1-- | x509-store test suite. 2module Main (main) where 3 4import qualified Data.ByteString as B 5import Data.String (fromString) 6import Data.X509 7import Data.X509.Memory 8 9import Test.Tasty 10import Test.Tasty.HUnit 11 12{- 13 openssl req -new -x509 -subj /CN=Test -newkey rsa:1024 -nodes -reqexts v3_req \ 14 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 15 sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem 16 openssl rsa -in privkey.pem | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 17-} 18rsaCertificate, rsaKey1, rsaKey2 :: B.ByteString 19rsaCertificate = fromString $ 20 "-----BEGIN CERTIFICATE-----\n" ++ 21 "MIIB7DCCAVWgAwIBAgIJAPmzhcKJcLZtMA0GCSqGSIb3DQEBCwUAMA8xDTALBgNV\n" ++ 22 "BAMMBFRlc3QwHhcNMTcwMzAyMTgwODU3WhcNMTcwNDAxMTgwODU3WjAPMQ0wCwYD\n" ++ 23 "VQQDDARUZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzkysIZyZ1UYFl\n" ++ 24 "OFKOhZ+T7Usgove7Z9z9zBSXM7ufXl5NF5QV+u76bDo5ITD81NYiqCLoNGRVC1FY\n" ++ 25 "srVmx97AyqQ6Hj2IGfar2JyymTO2Y4E7kYO21hxJSrIJOVnAbGdxHYwiKVFZkP5g\n" ++ 26 "PS5FzYqwfMet4gpbPJcvBjfZVo2MIQIDAQABo1AwTjAdBgNVHQ4EFgQUhJgtg9dO\n" ++ 27 "jcpA08w0BuXptQw+JVkwHwYDVR0jBBgwFoAUhJgtg9dOjcpA08w0BuXptQw+JVkw\n" ++ 28 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQA2OIHfXV9Ro7208mNaz6Bi\n" ++ 29 "QYhW4gGbQA6/5N/BYby5kHLC+veJ9qAXjILn5qW5hsuf4X4Nq7VO3HKQ89Jo2COc\n" ++ 30 "6fAvjhCWKqlZFAIBKbcEcg3QZqAdXJ4Q8RLMvG3y/vDzixp1Xuxk0Zbr88D7SX7i\n" ++ 31 "Lx+S385X8OT7Wiu6qhM6ig==\n" ++ 32 "-----END CERTIFICATE-----\n" 33rsaKey1 = fromString $ 34 "-----BEGIN PRIVATE KEY-----\n" ++ 35 "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALOTKwhnJnVRgWU4\n" ++ 36 "Uo6Fn5PtSyCi97tn3P3MFJczu59eXk0XlBX67vpsOjkhMPzU1iKoIug0ZFULUViy\n" ++ 37 "tWbH3sDKpDoePYgZ9qvYnLKZM7ZjgTuRg7bWHElKsgk5WcBsZ3EdjCIpUVmQ/mA9\n" ++ 38 "LkXNirB8x63iCls8ly8GN9lWjYwhAgMBAAECgYAxGVkXyBRU2X82rMqt201Bhg0X\n" ++ 39 "lFeF7yUWY7lxihyPu56vF3ZO+DhlUjgtLK0XRB50hWJd+Q1Bz4FjbiF5Q8bcm/rz\n" ++ 40 "4BzyojpoCHoMnrcPyP+7+LE50MFsySvjQWCJkz0WSoFBsoEVQOvkAkhCEiR4vqoJ\n" ++ 41 "UNjZczb2PAvWjlUsvQJBAOyLOm+P4RnrRaV/dMXx3pfNTolJp7KQ0zXghKc4clF5\n" ++ 42 "ESMsWHwHRGU++/tW90m/j8ApDvlIrXTmYOyQ4jKCCk8CQQDCWGAzeVa4xL+p2SaO\n" ++ 43 "TP5aqRjfEIVf0O3HjB9GklrdwtnDF4JrUUILdUKJ3qxqEetNpSZjzc3H6dDtxvy1\n" ++ 44 "yRaPAkEAp+fMexRufK98qJVolnmxv5+Ed/9IgoA67KuKfgibXSnK+GSqCqA99IBY\n" ++ 45 "7Xg14KuRpp1+e4UTWz+M3V+asK+OEQJBAKvQW8RGCqAw+M0c+FQnx1q5Ug6q2W77\n" ++ 46 "E6wtudy3OPQC9mfemeNspDnjAd9HaCAiFWfAkK79XGbX1GjSWcoQrAsCQQDRoscG\n" ++ 47 "Udtf0rxGk4y79YNXPeTReF+0wCdWdDNpAdnhpYCnFE+74LyiY8YRbfe2jP7X2uyn\n" ++ 48 "/h1HwfRSKCZ7Epcv\n" ++ 49 "-----END PRIVATE KEY-----\n" 50rsaKey2 = fromString $ 51 "-----BEGIN RSA PRIVATE KEY-----\n" ++ 52 "MIICXgIBAAKBgQCzkysIZyZ1UYFlOFKOhZ+T7Usgove7Z9z9zBSXM7ufXl5NF5QV\n" ++ 53 "+u76bDo5ITD81NYiqCLoNGRVC1FYsrVmx97AyqQ6Hj2IGfar2JyymTO2Y4E7kYO2\n" ++ 54 "1hxJSrIJOVnAbGdxHYwiKVFZkP5gPS5FzYqwfMet4gpbPJcvBjfZVo2MIQIDAQAB\n" ++ 55 "AoGAMRlZF8gUVNl/NqzKrdtNQYYNF5RXhe8lFmO5cYocj7uerxd2Tvg4ZVI4LSyt\n" ++ 56 "F0QedIViXfkNQc+BY24heUPG3Jv68+Ac8qI6aAh6DJ63D8j/u/ixOdDBbMkr40Fg\n" ++ 57 "iZM9FkqBQbKBFUDr5AJIQhIkeL6qCVDY2XM29jwL1o5VLL0CQQDsizpvj+EZ60Wl\n" ++ 58 "f3TF8d6XzU6JSaeykNM14ISnOHJReREjLFh8B0RlPvv7VvdJv4/AKQ75SK105mDs\n" ++ 59 "kOIyggpPAkEAwlhgM3lWuMS/qdkmjkz+WqkY3xCFX9Dtx4wfRpJa3cLZwxeCa1FC\n" ++ 60 "C3VCid6sahHrTaUmY83Nx+nQ7cb8tckWjwJBAKfnzHsUbnyvfKiVaJZ5sb+fhHf/\n" ++ 61 "SIKAOuyrin4Im10pyvhkqgqgPfSAWO14NeCrkaadfnuFE1s/jN1fmrCvjhECQQCr\n" ++ 62 "0FvERgqgMPjNHPhUJ8dauVIOqtlu+xOsLbnctzj0AvZn3pnjbKQ54wHfR2ggIhVn\n" ++ 63 "wJCu/Vxm19Ro0lnKEKwLAkEA0aLHBlHbX9K8RpOMu/WDVz3k0XhftMAnVnQzaQHZ\n" ++ 64 "4aWApxRPu+C8omPGEW33toz+19rsp/4dR8H0UigmexKXLw==\n" ++ 65 "-----END RSA PRIVATE KEY-----\n" 66 67{- 68 openssl dsaparam 1024 -out dsaparams 69 openssl req -new -x509 -subj /CN=Test -newkey dsa:dsaparams -nodes -reqexts v3_req \ 70 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 71 sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem 72 openssl dsa -in privkey.pem | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 73-} 74dsaCertificate, dsaKey1, dsaKey2 :: B.ByteString 75dsaCertificate = fromString $ 76 "-----BEGIN CERTIFICATE-----\n" ++ 77 "MIICrzCCAmugAwIBAgIJALFEpgowHmcXMAsGCWCGSAFlAwQDAjAPMQ0wCwYDVQQD\n" ++ 78 "DARUZXN0MB4XDTE3MDMwMjE4MTA0OFoXDTE3MDQwMTE4MTA0OFowDzENMAsGA1UE\n" ++ 79 "AwwEVGVzdDCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCsH77mdMUYCgpdNnqljOoG\n" ++ 80 "OLOkPb+9pIrV/LWoX9TvhyfoVOJli5dEWqcui9eTZZ4LW+2F1//0HpTjW5d+aZk7\n" ++ 81 "znkSRg9yihhzYzqGL7GEinFGHIPBL5uKoCW7a2HlJ+OdLBNQ/yeCDpTvt+/agLlA\n" ++ 82 "K1CgpBd1NeG7jFmfgmJ+gwIVAOs+Q1CAhIZzqH7Ymgp4X2buU1plAoGALiXg/kXS\n" ++ 83 "DSWVzbP6kEKMjkpc0KMmUQCErJgcTZmqe2IddoghCHq44ofbdMyJivk0V3lAfprP\n" ++ 84 "l2LMKKnwc0NgWEcPPmR+ZyYXODxOeXlZd1qznDKWdvpciOkMdWOsxF+cbtmGBrxs\n" ++ 85 "+Rm86f+95+EsptH/8FeLFMw7L8u/0FNgAyoDgYQAAoGAIBhO3gbkWHsZSic+5rdh\n" ++ 86 "HS0z0h/kBqbqY2BHFXchaMAgzMrzD/rTpeZ+mND8tIRzOw73tKckeHrfauBNPstc\n" ++ 87 "c2SCFy9lc7eITD/HmoCJFuMLbYxpWlOYL5JU5EQT/1VlH58RprfMp5+HA1tSMZov\n" ++ 88 "zf7ck2W7Rt6zH77Io5lt0aujUDBOMB0GA1UdDgQWBBQOlmp9KHZbomx3TbKxBiGL\n" ++ 89 "oVUB1zAfBgNVHSMEGDAWgBQOlmp9KHZbomx3TbKxBiGLoVUB1zAMBgNVHRMEBTAD\n" ++ 90 "AQH/MAsGCWCGSAFlAwQDAgMxADAuAhUAp/XUpSnDENVgqr2MS1XCXHjI9kACFQDq\n" ++ 91 "jV1C0EYgKTRYKjrztFjBEHv3Ig==\n" ++ 92 "-----END CERTIFICATE-----\n" 93dsaKey1 = fromString $ 94 "-----BEGIN PRIVATE KEY-----\n" ++ 95 "MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBAKwfvuZ0xRgKCl02eqWM6gY4s6Q9\n" ++ 96 "v72kitX8tahf1O+HJ+hU4mWLl0Rapy6L15Nlngtb7YXX//QelONbl35pmTvOeRJG\n" ++ 97 "D3KKGHNjOoYvsYSKcUYcg8Evm4qgJbtrYeUn450sE1D/J4IOlO+379qAuUArUKCk\n" ++ 98 "F3U14buMWZ+CYn6DAhUA6z5DUICEhnOoftiaCnhfZu5TWmUCgYAuJeD+RdINJZXN\n" ++ 99 "s/qQQoyOSlzQoyZRAISsmBxNmap7Yh12iCEIerjih9t0zImK+TRXeUB+ms+XYswo\n" ++ 100 "qfBzQ2BYRw8+ZH5nJhc4PE55eVl3WrOcMpZ2+lyI6Qx1Y6zEX5xu2YYGvGz5Gbzp\n" ++ 101 "/73n4Sym0f/wV4sUzDsvy7/QU2ADKgQWAhQ/q2pbQjljQ7CD3Uc6FA63FS7fYg==\n" ++ 102 "-----END PRIVATE KEY-----\n" 103dsaKey2 = fromString $ 104 "-----BEGIN DSA PRIVATE KEY-----\n" ++ 105 "MIIBugIBAAKBgQCsH77mdMUYCgpdNnqljOoGOLOkPb+9pIrV/LWoX9TvhyfoVOJl\n" ++ 106 "i5dEWqcui9eTZZ4LW+2F1//0HpTjW5d+aZk7znkSRg9yihhzYzqGL7GEinFGHIPB\n" ++ 107 "L5uKoCW7a2HlJ+OdLBNQ/yeCDpTvt+/agLlAK1CgpBd1NeG7jFmfgmJ+gwIVAOs+\n" ++ 108 "Q1CAhIZzqH7Ymgp4X2buU1plAoGALiXg/kXSDSWVzbP6kEKMjkpc0KMmUQCErJgc\n" ++ 109 "TZmqe2IddoghCHq44ofbdMyJivk0V3lAfprPl2LMKKnwc0NgWEcPPmR+ZyYXODxO\n" ++ 110 "eXlZd1qznDKWdvpciOkMdWOsxF+cbtmGBrxs+Rm86f+95+EsptH/8FeLFMw7L8u/\n" ++ 111 "0FNgAyoCgYAgGE7eBuRYexlKJz7mt2EdLTPSH+QGpupjYEcVdyFowCDMyvMP+tOl\n" ++ 112 "5n6Y0Py0hHM7Dve0pyR4et9q4E0+y1xzZIIXL2Vzt4hMP8eagIkW4wttjGlaU5gv\n" ++ 113 "klTkRBP/VWUfnxGmt8ynn4cDW1Ixmi/N/tyTZbtG3rMfvsijmW3RqwIUP6tqW0I5\n" ++ 114 "Y0Owg91HOhQOtxUu32I=\n" ++ 115 "-----END DSA PRIVATE KEY-----\n" 116 117{- 118 openssl ecparam -name prime256v1 -out ecparams -param_enc named_curve 119 openssl req -new -x509 -subj /CN=Test -newkey ec:ecparams -nodes -reqexts v3_req \ 120 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 121 sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem 122 openssl ec -in privkey.pem | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 123-} 124ecCertificateNc, ecKey1Nc, ecKey2Nc :: B.ByteString 125ecCertificateNc = fromString $ 126 "-----BEGIN CERTIFICATE-----\n" ++ 127 "MIIBZTCCAQugAwIBAgIJAPF7NB8WKn6XMAoGCCqGSM49BAMCMA8xDTALBgNVBAMM\n" ++ 128 "BFRlc3QwHhcNMTcwMzAyMTgxMTI1WhcNMTcwNDAxMTgxMTI1WjAPMQ0wCwYDVQQD\n" ++ 129 "DARUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETCmVJNQ5HWoFKMpyZFly\n" ++ 130 "kILKFuE0ZTu2t8G5jXpQp0g4g8OqyRo/6iSZSs/WAP3e2vcJuyhnDSd8MocSnEfi\n" ++ 131 "pqNQME4wHQYDVR0OBBYEFKCemJ7KZ+JfExQxOh/0qhKO3cJwMB8GA1UdIwQYMBaA\n" ++ 132 "FKCemJ7KZ+JfExQxOh/0qhKO3cJwMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID\n" ++ 133 "SAAwRQIhALhWJShVXsrupU8ISSBJVGmzRhPcueHsjuydyyfOsxElAiADbsp0SM/9\n" ++ 134 "6CQCvqX+V8DAwxT1WiRDzN8ilV6ZIfUI3Q==\n" ++ 135 "-----END CERTIFICATE-----\n" 136ecKey1Nc = fromString $ 137 "-----BEGIN PRIVATE KEY-----\n" ++ 138 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg1hT2Mdt5IS0Qs9Bb\n" ++ 139 "LJ8ZAW3VTDIq1zn8qSYGiLcMVkShRANCAARMKZUk1DkdagUoynJkWXKQgsoW4TRl\n" ++ 140 "O7a3wbmNelCnSDiDw6rJGj/qJJlKz9YA/d7a9wm7KGcNJ3wyhxKcR+Km\n" ++ 141 "-----END PRIVATE KEY-----\n" 142ecKey2Nc = fromString $ 143 "-----BEGIN EC PRIVATE KEY-----\n" ++ 144 "MHcCAQEEINYU9jHbeSEtELPQWyyfGQFt1UwyKtc5/KkmBoi3DFZEoAoGCCqGSM49\n" ++ 145 "AwEHoUQDQgAETCmVJNQ5HWoFKMpyZFlykILKFuE0ZTu2t8G5jXpQp0g4g8OqyRo/\n" ++ 146 "6iSZSs/WAP3e2vcJuyhnDSd8MocSnEfipg==\n" ++ 147 "-----END EC PRIVATE KEY-----\n" 148 149{- 150 openssl ecparam -name prime256v1 -out ecparams -param_enc explicit 151 openssl req -new -x509 -subj /CN=Test -newkey ec:ecparams -nodes -reqexts v3_req \ 152 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 153 sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem 154 openssl ec -in privkey.pem | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 155-} 156ecCertificateEpc, ecKey1Epc, ecKey2Epc :: B.ByteString 157ecCertificateEpc = fromString $ 158 "-----BEGIN CERTIFICATE-----\n" ++ 159 "MIICWTCCAf+gAwIBAgIJAPF9pxfJTwfaMAoGCCqGSM49BAMCMA8xDTALBgNVBAMM\n" ++ 160 "BFRlc3QwHhcNMTcwMzAyMTgxMTUxWhcNMTcwNDAxMTgxMTUxWjAPMQ0wCwYDVQQD\n" ++ 161 "DARUZXN0MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8A\n" ++ 162 "AAABAAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAA\n" ++ 163 "AAAA///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9Jg\n" ++ 164 "SwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt\n" ++ 165 "6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP//\n" ++ 166 "//8AAAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABHXlHgRztuAF/Vs5\n" ++ 167 "GMB5GEfGpFsSsua+GDB8/zvjT4UBgpnb71HJPFOC0yrYliunXds00VlOs3v+FCVL\n" ++ 168 "mU5yW+2jUDBOMB0GA1UdDgQWBBSFV0KwoW1mPah12w3rngU7t1kjETAfBgNVHSME\n" ++ 169 "GDAWgBSFV0KwoW1mPah12w3rngU7t1kjETAMBgNVHRMEBTADAQH/MAoGCCqGSM49\n" ++ 170 "BAMCA0gAMEUCIDqqWyJEIRo2YSvvrQKJZ3wKQSGeWoPnJvWfXMjgODd5AiEAsXCt\n" ++ 171 "LYmBKulTMXATynvrqa/xDi3z2lkwcWQC1AZBZ8M=\n" ++ 172 "-----END CERTIFICATE-----\n" 173ecKey1Epc = fromString $ 174 "-----BEGIN PRIVATE KEY-----\n" ++ 175 "MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB\n" ++ 176 "AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA\n" ++ 177 "///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV\n" ++ 178 "AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg\n" ++ 179 "9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A\n" ++ 180 "AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgBnbFaCHgp5Cn\n" ++ 181 "stu9ntk7QiEP6j/7FzK6GC4dzsID7/ihRANCAAR15R4Ec7bgBf1bORjAeRhHxqRb\n" ++ 182 "ErLmvhgwfP8740+FAYKZ2+9RyTxTgtMq2JYrp13bNNFZTrN7/hQlS5lOclvt\n" ++ 183 "-----END PRIVATE KEY-----\n" 184ecKey2Epc = fromString $ 185 "-----BEGIN EC PRIVATE KEY-----\n" ++ 186 "MIIBaAIBAQQgBnbFaCHgp5Cnstu9ntk7QiEP6j/7FzK6GC4dzsID7/iggfowgfcC\n" ++ 187 "AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA////////////////\n" ++ 188 "MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr\n" ++ 189 "vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE\n" ++ 190 "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W\n" ++ 191 "K84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8\n" ++ 192 "YyVRAgEBoUQDQgAEdeUeBHO24AX9WzkYwHkYR8akWxKy5r4YMHz/O+NPhQGCmdvv\n" ++ 193 "Uck8U4LTKtiWK6dd2zTRWU6ze/4UJUuZTnJb7Q==\n" ++ 194 "-----END EC PRIVATE KEY-----\n" 195 196{- 197 openssl req -new -x509 -subj /CN=CA -newkey rsa:1024 -nodes -reqexts v3_ca \ 198 -keyout cakey.pem -out cacert.pem 199 openssl req -new -subj /CN=Test -key cakey.pem -nodes -reqexts v3_req \ 200 -out req.pem 201 openssl genpkey -algorithm x25519 -out privkey.pem 202 openssl pkey -in privkey.pem -pubout -out pubkey.pem 203 openssl x509 -req -in req.pem -CA cacert.pem -CAkey cakey.pem \ 204 -set_serial 2 -force_pubkey pubkey.pem \ 205 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 206 sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem 207 openssl pkey -in privkey.pem -traditional \ 208 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 209-} 210x25519Certificate, x25519Key1, x25519Key2 :: B.ByteString 211x25519Certificate = fromString $ 212 "-----BEGIN CERTIFICATE-----\n" ++ 213 "MIIBEzB+AgECMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNVBAMMAkNBMB4XDTE4MDgy\n" ++ 214 "NjE0MTIzOFoXDTE4MDkyNTE0MTIzOFowDzENMAsGA1UEAwwEVGVzdDAqMAUGAytl\n" ++ 215 "bgMhAMzDmaCSEjQR6yWKSdWBxw4YNOb6YMETiWt7AVOUaxw9MA0GCSqGSIb3DQEB\n" ++ 216 "CwUAA4GBAEJrXXtt9XaL3oARVv8hm/abqhUds9ytT4CQtaQgSV7HQIp96LN87pc9\n" ++ 217 "pwrISZrWuIlVpyQpGOK1i+uI3LgdKn1zO5CJdjRtW6lCCXg9R/wEcEKAiVKIzg2G\n" ++ 218 "FanQ4TG8YzfBToUbsSMfptxhbKPk/lVa8ffmXLZBILjPbI63iu4d\n" ++ 219 "-----END CERTIFICATE-----\n" 220x25519Key1 = fromString $ 221 "-----BEGIN PRIVATE KEY-----\n" ++ 222 "MC4CAQAwBQYDK2VuBCIEIEhpc79EOwSU0JgHC6/32OUYul2yRiha3aftJiHybq1F\n" ++ 223 "-----END PRIVATE KEY-----\n" 224x25519Key2 = fromString $ 225 "-----BEGIN X25519 PRIVATE KEY-----\n" ++ 226 "MC4CAQAwBQYDK2VuBCIEIEhpc79EOwSU0JgHC6/32OUYul2yRiha3aftJiHybq1F\n" ++ 227 "-----END X25519 PRIVATE KEY-----\n" 228 229{- 230 openssl req -new -x509 -subj /CN=CA -newkey rsa:1024 -nodes -reqexts v3_ca \ 231 -keyout cakey.pem -out cacert.pem 232 openssl req -new -subj /CN=Test -key cakey.pem -nodes -reqexts v3_req \ 233 -out req.pem 234 openssl genpkey -algorithm x448 -out privkey.pem 235 openssl pkey -in privkey.pem -pubout -out pubkey.pem 236 openssl x509 -req -in req.pem -CA cacert.pem -CAkey cakey.pem \ 237 -set_serial 2 -force_pubkey pubkey.pem \ 238 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 239 sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem 240 openssl pkey -in privkey.pem -traditional \ 241 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 242-} 243x448Certificate, x448Key1, x448Key2 :: B.ByteString 244x448Certificate = fromString $ 245 "-----BEGIN CERTIFICATE-----\n" ++ 246 "MIIBLDCBlgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAeFw0xODA4\n" ++ 247 "MjYxNDEzMTlaFw0xODA5MjUxNDEzMTlaMA8xDTALBgNVBAMMBFRlc3QwQjAFBgMr\n" ++ 248 "ZW8DOQCh0ta92rVURtIK29lN9F1QbBpSV0jAr7jAXLdz4SHPPO1OO+2gXvjuDpt3\n" ++ 249 "lTzR6oZQkAc5nK43PjANBgkqhkiG9w0BAQsFAAOBgQCk2dVKQpLS4/EEe2fuRMvs\n" ++ 250 "2qvERTT41P9cjkz3obrizjg68Aaj1m/0SeQFWYh4QeGf7lVSA6evPQG8XdscHHMd\n" ++ 251 "/7/U/gfY+aTiaKTf/E7pXMdtiMEOkcrA1J5fnI5M96R6UMRIRbqxhpGC/Jb7EdVM\n" ++ 252 "LAlOqcCwRBVCEJnexQK1TA==\n" ++ 253 "-----END CERTIFICATE-----\n" 254x448Key1 = fromString $ 255 "-----BEGIN PRIVATE KEY-----\n" ++ 256 "MEYCAQAwBQYDK2VvBDoEOKxpGvu6rhYy78qgxgtT+uZt4Ctxd3AB/S59i1Cx03hR\n" ++ 257 "kVB9q7Mz02YjHbwAaM/hAHajYdwHa7aV\n" ++ 258 "-----END PRIVATE KEY-----\n" 259x448Key2 = fromString $ 260 "-----BEGIN X448 PRIVATE KEY-----\n" ++ 261 "MEYCAQAwBQYDK2VvBDoEOKxpGvu6rhYy78qgxgtT+uZt4Ctxd3AB/S59i1Cx03hR\n" ++ 262 "kVB9q7Mz02YjHbwAaM/hAHajYdwHa7aV\n" ++ 263 "-----END X448 PRIVATE KEY-----\n" 264 265{- 266 openssl req -new -x509 -subj /CN=Test -newkey ed25519 -nodes -reqexts v3_req \ 267 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 268 sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem 269 openssl pkey -in privkey.pem -traditional \ 270 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 271-} 272ed25519Certificate, ed25519Key1, ed25519Key2 :: B.ByteString 273ed25519Certificate = fromString $ 274 "-----BEGIN CERTIFICATE-----\n" ++ 275 "MIIBMjCB5aADAgECAhR6ecRAmI54Nv+XftTZ/GSiPICx0TAFBgMrZXAwDzENMAsG\n" ++ 276 "A1UEAwwEVGVzdDAeFw0xODA4MTUxMTQ3MDNaFw0xODA5MTQxMTQ3MDNaMA8xDTAL\n" ++ 277 "BgNVBAMMBFRlc3QwKjAFBgMrZXADIQAI0GFxXxlCuJD082Grn0p0AZ/staBylKsS\n" ++ 278 "OwPu6iPHb6NTMFEwHQYDVR0OBBYEFGTOlalKBchEtrbeG5jRF5fbzhDJMB8GA1Ud\n" ++ 279 "IwQYMBaAFGTOlalKBchEtrbeG5jRF5fbzhDJMA8GA1UdEwEB/wQFMAMBAf8wBQYD\n" ++ 280 "K2VwA0EARON+KCuJoY1u8Yrn/MrCBpeu49AIMbqoyB8YN6msQpLPjWzLYaC70Cc2\n" ++ 281 "DY6BFI5hKr+mLCN/+VlzRzqW8dqSDg==\n" ++ 282 "-----END CERTIFICATE-----\n" 283ed25519Key1 = fromString $ 284 "-----BEGIN PRIVATE KEY-----\n" ++ 285 "MC4CAQAwBQYDK2VwBCIEILEtRbG7T++/S58HPwVUJSR12Iu8FVputSfQBkotgeZ0\n" ++ 286 "-----END PRIVATE KEY-----\n" 287ed25519Key2 = fromString $ 288 "-----BEGIN ED25519 PRIVATE KEY-----\n" ++ 289 "MC4CAQAwBQYDK2VwBCIEILEtRbG7T++/S58HPwVUJSR12Iu8FVputSfQBkotgeZ0\n" ++ 290 "-----END ED25519 PRIVATE KEY-----\n" 291 292{- 293 openssl req -new -x509 -subj /CN=Test -newkey ed448 -nodes -reqexts v3_req \ 294 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 295 sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem 296 openssl pkey -in privkey.pem -traditional \ 297 | sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' 298-} 299ed448Certificate, ed448Key1, ed448Key2 :: B.ByteString 300ed448Certificate = fromString $ 301 "-----BEGIN CERTIFICATE-----\n" ++ 302 "MIIBfTCB/qADAgECAhQ4hHMRAtg46drqmq6GQxeDN1WScDAFBgMrZXEwDzENMAsG\n" ++ 303 "A1UEAwwEVGVzdDAeFw0xODA4MTUxMTQ1MzRaFw0xODA5MTQxMTQ1MzRaMA8xDTAL\n" ++ 304 "BgNVBAMMBFRlc3QwQzAFBgMrZXEDOgBMbAytTVwKE9JHijqIy1q+wgs/G235N2w9\n" ++ 305 "Hfai1DjPd5nyVDeSD+BHiuJZDWfxRe6y34seoIsszQCjUzBRMB0GA1UdDgQWBBQo\n" ++ 306 "Nz/cV3FL07M93xsySVPHD0nOojAfBgNVHSMEGDAWgBQoNz/cV3FL07M93xsySVPH\n" ++ 307 "D0nOojAPBgNVHRMBAf8EBTADAQH/MAUGAytlcQNzABqXoKLJjmHK+smSGeh5M0vU\n" ++ 308 "PbHM3oSuiS25Q5UqHnrrxgyVBvq83/jCpEHc03BOSrMU5fRhbc84AK1kAPeEdGns\n" ++ 309 "dsG2uVxz0be795jKStt0a0o/w9cN5bd761Oeqoqs8CxWtjALhLu27IiY5uRkG5Uq\n" ++ 310 "AA==\n" ++ 311 "-----END CERTIFICATE-----\n" 312ed448Key1 = fromString $ 313 "-----BEGIN PRIVATE KEY-----\n" ++ 314 "MEcCAQAwBQYDK2VxBDsEOcYO2tQ1U1vNoCUT0bNXVeausDEkUMmN0RI4ZUWU+9jA\n" ++ 315 "ZxaQP40ONQ5yQM/V6Nuw3NlDnp8OU9R18Q==\n" ++ 316 "-----END PRIVATE KEY-----\n" 317ed448Key2 = fromString $ 318 "-----BEGIN ED448 PRIVATE KEY-----\n" ++ 319 "MEcCAQAwBQYDK2VxBDsEOcYO2tQ1U1vNoCUT0bNXVeausDEkUMmN0RI4ZUWU+9jA\n" ++ 320 "ZxaQP40ONQ5yQM/V6Nuw3NlDnp8OU9R18Q==\n" ++ 321 "-----END ED448 PRIVATE KEY-----\n" 322 323memoryKeyTests :: TestTree 324memoryKeyTests = testGroup "Key" 325 [ keyTest "RSA" rsaKey1 rsaKey2 326 , keyTest "DSA" dsaKey1 dsaKey2 327 , keyTest "EC (named curve)" ecKey1Nc ecKey2Nc 328 , keyTest "EC (explicit prime curve)" ecKey1Epc ecKey2Epc 329 , keyTest "X25519" x25519Key1 x25519Key2 330 , keyTest "X448" x448Key1 x448Key2 331 , keyTest "Ed25519" ed25519Key1 ed25519Key2 332 , keyTest "Ed448" ed448Key1 ed448Key2 333 ] 334 where 335 keyTest name outer inner = 336 let kInner = readKeyFileFromMemory inner 337 kOuter = readKeyFileFromMemory outer 338 in testGroup name 339 [ testCase "read outer" $ length kOuter @?= 1 340 , testCase "read inner" $ length kInner @?= 1 341 , testCase "same key" $ 342 assertBool "keys differ" (kInner == kOuter) 343 ] 344 345memoryCertificateTests :: TestTree 346memoryCertificateTests = testGroup "Certificate" 347 [ certTest "RSA" rsaCertificate 348 , certTest "DSA" dsaCertificate 349 , certTest "EC (named curve)" ecCertificateNc 350 , certTest "EC (explicit prime curve)" ecCertificateEpc 351 , certTest "X25519" x25519Certificate 352 , certTest "X448" x448Certificate 353 , certTest "Ed25519" ed25519Certificate 354 , certTest "Ed448" ed448Certificate 355 ] 356 where 357 certTest name bytes = testCase name $ 358 length (readSignedCertificateFromMemory bytes) @?= 1 359 360 readSignedCertificateFromMemory :: B.ByteString -> [SignedCertificate] 361 readSignedCertificateFromMemory = readSignedObjectFromMemory 362 363-- | Runs the test suite. 364main :: IO () 365main = defaultMain $ testGroup "x509-store" 366 [ testGroup "Memory" 367 [ memoryKeyTests 368 , memoryCertificateTests 369 ] 370 ] 371