tests: added pkcs7 verification with struct generated from openssl

4 files changed, 101 insertions, 3 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 9e0ff0d7e6..919895c7da 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -60,7 +60,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \
 	data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \
 	data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \
-	data/pkcs7-cat-ca.pem data/pkcs7-cat.p7
+	data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
diff --git a/tests/cert-tests/data/openssl.p7b b/tests/cert-tests/data/openssl.p7b
new file mode 100644
index 0000000000..9506d8b553
--- /dev/null
+++ b/tests/cert-tests/data/openssl.p7b
diff --git a/tests/cert-tests/data/openssl.p7b.out b/tests/cert-tests/data/openssl.p7b.out
new file mode 100644
index 0000000000..6330451477
--- /dev/null
+++ b/tests/cert-tests/data/openssl.p7b.out
@@ -0,0 +1,93 @@
+Signers:
+	Signer's issuer DN: CN=GnuTLS Test CA
+	Signer's serial: 5838027a15510d5a
+	Signature Algorithm: ECDSA-SHA256
+	Signed Attributes:
+		1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128
+		1.2.840.113549.1.9.4: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4
+		1.2.840.113549.1.9.5: 170d3136313132353039333233305a
+		1.2.840.113549.1.9.3: 06092a864886f70d010701
+
+Number of certificates: 2
+
+-----BEGIN CERTIFICATE-----
+MIICejCCATKgAwIBAgIIWDgCehVRDVowDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwIBcNMTYxMTI1MDkyMDU5WhgPOTk5OTEyMzEyMzU5
+NTlaMBcxFTATBgNVBAMTDFNpZ25pbmcgY2VydDBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABExURrCCMC8IFrefI//PugUNi20YWKxGudCeq3J298gLO9dvbcSX+w2I
+M70X4v5Di0iZYCRXnLclbnFKPwNk3LGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0P
+AQH/BAUDAweAADAdBgNVHQ4EFgQUvvYAxiRrYOq1+BPJpdXgySnV1zMwHwYDVR0j
+BBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAGRN
+PybhFeWRXUFteKH3pUpCIS/qWQHIcmHiSIw4S8Nh26pEleH5Ni99wf/DvYheONy4
+044YdIlDLFyXD5Ny469aEPkQm4VmgM+o7mG2dwg4om8KRTFL8G6JmVmT48s/1lD8
+sWzvz8gAegyPDh+CaPbO9XaLrFVhDdpO/IORPeMtvkVQY/Z1tVO3JgXvkAdrdJkK
+uF8LFcVwHvjZIVoNdkk5J+VrKP0nWcmlEkLsL+OHUmf2drQneJ2fPsdjGGn9Vj0d
+9l/mn/9dtEEMGasPJhj4y7oVJ7CC8Qu4ksFng5dW6x5bmVZpn15ruzJc21SkEWPU
+D4N6LsdWC2+w4k2o3fV3b+FlHvswlAsgU0eMq9WHnVbSdWSsEUgGk8E8nhTLdQ82
+DUgMweNWlGd7k/VI06w=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV
+BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB
+OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL
+dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb
+HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08
+WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3
+F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3
+a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe
+oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/
+MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P
+MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH
+VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc
+4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s
+V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK
+VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u
+f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv
+ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k
+-----END CERTIFICATE-----
+
+-----BEGIN PKCS7-----
+MIIHogYJKoZIhvcNAQcCoIIHkzCCB48CAQExDTALBglghkgBZQMEAgEwKgYJKoZI
+hvcNAQcBoB0EG0hlbGxvIHRoZXJlLiBIb3cgYXJlIHlvdT8NCqCCBdIwggJ6MIIB
+MqADAgECAghYOAJ6FVENWjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU
+TFMgVGVzdCBDQTAgFw0xNjExMjUwOTIwNTlaGA85OTk5MTIzMTIzNTk1OVowFzEV
+MBMGA1UEAxMMU2lnbmluZyBjZXJ0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+TFRGsIIwLwgWt58j/8+6BQ2LbRhYrEa50J6rcnb3yAs7129txJf7DYgzvRfi/kOL
+SJlgJFectyVucUo/A2TcsaNhMF8wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMD
+B4AAMB0GA1UdDgQWBBS+9gDGJGtg6rX4E8ml1eDJKdXXMzAfBgNVHSMEGDAWgBRN
+VrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAZE0/JuEV5ZFd
+QW14ofelSkIhL+pZAchyYeJIjDhLw2HbqkSV4fk2L33B/8O9iF443LjTjhh0iUMs
+XJcPk3Ljr1oQ+RCbhWaAz6juYbZ3CDiibwpFMUvwbomZWZPjyz/WUPyxbO/PyAB6
+DI8OH4Jo9s71dousVWEN2k78g5E94y2+RVBj9nW1U7cmBe+QB2t0mQq4XwsVxXAe
++NkhWg12STkn5Wso/SdZyaUSQuwv44dSZ/Z2tCd4nZ8+x2MYaf1WPR32X+af/120
+QQwZqw8mGPjLuhUnsILxC7iSwWeDl1brHluZVmmfXmu7MlzbVKQRY9QPg3oux1YL
+b7DiTajd9Xdv4WUe+zCUCyBTR4yr1YedVtJ1ZKwRSAaTwTyeFMt1DzYNSAzB41aU
+Z3uT9UjTrDCCA1AwggIIoAMCAQICAQAwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AxMOR251VExTIFRlc3QgQ0EwHhcNMTEwNTI4MDgzNjMwWhcNMzgxMDEyMDgzNjMz
+WjAZMRcwFQYDVQQDEw5HbnVUTFMgVGVzdCBDQTCCAVIwDQYJKoZIhvcNAQEBBQAD
+ggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQWk9x3GuuUhKA8IdC
+oj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPeb+E0HQuDizIhOeni
+BqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxRrPEs318Ot/jCOhau
+ojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQfdTPf5ceYBR+ZPf4
+j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB4oFzBGQthXs5cCB2
+mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQPUQo3jt21CKGGiHVU
+1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaNDMEEwDwYDVR0TAQH/
+BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRNVrdqAFjxZ5L0pnVV
+G45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAHrDoIxhYtczmKQPzd4JFFUXARw8Z
+je4NsjnKh1X4RXPnuM4TnoUddVgrdkYMzZZ2FZlecwZkAXUwLfD6PzFYSwg1tQVC
+x5S7y9AxXOLAdUZXBnkHAikGuG/kPVVn+H+k37hFmUAuY+bLYl41YDqqzjK8ymdn
+ilgOCbC/bFfuwDUmRPoTrdV9ZgPJqMqnveVNhHIofpxSUlkgXdVhYhM1Z17+BVVj
+12x/RxEQylW2rI6H1lpkDtWJUD4rIS4JtSG8KjpDpOLA4KC7lGeBoD9Aw3jehJkQ
+zswcq7/vbn+OQZfSEH+CCTTy1PZRKo8jDsnak+pAYu341eSArkGeBHlSbDhrl+z6
+jcqA8yRy733q0XzS6+nkEh0sQYUtHFcg42+YAmsCuru8U1Pm+8YpBInvZDGCAXcw
+ggFzAgEBMCUwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0ECCFg4AnoVUQ1aMAsG
+CWCGSAFlAwQCAaCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3
+DQEJBTEPFw0xNjExMjUwOTMyMzBaMC8GCSqGSIb3DQEJBDEiBCByi+Ufe2Pc9z8o
+uoDSd85H+M9adaAtTmdw4ZuqV6dnpDB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFl
+AwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqG
+SIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB
+KDAKBggqhkjOPQQDAgRHMEUCIHwo+5MOxoznE73+I4XdD1Nm/3yJ9RRapS1ie5b2
+moBYAiEAt1jLVaEosn+jdpoWY49YdlqBN+ot/nvj1eq0bJyO2uk=
+-----END PKCS7-----
diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7
index 9e1b607038..ff66dfb748 100755
--- a/tests/cert-tests/pkcs7
+++ b/tests/cert-tests/pkcs7
@@ -33,7 +33,7 @@ OUTFILE2=out2-pkcs7.$$.tmp
 
 check_for_datefudge
 
-for FILE in single-ca.p7b full.p7b; do
+for FILE in single-ca.p7b full.p7b openssl.p7b; do
 ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}"
 rc=$?
 
@@ -52,7 +52,7 @@ done
 
 # check signatures
 
-for FILE in full.p7b; do
+for FILE in full.p7b openssl.p7b; do
 # check validation with date prior to CA issuance
 datefudge -s "2011-1-10" \
 ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
@@ -90,6 +90,11 @@ if test "${rc}" != "0"; then
 	echo "${FILE}: PKCS7 verification failed"
 	exit ${rc}
 fi
+done
+
+
+#check key purpose verification
+for FILE in full.p7b; do
 
 ${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
 rc=$?