tests: added decoding of multi-value DN

3 files changed, 97 insertions, 6 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index adbb345d3b..ccfdf7d999 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -59,7 +59,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/srv-public-localhost-signed.gpg data/selfsigs/alice-mallory-badsig18.pub \
 	data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \
 	data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \
-	data/code-signing-ca.pem data/code-signing-cert.pem
+	data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
diff --git a/tests/cert-tests/data/multi-value-dn.pem b/tests/cert-tests/data/multi-value-dn.pem
new file mode 100644
index 0000000000..091951ee6a
--- /dev/null
+++ b/tests/cert-tests/data/multi-value-dn.pem
@@ -0,0 +1,75 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 09
+	Issuer: C=CZ,O=corp+O=big corp+O=another corp,OU=arbitrary,UID=user,CN=unknown+CN=multi-test+CN=multi-test
+	Validity:
+		Not Before: Mon Oct 31 15:53:52 UTC 2016
+		Not After: Tue Oct 31 15:53:52 UTC 2017
+	Subject: C=CZ,O=corp+O=big corp+O=another corp,OU=arbitrary,UID=user,CN=unknown+CN=multi-test+CN=multi-test
+	Subject Public Key Algorithm: RSA
+	Algorithm Security Level: Low (1024 bits)
+		Modulus (bits 1024):
+			00:c0:0f:cd:3a:34:fb:58:cf:e6:2a:af:ad:52:1f:cf
+			b3:87:e4:d4:de:f7:2b:9f:13:25:5c:c1:3e:5b:f7:45
+			8d:d0:ff:b5:b9:95:73:7a:f0:65:da:9d:dc:8d:17:d0
+			c4:56:64:5d:53:1c:d1:6d:29:6e:63:bc:79:ce:90:76
+			f8:33:ce:51:3e:ef:cb:fd:ad:7f:92:db:ae:93:6c:4f
+			93:7f:03:80:49:f9:34:4c:12:4f:f9:03:68:bb:69:e7
+			a1:ee:65:3a:f2:52:f4:7b:74:37:d7:04:ba:79:6e:2c
+			be:cb:f8:99:d7:fb:2b:c6:bb:39:f5:47:c6:55:e5:84
+			7b
+		Exponent (bits 24):
+			01:00:01
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): FALSE
+		Subject Key Identifier (not critical):
+			753ab7fc73642914496111fdce90cbf63d1c8a13
+	Signature Algorithm: RSA-SHA256
+	Signature:
+		a3:42:6f:c5:b0:1a:5d:5e:ef:91:17:c0:64:0c:84:c3
+		53:33:23:e1:6f:83:21:0e:7f:0c:25:08:fa:0c:83:55
+		d5:58:bc:cf:59:2a:d3:23:fa:f0:31:f8:3b:6a:3a:55
+		32:8b:38:a3:f2:1d:ee:be:ad:bd:d6:d7:26:c0:fc:d5
+		33:cf:3a:f1:3a:57:43:d9:a2:1f:39:c5:2c:07:00:65
+		7f:e5:08:53:bf:42:8f:dd:c2:69:39:c3:e6:92:49:bb
+		63:ce:99:58:38:13:5b:15:c2:bd:27:ea:fd:7b:0e:30
+		e7:37:c6:47:ce:03:e7:5a:19:2a:90:a8:93:89:e9:9d
+Other Information:
+	SHA1 fingerprint:
+		3cd23994f8e12b98462899fd30d6750f153dba7f
+	SHA256 fingerprint:
+		9442533a526ab64a4fb32b87898fae2d6dd7e85730926a58ff5f5cb9fd810b0e
+	Public Key ID:
+		753ab7fc73642914496111fdce90cbf63d1c8a13
+	Public key's random art:
+		+--[ RSA 1024]----+
+		|            .**  |
+		|            .o . |
+		|          . . ...|
+		|         . o .o .|
+		|        S o o. =.|
+		|           E o+o=|
+		|            =.++o|
+		|           o o.o+|
+		|            . .o.|
+		+-----------------+
+
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAligAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpDE2MA4GA1UEAxMHdW5r
+bm93bjARBgNVBAMTCm11bHRpLXRlc3QwEQYDVQQDEwptdWx0aS10ZXN0MRQwEgYK
+CZImiZPyLGQBARMEdXNlcjESMBAGA1UECxMJYXJiaXRyYXJ5MTMwCwYDVQQKEwRj
+b3JwMA8GA1UEChMIYmlnIGNvcnAwEwYDVQQKEwxhbm90aGVyIGNvcnAxCzAJBgNV
+BAYTAkNaMB4XDTE2MTAzMTE1NTM1MloXDTE3MTAzMTE1NTM1MlowgaQxNjAOBgNV
+BAMTB3Vua25vd24wEQYDVQQDEwptdWx0aS10ZXN0MBEGA1UEAxMKbXVsdGktdGVz
+dDEUMBIGCgmSJomT8ixkAQETBHVzZXIxEjAQBgNVBAsTCWFyYml0cmFyeTEzMAsG
+A1UEChMEY29ycDAPBgNVBAoTCGJpZyBjb3JwMBMGA1UEChMMYW5vdGhlciBjb3Jw
+MQswCQYDVQQGEwJDWjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwA/NOjT7
+WM/mKq+tUh/Ps4fk1N73K58TJVzBPlv3RY3Q/7W5lXN68GXandyNF9DEVmRdUxzR
+bSluY7x5zpB2+DPOUT7vy/2tf5LbrpNsT5N/A4BJ+TRMEk/5A2i7aeeh7mU68lL0
+e3Q31wS6eW4svsv4mdf7K8a7OfVHxlXlhHsCAwEAAaMvMC0wDAYDVR0TAQH/BAIw
+ADAdBgNVHQ4EFgQUdTq3/HNkKRRJYRH9zpDL9j0cihMwDQYJKoZIhvcNAQELBQAD
+gYEAo0JvxbAaXV7vkRfAZAyEw1MzI+FvgyEOfwwlCPoMg1XVWLzPWSrTI/rwMfg7
+ajpVMos4o/Id7r6tvdbXJsD81TPPOvE6V0PZoh85xSwHAGV/5QhTv0KP3cJpOcPm
+kkm7Y86ZWDgTWxXCvSfq/XsOMOc3xkfOA+daGSqQqJOJ6Z0=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding
index bdc29d670e..2977888aba 100755
--- a/tests/cert-tests/pem-decoding
+++ b/tests/cert-tests/pem-decoding
@@ -53,7 +53,7 @@ if test "${rc}" != "0"; then
 fi
 
 #FIXME: the output string differs in windows and linux on the last char.
-${DIFF} "${srcdir}/data/bmpstring.pem" ${TMPFILE} || ${DIFF} --strip-trailing-cr "${srcdir}/data/bmpstring.pem" ${TMPFILE}
+${DIFF} -I 'Algorithm Security Level' "${srcdir}/data/bmpstring.pem" ${TMPFILE} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${srcdir}/data/bmpstring.pem" ${TMPFILE}
 rc=$?
 
 if test "${rc}" != "0"; then
@@ -72,7 +72,7 @@ fi
 
 cat "${srcdir}/data/complex-cert.pem" |grep -v "Not After:" >${TMPFILE1}
 cat ${TMPFILE} |grep -v "Not After:" >${TMPFILE2}
-${DIFF} ${TMPFILE1} ${TMPFILE2} || ${DIFF} --strip-trailing-cr ${TMPFILE1} ${TMPFILE2}
+${DIFF} -I 'Algorithm Security Level' ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr ${TMPFILE1} ${TMPFILE2}
 rc=$?
 
 if test "${rc}" != "0"; then
@@ -91,7 +91,7 @@ fi
 
 cat "${srcdir}/data/xmpp-othername.pem" |grep -v "Not After:" >${TMPFILE1}
 cat ${TMPFILE} |grep -v "Not After:" >${TMPFILE2}
-${DIFF} ${TMPFILE1} ${TMPFILE2} || ${DIFF} --strip-trailing-cr ${TMPFILE1} ${TMPFILE2}
+${DIFF} -I 'Algorithm Security Level' ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr ${TMPFILE1} ${TMPFILE2}
 rc=$?
 
 if test "${rc}" != "0"; then
@@ -109,7 +109,7 @@ fi
 
 cat ${TMPFILE} |grep "KRB5Principal:" >${TMPFILE1}
 cat "${srcdir}/data/template-krb5name-full.pem" |grep "KRB5Principal:" >${TMPFILE2}
-${DIFF} -u ${TMPFILE1} ${TMPFILE2} || ${DIFF} -u --strip-trailing-cr ${TMPFILE1} ${TMPFILE2}
+${DIFF} -I 'Algorithm Security Level' -u ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' -u --strip-trailing-cr ${TMPFILE1} ${TMPFILE2}
 rc=$?
 
 if test "${rc}" != "0"; then
@@ -127,7 +127,7 @@ if test "${rc}" != "0"; then
 	exit ${rc}
 fi
 
-${DIFF} ${TMPFILE} "${srcdir}/data/gost-cert.pem" || ${DIFF} --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/gost-cert.pem"
+${DIFF} -I 'Algorithm Security Level' ${TMPFILE} "${srcdir}/data/gost-cert.pem" || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/gost-cert.pem"
 rc=$?
 
 if test "${rc}" != "0"; then
@@ -135,6 +135,22 @@ if test "${rc}" != "0"; then
 	exit ${rc}
 fi
 
+${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/multi-value-dn.pem" >${TMPFILE}
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "MV-DN cert decoding failed 1"
+	exit ${rc}
+fi
+
+${DIFF} -I 'Algorithm Security Level' ${TMPFILE} "${srcdir}/data/multi-value-dn.pem" || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/multi-value-dn.pem"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "MV-DN cert decoding failed 2"
+	exit ${rc}
+fi
+
 rm -f ${TMPFILE} ${TMPFILE1} ${TMPFILE2}
 
 exit 0