From 1bbcc232dbb736abda9187c5fc6e05a4db697326 Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Thu, 12 Dec 2024 17:55:57 +0800
Subject: [PATCH] cfca: test sadk generated csr #286

---
 cfca/pkcs10_test.go     |  2 +-
 smx509/cfca_csr.go      |  5 ++++-
 smx509/cfca_csr_test.go | 25 ++++++++++++++++++++++++-
 3 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/cfca/pkcs10_test.go b/cfca/pkcs10_test.go
index 0e5b801..f363ea4 100644
--- a/cfca/pkcs10_test.go
+++ b/cfca/pkcs10_test.go
@@ -70,7 +70,7 @@ func TestCreateCertificateRequest(t *testing.T) {
 	if csr.ChallengePassword != "111111" {
 		t.Fatal("challenge password not match")
 	}
-	if csr.TmpPublicKey == nil {
+	if !tmpKey.PublicKey.Equal(csr.TmpPublicKey) {
 		t.Fatal("tmp public key not match")
 	}
 }
diff --git a/smx509/cfca_csr.go b/smx509/cfca_csr.go
index a1e6767..63c862b 100644
--- a/smx509/cfca_csr.go
+++ b/smx509/cfca_csr.go
@@ -234,7 +234,10 @@ func parseCFCAAttributes(out *CertificateRequestCFCA, rawAttributes []asn1.RawVa
 			if len(keyBytes) == 136 && bytes.Equal(tmpPublicKeyPrefix, keyBytes[:8]) {
 				// parse the public key
 				copy(keyBytes[40:72], keyBytes[72:104])
-				out.TmpPublicKey, _ = sm2.NewPublicKey(keyBytes[8:72])
+				keyBytes[7] = 4
+				if tmpKey, err := sm2.NewPublicKey(keyBytes[7:72]); err == nil {
+					out.TmpPublicKey = tmpKey
+				}
 			}
 		}
 	}
diff --git a/smx509/cfca_csr_test.go b/smx509/cfca_csr_test.go
index 71e8071..3baa3d3 100644
--- a/smx509/cfca_csr_test.go
+++ b/smx509/cfca_csr_test.go
@@ -10,6 +10,7 @@ import (
 	"crypto/rand"
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"encoding/base64"
 	"testing"
 
 	"github.com/emmansun/gmsm/sm2"
@@ -66,7 +67,29 @@ func TestCreateCFCACertificateRequest(t *testing.T) {
 	if csr.ChallengePassword != "111111" {
 		t.Fatal("challenge password not match")
 	}
-	if csr.TmpPublicKey == nil {
+	if !tmpKey.PublicKey.Equal(csr.TmpPublicKey) {
 		t.Fatal("tmp public key not match")
 	}
 }
+
+var sadkGeneratedCSR = `MIIBtDCCAVgCAQAwPjEYMBYGA1UEAwwPY2VydFJlcXVpc2l0aW9uMRUwEwYDVQQKDAxDRkNBIFRFU1QgQ0ExCzAJBgNVBAYTAkNOMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEBtbaBT0KiK9mSUPnTOVCMydUWbSr0DkHi6i3GAuE0d1+/7ROMhVvWpz6OFP4T6CeZggKwvxwrCL/rj3vR/R6rqCBtzATBgkqhkiG9w0BCQcTBjExMTExMTCBnwYJKoZIhvcNAQk/BIGRMIGOAgEBBIGIALQAAAABAAAouT7CmwV94vbCwPIwBag6SSoEh+WxOcV6Sp5xjVSdIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe0nExPMojCs0CdTvzhh7kakxQBQF6mLFeUGJ9IjIH4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAMBggqgRzPVQGDdQUAA0gAMEUCIFtu6pSUf8yOxgqofpFA45HniI2StqJomsjYqIMH6jEYAiEAuLl7Q42zA8sR7U5nOza88ehpqV0TdzZqXAZJg0bKNMY=`
+
+func TestSADKGeneratedCSR(t *testing.T) {
+	data, err := base64.StdEncoding.DecodeString(sadkGeneratedCSR)
+	if err != nil {
+		t.Fatal(err)
+	}
+	csr, err := ParseCFCACertificateRequest(data)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if csr.Subject.CommonName != "certRequisition" {
+		t.Fatal("common name not match")
+	}
+	if csr.ChallengePassword != "111111" {
+		t.Fatal("challenge password not match")
+	}
+	if csr.TmpPublicKey == nil {
+		t.Fatal("tmp public key is nil")
+	}
+}