tests: crt_apis: added tests for writing/reading unique IDstmp-testsuite-unique-id

That is check the functionality of:
 - gnutls_x509_crt_get_subject_unique_id
 - gnutls_x509_crt_get_issuer_unique_id
 - gnutls_x509_crt_set_issuer_unique_id
 - gnutls_x509_crt_set_subject_unique_id

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 49 insertions, 17 deletions

diff --git a/tests/crt_apis.c b/tests/crt_apis.c
index ccc0ab5200..1d46578c37 100644
--- a/tests/crt_apis.c
+++ b/tests/crt_apis.c
@@ -39,19 +39,19 @@
 
 static unsigned char saved_crt_pem[] =
 	"-----BEGIN CERTIFICATE-----\n"
-	"MIICSzCCAbSgAwIBAgIDChEAMA0GCSqGSIb3DQEBCwUAMCsxDjAMBgNVBAMTBW5p\n"
+	"MIICWTCCAcKgAwIBAgIDChEAMA0GCSqGSIb3DQEBCwUAMCsxDjAMBgNVBAMTBW5p\n"
 	"a29zMRkwFwYDVQQKExBub25lIHRvLCBtZW50aW9uMCAXDTA4MDMzMTIyMDAwMFoY\n"
 	"Dzk5OTkxMjMxMjM1OTU5WjArMQ4wDAYDVQQDEwVuaWtvczEZMBcGA1UEChMQbm9u\n"
 	"ZSB0bywgbWVudGlvbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu2ZD9fLF\n"
 	"17aMzMXf9Yg7sclLag6hrSBQQAiAoU9co9D4bM/mPPfsBHYTF4tkiSJbwN1TfDvt\n"
 	"fAS7gLkovo6bxo6gpRLL9Vceoue7tzNJn+O7Sq5qTWj/yRHiMo3OPYALjXXv2ACB\n"
-	"jygEA6AijWEEB/q2N30hB0nSCWFpmJCjWKkCAwEAAaN7MHkwDAYDVR0TAQH/BAIw\n"
-	"ADAPBgNVHQ8BAf8EBQMDB4AAMDYGA1UdEQQvMC2CA2FwYYIReG4tLW14YWE0YXM2\n"
-	"ZC5jb22BE3Rlc3RAeG4tLWt4YXdoay5vcmcwIAYDVR0lAQH/BBYwFAYIKwYBBQUH\n"
-	"AwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4GBACul+Ucf1gADG6diSZA7hOPG\n"
-	"4g1hngzNWP1uObfICizlo791+KGrbIh9aIntcE1GYWHUP25SUKDaQD9n5f92Jm7U\n"
-	"EVAMxrp6c9b5GAH9818KL6aYuvgWlAeofW5t3sFrdzeEIVXrQsZWiSKtiC89JFG9\n"
-	"a7c3rdNqKrfzkop8NIgc\n"
+	"jygEA6AijWEEB/q2N30hB0nSCWFpmJCjWKkCAwEAAYEFAAABAgOCBQAEAwIBo3sw\n"
+	"eTAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHgAAwNgYDVR0RBC8wLYIDYXBh\n"
+	"ghF4bi0tbXhhYTRhczZkLmNvbYETdGVzdEB4bi0ta3hhd2hrLm9yZzAgBgNVHSUB\n"
+	"Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAsCHT\n"
+	"vpIFkQG8th0DbEU3BE3KP5aa93HDLpZPu5PVLkoBb4PPWjKPK+737mwaSs9zXe58\n"
+	"awhM0ycZ1ymSC+MiRuQlzt4Opx1Fm8WFsDr7d0g/C96Arr1Ss4ZhNi15nyoYeaWJ\n"
+	"1n7nX+msWnuc+aABt1d8aAhAvaU8do0+WI2jY90=\n"
 	"-----END CERTIFICATE-----\n";
 
 const gnutls_datum_t saved_crt = { saved_crt_pem, sizeof(saved_crt_pem)-1 };
@@ -77,6 +77,7 @@ void doit(void)
 	gnutls_x509_crt_t crt;
 	gnutls_x509_crt_t crt2;
 	const char *err = NULL;
+	unsigned char buf[64];
 	gnutls_datum_t out;
 	size_t s = 0;
 	int ret;
@@ -180,20 +181,19 @@ void doit(void)
 
 	ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME,
 						   "απαλό.com", strlen("απαλό.com"), 1);
-#if defined(HAVE_LIBIDN) || defined(HAVE_LIBIDN2)
+#if defined(HAVE_LIBIDN2) || defined(HAVE_LIBIDN)
 	if (ret != 0)
 		fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret));
-#else
-	if (ret != GNUTLS_E_UNIMPLEMENTED_FEATURE)
-		fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret));
-#endif
 
-#ifdef HAVE_LIBIDN
 	ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME,
 						   "test@νίκο.org", strlen("test@νίκο.org"), 1);
 	if (ret != 0)
 		fail("gnutls_x509_crt_set_subject_alt_name\n");
+#else
+	if (ret != GNUTLS_E_UNIMPLEMENTED_FEATURE)
+		fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret));
 #endif
+
 	s = 0;
 	ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL);
 	if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
@@ -225,12 +225,22 @@ void doit(void)
 		fail("gnutls_x509_crt_set_issuer_dn: %s, %s\n", gnutls_strerror(ret), err);
 	}
 
+#define ISSUER_UNIQUE_ID "\x00\x01\x02\x03"
+#define SUBJECT_UNIQUE_ID "\x04\x03\x02\x01"
+	ret = gnutls_x509_crt_set_issuer_unique_id(crt, ISSUER_UNIQUE_ID, sizeof(ISSUER_UNIQUE_ID)-1);
+	if (ret < 0)
+		fail("error: %s\n", gnutls_strerror(ret));
+
+	ret = gnutls_x509_crt_set_subject_unique_id(crt, SUBJECT_UNIQUE_ID, sizeof(SUBJECT_UNIQUE_ID)-1);
+	if (ret < 0)
+		fail("error: %s\n", gnutls_strerror(ret));
+
+	/* Sign and finalize the certificate */
 	ret = gnutls_x509_crt_sign2(crt, crt, pkey, GNUTLS_DIG_SHA256, 0);
 	if (ret < 0)
 		fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret));
 
 
-
 	ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out);
 	if (ret != 0)
 		fail("gnutls_x509_crt_print\n");
@@ -238,7 +248,7 @@ void doit(void)
 		printf("crt: %.*s\n", out.size, out.data);
 	gnutls_free(out.data);
 
-
+	/* Verify whether selected input is present */
 	s = 0;
 	ret = gnutls_x509_crt_get_extension_info(crt, 0, NULL, &s, NULL);
 	if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
@@ -260,6 +270,26 @@ void doit(void)
 	}
 	gnutls_free(out.data);
 
+	s = sizeof(buf);
+	ret = gnutls_x509_crt_get_issuer_unique_id(crt, (void*)buf, &s);
+	if (ret < 0)
+		fail("error: %s\n", gnutls_strerror(ret));
+
+	if (s != sizeof(ISSUER_UNIQUE_ID)-1 ||
+		memcmp(buf, ISSUER_UNIQUE_ID, s) != 0) {
+		fail("issuer unique id comparison failed\n");
+	}
+
+	s = sizeof(buf);
+	ret = gnutls_x509_crt_get_subject_unique_id(crt, (void*)buf, &s);
+	if (ret < 0)
+		fail("error: %s\n", gnutls_strerror(ret));
+
+	if (s != sizeof(SUBJECT_UNIQUE_ID)-1 ||
+		memcmp(buf, SUBJECT_UNIQUE_ID, s) != 0) {
+		fail("subject unique id comparison failed\n");
+	}
+
 	ret = gnutls_x509_crt_get_raw_dn(crt, &out);
 	if (ret < 0 || out.size == 0)
 		fail("gnutls_x509_crt_get_raw_dn: %s\n", gnutls_strerror(ret));
@@ -281,7 +311,9 @@ void doit(void)
 	}
 	assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0);
 
-#ifdef HAVE_LIBIDN
+	if (debug)
+		fprintf(stderr, "%s\n", out.data);
+#if defined(HAVE_LIBIDN2)
 	assert(out.size == saved_crt.size);
 	assert(memcmp(out.data, saved_crt.data, out.size)==0);
 #endif