wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add CSR test with Extension Request attribute

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-12-15 15:10:44 +01:00
parent 24b89928dc
commit 383df620bf
3 changed files with 42 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/csr.ext.der Normal file
View File

Binary file not shown.

3
certs/include.am
View File

@ -55,7 +55,8 @@ EXTRA_DIST += \
certs/client-cert-ext.pem \ certs/client-cert-ext.pem \
certs/csr.attr.der \ certs/csr.attr.der \
certs/csr.dsa.pem \ certs/csr.dsa.pem \
certs/csr.signed.der certs/csr.signed.der \
certs/csr.ext.der
EXTRA_DIST += \ EXTRA_DIST += \
certs/ca-key.der \ certs/ca-key.der \

42
tests/api.c
View File

@ -38183,11 +38183,13 @@ static void test_wolfSSL_X509_CRL(void)
static void test_wolfSSL_d2i_X509_REQ(void) static void test_wolfSSL_d2i_X509_REQ(void)
{ {
#if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) #if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
/* ./certs/csr.signed.der and ./certs/csr.attr.der were /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
* generated by libest * generated by libest
* ./certs/csr.attr.der contains sample attributes */ * ./certs/csr.attr.der contains sample attributes
* ./certs/csr.ext.der contains sample extensions */
const char* csrFile = "./certs/csr.signed.der"; const char* csrFile = "./certs/csr.signed.der";
const char* csrPopFile = "./certs/csr.attr.der"; const char* csrPopFile = "./certs/csr.attr.der";
const char* csrExtFile = "./certs/csr.ext.der";
/* ./certs/csr.dsa.pem is generated using /* ./certs/csr.dsa.pem is generated using
* openssl req -newkey dsa:certs/dsaparams.pem \ * openssl req -newkey dsa:certs/dsaparams.pem \
* -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \ * -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
@ -38249,6 +38251,42 @@ static void test_wolfSSL_d2i_X509_REQ(void)
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+"); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
#endif #endif
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
#ifdef OPENSSL_ALL
X509_ATTRIBUTE* attr;
ASN1_TYPE *at;
#endif
AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
/* This CSR contains an Extension Request attribute so
* we test extension parsing in a CSR attribute here. */
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
#ifdef OPENSSL_ALL
/*
* Obtain the challenge password from the CSR
*/
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
#endif
X509_free(req); X509_free(req);
BIO_free(bio); BIO_free(bio);
EVP_PKEY_free(pub_key); EVP_PKEY_free(pub_key);