blob: 874c8ac5ea5977b988b4f7c9caf621db6b88c930 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
;;; GnuTLS --- Guile bindings for GnuTLS.
;;; Copyright (C) 2007-2012, 2021 Free Software Foundation, Inc.
;;;
;;; GnuTLS is free software; you can redistribute it and/or
;;; modify it under the terms of the GNU Lesser General Public
;;; License as published by the Free Software Foundation; either
;;; version 2.1 of the License, or (at your option) any later version.
;;;
;;; GnuTLS is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
;;; Lesser General Public License for more details.
;;;
;;; You should have received a copy of the GNU Lesser General Public
;;; License along with GnuTLS; if not, write to the Free Software
;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
;;; Written by Ludovic Courtès <ludo@chbouib.org>.
;;;
;;; Exercise the X.509 certificate API.
;;;
(use-modules (gnutls)
(gnutls build tests)
(srfi srfi-4)
(srfi srfi-11)
(ice-9 format))
(define %certificate-file
(search-path %load-path "x509-certificate.pem"))
(define %private-key-file
(search-path %load-path "x509-key.pem"))
(define %first-oid
;; The certificate's first OID.
"2.5.4.6")
(define %signature-algorithm
;; The certificate's signature algorithm.
sign-algorithm/rsa-sha1)
(define %sha1-fingerprint
;; The certificate's SHA-1 fingerprint.
"7c55df47de718869d55998ee1e9301331ccd0601")
(define %sha256-fingerprint
;; The certificate's SHA-256 fingerprint.
"0db40a5ee20169d25f090e4d165d87266b1a04722cddec4da36692c81c3096f6")
(define (file-size file)
(stat:size (stat file)))
(define (u8vector->hex-string u8vector)
(string-join (map (lambda (u8) (format #f "~2,'0x" u8))
(u8vector->list u8vector))
""))
(run-test
(lambda ()
(let ((raw-certificate (make-u8vector (file-size %certificate-file)))
(raw-privkey (make-u8vector (file-size %private-key-file))))
(uniform-vector-read! raw-certificate
(open-input-file %certificate-file))
(uniform-vector-read! raw-privkey
(open-input-file %private-key-file))
(let ((cert (import-x509-certificate raw-certificate
x509-certificate-format/pem))
(sec (import-x509-private-key raw-privkey
x509-certificate-format/pem)))
(and (x509-certificate? cert)
(x509-private-key? sec)
(string? (x509-certificate-dn cert))
(string? (x509-certificate-issuer-dn cert))
(string=? (x509-certificate-dn-oid cert 0) %first-oid)
(eq? (x509-certificate-signature-algorithm cert)
%signature-algorithm)
(x509-certificate-matches-hostname? cert "localhost")
(let-values (((type name)
(x509-certificate-subject-alternative-name
cert 0)))
(and (string? name)
(string?
(x509-subject-alternative-name->string type))))
(equal? (u8vector->hex-string
(x509-certificate-fingerprint cert digest/sha1))
%sha1-fingerprint)
(equal? (u8vector->hex-string
(x509-certificate-fingerprint cert digest/sha256))
%sha256-fingerprint))))))
;;; arch-tag: eef09b52-30e8-472a-8b93-cb636434f6eb
|
