From b068aa66b74576112583255867f037bfbe8b2036 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 24 Nov 2016 16:30:49 +0100 Subject: tests: added pkcs7 verification with struct generated from openssl (with keyid) --- tests/cert-tests/Makefile.am | 3 +- tests/cert-tests/data/openssl-keyid.p7b | Bin 0 -> 2323 bytes tests/cert-tests/data/openssl-keyid.p7b.out | 103 ++++++++++++++++++++++++++++ tests/cert-tests/pkcs7 | 4 +- 4 files changed, 107 insertions(+), 3 deletions(-) create mode 100644 tests/cert-tests/data/openssl-keyid.p7b create mode 100644 tests/cert-tests/data/openssl-keyid.p7b.out diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 919895c7da..89b8fcc235 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -60,7 +60,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \ data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \ data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \ - data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out + data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out \ + data/openssl-keyid.p7b data/openssl-keyid.p7b.out dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/data/openssl-keyid.p7b b/tests/cert-tests/data/openssl-keyid.p7b new file mode 100644 index 0000000000..8561475334 Binary files /dev/null and b/tests/cert-tests/data/openssl-keyid.p7b differ diff --git a/tests/cert-tests/data/openssl-keyid.p7b.out b/tests/cert-tests/data/openssl-keyid.p7b.out new file mode 100644 index 0000000000..3eefda94c6 --- /dev/null +++ b/tests/cert-tests/data/openssl-keyid.p7b.out @@ -0,0 +1,103 @@ +Signers: + Signer's issuer key ID: 7607584ceab529f52d80068c834a820d09ec93de + Signature Algorithm: RSA-SHA256 + Signed Attributes: + 1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + 1.2.840.113549.1.9.4: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4 + 1.2.840.113549.1.9.5: 170d3136313132343135353132375a + 1.2.840.113549.1.9.3: 06092a864886f70d010701 + +Number of certificates: 2 + +-----BEGIN CERTIFICATE----- +MIICpjCCAV6gAwIBAgIIU2YrORG+GMswDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNDA1MDQxMTU3NDZaGA85OTk5MTIzMTIz +NTk1OVowFDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAETFRGsIIwLwgWt58j/8+6BQ2LbRhYrEa50J6rcnb3yAs7129txJf7DYgz +vRfi/kOLSJlgJFectyVucUo/A2TcsaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1Ud +EQQNMAuCCWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E +BQMDB4AAMB0GA1UdDgQWBBS+9gDGJGtg6rX4E8ml1eDJKdXXMzAfBgNVHSMEGDAW +gBRNVrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAY82vpv/M +eEflAONp+MUZR6DXCpWVXMeIHAoqlxx+wA69Pf+avBcO2bgw3oRfE6ejxKM/AU9I +u4rSWU8Xa5nX1yb3+/urj3lFHGxG00qzOXDiQBICYMrpbtsTyCRGOKtKvM7/PC2Z +3FP1wi1COqi2PU0cHX3zOInA3suQAFpauKU8dtcdYOkSMSuM06Cga2cX6K1Qh8ok +dP1O7SEQwXBZfiudiw7LA+zldcgetKofgZMbjXevloO9A+xoTeUafjJ4hQ00vGDi +3C9DQh3lZtJFqoaEQbMxqcgvpnnGort+CIRDFLy5MMqkRlH6QPQJrAPgvM4ss7RV +xyBP6KzElYFrSxwCErekGmlp8X2XVbRTQJUQOiPpQ9Nitwev4PaBR5NVHuEKZKpi +HYvq+scVoI+I4A== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H +bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x +LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC +AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D +hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh +ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq +58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB +VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03 +U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L +xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC +AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT +BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2 +B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T +AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH +gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3 +LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE +/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD +5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h +h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc +w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg== +-----END CERTIFICATE----- + +-----BEGIN PKCS7----- +MIIJDwYJKoZIhvcNAQcCoIIJADCCCPwCAQMxDTALBglghkgBZQMEAgEwKgYJKoZI +hvcNAQcBoB0EG0hlbGxvIHRoZXJlLiBIb3cgYXJlIHlvdT8NCqCCBmIwggKmMIIB +XqADAgECAghTZis5Eb4YyzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAiGA8yMDE0MDUwNDExNTc0NloYDzk5OTkxMjMxMjM1OTU5WjAU +MRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARM +VEawgjAvCBa3nyP/z7oFDYttGFisRrnQnqtydvfICzvXb23El/sNiDO9F+L+Q4tI +mWAkV5y3JW5xSj8DZNyxo4GNMIGKMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ +bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAw +HQYDVR0OBBYEFL72AMYka2DqtfgTyaXV4Mkp1dczMB8GA1UdIwQYMBaAFE1Wt2oA +WPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQBjza+m/8x4R+UA42n4 +xRlHoNcKlZVcx4gcCiqXHH7ADr09/5q8Fw7ZuDDehF8Tp6PEoz8BT0i7itJZTxdr +mdfXJvf7+6uPeUUcbEbTSrM5cOJAEgJgyulu2xPIJEY4q0q8zv88LZncU/XCLUI6 +qLY9TRwdffM4icDey5AAWlq4pTx21x1g6RIxK4zToKBrZxforVCHyiR0/U7tIRDB +cFl+K52LDssD7OV1yB60qh+BkxuNd6+Wg70D7GhN5Rp+MniFDTS8YOLcL0NCHeVm +0kWqhoRBszGpyC+mecaiu34IhEMUvLkwyqRGUfpA9AmsA+C8ziyztFXHIE/orMSV +gWtLHAISt6QaaWnxfZdVtFNAlRA6I+lD02K3B6/g9oFHk1Ue4QpkqmIdi+r6xxWg +j4jgMIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQD +Ew5HbnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBa +MC8xLTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRl +KTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTY +vO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1 +F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJs +HDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVi +m5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZ +BZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7euj +bZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5 +qnUCAwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9z +dDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW +BBR2B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVV +G45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUM +Y8nHgMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB +90R3LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSr +GATE/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1I +Z+ZD5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xx +Jl1hh8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqIC +FpRcw075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXjGCAlQw +ggJQAgEDgBR2B1hM6rUp9S2ABoyDSoINCeyT3jALBglghkgBZQMEAgGggeQwGAYJ +KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYxMTI0MTU1 +MTI3WjAvBgkqhkiG9w0BCQQxIgQgcovlH3tj3Pc/KLqA0nfOR/jPWnWgLU5ncOGb +qlenZ6QweQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEW +MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI +hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAE +ggEwZipmEe80zsCiguPQfFwXZCge06TvncC/R8vkk6BV2crwrdVbvvw0XKtRs0Wx +ixxQdBqz3urp1ZLt3ds9RCGrS0GVC+rMZH0gOkGAhvX1Y8tnfz3Bu9DbcHhkiz58 +El8eKmqpOUuxhy8MDHNULNKyqAfcnyvWpPPW/4HGgxvkvzfvUOYAPBxP61moey8E +ILN/+3IWc4WpAGoZsX0gwyOwWRLM47a7XejUOFZbWrwwp1mFigHGx6VoSedigqX0 +J/Fx0sIJPddTyIeIpZRvk73qz2zK/fHPC7Fl1s4ZXA/yi2DxjSM1X4YA+3HZvAq4 +Ma+HEAPAEajgZVl5b2Lq8+brb2hIIszdcYTNqxqhFAgOjTIF5ulz5hILV0o8uEx8 +VZUL/6DDsLaSE8OVo0aHALHXzg== +-----END PKCS7----- diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index ff66dfb748..d6972603da 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -33,7 +33,7 @@ OUTFILE2=out2-pkcs7.$$.tmp check_for_datefudge -for FILE in single-ca.p7b full.p7b openssl.p7b; do +for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b; do ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}" rc=$? @@ -52,7 +52,7 @@ done # check signatures -for FILE in full.p7b openssl.p7b; do +for FILE in full.p7b openssl.p7b openssl-keyid.p7b; do # check validation with date prior to CA issuance datefudge -s "2011-1-10" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" -- cgit v1.2.1