Added simple check for bmpstring decoding.

3 files changed, 185 insertions, 1 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 15ac5433fc..faa998fe9b 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -21,7 +21,8 @@
 
 EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
 	template-test.key template-test.pem template-test.tmpl \
-	funny-spacing.pem ca-certs.pem dane-test.rr cert-ecc256.pem
+	funny-spacing.pem ca-certs.pem dane-test.rr cert-ecc256.pem \
+	bmpstring.pem
 
 dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane
 
diff --git a/tests/cert-tests/bmpstring.pem b/tests/cert-tests/bmpstring.pem
new file mode 100644
index 0000000000..a1cbe14106
--- /dev/null
+++ b/tests/cert-tests/bmpstring.pem
@@ -0,0 +1,165 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 57
+	Issuer: serialNumber=1,O=Hellenic Republic,CN=CSCA-HELLAS,OU=Hellenic Police,C=GR,EMAIL=csca@passport.gov.gr
+	Validity:
+		Not Before: Sun Aug 21 08:00:06 UTC 2011
+		Not After: Wed Nov 23 21:59:59 UTC 2016
+	Subject: serialNumber=3,O=Hellenic Republic,CN=CSCA-HELLAS,C=GR,EMAIL=csca@passport.gov.gr
+	Subject Public Key Algorithm: RSA
+	Certificate Security Level: High (4096 bits)
+		Modulus (bits 4096):
+			00:e0:95:b2:04:5a:91:78:1f:7f:1c:33:7f:d0:3a:e1
+			2c:a7:4c:19:be:43:30:c2:8b:b7:1a:1d:9d:80:43:30
+			fe:80:d6:87:ff:f3:f2:43:37:16:c2:1f:0f:50:f4:bf
+			3b:a4:18:c6:d2:da:ab:56:d3:db:99:23:9f:df:3d:dc
+			0a:12:61:1f:ec:e6:9a:64:bf:10:ed:50:60:ee:c9:fa
+			a4:82:22:97:89:d3:c0:d1:d0:ed:68:83:8a:4a:22:3f
+			c8:ee:99:5d:96:81:f1:3f:b2:6e:d3:7e:75:26:06:b4
+			d9:e1:df:a7:55:84:37:45:a9:79:6a:46:37:9f:91:ba
+			95:5f:d2:70:1b:18:34:6a:c0:70:59:57:7a:68:ca:42
+			89:05:4d:40:f7:60:e2:44:a5:29:6a:ac:83:6d:2f:c0
+			2b:3f:4b:34:09:03:31:18:e8:e1:e0:59:37:d4:ca:76
+			87:9b:fb:b3:1c:6d:94:bb:0d:3b:d1:c3:34:de:3b:d3
+			4d:c7:0b:19:fb:49:f8:f0:db:28:45:36:88:af:2e:ae
+			66:01:f6:60:24:ea:99:11:f7:dc:9c:32:84:5e:ee:d0
+			ed:a1:e0:d9:f8:9e:a2:69:ab:a7:e0:7e:a8:78:bc:27
+			73:58:49:03:22:2a:87:e3:06:a5:d2:00:10:ac:34:90
+			8f:0b:09:f2:d2:74:67:b7:da:00:19:47:e6:c6:70:23
+			de:a9:76:72:6e:4c:23:5c:26:66:dd:4c:e1:3b:19:35
+			26:a4:d1:47:de:11:26:78:ad:94:be:71:6d:12:35:62
+			61:e2:99:1e:56:e6:93:f7:e2:f1:82:36:ff:9c:0d:eb
+			f6:2d:5a:2e:ab:63:8c:67:d4:8d:50:7f:65:c8:7f:f6
+			d5:ef:bd:3e:0f:d3:7a:e6:29:c5:04:ea:0c:dc:46:f0
+			4e:3e:3f:9e:e9:6d:66:fd:48:a1:b9:49:11:41:4c:84
+			d4:82:8b:dd:dc:f4:ff:67:1a:8a:d2:ae:42:39:55:73
+			df:59:e8:eb:f2:d7:9e:7f:dd:79:d4:c1:b7:8c:ca:5c
+			fe:20:4e:a2:02:19:28:18:32:b3:ba:20:72:dd:2c:8a
+			82:d0:b3:9e:aa:ed:84:af:4f:f3:7e:01:49:7e:cf:95
+			48:ed:a2:dc:2b:af:ed:a6:8e:97:fb:3b:6c:af:bd:0d
+			b4:7a:13:49:0e:a7:9b:26:cb:16:72:ed:72:49:f6:03
+			28:c8:b6:ae:84:ce:35:0b:a5:42:2e:d4:fd:cd:d1:49
+			0a:8d:4d:2d:c6:5f:e1:53:ec:4e:93:9d:eb:23:4e:14
+			88:b5:4a:d5:3c:51:fd:d8:ff:b8:b5:06:41:62:36:80
+			69
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Private Key Usage Period (not critical):
+			Not Before: Sun Aug 21 08:00:06 UTC 2011
+			Not After: Tue Aug 23 20:59:59 UTC 2011
+		Key Usage (critical):
+			Certificate signing.
+			CRL signing.
+		Subject Key Identifier (not critical):
+			bd20bb15eaa7f91ee490df087a52e7aa08b0d7e6
+		Authority Key Identifier (not critical):
+			ecbcade39b163389122e04667889e156699ccbdf
+		Basic Constraints (critical):
+			Certificate Authority (CA): TRUE
+			Path Length Constraint: 0
+		CRL Distribution points (not critical):
+			URI: http://www.passport.gov.gr/csca/csca.crl
+		Certificate Policies (not critical):
+			1.3.6.1.4.1.5484.1.10.99.1.0
+				Note: This Certificate is governed by the referred Policies and the Certification Practice Statement of the Greek Country Signing Certification Authority (CSCA-GREECE), which form an integral part of the Ce
+				URI: http://www.passport.gov.gr/csca/policies/
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		3c:81:d2:be:59:6f:2a:c6:d7:92:79:2a:21:3c:32:72
+		58:24:43:d1:38:59:e8:ec:76:ed:07:4a:c0:82:eb:90
+		8b:2d:62:c4:60:55:ce:1c:a0:dc:c8:93:36:4c:36:72
+		9c:52:46:40:2c:5b:27:29:63:7c:9c:4c:31:e7:20:8e
+		9d:72:f4:8d:de:f9:50:27:57:58:6b:3b:4f:58:3b:59
+		d7:c0:3f:d3:9c:61:2b:2b:04:92:b6:68:1c:42:16:69
+		11:1f:01:41:5a:e6:7d:30:42:a7:2b:f5:a7:15:db:ae
+		0e:54:d2:41:79:3d:c6:c0:23:80:80:9b:9a:11:0d:00
+		2d:66:52:4d:3a:1c:cd:cd:d6:eb:f9:50:b2:e1:9a:00
+		a8:b8:9b:b7:1a:36:0e:5a:12:b0:e1:b1:fd:69:e1:0d
+		dc:22:0d:10:e1:af:f7:0f:82:27:a1:76:7e:37:cd:53
+		69:3c:e0:6b:ee:b1:1a:36:6a:db:cd:fa:e3:92:fb:18
+		1c:23:d5:c2:09:93:eb:5a:dd:2c:cd:95:4a:e5:96:1e
+		44:43:d9:0b:97:11:b7:36:62:64:16:57:84:96:e5:15
+		35:be:10:5a:77:f1:f1:7d:ae:db:76:32:77:82:26:47
+		04:e6:34:d2:82:07:f0:6e:a4:17:12:bc:09:ef:0d:7e
+		00:7a:c6:e4:e9:93:17:aa:8c:25:97:7c:d7:b2:ea:60
+		2a:29:54:f1:0d:c8:fa:e8:91:3d:b0:b3:15:fc:63:cc
+		11:49:40:a7:52:5c:d0:0f:e2:df:13:d3:65:e1:d6:3d
+		f2:c7:6d:7c:19:f0:5d:79:0e:18:22:8b:89:5b:68:26
+		5c:25:5b:0f:e2:9d:f3:50:a1:a0:5d:98:93:ed:45:f0
+		94:e2:6b:51:bc:ca:58:16:f1:e4:37:37:32:d2:7d:c7
+		b2:cb:00:a9:90:45:ad:b4:29:91:dc:6a:1b:19:e7:20
+		df:9e:96:5a:17:4b:8a:e6:fb:3d:11:3b:ed:79:e4:9c
+		55:62:1a:60:e2:d0:97:06:63:ea:9e:48:1e:f3:93:90
+		9b:d4:a4:3e:21:05:97:99:25:6d:27:09:99:34:7b:f2
+		80:a3:04:89:c1:e9:b9:5a:cf:df:39:40:23:e3:8c:22
+		18:d3:d1:71:4e:86:e8:b6:bf:eb:f5:11:97:cf:d7:54
+		65:62:c6:d4:fe:b7:f9:2d:ed:4a:8c:98:d2:96:aa:7f
+		78:32:b6:63:ee:e2:51:64:24:74:9b:de:56:6f:21:45
+		cb:b5:48:a3:1f:33:5a:98:e5:29:5e:9b:e0:1f:fd:46
+		45:eb:4f:34:15:7c:4a:be:a3:07:40:3c:33:3d:34:74
+Other Information:
+	SHA-1 fingerprint:
+		8b730ffbd11677aaaf8600b893927d9e402c3f2d
+	Public Key Id:
+		3c7fd9a47b17ed6f81ce80c326d147fd3b991444
+	Public key's random art:
+		+--[ RSA 4096]----+
+		|            . oE |
+		|           . . . |
+		|        . .   . .|
+		|       o . .   o |
+		|        S o   + =|
+		|       . B . * B.|
+		|        o o B ..+|
+		|           . +. +|
+		|            .. oo|
+		+-----------------+
+
+-----BEGIN CERTIFICATE-----
+MIIITDCCBjSgAwIBAgIBVzANBgkqhkiG9w0BAQsFADCBijEKMAgGA1UEBRMBMTEa
+MBgGA1UEChMRSGVsbGVuaWMgUmVwdWJsaWMxFDASBgNVBAMTC0NTQ0EtSEVMTEFT
+MRgwFgYDVQQLEw9IZWxsZW5pYyBQb2xpY2UxCzAJBgNVBAYTAkdSMSMwIQYJKoZI
+hvcNAQkBFhRjc2NhQHBhc3Nwb3J0Lmdvdi5ncjAeFw0xMTA4MjEwODAwMDZaFw0x
+NjExMjMyMTU5NTlaMHAxCjAIBgNVBAUTATMxGjAYBgNVBAoTEUhlbGxlbmljIFJl
+cHVibGljMRQwEgYDVQQDEwtDU0NBLUhFTExBUzELMAkGA1UEBhMCR1IxIzAhBgkq
+hkiG9w0BCQEWFGNzY2FAcGFzc3BvcnQuZ292LmdyMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA4JWyBFqReB9/HDN/0DrhLKdMGb5DMMKLtxodnYBDMP6A
+1of/8/JDNxbCHw9Q9L87pBjG0tqrVtPbmSOf3z3cChJhH+zmmmS/EO1QYO7J+qSC
+IpeJ08DR0O1og4pKIj/I7pldloHxP7Ju0351Jga02eHfp1WEN0WpeWpGN5+RupVf
+0nAbGDRqwHBZV3poykKJBU1A92DiRKUpaqyDbS/AKz9LNAkDMRjo4eBZN9TKdoeb
++7McbZS7DTvRwzTeO9NNxwsZ+0n48NsoRTaIry6uZgH2YCTqmRH33JwyhF7u0O2h
+4Nn4nqJpq6fgfqh4vCdzWEkDIiqH4wal0gAQrDSQjwsJ8tJ0Z7faABlH5sZwI96p
+dnJuTCNcJmbdTOE7GTUmpNFH3hEmeK2UvnFtEjViYeKZHlbmk/fi8YI2/5wN6/Yt
+Wi6rY4xn1I1Qf2XIf/bV770+D9N65inFBOoM3EbwTj4/nultZv1IoblJEUFMhNSC
+i93c9P9nGorSrkI5VXPfWejr8teef9151MG3jMpc/iBOogIZKBgys7ogct0sioLQ
+s56q7YSvT/N+AUl+z5VI7aLcK6/tpo6X+ztsr70NtHoTSQ6nmybLFnLtckn2AyjI
+tq6EzjULpUIu1P3N0UkKjU0txl/hU+xOk53rI04UiLVK1TxR/dj/uLUGQWI2gGkC
+AwEAAaOCAtQwggLQMCsGA1UdEAQkMCKADzIwMTEwODIxMDgwMDA2WoEPMjAxMTA4
+MjMyMDU5NTlaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUvSC7Feqn+R7kkN8I
+elLnqgiw1+YwHwYDVR0jBBgwFoAU7Lyt45sWM4kSLgRmeInhVmmcy98wEgYDVR0T
+AQH/BAgwBgEB/wIBADA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vd3d3LnBhc3Nw
+b3J0Lmdvdi5nci9jc2NhL2NzY2EuY3JsMIICAAYDVR0gBIIB9zCCAfMwggHvBgwr
+BgEEAapsAQpjAQAwggHdMIIBogYIKwYBBQUHAgIwggGUHoIBkABUAGgAaQBzACAA
+QwBlAHIAdABpAGYAaQBjAGEAdABlACAAaQBzACAAZwBvAHYAZQByAG4AZQBkACAA
+YgB5ACAAdABoAGUAIAByAGUAZgBlAHIAcgBlAGQAIABQAG8AbABpAGMAaQBlAHMA
+IABhAG4AZAAgAHQAaABlACAAQwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAFAA
+cgBhAGMAdABpAGMAZQAgAFMAdABhAHQAZQBtAGUAbgB0ACAAbwBmACAAdABoAGUA
+IABHAHIAZQBlAGsAIABDAG8AdQBuAHQAcgB5ACAAUwBpAGcAbgBpAG4AZwAgAEMA
+ZQByAHQAaQBmAGkAYwBhAHQAaQBvAG4AIABBAHUAdABoAG8AcgBpAHQAeQAgACgA
+QwBTAEMAQQAtAEcAUgBFAEUAQwBFACkALAAgAHcAaABpAGMAaAAgAGYAbwByAG0A
+IABhAG4AIABpAG4AdABlAGcAcgBhAGwAIABwAGEAcgB0ACAAbwBmACAAdABoAGUA
+IABDAGUwNQYIKwYBBQUHAgEWKWh0dHA6Ly93d3cucGFzc3BvcnQuZ292LmdyL2Nz
+Y2EvcG9saWNpZXMvMA0GCSqGSIb3DQEBCwUAA4ICAQA8gdK+WW8qxteSeSohPDJy
+WCRD0ThZ6Ox27QdKwILrkIstYsRgVc4coNzIkzZMNnKcUkZALFsnKWN8nEwx5yCO
+nXL0jd75UCdXWGs7T1g7WdfAP9OcYSsrBJK2aBxCFmkRHwFBWuZ9MEKnK/WnFduu
+DlTSQXk9xsAjgICbmhENAC1mUk06HM3N1uv5ULLhmgCouJu3GjYOWhKw4bH9aeEN
+3CINEOGv9w+CJ6F2fjfNU2k84GvusRo2atvN+uOS+xgcI9XCCZPrWt0szZVK5ZYe
+REPZC5cRtzZiZBZXhJblFTW+EFp38fF9rtt2MneCJkcE5jTSggfwbqQXErwJ7w1+
+AHrG5OmTF6qMJZd817LqYCopVPENyProkT2wsxX8Y8wRSUCnUlzQD+LfE9Nl4dY9
+8sdtfBnwXXkOGCKLiVtoJlwlWw/infNQoaBdmJPtRfCU4mtRvMpYFvHkNzcy0n3H
+sssAqZBFrbQpkdxqGxnnIN+elloXS4rm+z0RO+155JxVYhpg4tCXBmPqnkge85OQ
+m9SkPiEFl5klbScJmTR78oCjBInB6blaz985QCPjjCIY09FxTobotr/r9RGXz9dU
+ZWLG1P63+S3tSoyY0paqf3gytmPu4lFkJHSb3lZvIUXLtUijHzNamOUpXpvgH/1G
+RetPNBV8Sr6jB0A8Mz00dA==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding
index 62cc0eed23..715488e2ec 100755
--- a/tests/cert-tests/pem-decoding
+++ b/tests/cert-tests/pem-decoding
@@ -25,6 +25,7 @@ set -e
 srcdir=${srcdir:-.}
 CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
 
+#check whether "funny" spaces can be interpreted
 $CERTTOOL --certificate-info --infile $srcdir/funny-spacing.pem >/dev/null 2>&1
 rc=$?
 
@@ -33,4 +34,21 @@ if test "$rc" != "0"; then
   exit $rc
 fi
 
+#check whether a BMPString attribute can be properly decoded
+$CERTTOOL --certificate-info --infile $srcdir/bmpstring.pem >tmp-pem.pem
+rc=$?
+
+if test "$rc" != "0"; then
+  exit $rc
+fi
+
+diff $srcdir/bmpstring.pem tmp-pem.pem
+rc=$?
+
+if test "$rc" != "0"; then
+  exit $rc
+fi
+
+rm -f tmp-pem.pem
+
 exit 0