diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-01-16 20:43:42 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-01-16 20:43:44 +0100 |
commit | 367928578b651bc3252e8440993c02913eca046d (patch) | |
tree | ee930192111606648f857409861898dedfbd60aa | |
parent | 92e140e074a77d9012119d81a6c6dd1da465203c (diff) | |
download | gnutls-367928578b651bc3252e8440993c02913eca046d.tar.gz |
tests: added check for KRB5Principal output
Resolves #67
-rw-r--r-- | tests/cert-tests/Makefile.am | 2 | ||||
-rwxr-xr-x | tests/cert-tests/pem-decoding | 18 | ||||
-rw-r--r-- | tests/cert-tests/template-krb5name-full.pem | 94 |
3 files changed, 113 insertions, 1 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 497138e6f1..52ff212065 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -37,7 +37,7 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \ provable3072.pem provable2048.pem provable-dsa2048.pem provable-dsa2048-fips.pem \ template-unique.tmpl template-unique.pem template-othername.tmpl template-othername.pem \ template-othername-xmpp.tmpl template-othername-xmpp.pem template-krb5name.tmpl \ - template-krb5name.pem + template-krb5name.pem template-krb5name-full.pem dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 privkey-import name-constraints certtool-long-cn crl provable-privkey diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding index e85a60c026..1087b8b8ef 100755 --- a/tests/cert-tests/pem-decoding +++ b/tests/cert-tests/pem-decoding @@ -95,6 +95,24 @@ if test "${rc}" != "0"; then exit ${rc} fi +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/template-krb5name.pem" >tmp-pem.pem +rc=$? + +if test "${rc}" != "0"; then + echo "XMPP cert decoding failed 1" + exit ${rc} +fi + +cat tmp-pem.pem |grep "KRB5Principal:" >tmp1 +cat "${srcdir}/template-krb5name-full.pem" |grep "KRB5Principal:" >tmp2 +${DIFF} -u tmp1 tmp2 || ${DIFF} -u --strip-trailing-cr tmp1 tmp2 +rc=$? + +if test "${rc}" != "0"; then + echo "KRB5 principalname cert decoding failed 1" + exit ${rc} +fi + rm -f tmp-pem.pem tmp1 tmp2 exit 0 diff --git a/tests/cert-tests/template-krb5name-full.pem b/tests/cert-tests/template-krb5name-full.pem new file mode 100644 index 0000000000..1d4c0368d5 --- /dev/null +++ b/tests/cert-tests/template-krb5name-full.pem @@ -0,0 +1,94 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 07 + Issuer: CN=Nik,ST=Attiki,C=GR,surName=Mavrogiannopoulos,street=Arkadias + Validity: + Not Before: Sun Apr 22 00:00:00 UTC 2007 + Not After: Sun May 25 00:00:00 UTC 2014 + Subject: CN=Nik,ST=Attiki,C=GR,surName=Mavrogiannopoulos,street=Arkadias + Subject Public Key Algorithm: RSA + Algorithm Security Level: Legacy (1024 bits) + Modulus (bits 1024): + 00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59 + f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b + 05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7 + 33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42 + e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77 + 86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69 + af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d + 8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3 + 05 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Subject Alternative Name (not critical): + DNSname: www.evenmorethanone.org + IPAddress: 192.168.1.1 + KRB5Principal: user@email.domain@KERBEROS.REALM + KRB5Principal: user@REALM.COM + KRB5Principal: HTTP/user@REALM.COM + KRB5Principal: comp1/comp2/user@REALM.COM + RFC822Name: none@none.org + RFC822Name: where@none.org + Key Purpose (not critical): + OCSP signing. + Key Usage (critical): + Subject Key Identifier (not critical): + 5d40adf0ce9440958b7e99941d925422ca72365f + CRL Distribution points (not critical): + URI: http://www.getcrl.crl/getcrl/ + Signature Algorithm: RSA-SHA256 + Signature: + 60:4b:8f:6f:70:c9:1f:c0:e0:f7:44:aa:c8:57:ae:72 + 7f:fb:69:f0:ef:40:62:66:5a:0b:88:91:ac:9b:13:20 + 77:1b:41:dd:ca:0e:6e:f6:16:9b:56:6f:f7:58:57:10 + 42:04:72:98:78:03:da:48:c3:0f:9b:fe:9b:3c:54:9c + 5c:f9:1f:78:32:90:23:04:0f:fd:a0:4d:9e:ff:a2:87 + 58:5c:a0:d5:80:70:e7:d6:a2:ff:21:03:3e:77:57:68 + ea:a6:21:f7:67:8e:9a:df:63:12:f1:7e:78:7d:ac:6d + eb:53:9f:ce:fe:18:61:18:8a:2b:65:35:28:6f:d5:7b +Other Information: + SHA1 fingerprint: + 113d3560fb087fd7724055192695f0c472e1eec4 + SHA256 fingerprint: + 7b2285b7a542e9ca05eae2538196080caf503d47f8a3869454ab1990d8075be8 + Public Key ID: + 5d40adf0ce9440958b7e99941d925422ca72365f + Public key's random art: + +--[ RSA 1024]----+ + | .o+*=. | + | . .o.+oo | + | . * =EB.. | + | + o.oO.. | + | .S=.o | + | . * | + | . | + | | + | | + +-----------------+ + +-----BEGIN CERTIFICATE----- +MIID5DCCA02gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUw +AwEB/zCCASkGA1UdEQSCASAwggEcghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE +wKgBAaA+BgYrBgEFAgKgNDAyoBAbDktFUkJFUk9TLlJFQUxNoR4wHKADAgEKoRUw +ExsRdXNlckBlbWFpbC5kb21haW6gLAYGKwYBBQICoCIwIKALGwlSRUFMTS5DT02h +ETAPoAMCAQGhCDAGGwR1c2VyoDIGBisGAQUCAqAoMCagCxsJUkVBTE0uQ09NoRcw +FaADAgEBoQ4wDBsESFRUUBsEdXNlcqA6BgYrBgEFAgKgMDAuoAsbCVJFQUxNLkNP +TaEfMB2gAwIBAaEWMBQbBWNvbXAxGwVjb21wMhsEdXNlcoENbm9uZUBub25lLm9y +Z4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/ +BAQDAgYAMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAl +MCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0B +AQsFAAOBgQBgS49vcMkfwOD3RKrIV65yf/tp8O9AYmZaC4iRrJsTIHcbQd3KDm72 +FptWb/dYVxBCBHKYeAPaSMMPm/6bPFScXPkfeDKQIwQP/aBNnv+ih1hcoNWAcOfW +ov8hAz53V2jqpiH3Z46a32MS8X54faxt61Ofzv4YYRiKK2U1KG/Vew== +-----END CERTIFICATE----- |