tests: added verification checks into crl_apis

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 80 insertions, 46 deletions

diff --git a/tests/crl_apis.c b/tests/crl_apis.c
index 99708e389c..627d4f6c16 100644
--- a/tests/crl_apis.c
+++ b/tests/crl_apis.c
@@ -15,9 +15,9 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * General Public License for more details.
  *
- * You should have received a copy of the GNU General Public License
- * along with GnuTLS; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
  */
 
 #ifdef HAVE_CONFIG_H
@@ -34,10 +34,10 @@
 #include "utils.h"
 #include "cert-common.h"
 
+static time_t then = 1207000800;
+
 static time_t mytime(time_t * t)
 {
-	time_t then = 1207000800;
-
 	if (t)
 		*t = then;
 
@@ -46,48 +46,49 @@ static time_t mytime(time_t * t)
 
 static unsigned char saved_crl_pem[] =
 	"-----BEGIN X509 CRL-----\n"
-	"MIICXzCByAIBADANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n"
-	"MzEyMjAwMDBaFw0wODAzMzEyMjAxMDBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMDBa\n"
+	"MIICXzCByAIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n"
+	"MzEyMjAwMDBaFw0wODAzMzEyMjAyMDBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMDBa\n"
 	"MB0CDFejHTI2Wi75obBaUhcNMDgwMzMxMjIwMDAwWjAdAgxXox0yNbNP0Ln15zwX\n"
 	"DTA4MDMzMTIyMDAwMFqgLzAtMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv\n"
-	"8bSvMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBgQAcVsFF0HzAjAtD4Kwh\n"
-	"pJwVl6BEC4lybSIVB0+ls/b23cEOfU1wE8Ls+26EjUHLOTCdQgKMFgbEuhAgUOb6\n"
-	"kuatoWmi3R/42FJDvQxc+aYcEOX5ttbbB4KuS77zQ54Nv9RGyKcXqTDmax2MgqKg\n"
-	"moIbYhemiUl4zCshPZvv0NsHFiDtToSIHZIbIy3u63/Mb/tXCm2Eyrl8za8ELGaJ\n"
-	"5zjibO2wNRIwd7QbJJRkc6TrphfWxeU6tZi3rwOLoqf8x4EBWOcKXyUvIb+OxNVH\n"
-	"aMXFxVCTmDAqxe9HrEzZsQIGS7CDlWCghIUW8AQkPJ/IL4kUvZhmRxyqI8DF4mLI\n"
-	"XqCDF55CaQ5e2uMc3f5rvNTP1g1S7E/iZRTaATVhB6krha6X3MqEQ+VJnMklJPiI\n"
-	"aZY5JS5apO9ewXykxuK0/A3BeHSdK4fj3Q1mt1NzX4G9cU2T3VdPRbAgchoU2YV3\n"
-	"pBeFxTaJMEN+ajgixeXC69iE7aNBOFBLC38uPmMOpZ450q8=\n"
+	"8bSvMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBgQAFpyifa5AJclRpJfjh\n"
+	"QOcSoiCJz5QsrGaK5I/UYHcY958hhFjnE2c9g3wYEEt13M2gkgOTXapImPbLXHv+\n"
+	"cHWGoTqX6+crs7xcC6mFc6JfY7q9O2eP1x386dzCxhsXMti5ml0iOeBpNrMO46Pr\n"
+	"PuvNaY7OE1UgN0Ha3YjmhP8HtWJSQCMmqIo6vP1/HBSzaXP/cjS7f0WBZemj0eE7\n"
+	"wwA1GUoUx9wHipvNkCSKy/eQz4fpOJExrvHeb1/N3po9hfZaZJAqR+rsC0j9J+wd\n"
+	"ZGAdVFKCJUZs0IgsWQqagg0tXGJ8ejdt4yE8zvhhcpf4pcGoYUqtoUPT+Fjnsw7C\n"
+	"P1GCVZQ2ciGxixljTJFdifhqPshgC1Ytd75MkDYH2RRir/JwypQK9CcqIAOjBzTl\n"
+	"uk4SkKL2xAIduw6Dz5kAC7G2EM94uODoI/RO5b6eN6Kb/592JrKAfB96jh2wwqW+\n"
+	"swaA4JPFqNQaiMWW1IXM3VJwXBt8DRSRo46JV5OktvvFRwI=\n"
 	"-----END X509 CRL-----\n";
 
 static unsigned char saved_min_crl_pem[] =
 	"-----BEGIN X509 CRL-----\n"
-	"MIICUDCBuQIBADANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n"
-	"MzEyMjAwMDBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMDBaMB0CDFejHTI2Wi75obBa\n"
-	"UhcNMDgwMzMxMjIwMDAwWjAdAgxXox0yNbNP0Ln15zwXDTA4MDMzMTIyMDAwMFqg\n"
+	"MIICUDCBuQIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n"
+	"MzEyMjAwMTBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMTBaMB0CDFejHTI2Wi75obBa\n"
+	"UhcNMDgwMzMxMjIwMDEwWjAdAgxXox0yNbNP0Ln15zwXDTA4MDMzMTIyMDAxMFqg\n"
 	"LzAtMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv8bSvMAoGA1UdFAQDAgEB\n"
-	"MA0GCSqGSIb3DQEBBQUAA4IBgQBwTFMCc5/y/rrVvv/rGD5BYF1rCk+Daln/aQvV\n"
-	"UgFwbaYsnSUoHdivEF6rrtSJGdZj5JWk7Y4oICL6NLeiLiM+AeBuaGbB9EjIQH8d\n"
-	"d4/QSR4VV/900xcWbSatycXq4k2nxnrFcC2TMD6ee0nQjs1YQcgBK5tEQBvtKa+w\n"
-	"qemp7/WPuY1YcDTIJ1myjyM0yJpBope/9uYWxcYgHCwK+o1QqpDlnq21539QtdbC\n"
-	"9isLxAohnvwmKJkRoYVUhi5jRjd4Yy/fiSAcQx+Gs+0kjRXqitAgofPUAyibMLZX\n"
-	"EvTZvGDCBF8OqlF6WdBLgcYDVzX7GnYEYFSccQtPYdanilf9IGO0ToF0MfPliawb\n"
-	"J/27rdbCDQXh3exSq4vGgdulmt+tmYsFwlivwvuCG/eV8KOLWv7q36jx4PzLJyiE\n"
-	"JJimFkzuwEEaFSmIM9UDEKfmDC10jVQ4c7Y7CPI5rLnPDtEOTNWsjlw/rC2/XLem\n"
-	"YdLVIwU0h1VJPvZsmbhU2baAhsM=\n"
+	"MA0GCSqGSIb3DQEBCwUAA4IBgQB/Y7MxKf7HpYBoi7N5lNCe7nSd0epQiNPOford\n"
+	"hGb1ZirZk9m67zg146Cwc0W4ipPzW/OjwgUoVQTm21I7oZj/GPItAABlILd6eRQe\n"
+	"jYJap0fxiXV7aMRfu2o3qCRGAITQf306H5zJmpdeNxbxzlr3t6IAHBDbLI1WYXiC\n"
+	"pTHo3wlpwFJEPw5NQ0j6rCAzSH81FHTrEiIOar17uRqeMjbGN6Eo4zjezEx2+ewg\n"
+	"unsdzx4OWx3KgzsQnyV9EoU6l9jREe519mICx7La6DZkhO4dSPJv6R5jEFitWDNB\n"
+	"lxZMA5ePrYXuE/3b+Li89R53O+xZxShLQYwBRSHDue44xUv6hh6YNIKDgt4ycIs8\n"
+	"9JAWsOYJDYUEbAUo+S4sWCU6LzloEvmg7EdJtvJWsScUKK4qbwkDfkBTKjbeBdFj\n"
+	"w6naZIjzbjMPEe8/T+hmu/txFj3fGj/GzOM1GaJNZ4vMWA4Y6LhB+H1Zf3xK+hV0\n"
+	"sc0eYw7RpIzEyc9PPz/uM+XabsI=\n"
 	"-----END X509 CRL-----\n";
 
-const gnutls_datum_t saved_crl = { saved_crl_pem, sizeof(saved_crl_pem)-1 };
-const gnutls_datum_t saved_min_crl = { saved_min_crl_pem, sizeof(saved_min_crl_pem)-1 };
+const gnutls_datum_t saved_crl = { saved_crl_pem, sizeof(saved_crl_pem) - 1 };
+const gnutls_datum_t saved_min_crl =
+    { saved_min_crl_pem, sizeof(saved_min_crl_pem) - 1 };
 
-static void append_crt(gnutls_x509_crl_t crl, const gnutls_datum_t *pem)
+static void append_crt(gnutls_x509_crl_t crl, const gnutls_datum_t * pem)
 {
 	gnutls_x509_crt_t crt;
 	int ret;
 
-	assert(gnutls_x509_crt_init(&crt)>=0);
-	assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM)>=0);
+	assert(gnutls_x509_crt_init(&crt) >= 0);
+	assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM) >= 0);
 	ret = gnutls_x509_crl_set_crt(crl, crt, mytime(0));
 	if (ret != 0)
 		fail("gnutls_x509_crl_set_crt: %s\n", gnutls_strerror(ret));
@@ -95,42 +96,72 @@ static void append_crt(gnutls_x509_crl_t crl, const gnutls_datum_t *pem)
 	gnutls_x509_crt_deinit(crt);
 }
 
-static void append_aki(gnutls_x509_crl_t crl, const gnutls_datum_t *pem)
+static void append_aki(gnutls_x509_crl_t crl, const gnutls_datum_t * pem)
 {
 	gnutls_x509_crt_t crt;
 	int ret;
 	unsigned char aki[128];
 	size_t aki_size;
 
-	assert(gnutls_x509_crt_init(&crt)>=0);
-	assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM)>=0);
+	assert(gnutls_x509_crt_init(&crt) >= 0);
+	assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM) >= 0);
 
 	aki_size = sizeof(aki);
-	assert(gnutls_x509_crt_get_subject_key_id(crt, aki, &aki_size, NULL) >= 0);
+	assert(gnutls_x509_crt_get_subject_key_id(crt, aki, &aki_size, NULL) >=
+	       0);
 
 	ret = gnutls_x509_crl_set_authority_key_id(crl, aki, aki_size);
 	if (ret != 0)
-		fail("gnutls_x509_crl_set_authority_key_id: %s\n", gnutls_strerror(ret));
+		fail("gnutls_x509_crl_set_authority_key_id: %s\n",
+		     gnutls_strerror(ret));
 
 	gnutls_x509_crt_deinit(crt);
 }
 
-static void sign_crl(gnutls_x509_crl_t crl, const gnutls_datum_t *cert, const gnutls_datum_t *key)
+static void verify_crl(gnutls_x509_crl_t _crl, gnutls_x509_crt_t crt)
+{
+	int ret;
+	gnutls_x509_crl_t crl;
+	unsigned status;
+	gnutls_datum_t out;
+
+	assert(gnutls_x509_crl_export2(_crl, GNUTLS_X509_FMT_DER, &out) >= 0);
+
+	assert(gnutls_x509_crl_init(&crl) >= 0);
+	assert(gnutls_x509_crl_import(crl, &out, GNUTLS_X509_FMT_DER) >= 0);
+
+	gnutls_free(out.data);
+
+	ret = gnutls_x509_crl_verify(crl, &crt, 1, 0, &status);
+	if (ret < 0)
+		fail("gnutls_x509_crl_verify: %s\n", gnutls_strerror(ret));
+
+	if (status != 0)
+		fail("gnutls_x509_crl_verify status: %x\n", status);
+	gnutls_x509_crl_deinit(crl);
+}
+
+static void sign_crl(gnutls_x509_crl_t crl, const gnutls_datum_t * cert,
+		     const gnutls_datum_t * key)
 {
 	gnutls_x509_crt_t crt;
 	gnutls_x509_privkey_t pkey;
 	int ret;
 
-	assert(gnutls_x509_crt_init(&crt)>=0);
-	assert(gnutls_x509_privkey_init(&pkey)>=0);
+	assert(gnutls_x509_crt_init(&crt) >= 0);
+	assert(gnutls_x509_privkey_init(&pkey) >= 0);
 
-	assert(gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_PEM)>=0);
-	assert(gnutls_x509_privkey_import(pkey, key, GNUTLS_X509_FMT_PEM)>=0);
+	assert(gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_PEM) >= 0);
+	assert(gnutls_x509_privkey_import(pkey, key, GNUTLS_X509_FMT_PEM) >= 0);
 
 	ret = gnutls_x509_crl_sign(crl, crt, pkey);
 	if (ret != 0)
 		fail("gnutls_x509_crl_sign: %s\n", gnutls_strerror(ret));
 
+	then+=10;
+
+	verify_crl(crl, crt);
+
 	gnutls_x509_crt_deinit(crt);
 	gnutls_x509_privkey_deinit(pkey);
 }
@@ -140,6 +171,8 @@ static gnutls_x509_crl_t generate_crl(unsigned skip_optional)
 	gnutls_x509_crl_t crl;
 	int ret;
 
+	success("Generating CRL (%d)\n", skip_optional);
+
 	ret = gnutls_x509_crl_init(&crl);
 	if (ret != 0)
 		fail("gnutls_x509_crl_init\n");
@@ -153,7 +186,7 @@ static gnutls_x509_crl_t generate_crl(unsigned skip_optional)
 		fail("gnutls_x509_crl_set_this_update\n");
 
 	if (!skip_optional) {
-		ret = gnutls_x509_crl_set_next_update(crl, mytime(0)+60);
+		ret = gnutls_x509_crl_set_next_update(crl, mytime(0) + 120);
 		if (ret != 0)
 			fail("gnutls_x509_crl_set_next_update\n");
 	}
@@ -191,7 +224,7 @@ void doit(void)
 	fprintf(stdout, "%s", out.data);
 
 	assert(out.size == saved_crl.size);
-	assert(memcmp(out.data, saved_crl.data, out.size)==0);
+	assert(memcmp(out.data, saved_crl.data, out.size) == 0);
 
 	gnutls_free(out.data);
 	gnutls_x509_crl_deinit(crl);
@@ -204,8 +237,9 @@ void doit(void)
 	fprintf(stdout, "%s", out.data);
 
 	assert(out.size == saved_min_crl.size);
-	assert(memcmp(out.data, saved_min_crl.data, out.size)==0);
+	assert(memcmp(out.data, saved_min_crl.data, out.size) == 0);
 
 	gnutls_free(out.data);
 	gnutls_x509_crl_deinit(crl);
+
 }