1 /*
2 * Copyright (C) 2008-2016 Free Software Foundation, Inc.
3 * Copyright (C) 2016 Red Hat, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GnuTLS.
8 *
9 * GnuTLS is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * GnuTLS is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with GnuTLS; if not, write to the Free Software Foundation,
21 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
22 */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include <stdlib.h>
29 #include <stdio.h>
30 #include <time.h>
31 #include <string.h>
32 #include <gnutls/gnutls.h>
33 #include <gnutls/x509.h>
34 #include <assert.h>
35
36 #include "utils.h"
37
38 #include "cert-common.h"
39
tls_log_func(int level,const char * str)40 static void tls_log_func(int level, const char *str)
41 {
42 fprintf(stderr, "|<%d>| %s", level, str);
43 }
44
mytime(time_t * t)45 static time_t mytime(time_t * t)
46 {
47 time_t then = 1207000800;
48
49 if (t)
50 *t = then;
51
52 return then;
53 }
54
55 /* write V1 cert with extensions */
do_crt_with_exts(unsigned version)56 static void do_crt_with_exts(unsigned version)
57 {
58 gnutls_x509_privkey_t pkey;
59 gnutls_x509_crt_t crt;
60 const char *err = NULL;
61 int ret;
62
63 ret = global_init();
64 if (ret < 0)
65 fail("global_init\n");
66
67 gnutls_global_set_time_function(mytime);
68 gnutls_global_set_log_function(tls_log_func);
69 if (debug)
70 gnutls_global_set_log_level(4711);
71
72 ret = gnutls_x509_crt_init(&crt);
73 if (ret != 0)
74 fail("gnutls_x509_crt_init\n");
75
76 ret = gnutls_x509_privkey_init(&pkey);
77 if (ret != 0)
78 fail("gnutls_x509_privkey_init\n");
79
80 ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM);
81 if (ret != 0)
82 fail("gnutls_x509_privkey_import\n");
83
84 /* Setup CRT */
85
86 ret = gnutls_x509_crt_set_version(crt, version);
87 if (ret != 0)
88 fail("gnutls_x509_crt_set_version\n");
89
90 ret = gnutls_x509_crt_set_serial(crt, "\x0a\x11\x00", 3);
91 if (ret != 0)
92 fail("gnutls_x509_crt_set_serial\n");
93
94 ret = gnutls_x509_crt_set_expiration_time(crt, -1);
95 if (ret != 0)
96 fail("error\n");
97
98 ret = gnutls_x509_crt_set_activation_time(crt, mytime(0));
99 if (ret != 0)
100 fail("error\n");
101
102 ret = gnutls_x509_crt_set_key(crt, pkey);
103 if (ret != 0)
104 fail("gnutls_x509_crt_set_key\n");
105
106 ret = gnutls_x509_crt_set_basic_constraints(crt, 0, -1); /* invalid for V1 */
107 if (ret < 0) {
108 fail("error\n");
109 }
110
111 ret = gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_DIGITAL_SIGNATURE); /* inv for V1 */
112 if (ret != 0)
113 fail("gnutls_x509_crt_set_key_usage %d\n", ret);
114
115 ret = gnutls_x509_crt_set_dn(crt, "o = none to\\, mention,cn = nikos", &err);
116 if (ret < 0) {
117 fail("gnutls_x509_crt_set_dn: %s, %s\n", gnutls_strerror(ret), err);
118 }
119
120 ret = gnutls_x509_crt_sign2(crt, crt, pkey, GNUTLS_DIG_SHA256, 0);
121 if (ret != GNUTLS_E_X509_CERTIFICATE_ERROR) {
122 gnutls_datum_t out;
123 assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0);
124 printf("%s\n\n", out.data);
125
126 fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret));
127 }
128
129 gnutls_x509_crt_deinit(crt);
130 gnutls_x509_privkey_deinit(pkey);
131
132 gnutls_global_deinit();
133 }
134
135 /* write V1 cert with unique id */
do_v1_invalid_crt(void)136 static void do_v1_invalid_crt(void)
137 {
138 gnutls_x509_privkey_t pkey;
139 gnutls_x509_crt_t crt;
140 const char *err = NULL;
141 int ret;
142
143 ret = global_init();
144 if (ret < 0)
145 fail("global_init\n");
146
147 gnutls_global_set_time_function(mytime);
148 gnutls_global_set_log_function(tls_log_func);
149 if (debug)
150 gnutls_global_set_log_level(4711);
151
152 ret = gnutls_x509_crt_init(&crt);
153 if (ret != 0)
154 fail("gnutls_x509_crt_init\n");
155
156 ret = gnutls_x509_privkey_init(&pkey);
157 if (ret != 0)
158 fail("gnutls_x509_privkey_init\n");
159
160 ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM);
161 if (ret != 0)
162 fail("gnutls_x509_privkey_import\n");
163
164 /* Setup CRT */
165
166 ret = gnutls_x509_crt_set_version(crt, 1);
167 if (ret != 0)
168 fail("gnutls_x509_crt_set_version\n");
169
170 ret = gnutls_x509_crt_set_serial(crt, "\x0a\x11\x00", 3);
171 if (ret != 0)
172 fail("gnutls_x509_crt_set_serial\n");
173
174 ret = gnutls_x509_crt_set_expiration_time(crt, -1);
175 if (ret != 0)
176 fail("error\n");
177
178 ret = gnutls_x509_crt_set_activation_time(crt, mytime(0));
179 if (ret != 0)
180 fail("error\n");
181
182 ret = gnutls_x509_crt_set_key(crt, pkey);
183 if (ret != 0)
184 fail("gnutls_x509_crt_set_key\n");
185
186 ret = gnutls_x509_crt_set_issuer_unique_id(crt, "\x00\x01\x03", 3);
187 if (ret < 0) {
188 fail("error\n");
189 }
190
191 ret = gnutls_x509_crt_set_dn(crt, "o = none to\\, mention,cn = nikos", &err);
192 if (ret < 0) {
193 fail("gnutls_x509_crt_set_dn: %s, %s\n", gnutls_strerror(ret), err);
194 }
195
196 ret = gnutls_x509_crt_sign2(crt, crt, pkey, GNUTLS_DIG_SHA256, 0);
197 if (ret != GNUTLS_E_X509_CERTIFICATE_ERROR) {
198 gnutls_datum_t out;
199 assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0);
200 printf("%s\n\n", out.data);
201
202 fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret));
203 }
204
205 gnutls_x509_crt_deinit(crt);
206 gnutls_x509_privkey_deinit(pkey);
207
208 gnutls_global_deinit();
209 }
210
doit(void)211 void doit(void)
212 {
213 do_crt_with_exts(1);
214 do_crt_with_exts(2);
215 do_v1_invalid_crt();
216 }
217