tests: add test for signing with certificate listtmp-multiple-certs-in-p7-sign

Signing with one certificate, but includes the other certificates
inside the PKCS#7 structure.

Signed-off-by: Karl Tarbe <karl.tarbe@cyber.ee>

2 files changed, 83 insertions, 1 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 8cef7615d4..59d3ac5c51 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -82,7 +82,7 @@ dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \
 	pkcs7-constraints2 certtool-long-oids pkcs7-cat cert-sanity cert-critical \
 	pkcs12 certtool-crl-decoding pkcs12-encode pkcs12-corner-cases inhibit-anypolicy \
-	smime cert-time
+	smime cert-time pkcs7-list-sign
 
 if WANT_TEST_SUITE
 dist_check_SCRIPTS += provable-dh-default
diff --git a/tests/cert-tests/pkcs7-list-sign b/tests/cert-tests/pkcs7-list-sign
new file mode 100755
index 0000000000..acca0840aa
--- /dev/null
+++ b/tests/cert-tests/pkcs7-list-sign
@@ -0,0 +1,82 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Karl Tarbe
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+OUTFILE2=out2-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+check_for_datefudge
+# Test signing
+FILE="signing-with-cert-list"
+cat "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" "${srcdir}/../../doc/credentials/x509/ca.pem" >"${OUTFILE2}"
+${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey  "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${OUTFILE2}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+#test chain verification
+FILE="signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification"
+	exit ${rc}
+fi
+
+#check extraction of embedded data in signature
+FILE="signing-cert-list-verify-data"
+${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --outfile "${OUTFILE2}" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification with data"
+	exit ${rc}
+fi
+
+cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt"
+rc=$?
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 data detaching failed"
+	exit ${rc}
+fi
+
+#rm -f "${OUTFILE}"
+#rm -f "${OUTFILE2}"
+
+exit 0