1 /*
2 * Copyright (c) 2012 Red Hat Inc.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * * Redistributions of source code must retain the above
9 * copyright notice, this list of conditions and the
10 * following disclaimer.
11 * * Redistributions in binary form must reproduce the
12 * above copyright notice, this list of conditions and
13 * the following disclaimer in the documentation and/or
14 * other materials provided with the distribution.
15 * * The names of contributors to this software may not be
16 * used to endorse or promote products derived from this
17 * software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
25 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
26 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
27 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
29 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
30 * DAMAGE.
31 *
32 * Author: Stef Walter <stefw@gnome.org>
33 */
34
35 #include "config.h"
36 #include "test.h"
37 #include "test-trust.h"
38
39 #include <stdlib.h>
40 #include <stdio.h>
41 #include <string.h>
42
43 #include "array.h"
44 #include "attrs.h"
45 #include "builder.h"
46 #include "debug.h"
47 #include "message.h"
48 #include "oid.h"
49 #include "parser.h"
50 #include "pkcs11x.h"
51
52 struct {
53 p11_parser *parser;
54 p11_array *parsed;
55 p11_asn1_cache *cache;
56 } test;
57
58 static void
setup(void * unused)59 setup (void *unused)
60 {
61 test.cache = p11_asn1_cache_new ();
62 test.parser = p11_parser_new (test.cache);
63 assert_ptr_not_null (test.parser);
64
65 test.parsed = p11_parser_parsed (test.parser);
66 assert_ptr_not_null (test.parsed);
67 }
68
69 static void
teardown(void * unused)70 teardown (void *unused)
71 {
72 p11_parser_free (test.parser);
73 p11_asn1_cache_free (test.cache);
74 memset (&test, 0, sizeof (test));
75 }
76
77 static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
78 static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
79 static CK_BBOOL falsev = CK_FALSE;
80 static CK_BBOOL truev = CK_TRUE;
81 static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
82
83 static CK_ATTRIBUTE certificate_match[] = {
84 { CKA_CLASS, &certificate, sizeof (certificate) },
85 { CKA_INVALID, },
86 };
87
88 static CK_ATTRIBUTE *
parsed_attrs(CK_ATTRIBUTE * match,int length)89 parsed_attrs (CK_ATTRIBUTE *match,
90 int length)
91 {
92 int i;
93
94 if (length < 0)
95 length = p11_attrs_count (match);
96 for (i = 0; i < test.parsed->num; i++) {
97 if (p11_attrs_matchn (test.parsed->elem[i], match, length))
98 return test.parsed->elem[i];
99 }
100
101 return NULL;
102 }
103
104 static void
test_parse_der_certificate(void)105 test_parse_der_certificate (void)
106 {
107 CK_ATTRIBUTE *cert;
108 int ret;
109
110 CK_ATTRIBUTE expected[] = {
111 { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
112 { CKA_CLASS, &certificate, sizeof (certificate) },
113 { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
114 { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
115 { CKA_TRUSTED, &falsev, sizeof (falsev) },
116 { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
117 { CKA_INVALID },
118 };
119
120 p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
121 ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL,
122 P11_PARSE_FLAG_NONE);
123 assert_num_eq (P11_PARSE_SUCCESS, ret);
124
125 /* Should have gotten certificate */
126 assert_num_eq (1, test.parsed->num);
127
128 cert = parsed_attrs (certificate_match, -1);
129 test_check_attrs (expected, cert);
130 }
131
132 static void
test_parse_pem_certificate(void)133 test_parse_pem_certificate (void)
134 {
135 CK_ATTRIBUTE *cert;
136 int ret;
137
138 CK_ATTRIBUTE expected[] = {
139 { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
140 { CKA_CLASS, &certificate, sizeof (certificate) },
141 { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
142 { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
143 { CKA_TRUSTED, &falsev, sizeof (falsev) },
144 { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
145 { CKA_INVALID },
146 };
147
148 p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
149 ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.pem", NULL,
150 P11_PARSE_FLAG_NONE);
151 assert_num_eq (P11_PARSE_SUCCESS, ret);
152
153 /* Should have gotten certificate */
154 assert_num_eq (1, test.parsed->num);
155
156 cert = parsed_attrs (certificate_match, -1);
157 test_check_attrs (expected, cert);
158 }
159
160 static void
test_parse_p11_kit_persist(void)161 test_parse_p11_kit_persist (void)
162 {
163 CK_ATTRIBUTE *cert;
164 int ret;
165
166 CK_ATTRIBUTE expected[] = {
167 { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
168 { CKA_CLASS, &certificate, sizeof (certificate) },
169 { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
170 { CKA_TRUSTED, &truev, sizeof (truev) },
171 { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
172 { CKA_INVALID },
173 };
174
175 p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
176 ret = p11_parse_file (test.parser, SRCDIR "/trust/input/verisign-v1.p11-kit", NULL,
177 P11_PARSE_FLAG_NONE);
178 assert_num_eq (P11_PARSE_SUCCESS, ret);
179
180 /* Should have gotten certificate */
181 assert_num_eq (1, test.parsed->num);
182
183 cert = parsed_attrs (certificate_match, -1);
184 test_check_attrs (expected, cert);
185 }
186
187 static void
test_parse_openssl_trusted(void)188 test_parse_openssl_trusted (void)
189 {
190 CK_ATTRIBUTE cacert3[] = {
191 { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
192 { CKA_CLASS, &certificate, sizeof (certificate) },
193 { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
194 { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
195 { CKA_TRUSTED, &truev, sizeof (truev) },
196 { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
197 { CKA_INVALID },
198 };
199
200 CK_ATTRIBUTE eku_extension[] = {
201 { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
202 { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
203 { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
204 { CKA_VALUE, "\x30\x16\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 24 },
205 { CKA_INVALID },
206 };
207
208 CK_ATTRIBUTE reject_extension[] = {
209 { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
210 { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
211 { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
212 { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 },
213 { CKA_INVALID },
214 };
215
216 CK_ATTRIBUTE *expected[] = {
217 cacert3,
218 eku_extension,
219 reject_extension,
220 NULL
221 };
222
223 CK_ATTRIBUTE *cert;
224 CK_ATTRIBUTE *object;
225 int ret;
226 int i;
227
228 p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
229 ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3-trusted.pem", NULL,
230 P11_PARSE_FLAG_ANCHOR);
231 assert_num_eq (P11_PARSE_SUCCESS, ret);
232
233 /*
234 * Should have gotten:
235 * - 1 certificate
236 * - 2 attached extensions
237 */
238 assert_num_eq (3, test.parsed->num);
239
240 /* The certificate */
241 cert = parsed_attrs (certificate_match, -1);
242 test_check_attrs (expected[0], cert);
243
244 /* The other objects */
245 for (i = 1; expected[i]; i++) {
246 object = parsed_attrs (expected[i], 2);
247 assert_ptr_not_null (object);
248
249 test_check_attrs (expected[i], object);
250 }
251 }
252
253 static void
test_parse_openssl_distrusted(void)254 test_parse_openssl_distrusted (void)
255 {
256 static const char distrust_public_key[] = {
257 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
258 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xdf, 0xc7, 0x0d,
259 0x61, 0xa2, 0x2f, 0xc0, 0x5a, 0xad, 0x45, 0x83, 0x22, 0x33, 0x42, 0xea, 0xec, 0x42, 0x5e, 0xa6,
260 0x0d, 0x42, 0x4c, 0x1c, 0x9a, 0x12, 0x0b, 0x5f, 0xe7, 0x25, 0xf9, 0x8b, 0x83, 0x0c, 0x0a, 0xc5,
261 0x2f, 0x5a, 0x58, 0x56, 0xb8, 0xad, 0x87, 0x6d, 0xbc, 0x80, 0x5d, 0xdd, 0x49, 0x45, 0x39, 0x5f,
262 0xb9, 0x08, 0x3a, 0x63, 0xe4, 0x92, 0x33, 0x61, 0x79, 0x19, 0x1b, 0x9d, 0xab, 0x3a, 0xd5, 0x7f,
263 0xa7, 0x8b, 0x7f, 0x8a, 0x5a, 0xf6, 0xd7, 0xde, 0xaf, 0xa1, 0xe5, 0x53, 0x31, 0x29, 0x7d, 0x9c,
264 0x03, 0x55, 0x3e, 0x47, 0x78, 0xcb, 0xb9, 0x7a, 0x98, 0x8c, 0x5f, 0x8d, 0xda, 0x09, 0x0f, 0xc8,
265 0xfb, 0xf1, 0x7a, 0x80, 0xee, 0x12, 0x77, 0x0a, 0x00, 0x8b, 0x70, 0xfa, 0x62, 0xbf, 0xaf, 0xee,
266 0x0b, 0x58, 0x16, 0xf9, 0x9c, 0x5c, 0xde, 0x93, 0xb8, 0x4f, 0xdf, 0x4d, 0x7b, 0x02, 0x03, 0x01,
267 0x00, 0x01,
268 };
269
270 CK_ATTRIBUTE distrust_cert[] = {
271 { CKA_CLASS, &certificate, sizeof (certificate), },
272 { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
273 { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
274 { CKA_TRUSTED, &falsev, sizeof (falsev) },
275 { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
276 { CKA_INVALID },
277 };
278
279 CK_ATTRIBUTE eku_extension[] = {
280 { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
281 { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
282 { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) },
283 { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 },
284 { CKA_INVALID },
285 };
286
287 CK_ATTRIBUTE reject_extension[] = {
288 { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
289 { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
290 { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) },
291 { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 },
292 { CKA_INVALID },
293 };
294
295 CK_ATTRIBUTE *expected[] = {
296 distrust_cert,
297 eku_extension,
298 reject_extension,
299 NULL
300 };
301
302 CK_ATTRIBUTE *cert;
303 CK_ATTRIBUTE *object;
304 int ret;
305 int i;
306
307 /*
308 * OpenSSL style is to litter the blocklist in with the anchors,
309 * so we parse this as an anchor, but expect it to be distrusted
310 */
311 p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
312 ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/distrusted.pem", NULL,
313 P11_PARSE_FLAG_ANCHOR);
314 assert_num_eq (P11_PARSE_SUCCESS, ret);
315
316 /*
317 * Should have gotten:
318 * - 1 certificate
319 * - 2 attached extensions
320 */
321 assert_num_eq (3, test.parsed->num);
322 cert = parsed_attrs (certificate_match, -1);
323 test_check_attrs (expected[0], cert);
324
325 /* The other objects */
326 for (i = 1; expected[i]; i++) {
327 object = parsed_attrs (expected[i], 2);
328 assert_ptr_not_null (object);
329
330 test_check_attrs (expected[i], object);
331 }
332 }
333
334 static void
test_openssl_trusted_no_trust(void)335 test_openssl_trusted_no_trust (void)
336 {
337 CK_ATTRIBUTE *cert;
338 int ret;
339
340 char expected_value[] = {
341 0x30, 0x82, 0x04, 0x99, 0x30, 0x82, 0x03, 0x81, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5d,
342 0x20, 0x61, 0x8e, 0x8c, 0x0e, 0xb9, 0x34, 0x40, 0x93, 0xb9, 0xb1, 0xd8, 0x63, 0x95, 0xb6, 0x30,
343 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f,
344 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30,
345 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74,
346 0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64,
347 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20,
348 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06,
349 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45,
350 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30,
351 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x30, 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
352 0x17, 0x0d, 0x31, 0x35, 0x31, 0x31, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30,
353 0x7f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b,
354 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06,
355 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20,
356 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54,
357 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74,
358 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x55,
359 0x53, 0x45, 0x52, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20,
360 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41,
361 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
362 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
363 0x00, 0xd9, 0x4d, 0x20, 0x3a, 0xe6, 0x29, 0x30, 0x86, 0xf2, 0xe9, 0x86, 0x89, 0x76, 0x34, 0x4e,
364 0x68, 0x1f, 0x96, 0x44, 0xf7, 0xd1, 0xf9, 0xd6, 0x82, 0x4e, 0xa6, 0x38, 0x9e, 0xee, 0xcb, 0x5b,
365 0xe1, 0x8e, 0x2e, 0xbd, 0xf2, 0x57, 0x80, 0xfd, 0xc9, 0x3f, 0xfc, 0x90, 0x73, 0x44, 0xbc, 0x8f,
366 0xbb, 0x57, 0x5b, 0xe5, 0x2d, 0x1f, 0x14, 0x30, 0x75, 0x36, 0xf5, 0x7f, 0xbc, 0xcf, 0x56, 0xf4,
367 0x7f, 0x81, 0xff, 0xae, 0x91, 0xcd, 0xd8, 0xd2, 0x6a, 0xcb, 0x97, 0xf9, 0xf7, 0xcd, 0x90, 0x6a,
368 0x45, 0x2d, 0xc4, 0xbb, 0xa4, 0x85, 0x13, 0x68, 0x57, 0x5f, 0xef, 0x29, 0xba, 0x2a, 0xca, 0xea,
369 0xf5, 0xcc, 0xa4, 0x04, 0x9b, 0x63, 0xcd, 0x00, 0xeb, 0xfd, 0xed, 0x8d, 0xdd, 0x23, 0xc6, 0x7b,
370 0x1e, 0x57, 0x1d, 0x36, 0x7f, 0x1f, 0x08, 0x9a, 0x0d, 0x61, 0xdb, 0x5a, 0x6c, 0x71, 0x02, 0x53,
371 0x28, 0xc2, 0xfa, 0x8d, 0xfd, 0xab, 0xbb, 0xb3, 0xf1, 0x8d, 0x74, 0x4b, 0xdf, 0xbd, 0xbd, 0xcc,
372 0x06, 0x93, 0x63, 0x09, 0x95, 0xc2, 0x10, 0x7a, 0x9d, 0x25, 0x90, 0x32, 0x9d, 0x01, 0xc2, 0x39,
373 0x53, 0xb0, 0xe0, 0x15, 0x6b, 0xc7, 0xd7, 0x74, 0xe5, 0xa4, 0x22, 0x9b, 0xe4, 0x94, 0xff, 0x84,
374 0x91, 0xfb, 0x2d, 0xb3, 0x19, 0x43, 0x2d, 0x93, 0x0f, 0x9c, 0x12, 0x09, 0xe4, 0x67, 0xb9, 0x27,
375 0x7a, 0x32, 0xad, 0x7a, 0x2a, 0xcc, 0x41, 0x58, 0xc0, 0x6e, 0x59, 0x5f, 0xee, 0x38, 0x2b, 0x17,
376 0x22, 0x9c, 0x89, 0xfa, 0x6e, 0xe7, 0xe5, 0x57, 0x35, 0xf4, 0x5a, 0xed, 0x92, 0x95, 0x93, 0x2d,
377 0xf9, 0xcc, 0x24, 0x3f, 0xa5, 0x1c, 0x3d, 0x27, 0xbd, 0x22, 0x03, 0x73, 0xcc, 0xf5, 0xca, 0xf3,
378 0xa9, 0xf4, 0xdc, 0xfe, 0xcf, 0xe9, 0xd0, 0x5c, 0xd0, 0x0f, 0xab, 0x87, 0xfc, 0x83, 0xfd, 0xc8,
379 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x1f,
380 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0xbd, 0x98, 0x7a, 0x34,
381 0xb4, 0x26, 0xf7, 0xfa, 0xc4, 0x26, 0x54, 0xef, 0x03, 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30,
382 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xaf, 0xa4, 0x40, 0xaf, 0x9f, 0x16,
383 0xfe, 0xab, 0x31, 0xfd, 0xfb, 0xd5, 0x97, 0x8b, 0xf5, 0x91, 0xa3, 0x24, 0x86, 0x16, 0x30, 0x0e,
384 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x12,
385 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
386 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b,
387 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
388 0x02, 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c,
389 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x01, 0x03, 0x04, 0x30, 0x44, 0x06, 0x03,
390 0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, 0x35, 0x86, 0x33, 0x68,
391 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72,
392 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74,
393 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x2e, 0x63,
394 0x72, 0x6c, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29,
395 0x30, 0x27, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19,
396 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72,
397 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
398 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x84, 0xae, 0x2d,
399 0x68, 0x38, 0x11, 0x6c, 0x83, 0x51, 0x62, 0xc0, 0x91, 0xc2, 0x98, 0xbc, 0xc6, 0x3b, 0xfa, 0xa5,
400 0xc5, 0xbd, 0x3b, 0x09, 0xe6, 0x6e, 0x60, 0x6f, 0x30, 0x03, 0x86, 0x22, 0x1a, 0xb2, 0x8b, 0xf3,
401 0xc6, 0xce, 0x1e, 0xbb, 0x1b, 0x79, 0xe0, 0x16, 0x14, 0x4d, 0xd2, 0x9a, 0x05, 0x4b, 0xff, 0x8f,
402 0xec, 0xf0, 0x28, 0x29, 0xea, 0x2a, 0x04, 0x1d, 0x3d, 0xaf, 0x11, 0x12, 0xd5, 0x49, 0x98, 0x50,
403 0x42, 0x9f, 0x61, 0x66, 0x3a, 0xb6, 0x40, 0x99, 0x04, 0x0c, 0x6b, 0x10, 0x32, 0xe9, 0xf7, 0xcf,
404 0x86, 0x58, 0x4f, 0x2d, 0xcd, 0xd3, 0xac, 0x7e, 0xe8, 0x5b, 0x6a, 0x83, 0x7c, 0x0d, 0xa0, 0x9c,
405 0x5c, 0x50, 0x36, 0x75, 0x0d, 0x6d, 0x7e, 0x42, 0xb7, 0xdf, 0xa6, 0xdc, 0x90, 0x5c, 0x6f, 0x23,
406 0x4e, 0x97, 0x1d, 0xf3, 0x22, 0x75, 0xbf, 0x03, 0x35, 0xe6, 0x5d, 0x7f, 0xc7, 0xf9, 0x9b, 0x2c,
407 0x87, 0xf6, 0x8e, 0xd6, 0x25, 0x96, 0x59, 0x9d, 0xcf, 0xea, 0x10, 0x1e, 0xef, 0x6e, 0xea, 0x5a,
408 0x9b, 0x77, 0x18, 0x34, 0xcc, 0x81, 0x77, 0xaf, 0x9a, 0x87, 0xc2, 0x0a, 0xe5, 0xe5, 0x9e, 0x13,
409 0x95, 0x53, 0xbd, 0xbd, 0x49, 0x1a, 0xa5, 0x76, 0x12, 0xf6, 0xdc, 0xf2, 0x91, 0xb7, 0xe9, 0x1a,
410 0xe1, 0xbc, 0x4d, 0x3d, 0x95, 0x71, 0x7d, 0xf8, 0x8d, 0x7c, 0x3e, 0x03, 0x4f, 0x53, 0xed, 0xfe,
411 0x52, 0xfd, 0xca, 0x5f, 0x93, 0xe1, 0x1a, 0x01, 0x1b, 0x02, 0xb7, 0x73, 0x4e, 0xba, 0x66, 0xe9,
412 0x78, 0x8b, 0x50, 0xfe, 0x11, 0xcb, 0xd1, 0x67, 0xd0, 0x22, 0x4f, 0x77, 0xea, 0xcd, 0x14, 0x15,
413 0x40, 0xae, 0x66, 0x5d, 0xe8, 0x2e, 0x7f, 0x1e, 0x88, 0x6f, 0x55, 0x79, 0xd6, 0xb9, 0x7e, 0xe3,
414 0xb5, 0xfd, 0x91, 0xa0, 0xc0, 0xf2, 0x26, 0x87, 0x4b, 0x2f, 0x9d, 0xf5, 0xa0,
415 };
416
417 CK_ATTRIBUTE expected[] = {
418 { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
419 { CKA_CLASS, &certificate, sizeof (certificate) },
420 { CKA_TRUSTED, &falsev, sizeof (falsev) },
421 { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
422 { CKA_VALUE, expected_value, sizeof (expected_value) },
423 { CKA_INVALID },
424 };
425
426 p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
427 ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/openssl-trust-no-trust.pem", NULL,
428 P11_PARSE_FLAG_NONE);
429 assert_num_eq (P11_PARSE_SUCCESS, ret);
430
431 /* Should have gotten certificate */
432 assert_num_eq (1, test.parsed->num);
433
434 cert = parsed_attrs (certificate_match, -1);
435 test_check_attrs (expected, cert);
436 }
437
438 static void
test_parse_anchor(void)439 test_parse_anchor (void)
440 {
441 CK_ATTRIBUTE cacert3[] = {
442 { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
443 { CKA_CLASS, &certificate, sizeof (certificate) },
444 { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
445 { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
446 { CKA_TRUSTED, &truev, sizeof (truev) },
447 { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
448 { CKA_INVALID },
449 };
450
451 CK_ATTRIBUTE *cert;
452 int ret;
453
454 p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
455 ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL,
456 P11_PARSE_FLAG_ANCHOR);
457 assert_num_eq (P11_PARSE_SUCCESS, ret);
458
459 /*
460 * Should have gotten:
461 * - 1 certificate
462 */
463 assert_num_eq (1, test.parsed->num);
464
465 cert = parsed_attrs (certificate_match, -1);
466 test_check_attrs (cacert3, cert);
467 }
468
469 static void
test_parse_thawte(void)470 test_parse_thawte (void)
471 {
472 CK_ATTRIBUTE *cert;
473 int ret;
474
475 CK_ATTRIBUTE expected[] = {
476 { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
477 { CKA_CLASS, &certificate, sizeof (certificate) },
478 { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
479 { CKA_TRUSTED, &falsev, sizeof (falsev) },
480 { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
481 { CKA_INVALID },
482 };
483
484 p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
485 ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/thawte.pem", NULL,
486 P11_PARSE_FLAG_NONE);
487 assert_num_eq (P11_PARSE_SUCCESS, ret);
488
489 /* Should have gotten certificate */
490 assert_num_eq (1, test.parsed->num);
491
492 cert = parsed_attrs (certificate_match, -1);
493 test_check_attrs (expected, cert);
494 }
495
496 /* TODO: A certificate that uses generalTime needs testing */
497
498 static void
test_parse_invalid_file(void)499 test_parse_invalid_file (void)
500 {
501 int ret;
502
503 p11_message_quiet ();
504
505 p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
506 ret = p11_parse_file (test.parser, "/nonexistent", NULL,
507 P11_PARSE_FLAG_NONE);
508 assert_num_eq (P11_PARSE_FAILURE, ret);
509
510 p11_message_loud ();
511 }
512
513 static void
test_parse_unrecognized(void)514 test_parse_unrecognized (void)
515 {
516 int ret;
517
518 p11_message_quiet ();
519
520 p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
521 ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/unrecognized-file.txt", NULL,
522 P11_PARSE_FLAG_NONE);
523 assert_num_eq (P11_PARSE_UNRECOGNIZED, ret);
524
525 p11_message_loud ();
526 }
527
528 static void
test_parse_no_asn1_cache(void)529 test_parse_no_asn1_cache (void)
530 {
531 p11_parser *parser;
532 int ret;
533
534 parser = p11_parser_new (NULL);
535 assert_ptr_not_null (parser);
536
537 p11_parser_formats (parser, p11_parser_format_x509, NULL);
538 ret = p11_parse_file (parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, P11_PARSE_FLAG_NONE);
539 assert_num_eq (P11_PARSE_SUCCESS, ret);
540
541 /* Should have gotten certificate */
542 assert_num_eq (1, p11_parser_parsed (parser)->num);
543
544 p11_parser_free (parser);
545 }
546
547 int
main(int argc,char * argv[])548 main (int argc,
549 char *argv[])
550 {
551 p11_fixture (setup, teardown);
552 p11_test (test_parse_der_certificate, "/parser/parse_der_certificate");
553 p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate");
554 p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist");
555 p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted");
556 p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted");
557 p11_test (test_openssl_trusted_no_trust, "/parser/openssl-trusted-no-trust");
558 p11_test (test_parse_anchor, "/parser/parse_anchor");
559 p11_test (test_parse_thawte, "/parser/parse_thawte");
560 p11_test (test_parse_invalid_file, "/parser/parse_invalid_file");
561 p11_test (test_parse_unrecognized, "/parser/parse_unrecognized");
562
563 p11_fixture (NULL, NULL);
564 p11_test (test_parse_no_asn1_cache, "/parser/null-asn1-cache");
565
566 return p11_test_run (argc, argv);
567 }
568