diff --git a/tests/Makefile.am b/tests/Makefile.am
index 7fd0f27..c4517a5 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,66 +1,74 @@
# Makefile.am - for the KSBA regression tests
# Copyright (C) 2001, 2003 g10 Code GmbH
#
# This file is part of KSBA.
#
# KSBA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# KSBA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see .
## Process this file with automake to produce Makefile.in
TESTS_ENVIRONMENT =
-test_certs = cert_dfn_pca01.der cert_dfn_pca15.der \
- cert_g10code_test1.der crl_testpki_testpca.der \
+test_certs = samples/cert_dfn_pca01.der samples/cert_dfn_pca15.der \
+ samples/cert_g10code_test1.der samples/crl_testpki_testpca.der \
samples/authority.crt samples/betsy.crt samples/bull.crt \
samples/ov-ocsp-server.crt samples/ov-userrev.crt \
samples/ov-root-ca-cert.crt samples/ov-serverrev.crt \
samples/ov-user.crt samples/ov-server.crt \
samples/ov2-root-ca-cert.crt samples/ov2-ocsp-server.crt \
- samples/ov2-user.crt samples/ov2-userrev.crt
+ samples/ov2-user.crt samples/ov2-userrev.crt \
+ samples/secp256r1-sha384_cert.crt \
+ samples/secp256r1-sha512_cert.crt \
+ samples/secp384r1-sha512_cert.crt \
+ samples/openssl-secp256r1ca.cert.crt \
+ samples/ed25519-rfc8410.crt \
+ samples/ed25519-ossl-1.crt \
+ samples/ed448-ossl-1.crt
+
test_crls = samples/ov-test-crl.crl
test_keys = samples/ov-server.p12 samples/ov-userrev.p12 \
samples/ov-serverrev.p12 samples/ov-user.p12
EXTRA_DIST = $(test_certs) samples/README mkoidtbl.awk detached-sig.cms \
samples/rsa-sample1.p7m samples/rsa-sample1.p7m.asn \
samples/ecdh-sample1.p7m samples/ecdh-sample1.p7m.asn
BUILT_SOURCES = oidtranstbl.h
CLEANFILES = oidtranstbl.h
TESTS = cert-basic t-crl-parser t-dnparser t-oid t-reader t-cms-parser
AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(COVERAGE_CFLAGS)
AM_LDFLAGS = -no-install $(COVERAGE_LDFLAGS)
noinst_HEADERS = t-common.h
noinst_PROGRAMS = $(TESTS) t-ocsp
LDADD = ../src/libksba.la $(GPG_ERROR_LIBS) @LDADD_FOR_TESTS_KLUDGE@
t_ocsp_SOURCES = t-ocsp.c sha1.c
# Build the OID table: Note that the binary includes data from an
# another program and we may not be allowed to distribute this. This
# ain't no problem as the programs using this generated data are not
# installed and thus not distributed.
oidtranstbl.h: Makefile mkoidtbl.awk
set -e; f="/dev/null"; \
for i in /etc/dumpasn1 /usr/local/bin /usr/local/share /usr/bin \
/usr/share ; do \
if test -f $$i/dumpasn1.cfg; then f=$$i/dumpasn1.cfg; break; fi; \
done; tr -d '\r' <$$f | $(AWK) -f $(srcdir)/mkoidtbl.awk >$@
LOG_COMPILER = $(VALGRIND)
diff --git a/tests/cert-basic.c b/tests/cert-basic.c
index 4d190ee..80377f2 100644
--- a/tests/cert-basic.c
+++ b/tests/cert-basic.c
@@ -1,619 +1,711 @@
/* cert-basic.c - basic test for the certificate management.
* Copyright (C) 2001, 2002, 2004, 2005 g10 Code GmbH
*
* This file is part of KSBA.
*
* KSBA is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* KSBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#include
#include
#include
#include
#include
#include "../src/ksba.h"
#define _KSBA_VISIBILITY_DEFAULT /* */
#include "../src/keyinfo.h"
#include "oidtranstbl.h"
#include "t-common.h"
#ifdef __MINGW32CE__
#define getenv(a) (NULL)
#endif
#define digitp(p) (*(p) >= '0' && *(p) <= '9')
#define fail_if_err(a) do { if(a) { \
fprintf (stderr, "%s:%d: KSBA error: %s\n", \
__FILE__, __LINE__, gpg_strerror(a)); \
exit (1); } \
} while(0)
#define fail_if_err2(f, a) do { if(a) {\
fprintf (stderr, "%s:%d: KSBA error on file `%s': %s\n", \
__FILE__, __LINE__, (f), gpg_strerror(a)); \
exit (1); } \
} while(0)
#define xfree(a) ksba_free (a)
+static int quiet;
static int verbose;
-static int errorcount = 0;
+static int errorcount;
static void
print_names (int indent, ksba_name_t name)
{
int idx;
const char *s;
int indent_all;
if ((indent_all = (indent < 0)))
indent = - indent;
if (!name)
{
- fputs ("none\n", stdout);
+ if (!quiet)
+ fputs ("none\n", stdout);
return;
}
for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
{
char *p = ksba_name_get_uri (name, idx);
- printf ("%*s%s\n", idx||indent_all?indent:0, "", p?p:s);
+ if (!quiet)
+ printf ("%*s%s\n", idx||indent_all?indent:0, "", p?p:s);
xfree (p);
}
}
/* Return the description for OID; if no description is available
NULL is returned. */
static const char *
get_oid_desc (const char *oid)
{
int i;
if (oid)
for (i=0; oidtranstbl[i].oid; i++)
if (!strcmp (oidtranstbl[i].oid, oid))
return oidtranstbl[i].desc;
return NULL;
}
static void
print_oid_and_desc (const char *oid, int with_lf)
{
const char *s = get_oid_desc (oid);
printf ("%s%s%s%s",
oid, s?" (":"", s?s:"", s?")":"");
if (with_lf)
putchar ('\n');
}
static void
print_oid_list (int indent, char *list)
{
char *lf;
int indent_all, c;
size_t n;
if ((indent_all = (indent < 0)))
indent = - indent;
while (*list)
{
printf ("%*s", indent_all?indent:0, "");
indent_all = 1;
if (!(lf = strchr (list, '\n')))
lf = list + strlen (list);
n = strspn (list, "0123456789.");
c = list[n];
list[n] = 0;
print_oid_and_desc (list, 0);
list[n] = c;
c = *lf;
*lf = 0;
printf (" %s\n", list+n);
*lf = c;
list = *lf? (lf+1):lf;
}
}
static void
list_extensions (ksba_cert_t cert)
{
gpg_error_t err;
const char *oid;
int idx, crit, is_ca, pathlen;
size_t off, len;
unsigned int usage, reason;
char *string, *p;
ksba_name_t name1, name2;
ksba_sexp_t serial;
ksba_sexp_t keyid;
for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
&oid, &crit, &off, &len));idx++)
{
const char *s = get_oid_desc (oid);
- printf ("Extn: %s%s%s%s at %d with length %d %s\n",
- oid, s?" (":"", s?s:"", s?")":"",
- (int)off, (int)len, crit? "(critical)":"");
+ if (!quiet)
+ printf ("Extn: %s%s%s%s at %d with length %d %s\n",
+ oid, s?" (":"", s?s:"", s?")":"",
+ (int)off, (int)len, crit? "(critical)":"");
}
if (err && gpg_err_code (err) != GPG_ERR_EOF )
{
fprintf (stderr,
"%s:%d: enumerating extensions failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
/* subjectKeyIdentifier */
err = ksba_cert_get_subj_key_id (cert, NULL, &keyid);
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
{
- fputs ("SubjectKeyIdentifier: ", stdout);
+ if (!quiet)
+ fputs ("SubjectKeyIdentifier: ", stdout);
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
- fputs ("none", stdout);
+ {
+ if (!quiet)
+ fputs ("none\n", stdout);
+ }
else
{
- print_sexp (keyid);
- ksba_free (keyid);
+ if (!quiet)
+ {
+ print_sexp (keyid);
+ putchar ('\n');
+ }
}
- putchar ('\n');
+ ksba_free (keyid);
}
/* authorityKeyIdentifier */
err = ksba_cert_get_auth_key_id (cert, &keyid, &name1, &serial);
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
{
- fputs ("AuthorityKeyIdentifier: ", stdout);
+ if (!quiet)
+ fputs ("AuthorityKeyIdentifier: ", stdout);
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
- fputs ("none\n", stdout);
+ {
+ if (!quiet)
+ fputs ("none\n", stdout);
+ }
else
{
if (name1)
{
print_names (24, name1);
ksba_name_release (name1);
- fputs (" serial: ", stdout);
- print_sexp (serial);
+ if (!quiet)
+ {
+ fputs (" serial: ", stdout);
+ print_sexp (serial);
+ }
ksba_free (serial);
}
- putchar ('\n');
+ if (!quiet)
+ putchar ('\n');
if (keyid)
{
- fputs (" keyIdentifier: ", stdout);
- print_sexp (keyid);
+ if (!quiet)
+ {
+ fputs (" keyIdentifier: ", stdout);
+ print_sexp (keyid);
+ putchar ('\n');
+ }
ksba_free (keyid);
- putchar ('\n');
}
}
}
else
{
fprintf (stderr, "%s:%d: ksba_cert_get_auth_key_id: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
err = ksba_cert_is_ca (cert, &is_ca, &pathlen);
if (err)
{
fprintf (stderr, "%s:%d: ksba_cert_is_ca failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
else if (is_ca)
- printf ("This is a CA certificate with a path length of %d\n", pathlen);
+ {
+ if (!quiet)
+ printf ("This is a CA certificate with a path length of %d\n", pathlen);
+ }
err = ksba_cert_get_key_usage (cert, &usage);
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
- printf ("KeyUsage: Not specified\n");
+ {
+ if (!quiet)
+ printf ("KeyUsage: Not specified\n");
+ }
else if (err)
{
fprintf (stderr, "%s:%d: ksba_cert_get_key_usage failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
- else
+ else if (!quiet)
{
fputs ("KeyUsage:", stdout);
if ( (usage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
fputs (" digitalSignature", stdout);
if ( (usage & KSBA_KEYUSAGE_NON_REPUDIATION))
fputs (" nonRepudiation", stdout);
if ( (usage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
fputs (" keyEncipherment", stdout);
if ( (usage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
fputs (" dataEncripherment", stdout);
if ( (usage & KSBA_KEYUSAGE_KEY_AGREEMENT))
fputs (" keyAgreement", stdout);
if ( (usage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
fputs (" certSign", stdout);
if ( (usage & KSBA_KEYUSAGE_CRL_SIGN))
fputs (" crlSign", stdout);
if ( (usage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
fputs (" encipherOnly", stdout);
if ( (usage & KSBA_KEYUSAGE_DECIPHER_ONLY))
fputs (" decipherOnly", stdout);
putchar ('\n');
}
err = ksba_cert_get_ext_key_usages (cert, &string);
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
- printf ("ExtKeyUsages: none\n");
+ {
+ if (!quiet)
+ printf ("ExtKeyUsages: none\n");
+ }
else if (err)
{
fprintf (stderr, "%s:%d: ksba_cert_ext_key_usages failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
else
{
- fputs ("ExtKeyUsages: ", stdout);
- print_oid_list (14, string);
+ if (!quiet)
+ {
+ fputs ("ExtKeyUsages: ", stdout);
+ print_oid_list (14, string);
+ }
xfree (string);
}
err = ksba_cert_get_cert_policies (cert, &string);
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
- printf ("CertificatePolicies: none\n");
+ {
+ if (!quiet)
+ printf ("CertificatePolicies: none\n");
+ }
else if (err)
{
fprintf (stderr, "%s:%d: ksba_cert_get_cert_policies failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
else
{
- /* for display purposes we replace the linefeeds by commas */
- for (p=string; *p; p++)
+ if (!quiet)
{
- if (*p == '\n')
- *p = ',';
+ /* for display purposes we replace the linefeeds by commas */
+ for (p=string; *p; p++)
+ {
+ if (*p == '\n')
+ *p = ',';
+ }
+ fputs ("CertificatePolicies: ", stdout);
+ print_oid_list (21, string);
}
- fputs ("CertificatePolicies: ", stdout);
- print_oid_list (21, string);
xfree (string);
}
/* CRL distribution point */
for (idx=0; !(err=ksba_cert_get_crl_dist_point (cert, idx,
&name1, &name2,
&reason));idx++)
{
- fputs ("CRLDistPoint: ", stdout);
+ if (!quiet)
+ fputs ("CRLDistPoint: ", stdout);
print_names (14, name1);
- fputs (" reasons:", stdout);
- if ( !reason )
- fputs (" none", stdout);
- if ( (reason & KSBA_CRLREASON_UNSPECIFIED))
- fputs (" unused", stdout);
- if ( (reason & KSBA_CRLREASON_KEY_COMPROMISE))
- fputs (" keyCompromise", stdout);
- if ( (reason & KSBA_CRLREASON_CA_COMPROMISE))
- fputs (" caCompromise", stdout);
- if ( (reason & KSBA_CRLREASON_AFFILIATION_CHANGED))
- fputs (" affiliationChanged", stdout);
- if ( (reason & KSBA_CRLREASON_SUPERSEDED))
- fputs (" superseded", stdout);
- if ( (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION))
- fputs (" cessationOfOperation", stdout);
- if ( (reason & KSBA_CRLREASON_CERTIFICATE_HOLD))
- fputs (" certificateHold", stdout);
- putchar ('\n');
- fputs (" issuer: ", stdout);
+ if (!quiet)
+ {
+ fputs (" reasons:", stdout);
+ if ( !reason )
+ fputs (" none", stdout);
+ if ( (reason & KSBA_CRLREASON_UNSPECIFIED))
+ fputs (" unused", stdout);
+ if ( (reason & KSBA_CRLREASON_KEY_COMPROMISE))
+ fputs (" keyCompromise", stdout);
+ if ( (reason & KSBA_CRLREASON_CA_COMPROMISE))
+ fputs (" caCompromise", stdout);
+ if ( (reason & KSBA_CRLREASON_AFFILIATION_CHANGED))
+ fputs (" affiliationChanged", stdout);
+ if ( (reason & KSBA_CRLREASON_SUPERSEDED))
+ fputs (" superseded", stdout);
+ if ( (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION))
+ fputs (" cessationOfOperation", stdout);
+ if ( (reason & KSBA_CRLREASON_CERTIFICATE_HOLD))
+ fputs (" certificateHold", stdout);
+ putchar ('\n');
+ fputs (" issuer: ", stdout);
+ }
print_names (14, name2);
ksba_name_release (name1);
ksba_name_release (name2);
}
if (err && gpg_err_code (err) != GPG_ERR_EOF)
{
fprintf (stderr, "%s:%d: ksba_cert_get_crl_dist_point failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
/* authorityInfoAccess. */
for (idx=0; !(err=ksba_cert_get_authority_info_access (cert, idx,
&string, &name1))
; idx++)
{
- fputs ("authorityInfoAccess: ", stdout);
- print_oid_and_desc (string, 1);
+ if (!quiet)
+ {
+ fputs ("authorityInfoAccess: ", stdout);
+ print_oid_and_desc (string, 1);
+ }
print_names (-21, name1);
ksba_name_release (name1);
ksba_free (string);
}
if (err && gpg_err_code (err) != GPG_ERR_EOF)
{
fprintf (stderr, "%s:%d: "
"ksba_cert_get_authority_info_access failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
/* subjectInfoAccess. */
for (idx=0; !(err=ksba_cert_get_subject_info_access (cert, idx,
&string, &name1))
; idx++)
{
- fputs ("subjectInfoAccess: ", stdout);
- print_oid_and_desc (string, 1);
+ if (!quiet)
+ {
+ fputs ("subjectInfoAccess: ", stdout);
+ print_oid_and_desc (string, 1);
+ }
print_names (-19, name1);
ksba_name_release (name1);
ksba_free (string);
}
if (err && gpg_err_code (err) != GPG_ERR_EOF)
{
fprintf (stderr, "%s:%d: "
"ksba_cert_get_subject_info_access failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
}
static void
one_file (const char *fname)
{
gpg_error_t err;
FILE *fp;
ksba_reader_t r;
ksba_cert_t cert;
char *dn;
ksba_isotime_t t;
int idx;
ksba_sexp_t sexp;
const char *oid, *s;
fp = fopen (fname, "rb");
if (!fp)
{
fprintf (stderr, "%s:%d: can't open `%s': %s\n",
__FILE__, __LINE__, fname, strerror (errno));
exit (1);
}
err = ksba_reader_new (&r);
if (err)
fail_if_err (err);
err = ksba_reader_set_file (r, fp);
fail_if_err (err);
err = ksba_cert_new (&cert);
if (err)
fail_if_err (err);
err = ksba_cert_read_der (cert, r);
fail_if_err2 (fname, err);
- printf ("Certificate in `%s':\n", fname);
+ if (!quiet)
+ printf ("Certificate in `%s':\n", fname);
sexp = ksba_cert_get_serial (cert);
- fputs (" serial....: ", stdout);
- print_sexp (sexp);
+ if (!quiet)
+ {
+ fputs (" serial....: ", stdout);
+ print_sexp (sexp);
+ putchar ('\n');
+ }
ksba_free (sexp);
- putchar ('\n');
for (idx=0;(dn = ksba_cert_get_issuer (cert, idx));idx++)
{
- fputs (idx?" aka: ":" issuer....: ", stdout);
- print_dn (dn);
+ if (!quiet)
+ {
+ fputs (idx?" aka: ":" issuer....: ", stdout);
+ print_dn (dn);
+ putchar ('\n');
+ }
ksba_free (dn);
- putchar ('\n');
}
for (idx=0;(dn = ksba_cert_get_subject (cert, idx));idx++)
{
- fputs (idx?" aka: ":" subject...: ", stdout);
- print_dn (dn);
+ if (!quiet)
+ {
+ fputs (idx?" aka: ":" subject...: ", stdout);
+ print_dn (dn);
+ putchar ('\n');
+ }
ksba_free (dn);
- putchar ('\n');
}
ksba_cert_get_validity (cert, 0, t);
- fputs (" notBefore.: ", stdout);
- print_time (t);
- putchar ('\n');
+ if (!quiet)
+ {
+ fputs (" notBefore.: ", stdout);
+ print_time (t);
+ putchar ('\n');
+ }
ksba_cert_get_validity (cert, 1, t);
- fputs (" notAfter..: ", stdout);
- print_time (t);
- putchar ('\n');
-
+ if (!quiet)
+ {
+ fputs (" notAfter..: ", stdout);
+ print_time (t);
+ putchar ('\n');
+ }
oid = ksba_cert_get_digest_algo (cert);
s = get_oid_desc (oid);
- printf (" hash algo.: %s%s%s%s\n",
- oid?oid:"(null)", s?" (":"",s?s:"",s?")":"");
+ if (!quiet)
+ printf (" hash algo.: %s%s%s%s\n",
+ oid?oid:"(null)", s?" (":"",s?s:"",s?")":"");
/* Under Windows the _ksba_keyinfo_from_sexp are not exported. */
#ifndef __WIN32
/* check that the sexp to keyinfo conversion works */
{
ksba_sexp_t public;
public = ksba_cert_get_public_key (cert);
if (!public)
{
fprintf (stderr, "%s:%d: public key not found\n",
__FILE__, __LINE__);
errorcount++;
}
else
{
unsigned char *der;
size_t derlen;
if (verbose)
{
fputs (" pubkey....: ", stdout);
print_sexp (public);
putchar ('\n');
}
err = _ksba_keyinfo_from_sexp (public, 0, &der, &derlen);
if (err)
{
fprintf (stderr, "%s:%d: converting public key failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
else
{
ksba_sexp_t tmp;
if (verbose)
{
fputs (" pubkey-DER: ", stdout);
print_hex (der, derlen);
putchar ('\n');
}
err = _ksba_keyinfo_to_sexp (der, derlen, &tmp);
if (err)
{
fprintf (stderr,
"%s:%d: re-converting public key failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
else
{
unsigned char *der2;
size_t derlen2;
err = _ksba_keyinfo_from_sexp (tmp, 0, &der2, &derlen2);
if (err)
{
fprintf (stderr, "%s:%d: re-re-converting "
"public key failed: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
else if (derlen != derlen2 || memcmp (der, der2, derlen))
{
fprintf (stderr, "%s:%d: mismatch after "
"re-re-converting public key\n",
__FILE__, __LINE__);
errorcount++;
xfree (der2);
- } else {
+ }
+ else
+ {
/* Don't leak memory if everything is ok. */
xfree (der2);
}
xfree (tmp);
}
xfree (der);
}
ksba_free (public);
}
}
#endif
if (verbose)
{
sexp = ksba_cert_get_sig_val (cert);
fputs (" sigval....: ", stdout);
print_sexp (sexp);
- ksba_free (sexp);
putchar ('\n');
+ ksba_free (sexp);
}
list_extensions (cert);
ksba_cert_release (cert);
err = ksba_cert_new (&cert);
if (err)
fail_if_err (err);
err = ksba_cert_read_der (cert, r);
if (err && gpg_err_code (err) != GPG_ERR_EOF)
{
fprintf (stderr, "%s:%d: expected EOF but got: %s\n",
__FILE__, __LINE__, gpg_strerror (err));
errorcount++;
}
- putchar ('\n');
+ if (!quiet)
+ putchar ('\n');
ksba_cert_release (cert);
ksba_reader_release (r);
fclose (fp);
}
int
main (int argc, char **argv)
{
const char *srcdir = getenv ("srcdir");
if (!srcdir)
srcdir = ".";
if (argc)
{
argc--; argv++;
}
if (argc && !strcmp (*argv, "--verbose"))
{
verbose = 1;
argc--; argv++;
}
if (argc)
{
for (; argc; argc--, argv++)
one_file (*argv);
}
else
{
const char *files[] = {
"cert_dfn_pca01.der",
"cert_dfn_pca15.der",
"cert_g10code_test1.der",
+ "authority.crt",
+ "betsy.crt",
+ "bull.crt",
+ "ov-ocsp-server.crt",
+ "ov-userrev.crt",
+ "ov-root-ca-cert.crt",
+ "ov-serverrev.crt",
+ "ov-user.crt",
+ "ov-server.crt",
+ "ov2-root-ca-cert.crt",
+ "ov2-ocsp-server.crt",
+ "ov2-user.crt",
+ "ov2-userrev.crt",
+ "secp256r1-sha384_cert.crt",
+ "secp256r1-sha512_cert.crt",
+ "secp384r1-sha512_cert.crt",
+ "openssl-secp256r1ca.cert.crt",
+ "ed25519-rfc8410.crt",
+ "ed25519-ossl-1.crt",
+ "ed448-ossl-1.crt",
NULL
};
int idx;
+ if (!verbose)
+ quiet = 1;
+
for (idx=0; files[idx]; idx++)
{
char *fname;
- fname = xmalloc (strlen (srcdir) + 1 + strlen (files[idx]) + 1);
+ fname = xmalloc (strlen (srcdir) + 10 + strlen (files[idx]) + 1);
strcpy (fname, srcdir);
- strcat (fname, "/");
+ strcat (fname, "/samples/");
strcat (fname, files[idx]);
one_file (fname);
ksba_free (fname);
}
}
return !!errorcount;
}
diff --git a/tests/samples/README b/tests/samples/README
index 9884dc4..56c4590 100644
--- a/tests/samples/README
+++ b/tests/samples/README
@@ -1,84 +1,89 @@
+Certificates and a CRL used for the initial development:
+ cert_dfn_pca01.der
+ cert_dfn_pca15.der
+ cert_g10code_test1.der
+ crl_testpki_testpca.der
Certificates downloaded from http://www.magmacom.com/~mbartel/iso/\
certificates/samples/sample_certificates.html on 2003-11-20:
authority.crt A root certificate
betsy.crt An "everyday" certificate.
bull.crt Same but includes a BMPString.
Note, that these certs use MD2.
Certificates downloaded from
http://www.openvalidation.org/download/downloadrootcertsCA1.htm and
on 2003-11-20 and prefixed with "ov-":
ov-root-ca-cert.crt Root certificate
ov-ocsp-server.crt The certificate of the OCSP responder
ov-user.crt User certificate
ov-userrev.crt A user certificate revoked by OCSP
ov-server.crt A server (SSL) certificate
ov-serverrev.crt A server certificate revoked by OCSP
ov-user.p12 Private keys for the above certificates,
ov-userrev.p12 passphrase is "start".
ov-server.p12
ov-serverrev.p12
ov-test-crl.crl The current CRL
The responder adress is http://ocsp.openvalidation.org
Certificates downloaded from http://www.openvalidation.org/en/test/ca2.html
on 2006-08-30 and prefixed with "ov2-":
ov2-root-ca-cert.crt Root certificate
ov2-ocsp-server.crt The certificate of the OCSP responder
ov2-user.crt User certificate
ov2-userrev.crt A user certificate revoked by OCSP
Certificates downloaded on 2007-04-05 from
http://dev.experimentalstuff.com:8082/CIC_sample-certs_2006-06-22.zip
and converted to binary format. These are signed with
ECDSA-P256-SHA384, ECDSA-P256-SHA512, and ECDSA-P384-SHA512.
secp256r1-sha384_cert.crt
secp256r1-sha512_cert.crt
secp384r1-sha512_cert.crt
From http://dev.experimentalstuff.com:8082/certs/secp256r1ca.cert.pem
openssl-secp256r1ca.cert.crt
ECDH sample enveloped data from the Mozilla bug tracker:
ecdh-sample1.p7m
ecdh-sample1.p7m.asn Commented dump.
RSA sample enveloped data created with gpgsm
rsa-sample1.p7m
rsa-sample1.p7m.asn Commented dump
RSA sample signature created with gpgsm
rsa-sample1.p7s
rsa-sample1.p7s.asn Commented dump
ECDSA sample signature created with Governikus Signer
ecdsa-sample1.p7s signed data is hitchhiker.txt
ecdsa-sample1.p7s.asn Commented dump
ED25519 sample self-signed certificates
ed25519-rfc8410.crt from RFC8410
ed25519-rfc8410.key
ed25519-ossl-1.crt generated with OpenSSL
ed25519-ossl-1.key
ED448 sample self-signed certificate
ed448-ossl-1.crt generated with OpenSSL
ed448-ossl-1.key generated with OpenSSL
diff --git a/tests/cert_dfn_pca01.der b/tests/samples/cert_dfn_pca01.der
similarity index 100%
rename from tests/cert_dfn_pca01.der
rename to tests/samples/cert_dfn_pca01.der
diff --git a/tests/cert_dfn_pca15.der b/tests/samples/cert_dfn_pca15.der
similarity index 100%
rename from tests/cert_dfn_pca15.der
rename to tests/samples/cert_dfn_pca15.der
diff --git a/tests/cert_g10code_test1.der b/tests/samples/cert_g10code_test1.der
similarity index 100%
rename from tests/cert_g10code_test1.der
rename to tests/samples/cert_g10code_test1.der
diff --git a/tests/crl_testpki_testpca.der b/tests/samples/crl_testpki_testpca.der
similarity index 100%
rename from tests/crl_testpki_testpca.der
rename to tests/samples/crl_testpki_testpca.der
diff --git a/tests/t-crl-parser.c b/tests/t-crl-parser.c
index bfba70a..a923b10 100644
--- a/tests/t-crl-parser.c
+++ b/tests/t-crl-parser.c
@@ -1,350 +1,350 @@
/* t-crl-parser.c - basic test for the CRl parser.
* Copyright (C) 2002, 2004, 2005 g10 Code GmbH
*
* This file is part of KSBA.
*
* KSBA is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* KSBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#undef ENABLE_HASH_LOGGING
#ifdef ENABLE_HASH_LOGGING
#define _GNU_SOURCE 1
#endif
#include
#include
#include
#include
#include
#include
#include "../src/ksba.h"
#include "t-common.h"
#include "oidtranstbl.h"
static void
my_hasher (void *arg, const void *buffer, size_t length)
{
FILE *fp = arg;
if (fp)
{
if ( fwrite (buffer, length, 1, fp) != 1 )
fail ("error writing to-be-hashed data");
}
}
/* Return the description for OID; if no description is available
NULL is returned. */
static const char *
get_oid_desc (const char *oid)
{
int i;
if (oid)
for (i=0; oidtranstbl[i].oid; i++)
if (!strcmp (oidtranstbl[i].oid, oid))
return oidtranstbl[i].desc;
return NULL;
}
static void
print_names (int indent, ksba_name_t name)
{
int idx;
const char *s;
int indent_all;
if ((indent_all = (indent < 0)))
indent = - indent;
if (!name)
{
fputs ("none\n", stdout);
return;
}
for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
{
char *p = ksba_name_get_uri (name, idx);
printf ("%*s%s\n", idx||indent_all?indent:0, "", p?p:s);
xfree (p);
}
}
static void
one_file (const char *fname)
{
gpg_error_t err;
FILE *fp;
ksba_reader_t r;
ksba_crl_t crl;
ksba_stop_reason_t stopreason;
int count = 0;
FILE *hashlog = NULL;
#ifdef ENABLE_HASH_LOGGING
{
char *buf;
if (asprintf (&buf, "%s.hash.log", fname) < 0)
fail ("asprintf failed");
hashlog = fopen (buf, "wb");
if (!hashlog)
fail ("can't create log file");
free (buf);
}
#endif
printf ("*** checking `%s' ***\n", fname);
fp = fopen (fname, "rb");
if (!fp)
{
fprintf (stderr, "%s:%d: can't open `%s': %s\n",
__FILE__, __LINE__, fname, strerror (errno));
exit (1);
}
err = ksba_reader_new (&r);
if (err)
fail_if_err (err);
err = ksba_reader_set_file (r, fp);
fail_if_err (err);
err = ksba_crl_new (&crl);
if (err)
fail_if_err (err);
err = ksba_crl_set_reader (crl, r);
fail_if_err (err);
if (hashlog)
ksba_crl_set_hash_function (crl, my_hasher, hashlog);
do
{
err = ksba_crl_parse (crl, &stopreason);
fail_if_err2 (fname, err);
switch (stopreason)
{
case KSBA_SR_BEGIN_ITEMS:
{
const char *algoid;
char *issuer;
ksba_isotime_t this, next;
algoid = ksba_crl_get_digest_algo (crl);
printf ("digest algo: %s\n", algoid? algoid : "[none]");
if (algoid && !strcmp (algoid, "1.2.840.113549.1.1.10"))
{
ksba_sexp_t pssparam;
printf (" pss para: ");
pssparam = ksba_crl_get_sig_val (crl);
print_sexp (pssparam);
putchar ('\n');
xfree (pssparam);
}
err = ksba_crl_get_issuer (crl, &issuer);
fail_if_err2 (fname, err);
printf ("issuer: ");
print_dn (issuer);
xfree (issuer);
putchar ('\n');
err = ksba_crl_get_update_times (crl, this, next);
if (gpg_err_code (err) != GPG_ERR_INV_TIME)
fail_if_err2 (fname, err);
printf ("thisUpdate: ");
print_time (this);
putchar ('\n');
printf ("nextUpdate: ");
print_time (next);
putchar ('\n');
}
break;
case KSBA_SR_GOT_ITEM:
{
ksba_sexp_t serial;
ksba_isotime_t rdate;
ksba_crl_reason_t reason;
err = ksba_crl_get_item (crl, &serial, rdate, &reason);
fail_if_err2 (fname, err);
printf ("CRL entry %d: s=", ++count);
print_sexp_hex (serial);
printf (", t=");
print_time (rdate);
printf (", r=%x\n", reason);
xfree (serial);
}
break;
case KSBA_SR_END_ITEMS:
break;
case KSBA_SR_READY:
break;
default:
fail ("unknown stop reason");
}
}
while (stopreason != KSBA_SR_READY);
if ( !ksba_crl_get_digest_algo (crl))
fail ("digest algorithm mismatch");
{
ksba_name_t name1;
ksba_sexp_t serial;
ksba_sexp_t keyid;
err = ksba_crl_get_auth_key_id (crl, &keyid, &name1, &serial);
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
{
fputs ("AuthorityKeyIdentifier: ", stdout);
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
fputs ("none\n", stdout);
else
{
if (name1)
{
print_names (24, name1);
ksba_name_release (name1);
fputs (" serial: ", stdout);
print_sexp_hex (serial);
ksba_free (serial);
}
putchar ('\n');
if (keyid)
{
fputs (" keyIdentifier: ", stdout);
print_sexp (keyid);
ksba_free (keyid);
putchar ('\n');
}
}
}
else
fail_if_err (err);
}
{
ksba_sexp_t serial;
err = ksba_crl_get_crl_number (crl, &serial);
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
{
fputs ("crlNumber: ", stdout);
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
fputs ("none", stdout);
else
{
print_sexp (serial);
ksba_free (serial);
}
putchar ('\n');
}
else
fail_if_err (err);
}
{
int idx, crit;
const char *oid;
size_t derlen;
for (idx=0; !(err=ksba_crl_get_extension (crl, idx,
&oid, &crit,
NULL, &derlen)); idx++)
{
const char *s = get_oid_desc (oid);
printf ("%sExtn: %s%s%s%s (%lu octets)\n",
crit? "Crit":"",
s?" (":"", s?s:"", s?")":"",
oid, (unsigned long)derlen);
}
if (err && gpg_err_code (err) != GPG_ERR_EOF
&& gpg_err_code (err) != GPG_ERR_NO_DATA )
fail_if_err (err);
}
{
ksba_sexp_t sigval;
sigval = ksba_crl_get_sig_val (crl);
if (!sigval)
fail ("signature value missing");
print_sexp (sigval);
putchar ('\n');
xfree (sigval);
}
ksba_crl_release (crl);
ksba_reader_release (r);
fclose (fp);
if (hashlog)
fclose (hashlog);
}
int
main (int argc, char **argv)
{
const char *srcdir = getenv ("srcdir");
if (!srcdir)
srcdir = ".";
if (argc > 1)
{
for (argc--, argv++; argc; argc--, argv++)
one_file (*argv);
}
else
{
const char *files[] = {
"crl_testpki_testpca.der",
NULL
};
int idx;
for (idx=0; files[idx]; idx++)
{
char *fname;
- fname = xmalloc (strlen (srcdir) + 1 + strlen (files[idx]) + 1);
+ fname = xmalloc (strlen (srcdir) + 10 + strlen (files[idx]) + 1);
strcpy (fname, srcdir);
- strcat (fname, "/");
+ strcat (fname, "/samples/");
strcat (fname, files[idx]);
one_file (fname);
xfree (fname);
}
}
return 0;
}
diff --git a/tests/t-reader.c b/tests/t-reader.c
index c4e7765..a64ae2e 100644
--- a/tests/t-reader.c
+++ b/tests/t-reader.c
@@ -1,211 +1,211 @@
/* t-reader.c - basic tests for the reader object
* Copyright (C) 2017 g10 Code GmbH
*
* This file is part of KSBA.
*
* KSBA is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* KSBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "../src/ksba.h"
#include "t-common.h"
void
test_fd(const char* path)
{
int fd = open (path, O_RDONLY);
gpg_error_t err = 0;
ksba_reader_t reader;
ksba_cert_t cert;
if (fd < 0)
{
perror ("open() failed");
exit (1);
}
if ((err = ksba_reader_new (&reader)))
{
fprintf (stderr, "ksba_reader_new() failed: %s\n", gpg_strerror (err));
exit (1);
}
if ((err = ksba_reader_set_fd (reader, fd)))
{
fprintf (stderr, "ksba_reader_set_fd() failed: %s\n", gpg_strerror (err));
exit (1);
}
if ((err = ksba_cert_new (&cert)))
{
fprintf (stderr, "ksba_cert_new() failed: %s\n", gpg_strerror (err));
exit (1);
}
if ((err = ksba_cert_read_der (cert, reader)))
{
fprintf(stderr, "ksba_cert_read_der() failed: %s\n", gpg_strerror (err));
exit (1);
}
ksba_cert_release (cert);
ksba_reader_release (reader);
close (fd);
}
void
test_file(const char* path)
{
FILE* fp = fopen (path, "r");
gpg_error_t err = 0;
ksba_reader_t reader;
ksba_cert_t cert;
if (!fp)
{
perror ("fopen() failed");
exit (1);
}
if ((err = ksba_reader_new (&reader)))
{
fprintf (stderr, "ksba_reader_new() failed: %s\n", gpg_strerror (err));
exit (1);
}
if ((err = ksba_reader_set_file (reader, fp)))
{
fprintf (stderr, "ksba_reader_set_fd() failed: %s\n", gpg_strerror (err));
exit (1);
}
if ((err = ksba_cert_new (&cert)))
{
fprintf (stderr, "ksba_cert_new() failed: %s\n", gpg_strerror (err));
exit (1);
}
if ((err = ksba_cert_read_der (cert, reader)))
{
fprintf(stderr, "ksba_cert_read_der() failed: %s\n", gpg_strerror (err));
exit (1);
}
ksba_cert_release (cert);
ksba_reader_release (reader);
fclose (fp);
}
void
test_mem(const char* path)
{
int fd = open (path, O_RDONLY);
gpg_error_t err = 0;
ksba_reader_t reader;
ksba_cert_t cert;
char *mem = NULL;
ssize_t ret = 0;
size_t p = 0;
struct stat st;
if (fd < 0)
{
perror ("fopen() failed");
exit (1);
}
if (fstat (fd, &st))
{
fprintf (stderr, "fstat() failed: %s\n", gpg_strerror (err));
exit (1);
}
mem = xmalloc(st.st_size);
while (p < st.st_size && (ret = read(fd, mem + p, st.st_size - p)))
{
if (ret < 0)
{
fprintf (stderr, "read() failed: %s\n", gpg_strerror (err));
exit (1);
}
p += ret;
}
if ((err = ksba_reader_new (&reader)))
{
exit (1);
}
if ((err = ksba_reader_set_mem (reader, mem, st.st_size)))
{
fprintf (stderr, "ksba_reader_set_mem() failed: %s\n", gpg_strerror (err));
exit (1);
}
if ((err = ksba_cert_new (&cert)))
{
fprintf (stderr, "ksba_cert_new() failed: %s\n", gpg_strerror (err));
exit (1);
}
if ((err = ksba_cert_read_der (cert, reader)))
{
fprintf(stderr, "ksba_cert_read_der() failed: %s\n", gpg_strerror (err));
exit (1);
}
ksba_cert_release (cert);
ksba_reader_release (reader);
xfree (mem);
close (fd);
}
int
main (int argc, char **argv)
{
if (argc == 1)
{
- char *fname = prepend_srcdir ("cert_g10code_test1.der");
+ char *fname = prepend_srcdir ("samples/cert_g10code_test1.der");
test_fd (fname);
test_file (fname);
test_mem (fname);
free(fname);
}
else
{
int i;
for (i = 1; i < argc; ++i)
{
test_fd (argv[i]);
test_file (argv[i]);
test_mem (argv[i]);
}
}
return 0;
}