tests: enhanced test suite to include invalid V1 certs

That is, added X.509v1 certificates with attributes that shouldn't
have been presented (valid for X.509v2 only).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

4 files changed, 96 insertions, 2 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 4ea9af9806..b53904e95c 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -62,13 +62,14 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \
 	data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out \
 	data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12 \
-	data/openpgp-invalid1.pub data/openpgp-invalid2.pub data/openpgp-invalid3.pub
+	data/openpgp-invalid1.pub data/openpgp-invalid2.pub data/openpgp-invalid3.pub \
+	data/x509-v1-with-sid.pem data/x509-v1-with-iid.pem
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
 	provable-dh userid sha2-test sha2-dsa-test provable-privkey-dsa2048 \
 	provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \
-	pkcs7-constraints2 certtool-long-oids pkcs7-cat
+	pkcs7-constraints2 certtool-long-oids pkcs7-cat cert-sanity
 
 if WANT_TEST_SUITE
 dist_check_SCRIPTS += provable-dh-default
diff --git a/tests/cert-tests/cert-sanity b/tests/cert-tests/cert-sanity
new file mode 100755
index 0000000000..edcefe963c
--- /dev/null
+++ b/tests/cert-tests/cert-sanity
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+# This checks whether invalid certificates are accepted
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v1-with-sid.pem"
+rc=$?
+
+if test "${rc}" != 1; then
+	echo "X509v1 certificate with subject unique ID was accepted"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/x509-v1-with-iid.pem"
+rc=$?
+
+if test "${rc}" != 1; then
+	echo "X509v1 certificate with issuer unique ID was accepted"
+	exit 1
+fi
+
+
+
+exit 0
diff --git a/tests/cert-tests/data/x509-v1-with-iid.pem b/tests/cert-tests/data/x509-v1-with-iid.pem
new file mode 100644
index 0000000000..98456eb1a3
--- /dev/null
+++ b/tests/cert-tests/data/x509-v1-with-iid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo8CEAEAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgTB1NoYW5ueGkxDjAMBgNVBAcTBVhpJ2FuMRowGAYDVQQKExFYaWRpYW4gVW5pdmVy
+c2l0eTENMAsGA1UECxMESUNUVDEbMBkGA1UEAxMSaWN0dC54aWRpYW4uZWR1LmNuMB4XDTE2MDky
+ODA4MTg1OFoXDTI0MTIxNTA4MTg1OFowgaQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdTaGFubnhp
+MQ4wDAYDVQQHDAVYaSdhbjEaMBgGA1UECgwRWGlkaWFuIFVuaXZlcnNpdHkxDTALBgNVBAsMBFBo
+LkQxGjAYBgNVBAMMEXBoZC54aWRpYW4uZWR1LmNuMSwwKgYJKoZIhvcNAQkBFh1jaGVuY2h1QHN0
+dW1haWwueGlkaWFuLmVkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIBBvP+5
+LH95Ve5b9F1MkH0+ZVBQocjRlWdjdwhFCwrnh+pQ1Sb4NLuGCeVOrtOiiQDEo2egR1WAaDrBKEW0
+W0diJdSUbGO0ANEaOYH7WSAutMFyQmFD1K3H1zDTJxwrlct7ZwLClmVywfyJdN6yQR3s5+r+KE9L
+ucgv+xOudc+5/Oq+ntLVHjj62UfrJ6cw2MqA0oVZF9WmZeAQ1JNUnIatzo1i2EeLpJKLgf6WfhmR
+XGjm/KTU+e3alHPnpOcGb6FPkJE9mWezaGcIO8jfUjeP/a6L8qksj0vdCEx32g51RcDiUmvWFHpp
+DGPFJkmuZEpw5FMFoPsVmeO2wlBOTPsCAwEAAYEGAAECAwQFMA0GCSqGSIb3DQEBCwUAA4IBAQBk
+Hu9xmv32lFzvqvyzwN9bHxrprROBnKOpCZHTnFTRkZcZS8Ys0pc4uJ/zhLEsECA8bSN9YjhzfeTH
+237ZcTlRetBK7SXm4TCC0J3D4TOc9zyjAqSXga9flUPmK7nbcwznA6V8KtRKRsS95C0fr2VQvsWR
+wiguPKWwvBWWvy30PaYeZPzKTzJLu+g4L4+1jdXWhbdkinfHPXPM732lpd0Zg6FSVQi85K5IeqHI
+F/WzKZEippbCHyQ7jk6I4QSKfK15th9yTGgu3ARXvAFlqqKObuAt57uFI4Wmk4M+vvAMHuoHxMdM
+6V26CKUUV+Qu6rpQQ+guWob2Zyu0CwWA5rw6
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/tests/cert-tests/data/x509-v1-with-sid.pem b/tests/cert-tests/data/x509-v1-with-sid.pem
new file mode 100644
index 0000000000..f2127c8778
--- /dev/null
+++ b/tests/cert-tests/data/x509-v1-with-sid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAowCEAEAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgTB1NoYW5ueGkxDjAMBgNVBAcTBVhpJ2FuMRowGAYDVQQKExFYaWRpYW4gVW5pdmVy
+c2l0eTENMAsGA1UECxMESUNUVDEbMBkGA1UEAxMSaWN0dC54aWRpYW4uZWR1LmNuMB4XDTE2MDky
+ODA4MTg1OVoXDTI0MTIxNTA4MTg1OVowgaQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdTaGFubnhp
+MQ4wDAYDVQQHDAVYaSdhbjEaMBgGA1UECgwRWGlkaWFuIFVuaXZlcnNpdHkxDTALBgNVBAsMBFBo
+LkQxGjAYBgNVBAMMEXBoZC54aWRpYW4uZWR1LmNuMSwwKgYJKoZIhvcNAQkBFh1jaGVuY2h1QHN0
+dW1haWwueGlkaWFuLmVkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6YuRMn
+V0cOz1rKSrRri1IajVBpJROr+L3N09XcKL1IOTFmV40aZG93v8o5pSIJ4Q/nqzmEqoChYLxnBSAe
+I/3tLrtrYBNBmrJaum7M7fAcBGBvLlKv7hhN8l5ujHkHJwxBdU0Qma9KxUcJft1wlPaEYR/kC9Ls
+jpoz2CW1e5H2CXtxyd5PRgX7FizUwl0myrSnJr1OF/ARjYsW5vFDd8CtPeoD4KFoHLn0d7lqSsl/
+t2g3hoJoe7e9Kkdm40ev7sOSEcJW4VqRplX1KZeuZm+Gmh44aw9QWLHiCtSrddDy36GvdsAeaCvi
+boBIseUoNEtV/4JXTS83m3iIQ4ynyn0CAwEAAYIDAAEGMA0GCSqGSIb3DQEBCwUAA4IBAQAGOv7G
+yuYn3thPJDabruSRDXJWaJHhY5t2PJYNkaoNSCNgJt+3gP4IvNFL3QmM+8Ezy5XpMU7MIrtmrxKp
+MWKE86eY9mn+dP6fG4Ppvo+gSmO1DtofSiFzOA4jMmkVxOYeZyxgw2no+HY3CHZnbK+5wNYn6eP5
+zBtJKp9Uo4zd929wQxNZJR+XKLXF9rdRZOCp6Ez2p6MVTFYAvhILJ3xr0/4YWukqP1rLUDVRU6+F
+xfRl0uGQbyIllsocinCJxy0PlskwqORHSgonefQdCU8Mg0neNJ/+RZ6v7xFz4+k9/QVBu+j8mWeX
+LHCLvuer7Q6zHq+1JHAeuEp48clGUnG7
+-----END CERTIFICATE-----
\ No newline at end of file