all: update certs for go1.24

seankhliao · gopherbot · commit e47973b1c108 · 2025-02-10T08:33:42.000-08:00
Fixes golang/go#71612 Change-Id: I5cb0596b33cb18016eb1883d1518319588ae1454 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/647975 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
diff --git a/acme/acme_test.go b/acme/acme_test.go
@@ -757,7 +757,7 @@ func TestTLSALPN01ChallengeCert(t *testing.T) {
 }
 
 func TestTLSChallengeCertOpt(t *testing.T) {
-	key, err := rsa.GenerateKey(rand.Reader, 512)
+	key, err := rsa.GenerateKey(rand.Reader, 1024)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/acme/autocert/autocert_test.go b/acme/autocert/autocert_test.go
@@ -619,7 +619,7 @@ func TestCache(t *testing.T) {
 		PrivateKey:  ecdsaKey,
 	}
 
-	rsaKey, err := rsa.GenerateKey(rand.Reader, 512)
+	rsaKey, err := rsa.GenerateKey(rand.Reader, 1024)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -694,7 +694,7 @@ func TestValidCert(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	key3, err := rsa.GenerateKey(rand.Reader, 512)
+	key3, err := rsa.GenerateKey(rand.Reader, 1024)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/ssh/certs_test.go b/ssh/certs_test.go
@@ -15,14 +15,12 @@ import (
 	"reflect"
 	"testing"
 	"time"
-)
 
-// Cert generated by ssh-keygen 6.0p1 Debian-4.
-// % ssh-keygen -s ca-key -I test user-key
-const exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCkoR51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAAABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=`
+	"golang.org/x/crypto/ssh/testdata"
+)
 
 func TestParseCert(t *testing.T) {
-	authKeyBytes := []byte(exampleSSHCert)
+	authKeyBytes := bytes.TrimSuffix(testdata.SSHCertificates["rsa"], []byte(" host.example.com\n"))
 
 	key, _, _, rest, err := ParseAuthorizedKey(authKeyBytes)
 	if err != nil {
@@ -103,7 +101,7 @@ func TestParseCertWithOptions(t *testing.T) {
 }
 
 func TestValidateCert(t *testing.T) {
-	key, _, _, _, err := ParseAuthorizedKey([]byte(exampleSSHCert))
+	key, _, _, _, err := ParseAuthorizedKey(testdata.SSHCertificates["rsa-user-testcertificate"])
 	if err != nil {
 		t.Fatalf("ParseAuthorizedKey: %v", err)
 	}
@@ -116,7 +114,7 @@ func TestValidateCert(t *testing.T) {
 		return bytes.Equal(k.Marshal(), validCert.SignatureKey.Marshal())
 	}
 
-	if err := checker.CheckCert("user", validCert); err != nil {
+	if err := checker.CheckCert("testcertificate", validCert); err != nil {
 		t.Errorf("Unable to validate certificate: %v", err)
 	}
 	invalidCert := &Certificate{
@@ -125,7 +123,7 @@ func TestValidateCert(t *testing.T) {
 		ValidBefore:  CertTimeInfinity,
 		Signature:    &Signature{},
 	}
-	if err := checker.CheckCert("user", invalidCert); err == nil {
+	if err := checker.CheckCert("testcertificate", invalidCert); err == nil {
 		t.Error("Invalid cert signature passed validation")
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -757,7 +757,7 @@ func TestTLSALPN01ChallengeCert(t *testing.T) {`
`757`	`757`	`}`
`758`	`758`
`759`	`759`	`func TestTLSChallengeCertOpt(t *testing.T) {`
`760`		`- key, err := rsa.GenerateKey(rand.Reader, 512)`
	`760`	`+ key, err := rsa.GenerateKey(rand.Reader, 1024)`
`761`	`761`	`if err != nil {`
`762`	`762`	`t.Fatal(err)`
`763`	`763`	`}`
Original file line number	Diff line number	Diff line change
`@@ -619,7 +619,7 @@ func TestCache(t *testing.T) {`
`619`	`619`	`PrivateKey: ecdsaKey,`
`620`	`620`	`}`
`621`	`621`
`622`		`- rsaKey, err := rsa.GenerateKey(rand.Reader, 512)`
	`622`	`+ rsaKey, err := rsa.GenerateKey(rand.Reader, 1024)`
`623`	`623`	`if err != nil {`
`624`	`624`	`t.Fatal(err)`
`625`	`625`	`}`
`@@ -694,7 +694,7 @@ func TestValidCert(t *testing.T) {`
`694`	`694`	`if err != nil {`
`695`	`695`	`t.Fatal(err)`
`696`	`696`	`}`
`697`		`- key3, err := rsa.GenerateKey(rand.Reader, 512)`
	`697`	`+ key3, err := rsa.GenerateKey(rand.Reader, 1024)`
`698`	`698`	`if err != nil {`
`699`	`699`	`t.Fatal(err)`
`700`	`700`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,14 +15,12 @@ import (`
`15`	`15`	`"reflect"`
`16`	`16`	`"testing"`
`17`	`17`	`"time"`
`18`		`-)`
`19`	`18`
`20`		`-// Cert generated by ssh-keygen 6.0p1 Debian-4.`
`21`		`-// % ssh-keygen -s ca-key -I test user-key`
`22`		-const exampleSSHCert = `[email protected] AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCkoR51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAAABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=`
	`19`	`+ "golang.org/x/crypto/ssh/testdata"`
	`20`	`+)`
`23`	`21`
`24`	`22`	`func TestParseCert(t *testing.T) {`
`25`		`- authKeyBytes := []byte(exampleSSHCert)`
	`23`	`+ authKeyBytes := bytes.TrimSuffix(testdata.SSHCertificates["rsa"], []byte(" host.example.com\n"))`
`26`	`24`
`27`	`25`	`key, _, _, rest, err := ParseAuthorizedKey(authKeyBytes)`
`28`	`26`	`if err != nil {`
`@@ -103,7 +101,7 @@ func TestParseCertWithOptions(t *testing.T) {`
`103`	`101`	`}`
`104`	`102`
`105`	`103`	`func TestValidateCert(t *testing.T) {`
`106`		`- key, _, _, _, err := ParseAuthorizedKey([]byte(exampleSSHCert))`
	`104`	`+ key, _, _, _, err := ParseAuthorizedKey(testdata.SSHCertificates["rsa-user-testcertificate"])`
`107`	`105`	`if err != nil {`
`108`	`106`	`t.Fatalf("ParseAuthorizedKey: %v", err)`
`109`	`107`	`}`
`@@ -116,7 +114,7 @@ func TestValidateCert(t *testing.T) {`
`116`	`114`	`return bytes.Equal(k.Marshal(), validCert.SignatureKey.Marshal())`
`117`	`115`	`}`
`118`	`116`
`119`		`- if err := checker.CheckCert("user", validCert); err != nil {`
	`117`	`+ if err := checker.CheckCert("testcertificate", validCert); err != nil {`
`120`	`118`	`t.Errorf("Unable to validate certificate: %v", err)`
`121`	`119`	`}`
`122`	`120`	`invalidCert := &Certificate{`
`@@ -125,7 +123,7 @@ func TestValidateCert(t *testing.T) {`
`125`	`123`	`ValidBefore: CertTimeInfinity,`
`126`	`124`	`Signature: &Signature{},`
`127`	`125`	`}`
`128`		`- if err := checker.CheckCert("user", invalidCert); err == nil {`
	`126`	`+ if err := checker.CheckCert("testcertificate", invalidCert); err == nil {`
`129`	`127`	`t.Error("Invalid cert signature passed validation")`
`130`	`128`	`}`
`131`	`129`	`}`