diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-24 15:44:35 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-25 10:52:40 +0100 |
commit | 5bc331e9d0c55c0686146e94fce20c152a6f5192 (patch) | |
tree | c444046ab1f7c741c4a00a0b9698eada369edf62 | |
parent | 7f9c8b2225cd9d7ad72c85feb1f0726883208ed0 (diff) | |
download | gnutls-5bc331e9d0c55c0686146e94fce20c152a6f5192.tar.gz |
tests: added pkcs7 verification with struct generated from openssl
-rw-r--r-- | tests/cert-tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/cert-tests/data/openssl.p7b | bin | 0 -> 1958 bytes | |||
-rw-r--r-- | tests/cert-tests/data/openssl.p7b.out | 93 | ||||
-rwxr-xr-x | tests/cert-tests/pkcs7 | 9 |
4 files changed, 101 insertions, 3 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 9e0ff0d7e6..919895c7da 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -60,7 +60,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \ data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \ data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \ - data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 + data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/data/openssl.p7b b/tests/cert-tests/data/openssl.p7b Binary files differnew file mode 100644 index 0000000000..9506d8b553 --- /dev/null +++ b/tests/cert-tests/data/openssl.p7b diff --git a/tests/cert-tests/data/openssl.p7b.out b/tests/cert-tests/data/openssl.p7b.out new file mode 100644 index 0000000000..6330451477 --- /dev/null +++ b/tests/cert-tests/data/openssl.p7b.out @@ -0,0 +1,93 @@ +Signers: + Signer's issuer DN: CN=GnuTLS Test CA + Signer's serial: 5838027a15510d5a + Signature Algorithm: ECDSA-SHA256 + Signed Attributes: + 1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + 1.2.840.113549.1.9.4: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4 + 1.2.840.113549.1.9.5: 170d3136313132353039333233305a + 1.2.840.113549.1.9.3: 06092a864886f70d010701 + +Number of certificates: 2 + +-----BEGIN CERTIFICATE----- +MIICejCCATKgAwIBAgIIWDgCehVRDVowDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIBcNMTYxMTI1MDkyMDU5WhgPOTk5OTEyMzEyMzU5 +NTlaMBcxFTATBgNVBAMTDFNpZ25pbmcgY2VydDBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABExURrCCMC8IFrefI//PugUNi20YWKxGudCeq3J298gLO9dvbcSX+w2I +M70X4v5Di0iZYCRXnLclbnFKPwNk3LGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0P +AQH/BAUDAweAADAdBgNVHQ4EFgQUvvYAxiRrYOq1+BPJpdXgySnV1zMwHwYDVR0j +BBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAGRN +PybhFeWRXUFteKH3pUpCIS/qWQHIcmHiSIw4S8Nh26pEleH5Ni99wf/DvYheONy4 +044YdIlDLFyXD5Ny469aEPkQm4VmgM+o7mG2dwg4om8KRTFL8G6JmVmT48s/1lD8 +sWzvz8gAegyPDh+CaPbO9XaLrFVhDdpO/IORPeMtvkVQY/Z1tVO3JgXvkAdrdJkK +uF8LFcVwHvjZIVoNdkk5J+VrKP0nWcmlEkLsL+OHUmf2drQneJ2fPsdjGGn9Vj0d +9l/mn/9dtEEMGasPJhj4y7oVJ7CC8Qu4ksFng5dW6x5bmVZpn15ruzJc21SkEWPU +D4N6LsdWC2+w4k2o3fV3b+FlHvswlAsgU0eMq9WHnVbSdWSsEUgGk8E8nhTLdQ82 +DUgMweNWlGd7k/VI06w= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV +BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL +dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb +HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08 +WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3 +F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3 +a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe +oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P +MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH +VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc +4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s +V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK +VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u +f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv +ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +-----END CERTIFICATE----- + +-----BEGIN PKCS7----- +MIIHogYJKoZIhvcNAQcCoIIHkzCCB48CAQExDTALBglghkgBZQMEAgEwKgYJKoZI +hvcNAQcBoB0EG0hlbGxvIHRoZXJlLiBIb3cgYXJlIHlvdT8NCqCCBdIwggJ6MIIB +MqADAgECAghYOAJ6FVENWjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAgFw0xNjExMjUwOTIwNTlaGA85OTk5MTIzMTIzNTk1OVowFzEV +MBMGA1UEAxMMU2lnbmluZyBjZXJ0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +TFRGsIIwLwgWt58j/8+6BQ2LbRhYrEa50J6rcnb3yAs7129txJf7DYgzvRfi/kOL +SJlgJFectyVucUo/A2TcsaNhMF8wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMD +B4AAMB0GA1UdDgQWBBS+9gDGJGtg6rX4E8ml1eDJKdXXMzAfBgNVHSMEGDAWgBRN +VrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAZE0/JuEV5ZFd +QW14ofelSkIhL+pZAchyYeJIjDhLw2HbqkSV4fk2L33B/8O9iF443LjTjhh0iUMs +XJcPk3Ljr1oQ+RCbhWaAz6juYbZ3CDiibwpFMUvwbomZWZPjyz/WUPyxbO/PyAB6 +DI8OH4Jo9s71dousVWEN2k78g5E94y2+RVBj9nW1U7cmBe+QB2t0mQq4XwsVxXAe ++NkhWg12STkn5Wso/SdZyaUSQuwv44dSZ/Z2tCd4nZ8+x2MYaf1WPR32X+af/120 +QQwZqw8mGPjLuhUnsILxC7iSwWeDl1brHluZVmmfXmu7MlzbVKQRY9QPg3oux1YL +b7DiTajd9Xdv4WUe+zCUCyBTR4yr1YedVtJ1ZKwRSAaTwTyeFMt1DzYNSAzB41aU +Z3uT9UjTrDCCA1AwggIIoAMCAQICAQAwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwHhcNMTEwNTI4MDgzNjMwWhcNMzgxMDEyMDgzNjMz +WjAZMRcwFQYDVQQDEw5HbnVUTFMgVGVzdCBDQTCCAVIwDQYJKoZIhvcNAQEBBQAD +ggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQWk9x3GuuUhKA8IdC +oj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPeb+E0HQuDizIhOeni +BqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxRrPEs318Ot/jCOhau +ojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQfdTPf5ceYBR+ZPf4 +j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB4oFzBGQthXs5cCB2 +mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQPUQo3jt21CKGGiHVU +1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaNDMEEwDwYDVR0TAQH/ +BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRNVrdqAFjxZ5L0pnVV +G45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAHrDoIxhYtczmKQPzd4JFFUXARw8Z +je4NsjnKh1X4RXPnuM4TnoUddVgrdkYMzZZ2FZlecwZkAXUwLfD6PzFYSwg1tQVC +x5S7y9AxXOLAdUZXBnkHAikGuG/kPVVn+H+k37hFmUAuY+bLYl41YDqqzjK8ymdn +ilgOCbC/bFfuwDUmRPoTrdV9ZgPJqMqnveVNhHIofpxSUlkgXdVhYhM1Z17+BVVj +12x/RxEQylW2rI6H1lpkDtWJUD4rIS4JtSG8KjpDpOLA4KC7lGeBoD9Aw3jehJkQ +zswcq7/vbn+OQZfSEH+CCTTy1PZRKo8jDsnak+pAYu341eSArkGeBHlSbDhrl+z6 +jcqA8yRy733q0XzS6+nkEh0sQYUtHFcg42+YAmsCuru8U1Pm+8YpBInvZDGCAXcw +ggFzAgEBMCUwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0ECCFg4AnoVUQ1aMAsG +CWCGSAFlAwQCAaCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3 +DQEJBTEPFw0xNjExMjUwOTMyMzBaMC8GCSqGSIb3DQEJBDEiBCByi+Ufe2Pc9z8o +uoDSd85H+M9adaAtTmdw4ZuqV6dnpDB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFl +AwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqG +SIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB +KDAKBggqhkjOPQQDAgRHMEUCIHwo+5MOxoznE73+I4XdD1Nm/3yJ9RRapS1ie5b2 +moBYAiEAt1jLVaEosn+jdpoWY49YdlqBN+ot/nvj1eq0bJyO2uk= +-----END PKCS7----- diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index 9e1b607038..ff66dfb748 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -33,7 +33,7 @@ OUTFILE2=out2-pkcs7.$$.tmp check_for_datefudge -for FILE in single-ca.p7b full.p7b; do +for FILE in single-ca.p7b full.p7b openssl.p7b; do ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}" rc=$? @@ -52,7 +52,7 @@ done # check signatures -for FILE in full.p7b; do +for FILE in full.p7b openssl.p7b; do # check validation with date prior to CA issuance datefudge -s "2011-1-10" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" @@ -90,6 +90,11 @@ if test "${rc}" != "0"; then echo "${FILE}: PKCS7 verification failed" exit ${rc} fi +done + + +#check key purpose verification +for FILE in full.p7b; do ${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" rc=$? |