]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
tests: added check for gnutls_certificate_set_x509_simple_pkcs12_file
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 3 May 2016 13:26:52 +0000 (15:26 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 3 May 2016 13:26:52 +0000 (15:26 +0200)
tests/Makefile.am
tests/cert-common.h
tests/set_x509_pkcs12_key.c [new file with mode: 0644]

index 60bd75e07f0b0fe4f5581b4d1e1275f2cd8afc8a..f11057366ac02edbf9e38f3c0fd15a5a4b878baf 100644 (file)
@@ -103,7 +103,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred certder certuniqueid       \
         system-prio-file name-constraints-merge crl-basic crq-basic \
         send-client-cert custom-urls-override hex rehandshake-switch-psk-id \
         rehandshake-switch-srp-id base64 srpbase64 pkcs1-digest-info set_x509_key \
-        set_x509_key_file_der
+        set_x509_key_file_der set_x509_pkcs12_key
 
 if HAVE_SECCOMP_TESTS
 ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
index 69f44ae760f123ef765e3b1445e005f608d00f88..0b51e22e8f2958692ad378b4f1fab365cc43ab8a 100644 (file)
@@ -634,3 +634,101 @@ static char unknown_ca_cert_pem[] =
 const gnutls_datum_t unknown_ca_cert = { (void*)unknown_ca_cert_pem,
        sizeof(unknown_ca_cert_pem)
 };
+
+static const char server_ca3_pkcs12_pem[] =
+       "-----BEGIN PKCS12-----\n"
+       "MIIQvwIBAzCCEIcGCSqGSIb3DQEHAaCCEHgEghB0MIIQcDCCBOcGCSqGSIb3DQEH\n"
+       "BqCCBNgwggTUAgEAMIIEzQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIGlbZ\n"
+       "V1qak5wCAhTsgIIEoLClLTWuG7yxoUp9Jw34KHHgK5jun/kkUN8RcUDDCOWUsuJG\n"
+       "HPV9TPAG2LpS39Leg+Uo4NpTTUp8RVnbo2I+jR9Bl/cL6zqG0Y+bpaGKsFwZqYQu\n"
+       "wbKctXL/yJhPKJ13paJB2W6kvU05KbC/6Zq69zYxfMkm0fPGnruGBenMUYbP/BKM\n"
+       "6xXmqztGCMHrh9dGyGsGTWN9rJgmNkA/Hh77uIkBdliJHFoS1Rbw7uNbV+3vQcoN\n"
+       "i66aaZa7SftoudwOOGCLCAY9wz34d2Ni8xLfO9PasqtjkXTAllXqEmh0IzK6E63W\n"
+       "VUIp/Ea2312LZQ4kkUKm4MzpRpDoOJf2tAUHHbpsSLLBzPUGP8pOZKp73OzQR+PW\n"
+       "eJhY7sbRcI11qfRD9hteEMEOHU1gJ2dBka7HHvg2bMMArKbtZ3C8Dw6iU42b37xv\n"
+       "+tKtZrZNYILE4sVTy2bwhupraMkScv90Z4fIfuCZEdzlIaP73CTjp6pe2AqEBKBR\n"
+       "h+zf/VhonEsoaCSrQ2Ew5BWk1JjBAyHj2WS8vuhrGvqP/k0k0f5Ji0xoqOW9yM6q\n"
+       "clsfVswsaWR8FuYxKfsuD3styPxW1nHPKET2tWVwSX7WQEwyfSjNAj4EqQGcukpr\n"
+       "3+bgLJciZxLCmNbXAouZKSO05tH5aLPENclXoeuT4ODn5Hzfjd/xT3wnXPNZN+3+\n"
+       "+a87CClzqOG892q2mGGOpTmcuDwy20XHiM47hpxIavOn/jKBYH+zJ5GpYV8B4AkD\n"
+       "WfwnAlPFFZ3Af9Xrc+TpYJ2TE7FRG9Y5XWymhGGkvpyxif8n+QyZAn31lPIiGNPH\n"
+       "1qcWUmF446wQv9jpbuQswAjQNX4vzTGezPVLLZg/n1dDzzCvG4pDGFqyU7iwjCuh\n"
+       "vLH+Zuk/3fGMyvXgNj89xZQIqfclWT2AvFOTclTqylz6Toe/zj45rixZ3bFG8hME\n"
+       "UuEVs3Bz2qRz+JdMSu33qQ4SRUNIePqSMRD8q5aVbZmenNXQtciszBTofSvd8qsu\n"
+       "S7LaiX3M+VVOxyQaB9c6Ely9hrFNT24iarHFEk5ZYgpUToBTLUDEBqfWr0AhZHCB\n"
+       "RwTdP4WFmAaOC2/ZINSQE0bxGqo79lyPP0Ysp2dpPxjlAYX0myccuqnBo0rLtV/7\n"
+       "Sl/9xNj1I7T9qhWzC/WvAjnrlxp4QYgcCLiRe6TaDO1qP47khRyAaxIbLPwYQ6cJ\n"
+       "TDDu1x9iYTCntmRu5pbzokcpajMIepHVzI7FbpLh2BK/fVFTgHKp5XmemLyN5A47\n"
+       "itZvz89gxp6304nqW2z8JpKZ/RDCHyA/6H+PwgvnrAmS+hDKJ58OksfRESlyN619\n"
+       "k9rHtzBoYIlwkhf29pYCaWZ6KWJlgsTG6FKXej6fC7Q94hPkXJRez8Pd8MJR6X+x\n"
+       "XdYbmGVOSEEujg8Ak4Zf+caQ8iawuHTeMr7h2WNr7xH06Ddw12J4t0LdRKDECMJS\n"
+       "C9Jb/tICcjJVxKt4QBlXmy2s2R9i2BUkcyPwUNdE6VORBazQ5sXzOGOcl2ef0OHF\n"
+       "PpE0P9esuXUs9MOqfEe3FnsgFiNjUdPKH5q8mrDDTDGs46RcnJOCwtv6YFrqMIID\n"
+       "3wYJKoZIhvcNAQcGoIID0DCCA8wCAQAwggPFBgkqhkiG9w0BBwEwHAYKKoZIhvcN\n"
+       "AQwBAzAOBAis+k2GAXZlEQICFLWAggOYF7BBapV1GKPSkJeC9dgjEL6AdreDBCyh\n"
+       "LOHoMUKf9AVH4XzgkAtsa1FAomHQscfQKGe3G6vaSi2ugZ0qduasoPlQjldBy+ml\n"
+       "m7QcBh/0p72XcsC6t6se7UcmWvrnp3Nk3rwAQdeOCMVJvljFq0a+83XcZ8a6XuH2\n"
+       "7O0EjUQVWfo1cn6ZFo8l6dBuNNPc32XLwdcIXuPTnScGsxZawufbAprbK/yEf3Dn\n"
+       "IN4POP5KlNdTcv6ko7eGfr2fsOLkDwXWdy42D+oMVc3dj6XTH74FgYv5z8GyELFT\n"
+       "r8mcSKUsbSHVXcUigv9KMDJ+bMzM9feNhiTzEr45OfGDLgBHLsqCcbhpJeN/rpv5\n"
+       "1/KKHIRJmO9GU5Qvk97+1MZr3+PDCqJK4qhiIJhvOKfnYAf9ToSat7lHVdFa6ToH\n"
+       "JK2E7YaFXaMUNii/ZeDZ1n4WcPSkvLJscVk8AhG3emXja96EmJs5aWkKzcJ0ihLX\n"
+       "vDehuZ7JFBNesHrKcC0IM1KhHCkSd/ijcAG+LOmbdl5KMx0KOepJHIkDrpFfiwwq\n"
+       "GkANh9u9FIhqvXjDCtmUkp8mI38FBcAtN1X6cQjy1BzPfyecazA5vkzt6CGKalK6\n"
+       "lTEQjmEftu782r+WhpRw/a7fBM5BDN7QVrvequOtbWRgwFg9xjsSGGw8syO90DxU\n"
+       "aundXXXfgCvqIIWxciQZ57Cvno88TWPpQCrBZ3XZD/Ajr4PTI+Spe6olJlnskOFW\n"
+       "MYRrcHQuuH1N/NUVZCxBqOwh7A53TCGoTnCOeU9l4UHTIP1MOsf29G8dCo9RGcrU\n"
+       "sRx2vgkifOkomUY3+qfjwwipyqWZbuH64ewCbpprPqI7/PVVS+tKqLpLvFJqFrEp\n"
+       "wPlm+7QlbNUnQSaJ6wIav1Z2VKeeu5BewW9BbHjyadrxYOz893ttBZc3ExewX5Uh\n"
+       "lPJXj5CXV5tojUJdvDnXNLsFMn+0ksY3i8xAQpeQJsnrYao0k14w14UGhCgylusl\n"
+       "Z+ogDuWySxyknp/lUN/gE1DbRfZs5o+meg5sMD1DNxeJHPrweB8jT4xKqI0MBYy/\n"
+       "7zkA/BcN6XYhxMXRSwA7f5NUxmUMrOvbLA9GyGj+Mx0/8YFdKr3WbugzD+c1A1kD\n"
+       "hzNgkuM2Qgy13MiEmPp0XAPwr0F3bqjgzL13zgfl1XnR0/U5I0kVnAnw1aa6Cckj\n"
+       "UM2wnEmBYkRhnqA3avOXngrOHuVVJV3lj1Kqu2MaXfYwggeeBgkqhkiG9w0BBwGg\n"
+       "ggePBIIHizCCB4cwggeDBgsqhkiG9w0BDAoBAqCCBy4wggcqMBwGCiqGSIb3DQEM\n"
+       "AQMwDgQIQjy2fTdgBPACAhQkBIIHCIB73qFkUGPoMG34/S4Vm/MdLEOwZDDdeOZJ\n"
+       "Nr8xTnWWAg1Txjxo67TTzx2p/knFsMdqcJBXfKOBu0aK8+wy/EbTtXNB545fuDxD\n"
+       "a8lPJWIVU1zYR69DE2AGJibatwPLO35u1mQ6+NMclCpM838CqFfFdQVdqtrlBFdM\n"
+       "Yxwzxt4rJ/uSxhi7dnjU6UH2w25/feLrcCLLbnLMo68HSqmwyg6hoTc5bmUu02j2\n"
+       "eSvy9cFR2M9kZluli7SFiHysbjlHQD2ahBJM0KEICjIdKkH2D4Qn2mWs+myzCLwA\n"
+       "9yfBxEnRYosBFYLcBc41thruTNKjj+GoZpqfkfNX4gqxBjMjl6+eIW/fVOxSDVTO\n"
+       "U1BVb58kdKOQnxVovXrd3LCYQIHxMfHu3MxzG9jc/5p89qZV7UJLsC2yNxlnq4+L\n"
+       "gXPjEdMhSxr7dteWcqSXlZLZj29KRplo04ZoTVyrfIxi8gEBkuql5uMJrf9TPeNA\n"
+       "f/Lfasfm95IiujD4RQPlxacUAZSAkKtKG85gvopoiAPiAT6+8igVD6WS1jdKTuY8\n"
+       "+Zo4N4s/uK6Ey5ck+EpOF+pCrHkIQdGhqLN/CFRxYTogpDBwdmgbv4IBeKEOE5jZ\n"
+       "jxd9RZvenwumYM5VZjj+SnJ4OoRVO8ZqdbIFWJ71bvuk4e1OnnyDqnsDPkG0Y/zc\n"
+       "drrMWL6MjfrbefanOE8idnyXwqeEuEhktYkW1Pqn57/ckR+ugx1VLhUmOkKYakbo\n"
+       "HGdWibIjY/MxsD+83y/x+QT0avN168GpaSd2mNyktUlpH+wuaUj1jZJIl4/mEnpq\n"
+       "NNkZrDtwwla7iUcwUApVvQli3FAiNYq1ieqpxmz/YPB2Ge9OEVSW4liHro+bPpmZ\n"
+       "h+S2mzkAesDM/nYAWzRFxsK6C0du2wOHh2IgRjwl1w1aoxrKaw8NYUJwFuFRyiIf\n"
+       "7/cxfQW9PlIQwwkZ/gBM0q6rDZEbPnO0vuwisV01HUnJ8eeVbunlwRTZDE0BZpCx\n"
+       "yY7ZG24n0nogQnFsIADT86KhxyOsS6+UKYbYeyQ44ZIakkMTVA1zdb7wMEWT0v93\n"
+       "KVXQ3oYyoLrdgAWHVAVjVshuNyL0w7toOa6IbuM3FUZQG94A6HQs5mNQUXoBncA7\n"
+       "F8iVTB16YHyhWRLZrpUVNhOmx9+sZ6mK4Ll2+XJ0sZhCdCNtDtnrb7KPMHeWK3We\n"
+       "jsdUB48/Wc6WN2tX9CquUXFqHBgY/pHxFG8gNw5+OEpM3OXdPFdMjTFfcUzz5sbs\n"
+       "iNC9AWgCsINv+MV7qg3m/prNNgrwrMkOtsxHYKwJAZqlc3Y9XVzKfGlNIK9KfbKA\n"
+       "3VoQenbNV1dst1Nrxl4vuNvbm5II8XDl8bkHWuS1snbxELRLFOSZlYsIw3Yw4sbZ\n"
+       "V/qqJix11yhpWRrW3/TdxEvEp5MZVuciJp6CS8rNpdAvzSenDQ8XfA2mLXNY5NgM\n"
+       "NOvBc/XBi9QqGJo20DCeKrOtYXbo7dsVDJrJqRdZT4ftoQQvK22uBW6CmO5cUGkE\n"
+       "8fP/9Ym5yJEFrHNROsbUqfp+KPPaoVuUNsJDor3evcdAHKOSDldPfbmBLV7sFNEP\n"
+       "33p5ejwvszAaJEWRf48Y2fRKzfbkyDPYO+5we9XaKhcRvbp6NR0EQl1JLFw2/1nn\n"
+       "lmDVMc/XJGL6VE7rmM79vTxq4C7YSzWcD+2FM9nWrzweYEKtleHOPdjl2vOziNu0\n"
+       "f396VtmEho8BHV80A06j+GYlENzodfjsTtcFycCGS3j1dvnBJitD//jqX0p56YsL\n"
+       "vCjCnn0Isl9WXvooC63ntf2jdcP0xwbQbKEYB0v4ai17AM99WFbzMnw4Hk79MvcE\n"
+       "85THHdQSceJhFGXhku6MUuWIU1CjTByiiaBZirtBS0da3s2RfyChHlAnMW1vQXRl\n"
+       "2388E8B3+VCLzfOYqflW983xCzCQONBn6pPQkTIE4y7LyQphZVIWOklqV4HDqSM9\n"
+       "Nd8u6Lgub6vrEH8qN3ExsmA/zb8uKr82PaXq+TB0KIOixy3ynjWRdVPAvF+ASmR+\n"
+       "whTJxkfH5mRO1/0/kgtSH/J37HtkAQC7OAUMycdrEC8r2+TKk/CMV00UIEzfCEo1\n"
+       "kfdSiRB+oBDStE1TJ8X6l0slr7BUNjuinU3Waq5FtybC2cI6MkGq0Dj+1qQflqs6\n"
+       "eT2SM8MN2v/9ktqDqGqWGuIByxMHJTRcithOhdClCfj2VYWQsp4L6lWtE5EDgEbG\n"
+       "d3UjaRGUPH58peE3vOziC1sruMN9hEbQU1JYRWerQlBYjt2RAHuSzQhSbu3GKJNV\n"
+       "1KVDTxVxIpuTcdqKenGTJvA79TPnM/fCVbwgW18DAUhFruqgfCTU8EVMLgqDecnR\n"
+       "v4YzX3weMpYuhnPqhcOkgImvRJv7C0b/yjV/0ctW0uQxtTD8nAN0wmQyCfY4RTFC\n"
+       "MBsGCSqGSIb3DQEJFDEOHgwAcwBlAHIAdgBlAHIwIwYJKoZIhvcNAQkVMRYEFDOd\n"
+       "4SfTi9X86wX8tceBaU9eO9nWMC8wHzAHBgUrDgMCGgQUSrnTiqr47JA4mCEpQDQX\n"
+       "JMU7QdMECJJR3+yAuOeDAgIoAA==\n"
+       "-----END PKCS12-----\n";
+
+const gnutls_datum_t server_ca3_pkcs12 = { (void*)server_ca3_pkcs12_pem,
+       sizeof(server_ca3_pkcs12_pem)-1
+};
diff --git a/tests/set_x509_pkcs12_key.c b/tests/set_x509_pkcs12_key.c
new file mode 100644 (file)
index 0000000..110404d
--- /dev/null
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos
+ * Copyright (C) 2016 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#include "cert-common.h"
+#include "utils.h"
+
+static void compare(const gnutls_datum_t *der, const void *ipem)
+{
+       gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)};
+       gnutls_datum_t new_der;
+       int ret;
+
+       ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der);
+       if (ret < 0) {
+               fail("error: %s\n", gnutls_strerror(ret));
+       }
+
+       if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) {
+               fail("error in %d: %s\n", __LINE__, "cert don't match");
+               exit(1);
+       }
+       gnutls_free(new_der.data);
+       return;
+}
+
+void doit(void)
+{
+       int ret;
+       gnutls_certificate_credentials_t xcred;
+       const char *certfile = "does-not-exist.pem";
+       gnutls_datum_t tcert;
+       FILE *fp;
+
+       global_init();
+       assert(gnutls_certificate_allocate_credentials(&xcred) >= 0);
+
+       /* this will fail */
+       ret = gnutls_certificate_set_x509_simple_pkcs12_file(xcred, certfile,
+                                                  GNUTLS_X509_FMT_PEM, "1234");
+       if (ret != GNUTLS_E_FILE_ERROR)
+               fail("gnutls_certificate_set_x509_simple_pkcs12_file failed: %s\n", gnutls_strerror(ret));
+
+       gnutls_certificate_free_credentials(xcred);
+
+       assert(gnutls_certificate_allocate_credentials(&xcred) >= 0);
+
+       certfile = tmpnam(NULL);
+
+       fp = fopen(certfile, "w");
+       if (fp == NULL)
+               fail("error in fopen\n");
+
+       assert(fwrite(server_ca3_pkcs12_pem, 1, strlen((char*)server_ca3_pkcs12_pem), fp)>0);
+       fclose(fp);
+
+       ret = gnutls_certificate_set_x509_simple_pkcs12_file(xcred, certfile,
+                                                   GNUTLS_X509_FMT_PEM, "1234");
+       if (ret < 0)
+               fail("gnutls_certificate_set_x509_simple_pkcs12_file failed: %s\n", gnutls_strerror(ret));
+
+       /* verify whether the stored certificate match the ones we have */
+       ret = gnutls_certificate_get_crt_raw(xcred, 0, 0, &tcert);
+       if (ret < 0) {
+               fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
+               exit(1);
+       }
+
+       compare(&tcert, server_ca3_cert_pem);
+
+       remove(certfile);
+
+       gnutls_certificate_free_credentials(xcred);
+       gnutls_global_deinit();
+}