From 9d611a25515d92311576ac3e5a911859ed6e82de Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 12 Nov 2015 12:04:04 +0100 Subject: tests: verify that unique IDs are generated as expected --- tests/cert-tests/Makefile.am | 3 +- tests/cert-tests/template-test | 28 ++++++++++++++ tests/cert-tests/template-unique.pem | 20 ++++++++++ tests/cert-tests/template-unique.tmpl | 70 +++++++++++++++++++++++++++++++++++ 4 files changed, 120 insertions(+), 1 deletion(-) create mode 100644 tests/cert-tests/template-unique.pem create mode 100644 tests/cert-tests/template-unique.tmpl diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 2bd8e00217..6092513449 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -28,7 +28,8 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \ template-date.tmpl template-date.pem template-dn-err.tmpl \ template-nc.tmpl template-nc.pem xmpp-othername.pem \ suppressions.valgrind csr-invalid.der invalid-sig2.pem invalid-sig3.pem \ - template-generalized.pem template-generalized.tmpl + template-generalized.pem template-generalized.tmpl \ + template-unique.tmpl template-unique.pem dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane crq invalid-sig \ crl diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test index 8bbc9115a0..873f7d0c98 100755 --- a/tests/cert-tests/template-test +++ b/tests/cert-tests/template-test @@ -22,6 +22,7 @@ srcdir=${srcdir:-.} CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} +DIFF="${DIFF:-diff}" export TZ="UTC" @@ -226,6 +227,7 @@ fi rm -f tmp-tt.pem + # Test the GeneralizedTime support if test "$(getconf LONG_BIT)" = "64"; then @@ -257,4 +259,30 @@ rm -f tmp-tt.pem fi +# Test unique ID field generation + +rc=1 +counter=1 + +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-unique.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-unique.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` +done + +# We're done. +if test "${rc}" != "0"; then + echo "Test 9 (unique ID) failed" + exit ${rc} +fi + +rm -f tmp-tt.pem + exit 0 diff --git a/tests/cert-tests/template-unique.pem b/tests/cert-tests/template-unique.pem new file mode 100644 index 0000000000..e08e5b53ec --- /dev/null +++ b/tests/cert-tests/template-unique.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNDCCAp2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABgQgAERQjJCUSJIIGAAAVIyQlo4H1 +MIHyMA8GA1UdEwEB/wQFMAMBAf8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3 +d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgB +AYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJU +IspyNl8wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dl +dGNybC8wDQYJKoZIhvcNAQELBQADgYEAlJcMko5hA7LLxZWylww49HrmiKCRMjH/ +FMPi5WW54n8YfRQuOD8wvHUl3EcJHCXBu0nlWQJfIfGiPIBTTX7EJCS3KQpX296p +q1xClFdGqXCNOzy0Ld64Qh7qgt5TlvV+uzGgfkzaPqksBhhVLXlUNS2cCSiyi075 +wxR6TEOsjqE= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/template-unique.tmpl b/tests/cert-tests/template-unique.tmpl new file mode 100644 index 0000000000..2fc7101f0c --- /dev/null +++ b/tests/cert-tests/template-unique.tmpl @@ -0,0 +1,70 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +subject_unique_id = 0015232425 +issuer_unique_id = 11142324251224 + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key -- cgit v1.2.1