diff options
Diffstat (limited to 'tests/pkcs11/distrust-after.c')
-rw-r--r-- | tests/pkcs11/distrust-after.c | 174 |
1 files changed, 89 insertions, 85 deletions
diff --git a/tests/pkcs11/distrust-after.c b/tests/pkcs11/distrust-after.c index 05165baa5a..c95e8720d6 100644 --- a/tests/pkcs11/distrust-after.c +++ b/tests/pkcs11/distrust-after.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdbool.h> @@ -36,14 +36,14 @@ int main(void) #else -# include <string.h> -# include <unistd.h> -# include <gnutls/gnutls.h> -# include <assert.h> +#include <string.h> +#include <unistd.h> +#include <gnutls/gnutls.h> +#include <assert.h> -# include "cert-common.h" -# include "pkcs11/softhsm.h" -# include "utils.h" +#include "cert-common.h" +#include "pkcs11/softhsm.h" +#include "utils.h" /* This program tests that CKA_NSS_SERVER_DISTRUST_AFTER is honored * while validating certificate chain. @@ -54,64 +54,64 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "server|<%d>| %s", level, str); } -# define PIN "1234" +#define PIN "1234" -# define CONFIG_NAME "softhsm-distrust-after" -# define CONFIG CONFIG_NAME".config" +#define CONFIG_NAME "softhsm-distrust-after" +#define CONFIG CONFIG_NAME ".config" static const unsigned char chain_pem[] = - "-----BEGIN CERTIFICATE-----" - "MIID5zCCAp+gAwIBAgIUIXzLE8ObVwBGHepbjMWRwW/NpDgwDQYJKoZIhvcNAQEL" - "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjMwMzE0MTAwNDAzWhgP" - "OTk5OTEyMzEyMzU5NTlaMDcxGzAZBgNVBAoTEkdudVRMUyB0ZXN0IHNlcnZlcjEY" - "MBYGA1UEAxMPdGVzdC5nbnV0bHMub3JnMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8A" - "MIIBOgKCATEAtGsnmCWvwf8eyrB+9Ni87UOGZ1Rd2rQewpBfgzwCEfwTcoWyiKRl" - "QQt2XyO+ip/+eUtzOy7HSzy/FsmXVTUX86FySzDC4CeUEvNWAObOgksRXaQem/r6" - "uRsqTRi1uqXmDMeoqKFtqoiE3JYOsmwcNarnx5Q9+dXHwqINS7NuevcIX8UJzRWT" - "GveY3ypMZokk7R/QFmOBZaVYO6HNJWKbmYFUCBcY7HwvCKI7KFcynRdHCob7YrFB" - "meb73qjqIH7zG+666pohZCmS8q1z5RkFnTdT4hGfGF8iuuKLDQCMni+nhz1Avkqi" - "pZIIDC5hwFh8mpnh1qyDOSXPPhvt66NtncvFON7Bx26bNBS+MD6CkB65Spp25O8z" - "DEaiMXL2w2EL+KpnifSl5XY3oSmfgHmqdQIDAQABo4GmMIGjMAwGA1UdEwEB/wQC" - "MAAwGgYDVR0RBBMwEYIPdGVzdC5nbnV0bHMub3JnMCcGA1UdJQQgMB4GCCsGAQUF" - "BwMBBggrBgEFBQcDAwYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQW" - "BBRIIzRTCokxOEpa6sq20qbezh0rGDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s" - "/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAYbQLlr74D62lPEevV/HWLOMG8taY" - "gPld7Z5VApIhsJa913Jya7AOsW+lz48LX3QNTc8Xgj7FVwQeNP1GtBZXCe6U73KB" - "Z+qp1rIEwn2cQVmFG+ShxmUA/gxxmWql2BAORNd5ZCVOcZbMh9uwWjhIQN/SImtW" - "x3ebFgV5N7GPFbw+5NUITLXoLrD7Bixv3iQS8hWwmAmmPZbHAENRauL6jYSjniru" - "SSFYjzJ1trJB6VgpJ2yWfKdcGZmB3osnGshWbayVOaprbH0AWKwOZ/d7sAldjdVw" - "ZsaOhA+6NbvpKYZuw6Tdt0+VmUwGC1ATJGpc0dEXRBaFlt/e+gqQ43Mo+YwiMDYq" - "LDU5nLC6uTSZLtgQHTqb32xmQ/D/y6NkUTH3f4OcxPGxBRVBHjOTk6MhRA==" - "-----END CERTIFICATE-----" - "-----BEGIN CERTIFICATE-----" - "MIIDjTCCAkWgAwIBAgIUejTcfGbOAc9l4IBW+kpAN6A7Sj4wDQYJKoZIhvcNAQEL" - "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjMwMzE0MDk1NzU1WhgP" - "OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIBUjAN" - "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3C" - "qVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJ" - "U95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8" - "vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwW" - "PJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vG" - "VYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7" - "FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQAB" - "o2swaTAPBgNVHRMBAf8EBTADAQH/MCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEF" - "BQcDAwYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQedyNtZzEf" - "kQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAa37UdOTvdUfRGwjrodhE" - "tEnRnfrwfQ61RMK5GY07UAks7CjdeWFDLoQfv9oP9kH122hEGAA683xg/CH5OeN0" - "8zrayQKqwcH40SJQDzc748lTgxUIDaf2rrkoF8butpaDaI0fageqjlEvCeZZSuIC" - "KCfZK9NPN47DknuerjOTwrWxvXYRepfSo8VVbjRj8R4qsgJsmJZYQfrAg0XrnKf/" - "UibNPXRCYABsxH4ZFtivg93LaQ05z4IrPSWGOTDQxNBoEC0DVGfSc8XElP0MkF/K" - "BIPsl3Rt2oFNhfViF9Gpzy9Dj1P1kMD6kE7nBDiRBUPNJZBiJSGVTMZTMc2tg42W" - "QcUYnUUzOpQWg1tcOZy4s+EuJ0bEWhSkFfSN3ENxsHXNCYYHgeadATcGbzTxD6ib" - "eA==" "-----END CERTIFICATE-----"; - -static const gnutls_datum_t chain = { - (unsigned char *)chain_pem, sizeof(chain_pem) - 1 -}; - -static -int pin_func(void *userdata, int attempt, const char *url, const char *label, - unsigned flags, char *pin, size_t pin_max) + "-----BEGIN CERTIFICATE-----" + "MIID5zCCAp+gAwIBAgIUIXzLE8ObVwBGHepbjMWRwW/NpDgwDQYJKoZIhvcNAQEL" + "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjMwMzE0MTAwNDAzWhgP" + "OTk5OTEyMzEyMzU5NTlaMDcxGzAZBgNVBAoTEkdudVRMUyB0ZXN0IHNlcnZlcjEY" + "MBYGA1UEAxMPdGVzdC5nbnV0bHMub3JnMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8A" + "MIIBOgKCATEAtGsnmCWvwf8eyrB+9Ni87UOGZ1Rd2rQewpBfgzwCEfwTcoWyiKRl" + "QQt2XyO+ip/+eUtzOy7HSzy/FsmXVTUX86FySzDC4CeUEvNWAObOgksRXaQem/r6" + "uRsqTRi1uqXmDMeoqKFtqoiE3JYOsmwcNarnx5Q9+dXHwqINS7NuevcIX8UJzRWT" + "GveY3ypMZokk7R/QFmOBZaVYO6HNJWKbmYFUCBcY7HwvCKI7KFcynRdHCob7YrFB" + "meb73qjqIH7zG+666pohZCmS8q1z5RkFnTdT4hGfGF8iuuKLDQCMni+nhz1Avkqi" + "pZIIDC5hwFh8mpnh1qyDOSXPPhvt66NtncvFON7Bx26bNBS+MD6CkB65Spp25O8z" + "DEaiMXL2w2EL+KpnifSl5XY3oSmfgHmqdQIDAQABo4GmMIGjMAwGA1UdEwEB/wQC" + "MAAwGgYDVR0RBBMwEYIPdGVzdC5nbnV0bHMub3JnMCcGA1UdJQQgMB4GCCsGAQUF" + "BwMBBggrBgEFBQcDAwYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQW" + "BBRIIzRTCokxOEpa6sq20qbezh0rGDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s" + "/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAYbQLlr74D62lPEevV/HWLOMG8taY" + "gPld7Z5VApIhsJa913Jya7AOsW+lz48LX3QNTc8Xgj7FVwQeNP1GtBZXCe6U73KB" + "Z+qp1rIEwn2cQVmFG+ShxmUA/gxxmWql2BAORNd5ZCVOcZbMh9uwWjhIQN/SImtW" + "x3ebFgV5N7GPFbw+5NUITLXoLrD7Bixv3iQS8hWwmAmmPZbHAENRauL6jYSjniru" + "SSFYjzJ1trJB6VgpJ2yWfKdcGZmB3osnGshWbayVOaprbH0AWKwOZ/d7sAldjdVw" + "ZsaOhA+6NbvpKYZuw6Tdt0+VmUwGC1ATJGpc0dEXRBaFlt/e+gqQ43Mo+YwiMDYq" + "LDU5nLC6uTSZLtgQHTqb32xmQ/D/y6NkUTH3f4OcxPGxBRVBHjOTk6MhRA==" + "-----END CERTIFICATE-----" + "-----BEGIN CERTIFICATE-----" + "MIIDjTCCAkWgAwIBAgIUejTcfGbOAc9l4IBW+kpAN6A7Sj4wDQYJKoZIhvcNAQEL" + "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjMwMzE0MDk1NzU1WhgP" + "OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIBUjAN" + "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3C" + "qVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJ" + "U95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8" + "vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwW" + "PJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vG" + "VYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7" + "FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQAB" + "o2swaTAPBgNVHRMBAf8EBTADAQH/MCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEF" + "BQcDAwYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQedyNtZzEf" + "kQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAa37UdOTvdUfRGwjrodhE" + "tEnRnfrwfQ61RMK5GY07UAks7CjdeWFDLoQfv9oP9kH122hEGAA683xg/CH5OeN0" + "8zrayQKqwcH40SJQDzc748lTgxUIDaf2rrkoF8butpaDaI0fageqjlEvCeZZSuIC" + "KCfZK9NPN47DknuerjOTwrWxvXYRepfSo8VVbjRj8R4qsgJsmJZYQfrAg0XrnKf/" + "UibNPXRCYABsxH4ZFtivg93LaQ05z4IrPSWGOTDQxNBoEC0DVGfSc8XElP0MkF/K" + "BIPsl3Rt2oFNhfViF9Gpzy9Dj1P1kMD6kE7nBDiRBUPNJZBiJSGVTMZTMc2tg42W" + "QcUYnUUzOpQWg1tcOZy4s+EuJ0bEWhSkFfSN3ENxsHXNCYYHgeadATcGbzTxD6ib" + "eA==" + "-----END CERTIFICATE-----"; + +static const gnutls_datum_t chain = { (unsigned char *)chain_pem, + sizeof(chain_pem) - 1 }; + +static int pin_func(void *userdata, int attempt, const char *url, + const char *label, unsigned flags, char *pin, + size_t pin_max) { if (attempt == 0) { strcpy(pin, PIN); @@ -154,23 +154,22 @@ static void test(const char *provider, const char *purpose, bool succeeds) fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); } - ret = - gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, - GNUTLS_PIN_USER); + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, + GNUTLS_PIN_USER); if (ret < 0) { fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); } gnutls_x509_trust_list_init(&tl, 0); - ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, - 0, 0, 0); + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, + 0); if (ret < 0) { fail("gnutls_x509_trust_list_add_trust_file\n"); } - ret = gnutls_x509_crt_list_import2(&certs, &count, - &chain, GNUTLS_X509_FMT_PEM, 0); + ret = gnutls_x509_crt_list_import2(&certs, &count, &chain, + GNUTLS_X509_FMT_PEM, 0); if (ret < 0) { fail("gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); } @@ -178,10 +177,11 @@ static void test(const char *provider, const char *purpose, bool succeeds) assert(count == 2); /* Use the ICA (instead of the actual root CA) for simplicity. */ - ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[1], "ca", - GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED | - GNUTLS_PKCS11_OBJ_FLAG_MARK_CA | - GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); + ret = gnutls_pkcs11_copy_x509_crt( + SOFTHSM_URL, certs[1], "ca", + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED | + GNUTLS_PKCS11_OBJ_FLAG_MARK_CA | + GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); if (ret < 0) { fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); } @@ -189,8 +189,8 @@ static void test(const char *provider, const char *purpose, bool succeeds) vdata.type = GNUTLS_DT_KEY_PURPOSE_OID; vdata.data = (void *)purpose; - ret = gnutls_x509_trust_list_verify_crt2(tl, certs, 1, &vdata, 1, - 0, &status, NULL); + ret = gnutls_x509_trust_list_verify_crt2(tl, certs, 1, &vdata, 1, 0, + &status, NULL); if (ret < 0) { fail("gnutls_x509_trust_list_verify_crt2: %s\n", gnutls_strerror(ret)); @@ -236,16 +236,18 @@ void doit(void) set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), - "%s --init-token --slot 0 --label test --so-pin " PIN " --pin " - PIN, bin); + "%s --init-token --slot 0 --label test --so-pin " PIN + " --pin " PIN, + bin); system(buf); test(lib, GNUTLS_KP_TLS_WWW_SERVER, true); set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), - "%s --init-token --slot 0 --label test --so-pin " PIN " --pin " - PIN, bin); + "%s --init-token --slot 0 --label test --so-pin " PIN + " --pin " PIN, + bin); system(buf); test(lib, GNUTLS_KP_EMAIL_PROTECTION, true); @@ -257,18 +259,20 @@ void doit(void) set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), - "%s --init-token --slot 0 --label test --so-pin " PIN " --pin " - PIN, bin); + "%s --init-token --slot 0 --label test --so-pin " PIN + " --pin " PIN, + bin); system(buf); test(lib, GNUTLS_KP_TLS_WWW_SERVER, false); set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), - "%s --init-token --slot 0 --label test --so-pin " PIN " --pin " - PIN, bin); + "%s --init-token --slot 0 --label test --so-pin " PIN + " --pin " PIN, + bin); system(buf); test(lib, GNUTLS_KP_EMAIL_PROTECTION, true); } -#endif /* _WIN32 */ +#endif /* _WIN32 */ |