diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-09-05 16:05:40 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-09-05 16:05:40 +0000 |
commit | 69bdcbc193726601b5173577683ee913d5cef83c (patch) | |
tree | d78117b740f37d2e99f84ffe9c263e699de4a07c /tests/x509_test.c | |
parent | a2a9c8d2ee6f0a23e9376f08755781997a631167 (diff) | |
download | gnutls-69bdcbc193726601b5173577683ee913d5cef83c.tar.gz |
Added more tests for the X.509 certificate validation. These tests are now only included in the CVS not the distribution.
Diffstat (limited to 'tests/x509_test.c')
-rw-r--r-- | tests/x509_test.c | 117 |
1 files changed, 94 insertions, 23 deletions
diff --git a/tests/x509_test.c b/tests/x509_test.c index 7a3b35ad4e..b1187221af 100644 --- a/tests/x509_test.c +++ b/tests/x509_test.c @@ -3,6 +3,9 @@ #include <gnutls_x509.h> #include <gnutls_cert.h> #include <gnutls_errors.h> +#include <x509_b64.h> +#include <x509_verify.h> +#include <gnutls_global.h> /* FIXME: This test uses gnutls internals. Rewrite it using * the exported stuff. (I leave it as an exercise to the reader :) @@ -20,14 +23,22 @@ static struct file_res test_files[] = { { "test2.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, { "test3.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, { "test10.pem", 0 }, + { "test13.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test22.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test23.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test24.pem", 0 }, { "test25.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, + { "test26.pem", 0 }, { NULL, 0 } }; -int _gnutls_verify_x509_file( char *cafile); +#define CA_FILE "ca.pem" +int _gnutls_verify_x509_file( const char* certfile, const char *cafile); -static void print_res( int x) { + +static void print_res( int x) +{ if (x&GNUTLS_CERT_INVALID) printf("- certificate is invalid\n"); else @@ -41,7 +52,8 @@ static void print_res( int x) { return; } -int main() { +int main() +{ int x; char* file; @@ -57,7 +69,7 @@ int i = 0, exp_result; file = test_files[i++].test_file; if (file==NULL) break; - x = _gnutls_verify_x509_file( file); + x = _gnutls_verify_x509_file( file, CA_FILE); if (x<0) { fprintf(stderr, "Unexpected error: %d\n", x); @@ -84,19 +96,56 @@ int i = 0, exp_result; /* Verifies a base64 encoded certificate list from memory */ -int _gnutls_verify_x509_mem( const char *ca, int ca_size) +int _gnutls_verify_x509_mem( const char* cert, int cert_size, + const char *ca, int ca_size) { int siz, siz2, i; unsigned char *b64; const char *ptr; int ret; gnutls_datum tmp; + gnutls_cert* x509_cert_list=NULL; gnutls_cert* x509_ca_list=NULL; - int x509_ncas; + int x509_ncerts, x509_ncas; + + /* Decode the CA certificate + */ + siz2 = _gnutls_fbase64_decode( NULL, ca, ca_size, &b64); + + if (siz2 < 0) { + fprintf(stderr, "Error decoding CA certificate\n"); + gnutls_assert(); + return GNUTLS_E_PARSING_ERROR; + } + + x509_ca_list = + (gnutls_cert *) gnutls_calloc( 1, sizeof(gnutls_cert)); + x509_ncas = 1; + + if (x509_ca_list == NULL) { + fprintf(stderr, "memory error\n"); + gnutls_free(b64); + return GNUTLS_E_MEMORY_ERROR; + } + + tmp.data = b64; + tmp.size = siz2; + + if ((ret = + _gnutls_x509_cert2gnutls_cert( x509_ca_list, + tmp, 0)) < 0) { + fprintf(stderr, "Error parsing the CA certificate\n"); + gnutls_assert(); + gnutls_free(b64); + return ret; + } + gnutls_free(b64); - siz = ca_size; - ptr = ca; + /* Decode the certificate chain. + */ + siz = cert_size; + ptr = cert; i = 1; @@ -110,11 +159,12 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size) return GNUTLS_E_PARSING_ERROR; } - x509_ca_list = - (gnutls_cert *) gnutls_realloc( x509_ca_list, + x509_cert_list = + (gnutls_cert *) gnutls_realloc( x509_cert_list, i * sizeof(gnutls_cert)); - if (x509_ca_list == NULL) { + if (x509_cert_list == NULL) { + fprintf(stderr, "memory error\n"); gnutls_assert(); gnutls_free(b64); return GNUTLS_E_MEMORY_ERROR; @@ -124,8 +174,9 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size) tmp.size = siz2; if ((ret = - _gnutls_x509_cert2gnutls_cert(&x509_ca_list[i - 1], - tmp, 0)) < 0) { + _gnutls_x509_cert2gnutls_cert( &x509_cert_list[i-1], + tmp, 0)) < 0) { + fprintf(stderr, "Error parsing the certificate\n"); gnutls_assert(); gnutls_free(b64); return ret; @@ -140,10 +191,15 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size) i++; } while ((ptr = strstr(ptr, PEM_CERT_SEP)) != NULL); - x509_ncas = i - 1; + x509_ncerts = i - 1; - siz = _gnutls_x509_verify_certificate( x509_ca_list, x509_ncas-1, - &x509_ca_list[x509_ncas-1], 1, NULL, 0); + siz = _gnutls_x509_verify_certificate( x509_cert_list, x509_ncerts, + x509_ca_list, 1, NULL, 0); + + _gnutls_free_cert( x509_ca_list[0]); + for (i=0;i<x509_ncerts;i++) { + _gnutls_free_cert( x509_cert_list[i]); + } return siz; } @@ -152,23 +208,38 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size) /* Reads and verifies a base64 encoded certificate file */ -int _gnutls_verify_x509_file( char *cafile) +int _gnutls_verify_x509_file( const char* certfile, const char *cafile) { - int siz; - char x[MAX_FILE_SIZE]; + int ca_size, cert_size; + char ca[MAX_FILE_SIZE]; + char cert[MAX_FILE_SIZE]; FILE *fd1; - fd1 = fopen(cafile, "rb"); + fd1 = fopen(certfile, "rb"); if (fd1 == NULL) { + fprintf(stderr, "error opening %s\n", certfile); gnutls_assert(); return GNUTLS_E_FILE_ERROR; } - siz = fread(x, 1, sizeof(x)-1, fd1); + cert_size = fread(cert, 1, sizeof(cert)-1, fd1); fclose(fd1); - x[siz] = 0; + cert[cert_size] = 0; + + + fd1 = fopen(cafile, "rb"); + if (fd1 == NULL) { + fprintf(stderr, "error opening %s\n", cafile); + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } + + ca_size = fread(ca, 1, sizeof(ca)-1, fd1); + fclose(fd1); + + ca[ca_size] = 0; - return _gnutls_verify_x509_mem( x, siz); + return _gnutls_verify_x509_mem( cert, cert_size, ca, ca_size); } |