Changed prototype for gnutls_pkcs12_simple_parse() to simplify chain building.

4 files changed, 125 insertions, 2 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8437924e55..70b343ab82 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -68,7 +68,7 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder certuniqueid	\
 	 mini-rehandshake rng-fork mini-eagain-dtls resume-dtls \
 	 x509cert x509cert-tl infoaccess rsa-encrypt-decrypt \
 	 mini-loss-time mini-tdb mini-dtls-rehandshake mini-record \
-	 mini-termination mini-x509-cas mini-x509-2
+	 mini-termination mini-x509-cas mini-x509-2 pkcs12_simple
 
 if ENABLE_OCSP
 ctests += ocsp
@@ -100,6 +100,7 @@ TESTS = $(ctests) $(dist_check_SCRIPTS)
 
 TESTS_ENVIRONMENT =						\
 	CAFILE=$(srcdir)/cert-tests/ca-certs.pem		\
+	PKCS12_MANY_CERTS_FILE=$(srcdir)/pkcs12-decode/pkcs12_5certs.p12	\
 	PKCS12FILE=$(srcdir)/pkcs12-decode/client.p12		\
 	PKCS12PASSWORD=foobar					\
 	PKCS12FILE_2=$(srcdir)/pkcs12-decode/pkcs12_2certs.p12	\
diff --git a/tests/pkcs12-decode/Makefile.am b/tests/pkcs12-decode/Makefile.am
index 4e9dd89b05..e7fabcd262 100644
--- a/tests/pkcs12-decode/Makefile.am
+++ b/tests/pkcs12-decode/Makefile.am
@@ -19,7 +19,8 @@
 # along with this file; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-EXTRA_DIST = client.p12 noclient.p12 unclient.p12 pkcs12_2certs.p12
+EXTRA_DIST = client.p12 noclient.p12 unclient.p12 pkcs12_2certs.p12 \
+	pkcs12_5certs.p12
 
 dist_check_SCRIPTS = pkcs12
 
diff --git a/tests/pkcs12-decode/pkcs12_5certs.p12 b/tests/pkcs12-decode/pkcs12_5certs.p12
new file mode 100644
index 0000000000..5fc9cd397d
--- /dev/null
+++ b/tests/pkcs12-decode/pkcs12_5certs.p12
diff --git a/tests/pkcs12_simple.c b/tests/pkcs12_simple.c
new file mode 100644
index 0000000000..ad17c0e413
--- /dev/null
+++ b/tests/pkcs12_simple.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2005-2012 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <read-file.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/x509.h>
+#include "utils.h"
+
+void
+doit (void)
+{
+  const char *filename, *password = "1234";
+  gnutls_pkcs12_t pkcs12;
+  unsigned char* file_data;
+  size_t file_size;
+  gnutls_datum_t data;
+  gnutls_x509_crt_t * chain, * extras;
+  unsigned int chain_size, extras_size, i;
+  gnutls_x509_privkey_t pkey;
+  int ret;
+
+  ret = gnutls_global_init ();
+  if (ret < 0)
+    fail ("gnutls_global_init failed %d\n", ret);
+
+  ret = gnutls_pkcs12_init(&pkcs12);
+  if (ret < 0)
+    fail ("initialization failed: %s\n", gnutls_strerror(ret));
+
+  filename = getenv ("PKCS12_MANY_CERTS_FILE");
+
+  if (!filename)
+    filename = "pkcs12-decode/pkcs12_5certs.p12";
+
+  if (debug)
+    success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
+             filename, password);
+             
+  file_data = (void*)read_binary_file( filename, &file_size);
+  if (file_data == NULL)
+    fail("cannot open file");
+
+  data.data = file_data;
+  data.size = file_size;
+  ret = gnutls_pkcs12_import(pkcs12, &data, GNUTLS_X509_FMT_DER, 0);
+  if (ret < 0)
+    fail ("pkcs12_import failed %d: %s\n", ret, gnutls_strerror (ret));
+
+  free(file_data);
+
+  if (debug)
+    success ("Read file OK\n");
+
+  ret = gnutls_pkcs12_simple_parse (pkcs12, password, &pkey, &chain, &chain_size,
+                                    &extras, &extras_size, NULL, 0);
+  if (ret < 0)
+    fail ("pkcs12_simple_parse failed %d: %s\n", ret, gnutls_strerror (ret));
+
+  if (chain_size != 1)
+    fail("chain size (%u) should have been 1\n", chain_size);
+
+  if (extras_size != 4)
+    fail("extras size (%u) should have been 4\n", extras_size);
+  
+  if (debug)
+    {
+      char dn[512];
+      size_t dn_size;
+    
+      dn_size = sizeof(dn);
+      ret = gnutls_x509_crt_get_dn(chain[0], dn, &dn_size);
+      if (ret < 0)
+        fail ("crt_get_dn failed %d: %s\n", ret, gnutls_strerror (ret));
+
+      success("dn: %s\n", dn);
+
+      dn_size = sizeof(dn);
+      ret = gnutls_x509_crt_get_issuer_dn(chain[0], dn, &dn_size);
+      if (ret < 0)
+        fail ("crt_get_dn failed %d: %s\n", ret, gnutls_strerror (ret));
+
+      success("issuer dn: %s\n", dn);
+    }
+  
+  gnutls_pkcs12_deinit(pkcs12);
+  gnutls_x509_privkey_deinit(pkey);
+
+  for (i=0;i<chain_size;i++)
+    gnutls_x509_crt_deinit(chain[i]);
+  gnutls_free(chain);
+
+  for (i=0;i<extras_size;i++)
+    gnutls_x509_crt_deinit(extras[i]);
+  gnutls_free(extras);
+
+  gnutls_global_deinit ();
+}