tests: verify that unique IDs are generated as expected

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index e574314d975986a2042576faab7264848c189127..20fa68e7919e5112b2552e2b32e2a1ed7ebe8c38 100644 (file)
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -34,7 +34,8 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
        pkcs7-detached.txt p7-combined.out template-generalized.pem \
        template-generalized.tmpl privkey1.pem privkey2.pem privkey3.pem \
        name-constraints-ip.pem cert-invalid-utf8.der very-long-dn.pem \
-       provable3072.pem provable2048.pem provable-dsa2048.pem provable-dsa2048-fips.pem
+       provable3072.pem provable2048.pem provable-dsa2048.pem provable-dsa2048-fips.pem \
+       template-unique.tmpl template-unique.pem
 
 dist_check_SCRIPTS = pathlen aki pem-decoding certtool invalid-sig email \
        pkcs7 privkey-import name-constraints certtool-long-cn crl provable-privkey

diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test
index 3903492d567ca5278e7415fbee6136ac5955a9e6..ce68ce117d76a1cd4f663a44cae2ae05d2acf4a6 100755 (executable)
--- a/tests/cert-tests/template-test
+++ b/tests/cert-tests/template-test
@@ -226,6 +226,7 @@ fi
 
 rm -f tmp-tt.pem
 
+
 # Test the GeneralizedTime support
 if test "$(getconf LONG_BIT)" = "64"; then
        # we should test that on systems which have 64-bit time_t.
@@ -254,4 +255,30 @@ fi
 
 rm -f tmp-tt.pem
 
+# Test unique ID field generation
+
+rc=1
+counter=1
+
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+       datefudge "2007-04-22" \
+       "${CERTTOOL}" --generate-self-signed \
+               --load-privkey "${srcdir}/template-test.key" \
+               --template "${srcdir}/template-unique.tmpl" \
+               --outfile tmp-tt.pem 2>/dev/null
+
+       ${DIFF} "${srcdir}/template-unique.pem" tmp-tt.pem >/dev/null 2>&1
+       rc=$?
+       test ${rc} != 0 && sleep 3
+       counter=`expr $counter + 1`
+done
+
+# We're done.
+if test "${rc}" != "0"; then
+       echo "Test 9 (unique ID) failed"
+       exit ${rc}
+fi
+
+rm -f tmp-tt.pem
+
 exit 0

diff --git a/tests/cert-tests/template-unique.pem b/tests/cert-tests/template-unique.pem
new file mode 100644 (file)
index 0000000..e08e5b5
--- /dev/null
+++ b/tests/cert-tests/template-unique.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx
+DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh
+bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x
+NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw
+CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT
+CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABgQgAERQjJCUSJIIGAAAVIyQlo4H1
+MIHyMA8GA1UdEwEB/wQFMAMBAf8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3
+d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgB
+AYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJU
+IspyNl8wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dl
+dGNybC8wDQYJKoZIhvcNAQELBQADgYEAlJcMko5hA7LLxZWylww49HrmiKCRMjH/
+FMPi5WW54n8YfRQuOD8wvHUl3EcJHCXBu0nlWQJfIfGiPIBTTX7EJCS3KQpX296p
+q1xClFdGqXCNOzy0Ld64Qh7qgt5TlvV+uzGgfkzaPqksBhhVLXlUNS2cCSiyi075
+wxR6TEOsjqE=
+-----END CERTIFICATE-----

diff --git a/tests/cert-tests/template-unique.tmpl b/tests/cert-tests/template-unique.tmpl
new file mode 100644 (file)
index 0000000..2fc7101
--- /dev/null
+++ b/tests/cert-tests/template-unique.tmpl
@@ -0,0 +1,70 @@
+# X.509 Certificate options
+#
+# DN options
+
+dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 2590
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+subject_unique_id = 0015232425
+issuer_unique_id =  11142324251224
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key