2 * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/opensslconf.h>
13 #include <openssl/crypto.h>
14 #include <openssl/ocsp.h>
15 #include <openssl/x509.h>
16 #include <openssl/asn1.h>
17 #include <openssl/pem.h>
21 static const char *certstr
;
22 static const char *privkeystr
;
24 #ifndef OPENSSL_NO_OCSP
25 static int get_cert_and_key(X509
**cert_out
, EVP_PKEY
**key_out
)
27 BIO
*certbio
, *keybio
;
31 if (!TEST_ptr(certbio
= BIO_new_file(certstr
, "r")))
33 cert
= PEM_read_bio_X509(certbio
, NULL
, NULL
, NULL
);
35 if (!TEST_ptr(keybio
= BIO_new_file(privkeystr
, "r")))
37 key
= PEM_read_bio_PrivateKey(keybio
, NULL
, NULL
, NULL
);
39 if (!TEST_ptr(cert
) || !TEST_ptr(key
))
50 static OCSP_BASICRESP
*make_dummy_resp(void)
52 const unsigned char namestr
[] = "openssl.example.com";
53 unsigned char keybytes
[128] = {7};
54 OCSP_BASICRESP
*bs
= OCSP_BASICRESP_new();
55 OCSP_BASICRESP
*bs_out
= NULL
;
56 OCSP_CERTID
*cid
= NULL
;
57 ASN1_TIME
*thisupd
= ASN1_TIME_set(NULL
, time(NULL
));
58 ASN1_TIME
*nextupd
= ASN1_TIME_set(NULL
, time(NULL
) + 200);
59 X509_NAME
*name
= X509_NAME_new();
60 ASN1_BIT_STRING
*key
= ASN1_BIT_STRING_new();
61 ASN1_INTEGER
*serial
= ASN1_INTEGER_new();
63 if (!X509_NAME_add_entry_by_NID(name
, NID_commonName
, MBSTRING_ASC
,
65 || !ASN1_BIT_STRING_set(key
, keybytes
, sizeof(keybytes
))
66 || !ASN1_INTEGER_set_uint64(serial
, (uint64_t)1))
68 cid
= OCSP_cert_id_new(EVP_sha256(), name
, key
, serial
);
73 || !TEST_true(OCSP_basic_add1_status(bs
, cid
,
74 V_OCSP_CERTSTATUS_UNKNOWN
,
75 0, NULL
, thisupd
, nextupd
)))
80 ASN1_TIME_free(thisupd
);
81 ASN1_TIME_free(nextupd
);
82 ASN1_BIT_STRING_free(key
);
83 ASN1_INTEGER_free(serial
);
84 OCSP_CERTID_free(cid
);
85 OCSP_BASICRESP_free(bs
);
90 static int test_resp_signer(void)
92 OCSP_BASICRESP
*bs
= NULL
;
93 X509
*signer
= NULL
, *tmp
;
95 STACK_OF(X509
) *extra_certs
= NULL
;
99 * Test a response with no certs at all; get the signer from the
100 * extra certs given to OCSP_resp_get0_signer().
102 bs
= make_dummy_resp();
103 extra_certs
= sk_X509_new_null();
105 || !TEST_ptr(extra_certs
)
106 || !TEST_true(get_cert_and_key(&signer
, &key
))
107 || !TEST_true(sk_X509_push(extra_certs
, signer
))
108 || !TEST_true(OCSP_basic_sign(bs
, signer
, key
, EVP_sha1(),
109 NULL
, OCSP_NOCERTS
)))
111 if (!TEST_true(OCSP_resp_get0_signer(bs
, &tmp
, extra_certs
))
112 || !TEST_int_eq(X509_cmp(tmp
, signer
), 0))
114 OCSP_BASICRESP_free(bs
);
116 /* Do it again but include the signer cert */
117 bs
= make_dummy_resp();
120 || !TEST_true(OCSP_basic_sign(bs
, signer
, key
, EVP_sha1(),
123 if (!TEST_true(OCSP_resp_get0_signer(bs
, &tmp
, NULL
))
124 || !TEST_int_eq(X509_cmp(tmp
, signer
), 0))
128 OCSP_BASICRESP_free(bs
);
129 sk_X509_free(extra_certs
);
136 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
138 int setup_tests(void)
140 if (!TEST_ptr(certstr
= test_get_argument(0))
141 || !TEST_ptr(privkeystr
= test_get_argument(1)))
143 #ifndef OPENSSL_NO_OCSP
144 ADD_TEST(test_resp_signer
);