot write root cert: %s", err)
+ }
+ }(tmpRootCertFile.Name()) // clean up
+ fd, err := os.OpenFile(tmpRootCertFile.Name(), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o755)
if err != nil {
t.Fatal(err)
}
- pem.Encode(fd, &pem.Block{Type: "CERTIFICATE", Bytes: rootCert.Certificate.Raw})
- fd.Close()
+ if err := pem.Encode(fd, &pem.Block{Type: "CERTIFICATE", Bytes: rootCert.Certificate.Raw}); err != nil {
+ t.Fatalf("Cannot write root cert: %s", err)
+ }
+ if err := fd.Close(); err != nil {
+ t.Fatalf("Cannot write root cert: %s", err)
+ }
// write the signature to a temp file
- tmpSignatureFile, err := ioutil.TempFile("", "pkcs7Signature")
+ tmpSignatureFile, err := os.CreateTemp("", "pkcs7Signature")
if err != nil {
t.Fatal(err)
}
- defer os.Remove(tmpSignatureFile.Name()) // clean up
- ioutil.WriteFile(tmpSignatureFile.Name(), signed, 0755)
+ defer func(name string) {
+ if err := os.Remove(name); err != nil {
+ t.Fatalf("Cannot write signature: %s", err)
+ }
+ }(tmpSignatureFile.Name()) // clean up
+ if err := os.WriteFile(tmpSignatureFile.Name(), signed, 0o755); err != nil {
+ t.Fatalf("Cannot write signature: %s", err)
+ }
// write the content to a temp file
- tmpContentFile, err := ioutil.TempFile("", "pkcs7Content")
+ tmpContentFile, err := os.CreateTemp("", "pkcs7Content")
if err != nil {
t.Fatal(err)
}
- defer os.Remove(tmpContentFile.Name()) // clean up
- ioutil.WriteFile(tmpContentFile.Name(), content, 0755)
+ defer func(name string) {
+ if err := os.Remove(name); err != nil {
+ t.Fatalf("Cannot write content: %s", err)
+ }
+ }(tmpContentFile.Name()) // clean up
+ if err := os.WriteFile(tmpContentFile.Name(), content, 0o755); err != nil {
+ t.Fatalf("Cannot write content: %s", err)
+ }
// call openssl to verify the signature on the content using the root
opensslCMD := exec.Command("openssl", "smime", "-verify",
diff --git a/smime.go b/smime.go
index 405a5c1..da09713 100644
--- a/smime.go
+++ b/smime.go
@@ -6,14 +6,14 @@ package mail
import (
"bytes"
+ "crypto"
+ "crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"strings"
-
- "go.mozilla.org/pkcs7"
)
var (
@@ -22,35 +22,34 @@ var (
// ErrInvalidCertificate should be used if the certificate is invalid
ErrInvalidCertificate = errors.New("invalid certificate")
-
- // ErrInvalidIntermediateCertificate should be used if the intermediate certificate is invalid
- ErrInvalidIntermediateCertificate = errors.New("invalid intermediate certificate")
-
- // ErrCouldNotInitialize should be used if the signed data could not initialize
- ErrCouldNotInitialize = errors.New("could not initialize signed data")
-
- // ErrCouldNotAddSigner should be used if the signer could not be added
- ErrCouldNotAddSigner = errors.New("could not add signer message")
-
- // ErrCouldNotFinishSigning should be used if the signing could not be finished
- ErrCouldNotFinishSigning = errors.New("could not finish signing")
-
- // ErrCouldNoEncodeToPEM should be used if the signature could not be encoded to PEM
- ErrCouldNoEncodeToPEM = errors.New("could not encode to PEM")
)
+// privateKeyHolder is the representation of a private key
+type privateKeyHolder struct {
+ ecdsa *ecdsa.PrivateKey
+ rsa *rsa.PrivateKey
+}
+
+// get returns the private key of the privateKeyHolder
+func (p privateKeyHolder) get() crypto.PrivateKey {
+ if p.ecdsa != nil {
+ return p.ecdsa
+ }
+ return p.rsa
+}
+
// SMime is used to sign messages with S/MIME
type SMime struct {
- privateKey *rsa.PrivateKey
+ privateKey privateKeyHolder
certificate *x509.Certificate
intermediateCertificate *x509.Certificate
}
-// NewSMime construct a new instance of SMime with provided parameters
+// newSMimeWithRSA construct a new instance of SMime with provided parameters
// privateKey as *rsa.PrivateKey
// certificate as *x509.Certificate
-// intermediateCertificate as *x509.Certificate
-func newSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) (*SMime, error) {
+// intermediateCertificate (optional) as *x509.Certificate
+func newSMimeWithRSA(privateKey *rsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) (*SMime, error) {
if privateKey == nil {
return nil, ErrInvalidPrivateKey
}
@@ -59,12 +58,28 @@ func newSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate, interme
return nil, ErrInvalidCertificate
}
- if intermediateCertificate == nil {
- return nil, ErrInvalidIntermediateCertificate
+ return &SMime{
+ privateKey: privateKeyHolder{rsa: privateKey},
+ certificate: certificate,
+ intermediateCertificate: intermediateCertificate,
+ }, nil
+}
+
+// newSMimeWithECDSA construct a new instance of SMime with provided parameters
+// privateKey as *ecdsa.PrivateKey
+// certificate as *x509.Certificate
+// intermediateCertificate (optional) as *x509.Certificate
+func newSMimeWithECDSA(privateKey *ecdsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) (*SMime, error) {
+ if privateKey == nil {
+ return nil, ErrInvalidPrivateKey
+ }
+
+ if certificate == nil {
+ return nil, ErrInvalidCertificate
}
return &SMime{
- privateKey: privateKey,
+ privateKey: privateKeyHolder{ecdsa: privateKey},
certificate: certificate,
intermediateCertificate: intermediateCertificate,
}, nil
@@ -75,26 +90,29 @@ func (sm *SMime) signMessage(message string) (*string, error) {
lines := parseLines([]byte(message))
toBeSigned := lines.bytesFromLines([]byte("\r\n"))
- signedData, err := pkcs7.NewSignedData(toBeSigned)
- signedData.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256)
- if err != nil {
- return nil, ErrCouldNotInitialize
+ signedData, err := newSignedData(toBeSigned)
+ if err != nil || signedData == nil {
+ return nil, fmt.Errorf("could not initialize signed data: %w", err)
}
- if err = signedData.AddSignerChain(sm.certificate, sm.privateKey, []*x509.Certificate{sm.intermediateCertificate}, pkcs7.SignerInfoConfig{}); err != nil {
- return nil, ErrCouldNotAddSigner
+ if err = signedData.addSigner(sm.certificate, sm.privateKey.get(), SignerInfoConfig{}); err != nil {
+ return nil, fmt.Errorf("could not add signer message: %w", err)
}
- signedData.Detach()
+ if sm.intermediateCertificate != nil {
+ signedData.addCertificate(sm.intermediateCertificate)
+ }
- signatureDER, err := signedData.Finish()
+ signedData.detach()
+
+ signatureDER, err := signedData.finish()
if err != nil {
- return nil, ErrCouldNotFinishSigning
+ return nil, fmt.Errorf("could not finish signing: %w", err)
}
pemMsg, err := encodeToPEM(signatureDER)
if err != nil {
- return nil, ErrCouldNoEncodeToPEM
+ return nil, fmt.Errorf("could not encode to PEM: %w", err)
}
return pemMsg, nil
diff --git a/smime_test.go b/smime_test.go
index 9c5b121..d6fae44 100644
--- a/smime_test.go
+++ b/smime_test.go
@@ -6,25 +6,72 @@ package mail
import (
"bytes"
+ "crypto/ecdsa"
+ "crypto/rsa"
"encoding/base64"
"fmt"
"strings"
"testing"
)
-// TestNewSMime tests the newSMime method
-func TestNewSMime(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+func TestGet_RSA(t *testing.T) {
+ p := privateKeyHolder{
+ ecdsa: nil,
+ rsa: &rsa.PrivateKey{},
+ }
+
+ if p.get() == nil {
+ t.Errorf("get() did not return the correct private key")
+ }
+}
+
+func TestGet_ECDSA(t *testing.T) {
+ p := privateKeyHolder{
+ ecdsa: &ecdsa.PrivateKey{},
+ rsa: nil,
+ }
+
+ if p.get() == nil {
+ t.Errorf("get() did not return the correct private key")
+ }
+}
+
+// TestNewSMimeWithRSA tests the newSMime method with RSA crypto material
+func TestNewSMimeWithRSA(t *testing.T) {
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("Error getting dummy crypto material: %s", err)
}
- sMime, err := newSMime(privateKey, certificate, intermediateCertificate)
+ sMime, err := newSMimeWithRSA(privateKey, certificate, intermediateCertificate)
if err != nil {
t.Errorf("Error creating new SMime from keyPair: %s", err)
}
- if sMime.privateKey != privateKey {
+ if sMime.privateKey.rsa != privateKey {
+ t.Errorf("NewSMime() did not return the same private key")
+ }
+ if sMime.certificate != certificate {
+ t.Errorf("NewSMime() did not return the same certificate")
+ }
+ if sMime.intermediateCertificate != intermediateCertificate {
+ t.Errorf("NewSMime() did not return the same intermedidate certificate")
+ }
+}
+
+// TestNewSMimeWithECDSA tests the newSMime method with ECDSA crypto material
+func TestNewSMimeWithECDSA(t *testing.T) {
+ privateKey, certificate, intermediateCertificate, err := getDummyECDSACryptoMaterial()
+ if err != nil {
+ t.Errorf("Error getting dummy crypto material: %s", err)
+ }
+
+ sMime, err := newSMimeWithECDSA(privateKey, certificate, intermediateCertificate)
+ if err != nil {
+ t.Errorf("Error creating new SMime from keyPair: %s", err)
+ }
+
+ if sMime.privateKey.ecdsa != privateKey {
t.Errorf("NewSMime() did not return the same private key")
}
if sMime.certificate != certificate {
@@ -37,12 +84,12 @@ func TestNewSMime(t *testing.T) {
// TestSign tests the sign method
func TestSign(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("Error getting dummy crypto material: %s", err)
}
- sMime, err := newSMime(privateKey, certificate, intermediateCertificate)
+ sMime, err := newSMimeWithRSA(privateKey, certificate, intermediateCertificate)
if err != nil {
t.Errorf("Error creating new SMime from keyPair: %s", err)
}
@@ -60,12 +107,12 @@ func TestSign(t *testing.T) {
// TestPrepareMessage tests the createMessage method
func TestPrepareMessage(t *testing.T) {
- privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial()
+ privateKey, certificate, intermediateCertificate, err := getDummyRSACryptoMaterial()
if err != nil {
t.Errorf("Error getting dummy crypto material: %s", err)
}
- sMime, err := newSMime(privateKey, certificate, intermediateCertificate)
+ sMime, err := newSMimeWithRSA(privateKey, certificate, intermediateCertificate)
if err != nil {
t.Errorf("Error creating new SMime from keyPair: %s", err)
}