From a3235defaafd63e128cdbd7eb0140c88ee13e262 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 9 Jul 2019 09:56:24 +0200 Subject: tests: improve coverage of CRQ related functions That adds sanity check of crq-related functions that were not included in the testsuite at all. Signed-off-by: Nikos Mavrogiannopoulos --- tests/crq_apis.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 98 insertions(+), 12 deletions(-) diff --git a/tests/crq_apis.c b/tests/crq_apis.c index fdc7ece1c2..16d32a2103 100644 --- a/tests/crq_apis.c +++ b/tests/crq_apis.c @@ -40,18 +40,19 @@ static void tls_log_func(int level, const char *str) static unsigned char saved_crq_pem[] = "-----BEGIN NEW CERTIFICATE REQUEST-----\n" - "MIICHTCCAYYCAQAwKzEOMAwGA1UEAxMFbmlrb3MxGTAXBgNVBAoTEG5vbmUgdG8s\n" + "MIICSjCCAbMCAQAwKzEOMAwGA1UEAxMFbmlrb3MxGTAXBgNVBAoTEG5vbmUgdG8s\n" "IG1lbnRpb24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtmQ/Xyxde2jMzF\n" "3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeLZIkiW8DdU3w77XwEu4C5\n" "KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKNzj2AC41179gAgY8oBAOg\n" - "Io1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGggbEwEgYJKoZIhvcNAQkHMQUTA2Zv\n" - "bzCBmgYJKoZIhvcNAQkOMYGMMIGJMA8GA1UdEwEB/wQFMAMCAQAwDwYDVR0PAQH/\n" + "Io1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGggd4wEgYJKoZIhvcNAQkHMQUTA2Zv\n" + "bzCBxwYJKoZIhvcNAQkOMYG5MIG2MA8GA1UdEwEB/wQFMAMCAQAwDwYDVR0PAQH/\n" "BAUDAwcAADAjBgNVHREEHDAaggNhcGGCA2Zvb4IOeG4tLWt4YXdoay5jb20wHQYD\n" "VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAsGBCoDBAUEA8r+/zAUBggtA4KI\n" - "9LkXBQEB/wQFyv7/+v4wDQYJKoZIhvcNAQELBQADgYEAlspSTGu5KPL7iEQObEvs\n" - "+FMZpXnPDXyeJyiJFEfDaTDCpeHfZfMXUpPQEAxLjk5t8gPUxepQCjOizOuMD70k\n" - "jg8x97E8crA2mZ9Bk/eRhxvdXGN1hBdNzY6BGuPWifN/8dfE6O8wQkZDIZFcYxyr\n" - "V1VQd3moq0ge+tR9+xpPVWg=\n" + "9LkXBQEB/wQFyv7/+v4wKwYDVR0QBCQwIoAPMjAxOTA3MDkwNDI4MjZagQ8yMDE5\n" + "MDcwOTA3MTUwNlowDQYJKoZIhvcNAQELBQADgYEAE7r9ujv9pIO7SnYRg69eQsyo\n" + "3cnBi1efkH2OguYe6JT+a+1DA/0tO4GlT9PjAOX2yD2OicIHLVXWYzV8eX6exQma\n" + "skdRMZurcSSMZm2VgdQmHU0Rv7o7mQSKGfcOD2fRiDMwNB35ZSY7tkPAe7ARp+zr\n" + "lPY8cDpo1i570jttSQ4=\n" "-----END NEW CERTIFICATE REQUEST-----\n"; const gnutls_datum_t saved_crq = { saved_crq_pem, sizeof(saved_crq_pem)-1 }; @@ -84,6 +85,11 @@ static time_t mytime(time_t * t) return then; } +#define TIME1 1562646506 +#define TIME2 1562656506 +#define CPASS "foo" +#define CPASS_OID "1.2.840.113549.1.9.7" + static gnutls_x509_crq_t generate_crq(void) { gnutls_x509_crq_t crq; @@ -138,7 +144,7 @@ static gnutls_x509_crq_t generate_crq(void) fail("gnutls_x509_crq_set_dn: %s, %s\n", gnutls_strerror(ret), err); } - ret = gnutls_x509_crq_set_challenge_password(crq, "foo"); + ret = gnutls_x509_crq_set_challenge_password(crq, CPASS); if (ret != 0) fail("gnutls_x509_crq_set_challenge_password %d\n", ret); @@ -163,22 +169,22 @@ static gnutls_x509_crq_t generate_crq(void) fail("gnutls_x509_crq_get_extension_data\n"); ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, - "foo", 3, 1); + "foo", 3, GNUTLS_FSAN_APPEND); if (ret != 0) fail("gnutls_x509_crq_set_subject_alt_name\n"); ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, - "bar", 3, 1); + "bar", 3, GNUTLS_FSAN_APPEND); if (ret != 0) fail("gnutls_x509_crq_set_subject_alt_name\n"); ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, - "apa", 3, 0); + "apa", 3, GNUTLS_FSAN_SET); if (ret != 0) fail("gnutls_x509_crq_set_subject_alt_name\n"); ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, - "foo", 3, 1); + "foo", 3, GNUTLS_FSAN_APPEND); if (ret != 0) fail("gnutls_x509_crq_set_subject_alt_name\n"); @@ -231,6 +237,10 @@ static gnutls_x509_crq_t generate_crq(void) if (ret != 0) fail("gnutls_x509_crq_set_extension_by_oid %s\n", gnutls_strerror(ret)); + ret = gnutls_x509_crq_set_private_key_usage_period(crq, TIME1, TIME2); + if (ret != 0) + fail("gnutls_x509_crq_set_private_key_usage_period\n"); + ret = gnutls_x509_crq_print(crq, GNUTLS_CRT_PRINT_FULL, &out); if (ret != 0) fail("gnutls_x509_crq_print\n"); @@ -275,6 +285,80 @@ static gnutls_x509_crq_t generate_crq(void) return crq; } +/* Tests parameters from the generated CRQ */ +static void test_crq(gnutls_x509_crq_t crq) +{ + int ret, pathlen; + size_t s = 0; + char buf[64]; + gnutls_datum_t out; + time_t t1, t2; + unsigned crit, ca, type; + + ret = gnutls_x509_crq_get_dn2(crq, &out); + assert(ret == 0); + assert(out.size == 28); + assert(memcmp(out.data, "CN=nikos,O=none to\\, mention", out.size)==0); + + gnutls_free(out.data); + + ret = gnutls_x509_crq_get_dn3(crq, &out, GNUTLS_X509_DN_FLAG_COMPAT); + assert(ret == 0); + assert(out.size == 28); + assert(memcmp(out.data, "CN=nikos,O=none to\\, mention", out.size)==0); + + gnutls_free(out.data); + + ret = gnutls_x509_crq_get_dn3(crq, &out, 0); + assert(ret == 0); + assert(out.size == 28); + assert(memcmp(out.data, "O=none to\\, mention,CN=nikos", out.size)==0); + + gnutls_free(out.data); + + ret = gnutls_x509_crq_get_basic_constraints(crq, &crit, &ca, &pathlen); + assert(ret == 0); + assert(ca == 0); + assert(pathlen == 0); + + s = sizeof(buf); + ret = gnutls_x509_crq_get_subject_alt_name(crq, 0, buf, &s, &type, &crit); + assert(ret >= 0); + assert(s == 3); + assert(memcmp(buf, "apa", s) == 0); + assert(type == GNUTLS_SAN_DNSNAME); + assert(crit == 0); + + s = sizeof(buf); + ret = gnutls_x509_crq_get_subject_alt_name(crq, 1, buf, &s, &type, &crit); + assert(ret >= 0); + assert(s == 3); + assert(memcmp(buf, "foo", s) == 0); + assert(type == GNUTLS_SAN_DNSNAME); + assert(crit == 0); + + ret = gnutls_x509_crq_get_private_key_usage_period(crq, &t1, &t2, &crit); + if (ret < 0) + fail("gnutls_x509_crq_get_private_key_usage_period: %s\n", gnutls_strerror(ret)); + assert(t1 == TIME1); + assert(t2 == TIME2); + assert(crit == 0); + + /* check the challenge password using the attribute APIs */ + s = sizeof(buf); + ret = gnutls_x509_crq_get_attribute_info(crq, 1, buf, &s); + assert(ret >= 0); + assert(s == sizeof(CPASS_OID)); + assert(memcmp(buf, CPASS_OID, s) == 0); + + /* check the contents */ + s = sizeof(buf); + ret = gnutls_x509_crq_get_attribute_data(crq, 1, buf, &s); + assert(ret >= 0); + assert(s == sizeof(CPASS)-1+2); + assert(memcmp(buf, "\x13\x03"CPASS, s) == 0); +} + static void run_set_extensions(gnutls_x509_crq_t crq) { gnutls_x509_crt_t crt; @@ -448,6 +532,8 @@ void doit(void) crq = generate_crq(); + test_crq(crq); + run_set_extensions(crq); run_set_extension_by_oid(crq); -- cgit v1.2.1