1 #include <check.h>
2 #include "scep.h"
3 #include "test_message_common.c"
make_message()4 static PKCS7 *make_message()
5 {
6     PKCS7 *p7;
7     ck_assert(scep_get_cert_initial(
8         handle, req, sig_cert, sig_key,
9         sig_cacert, enc_cacert, &p7) == SCEPE_OK);
10     return p7;
11 }
12 
setup()13 static void setup()
14 {
15     generic_setup();
16     p7 = make_message();
17     scep_conf_set(handle, SCEPCFG_FLAG_SET, SCEP_SKIP_SIGNER_CERT);
18     p7_nosigcert = make_message();
19     scep_conf_set(handle, SCEPCFG_FLAG_CLEAR, SCEP_SKIP_SIGNER_CERT);
20 }
21 
22 #ifdef WITH_ENGINE_TESTS
setup_engine()23 static void setup_engine()
24 {
25     generic_engine_setup();
26     p7 = make_message();
27     scep_conf_set(handle, SCEPCFG_FLAG_SET, SCEP_SKIP_SIGNER_CERT);
28     p7_nosigcert = make_message();
29     scep_conf_set(handle, SCEPCFG_FLAG_CLEAR, SCEP_SKIP_SIGNER_CERT);
30 }
31 #endif /* WITH_ENGINE_TESTS */
32 
teardown()33 static void teardown()
34 {
35     PKCS7_free(p7);
36     PKCS7_free(p7_nosigcert);
37     generic_teardown();
38 }
39 
make_unwrap_message()40 static SCEP_DATA *make_unwrap_message()
41 {
42     PKCS7 *p7 = NULL;
43     SCEP_DATA *data;
44     SCEP_ERROR error = scep_get_cert_initial(handle, req, sig_cert, sig_key, enc_cacert, enc_cacert, &p7);
45     ck_assert(error == SCEPE_OK);
46     ck_assert(p7 != NULL);
47     ck_assert(scep_unwrap(
48         handle, p7, sig_cacert, enc_cacert, enc_cakey, &data) == SCEPE_OK);
49     PKCS7_free(p7);
50     return data;
51 }
52 
free_unwrap_message(SCEP_DATA * data)53 static void free_unwrap_message(SCEP_DATA *data)
54 {
55     SCEP_DATA_free(data);
56 }
57 
START_TEST(test_get_cert_initial)58 START_TEST(test_get_cert_initial)
59 {
60     BIO *data = get_decrypted_data(p7, enc_cacert, enc_cakey);
61 
62     const unsigned char *data_buf;
63     int data_buf_len = BIO_get_mem_data(data, &data_buf);
64     ck_assert_int_ne(data_buf_len, 0);
65 
66     ck_assert_str_eq(
67         SCEP_MSG_GETCERTINITIAL_STR,
68         get_attribute_data(p7, handle->oids->messageType));
69 
70     PKCS7_ISSUER_AND_SUBJECT *ias = NULL;
71     d2i_PKCS7_ISSUER_AND_SUBJECT(&ias, &data_buf, data_buf_len);
72     ck_assert(ias != NULL);
73     char *name = X509_NAME_oneline(ias->subject, NULL, 0);
74     ck_assert_str_eq(name, "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=foo.bar");
75     free(name);
76     name = X509_NAME_oneline(ias->issuer, NULL, 0);
77     ck_assert_str_eq(name, "/C=DE/ST=asdf/L=asdf/O=asdf/CN=ca");
78     free(name);
79     PKCS7_ISSUER_AND_SUBJECT_free(ias);
80     BIO_free(data);
81 }
82 END_TEST
83 
START_TEST(test_unwrap)84 START_TEST(test_unwrap)
85 {
86     SCEP_DATA *data = make_unwrap_message();
87     ck_assert_int_eq(X509_NAME_cmp(data->issuer_and_subject->issuer, X509_get_subject_name(sig_cacert)), 0);
88     ck_assert_int_eq(X509_NAME_cmp(data->issuer_and_subject->subject, X509_REQ_get_subject_name(req)), 0);
89     free_unwrap_message(data);
90 }
91 END_TEST
92 
add_get_cert_initial(Suite * s)93 void add_get_cert_initial(Suite *s)
94 {
95     TCase *tc_gci_msg = tcase_create("GetCertInitial Message");
96     tcase_add_checked_fixture(tc_gci_msg, setup, teardown);
97     tcase_add_test(tc_gci_msg, test_scep_message_transaction_id);
98     tcase_add_test(tc_gci_msg, test_scep_message_sender_nonce);
99     tcase_add_test(tc_gci_msg, test_scep_message_certificate);
100     tcase_add_test(tc_gci_msg, test_get_cert_initial);
101     suite_add_tcase(s, tc_gci_msg);
102 
103     TCase *tc_unwrap = tcase_create("GetCertInitial Unwrapping");
104     tcase_add_unchecked_fixture(tc_unwrap, setup, teardown);
105     tcase_add_test(tc_unwrap, test_unwrap);
106     tcase_add_test(tc_unwrap, test_unwrap_invalid_version);
107     suite_add_tcase(s, tc_unwrap);
108 
109 #ifdef WITH_ENGINE_TESTS
110     /* We need a checked fixture on all engine tests, possibly because
111      * the engine process cannot deal with the forking of check
112      */
113     TCase *tc_gci_msg_engine = tcase_create("GetCertInitial Message with Engine");
114     tcase_add_checked_fixture(tc_gci_msg_engine, setup_engine, teardown);
115     tcase_add_test(tc_gci_msg_engine, test_scep_message_transaction_id);
116     tcase_add_test(tc_gci_msg_engine, test_scep_message_sender_nonce);
117     tcase_add_test(tc_gci_msg_engine, test_scep_message_certificate);
118     tcase_add_test(tc_gci_msg_engine, test_get_cert_initial);
119     suite_add_tcase(s, tc_gci_msg_engine);
120 
121     TCase *tc_unwrap_engine = tcase_create("GetCertInitial Unwrapping with Engine");
122     tcase_add_checked_fixture(tc_unwrap_engine, setup_engine, teardown);
123     tcase_add_test(tc_unwrap_engine, test_unwrap);
124     tcase_add_test(tc_unwrap_engine, test_unwrap_invalid_version);
125     suite_add_tcase(s, tc_unwrap_engine);
126 #endif /* WITH_ENGINE_TESTS */
127 }