forked from wolfSSL/wolfssl
add test case for order of certificates with PKCS12 parse
This commit is contained in:
Jacob Barthelmeh
BIN
certs/ecc-rsa-server.p12
Normal file
BIN
certs/ecc-rsa-server.p12
Normal file
Binary file not shown.
@ -35,6 +35,7 @@ EXTRA_DIST += \
|
|||||||
certs/server-revoked-key.pem \
|
certs/server-revoked-key.pem \
|
||||||
certs/wolfssl-website-ca.pem \
|
certs/wolfssl-website-ca.pem \
|
||||||
certs/test-servercert.p12 \
|
certs/test-servercert.p12 \
|
||||||
|
certs/ecc-rsa-server.p12 \
|
||||||
certs/dsaparams.pem \
|
certs/dsaparams.pem \
|
||||||
certs/ecc-privOnlyKey.pem \
|
certs/ecc-privOnlyKey.pem \
|
||||||
certs/ecc-privOnlyCert.pem \
|
certs/ecc-privOnlyCert.pem \
|
||||||
|
|||||||
@ -274,12 +274,23 @@ function run_renewcerts(){
|
|||||||
openssl x509 -inform PEM -in server-ecc.pem -outform DER -out server-ecc.der
|
openssl x509 -inform PEM -in server-ecc.pem -outform DER -out server-ecc.der
|
||||||
openssl x509 -inform PEM -in server-ecc-comp.pem -outform DER -out server-ecc-comp.der
|
openssl x509 -inform PEM -in server-ecc-comp.pem -outform DER -out server-ecc-comp.der
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
###### update the ecc-rsa-server.p12 file ##################
|
||||||
|
############################################################
|
||||||
|
echo "Updating ecc-rsa-server.p12 (password is \"\")"
|
||||||
|
echo ""
|
||||||
|
echo "" | openssl pkcs12 -des3 -descert -export -in server-ecc-rsa.pem -inkey ecc-key.pem -certfile server-ecc.pem -out ecc-rsa-server.p12 -password stdin
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
########## store DER files as buffers ######################
|
||||||
|
############################################################
|
||||||
echo "Changing directory to wolfssl root..."
|
echo "Changing directory to wolfssl root..."
|
||||||
echo ""
|
echo ""
|
||||||
cd ../
|
cd ../
|
||||||
echo "Execute ./gencertbuf.pl..."
|
echo "Execute ./gencertbuf.pl..."
|
||||||
echo ""
|
echo ""
|
||||||
./gencertbuf.pl
|
./gencertbuf.pl
|
||||||
|
|
||||||
############################################################
|
############################################################
|
||||||
########## generate the new crls ###########################
|
########## generate the new crls ###########################
|
||||||
############################################################
|
############################################################
|
||||||
|
|||||||
51
tests/api.c
51
tests/api.c
@ -2527,7 +2527,9 @@ static void test_wolfSSL_PKCS12(void)
|
|||||||
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA)
|
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA)
|
||||||
byte buffer[5300];
|
byte buffer[5300];
|
||||||
char file[] = "./certs/test-servercert.p12";
|
char file[] = "./certs/test-servercert.p12";
|
||||||
|
char order[] = "./certs/ecc-rsa-server.p12";
|
||||||
char pass[] = "a password";
|
char pass[] = "a password";
|
||||||
|
WOLFSSL_X509_NAME* subject;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
int bytes, ret;
|
int bytes, ret;
|
||||||
WOLFSSL_BIO *bio;
|
WOLFSSL_BIO *bio;
|
||||||
@ -2535,6 +2537,7 @@ static void test_wolfSSL_PKCS12(void)
|
|||||||
WC_PKCS12 *pkcs12;
|
WC_PKCS12 *pkcs12;
|
||||||
WC_PKCS12 *pkcs12_2;
|
WC_PKCS12 *pkcs12_2;
|
||||||
WOLFSSL_X509 *cert;
|
WOLFSSL_X509 *cert;
|
||||||
|
WOLFSSL_X509 *x509;
|
||||||
WOLFSSL_X509 *tmp;
|
WOLFSSL_X509 *tmp;
|
||||||
WOLF_STACK_OF(WOLFSSL_X509) *ca;
|
WOLF_STACK_OF(WOLFSSL_X509) *ca;
|
||||||
|
|
||||||
@ -2647,6 +2650,54 @@ static void test_wolfSSL_PKCS12(void)
|
|||||||
PKCS12_free(pkcs12_2);
|
PKCS12_free(pkcs12_2);
|
||||||
sk_X509_free(ca);
|
sk_X509_free(ca);
|
||||||
|
|
||||||
|
|
||||||
|
/* test order of parsing */
|
||||||
|
f = fopen(order, "rb");
|
||||||
|
AssertNotNull(f);
|
||||||
|
bytes = (int)fread(buffer, 1, sizeof(buffer), f);
|
||||||
|
fclose(f);
|
||||||
|
|
||||||
|
AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes));
|
||||||
|
AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
|
||||||
|
AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
|
||||||
|
WOLFSSL_SUCCESS);
|
||||||
|
AssertNotNull(pkey);
|
||||||
|
AssertNotNull(cert);
|
||||||
|
AssertNotNull(ca);
|
||||||
|
|
||||||
|
/* compare subject lines of certificates */
|
||||||
|
AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
|
||||||
|
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
|
||||||
|
SSL_FILETYPE_PEM));
|
||||||
|
AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
|
||||||
|
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
|
||||||
|
X509_free(x509);
|
||||||
|
|
||||||
|
/* test expected fail case */
|
||||||
|
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
|
||||||
|
SSL_FILETYPE_PEM));
|
||||||
|
AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
|
||||||
|
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
|
||||||
|
X509_free(x509);
|
||||||
|
X509_free(cert);
|
||||||
|
|
||||||
|
/* get subject line from ca stack */
|
||||||
|
AssertNotNull(cert = sk_X509_pop(ca));
|
||||||
|
AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
|
||||||
|
|
||||||
|
/* compare subject from certificate in ca to expected */
|
||||||
|
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
|
||||||
|
SSL_FILETYPE_PEM));
|
||||||
|
AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
|
||||||
|
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
|
||||||
|
|
||||||
|
EVP_PKEY_free(pkey);
|
||||||
|
X509_free(x509);
|
||||||
|
X509_free(cert);
|
||||||
|
BIO_free(bio);
|
||||||
|
PKCS12_free(pkcs12);
|
||||||
|
sk_X509_free(ca);
|
||||||
|
|
||||||
printf(resultFmt, passed);
|
printf(resultFmt, passed);
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
|
|||||||
@ -258,6 +258,7 @@
|
|||||||
#define caCertFile "certs/ca-cert.pem"
|
#define caCertFile "certs/ca-cert.pem"
|
||||||
#define eccCertFile "certs/server-ecc.pem"
|
#define eccCertFile "certs/server-ecc.pem"
|
||||||
#define eccKeyFile "certs/ecc-key.pem"
|
#define eccKeyFile "certs/ecc-key.pem"
|
||||||
|
#define eccRsaCertFile "certs/server-ecc-rsa.pem"
|
||||||
#define svrCertFile "certs/server-cert.pem"
|
#define svrCertFile "certs/server-cert.pem"
|
||||||
#define svrKeyFile "certs/server-key.pem"
|
#define svrKeyFile "certs/server-key.pem"
|
||||||
#define cliCertFile "certs/client-cert.pem"
|
#define cliCertFile "certs/client-cert.pem"
|
||||||
@ -277,6 +278,7 @@
|
|||||||
#define caCertFile "./certs/ca-cert.pem"
|
#define caCertFile "./certs/ca-cert.pem"
|
||||||
#define eccCertFile "./certs/server-ecc.pem"
|
#define eccCertFile "./certs/server-ecc.pem"
|
||||||
#define eccKeyFile "./certs/ecc-key.pem"
|
#define eccKeyFile "./certs/ecc-key.pem"
|
||||||
|
#define eccRsaCertFile "./certs/server-ecc-rsa.pem"
|
||||||
#define svrCertFile "./certs/server-cert.pem"
|
#define svrCertFile "./certs/server-cert.pem"
|
||||||
#define svrKeyFile "./certs/server-key.pem"
|
#define svrKeyFile "./certs/server-key.pem"
|
||||||
#define cliCertFile "./certs/client-cert.pem"
|
#define cliCertFile "./certs/client-cert.pem"
|
||||||
|
|||||||
Reference in New Issue
Block a user