tests: added tests for PKCS#12 decoding with UTF8 passwords

4 files changed, 82 insertions, 2 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 968c3f7a27..76fb776a3b 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -58,11 +58,11 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/ca-secret.gpg data/srv-public.gpg data/srv-public-127.0.0.1-signed.gpg	\
 	data/srv-public-localhost-signed.gpg data/selfsigs/alice-mallory-badsig18.pub \
 	data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \
-	data/selfsigs/alice.pub
+	data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
-	provable-dh userid sha2-test sha2-dsa-test
+	provable-dh userid sha2-test sha2-dsa-test pkcs12-utf8
 
 if !ENABLE_FIPS140
 dist_check_SCRIPTS += pkcs12
diff --git a/tests/cert-tests/data/key-utf8-1.p12 b/tests/cert-tests/data/key-utf8-1.p12
new file mode 100644
index 0000000000..d57d12c12e
--- /dev/null
+++ b/tests/cert-tests/data/key-utf8-1.p12
diff --git a/tests/cert-tests/data/key-utf8-2.p12 b/tests/cert-tests/data/key-utf8-2.p12
new file mode 100644
index 0000000000..40f2db6a74
--- /dev/null
+++ b/tests/cert-tests/data/key-utf8-2.p12
diff --git a/tests/cert-tests/pkcs12-utf8 b/tests/cert-tests/pkcs12-utf8
new file mode 100755
index 0000000000..5c1049ed5c
--- /dev/null
+++ b/tests/cert-tests/pkcs12-utf8
@@ -0,0 +1,80 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Red Hat, Inc.
+# Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+top_builddir="${top_builddir:-../..}"
+CERTTOOL="${CERTTOOL:-${top_builddir}/src/certtool${EXEEXT}}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+DIFF="${DIFF:-diff}"
+DEBUG=""
+
+TMPFILE=pkcs12-utf8.$$.tmp
+TMPFILE_PEM=pkcs12-utf8.$$.tmp.pem
+
+echo "Testing decoding of known keys"
+echo "=============================="
+
+ret=0
+for p12 in "key-utf8-1.p12 ένα-δύο" "key-utf8-2.p12 ένα_δύο_τρία_τέσσερα"; do
+	set -- ${p12}
+	file="$1"
+	passwd="$2"
+	if test "x$DEBUG" != "x"; then
+		${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/data/${file}"
+	else
+		${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
+			--infile "${srcdir}/data/${file}" >/dev/null
+	fi
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS12 FATAL ${p12}"
+		exit 1
+	fi
+done
+
+
+echo ""
+echo "Testing encoding/decoding"
+echo "========================="
+
+${VALGRIND} "${CERTTOOL}" --pkcs-cipher=aes-256 --to-p12 --password "ένα δύο tria" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL encoding"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "ένα δύο tria" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null
+rc=$?
+if test ${rc} != 0; then
+	echo "PKCS12 FATAL decrypting/decoding"
+	exit 1
+fi
+
+rm -f "$TMPFILE" "$TMPFILE_PEM"
+
+exit 0