2 Copyright (C) 2012 Carl Hetherington <cth@carlh.net>
4 This file is part of libdcp.
6 libdcp is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 libdcp is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with libdcp. If not, see <http://www.gnu.org/licenses/>.
20 #include "certificate.h"
21 #include "certificate_chain.h"
23 #include "exceptions.h"
25 #include <boost/test/unit_test.hpp>
30 using boost::shared_ptr;
32 /** Check that loading certificates from files via strings works */
33 BOOST_AUTO_TEST_CASE (certificates1)
35 dcp::CertificateChain c;
37 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
38 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
39 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
41 dcp::CertificateChain::List leaf_to_root = c.leaf_to_root ();
43 dcp::CertificateChain::List::iterator i = leaf_to_root.begin ();
46 BOOST_CHECK_EQUAL (*i, c.leaf ());
50 "dnQualifier=6eat8r33US71avuQEojmH\\+bjk84=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
55 "dnQualifier=QFVlym7fuql6bPOnY38aaO1ZPW4=,CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
58 BOOST_CHECK (!c.leaf().extra_data ());
65 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
70 "dnQualifier=6eat8r33US71avuQEojmH\\+bjk84=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
73 BOOST_CHECK (!i->extra_data ());
78 BOOST_CHECK_EQUAL (*i, c.root ());
81 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
84 BOOST_CHECK_EQUAL (c.root().serial(), "5");
88 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
91 BOOST_CHECK (!c.root().extra_data ());
93 /* Check that reconstruction from a string works */
94 dcp::Certificate test (c.root().certificate (true));
95 BOOST_CHECK_EQUAL (test.certificate(), c.root().certificate());
98 /** Check some more certificate-from-strings */
99 BOOST_AUTO_TEST_CASE (certificates2)
102 dcp::Certificate c (dcp::file_to_string (private_test / "CA.GDC-TECH.COM_SA2100_A14903.crt.crt"));
103 BOOST_CHECK_EQUAL (c.certificate(true), dcp::file_to_string (private_test / "CA.GDC-TECH.COM_SA2100_A14903.crt.crt.reformatted"));
104 BOOST_CHECK (!c.extra_data ());
108 dcp::Certificate c (dcp::file_to_string (private_test / "usl-cert.pem"));
109 BOOST_CHECK_EQUAL (c.certificate(true), dcp::file_to_string (private_test / "usl-cert.pem.trimmed"));
110 BOOST_CHECK (!c.extra_data ());
114 dcp::Certificate c (dcp::file_to_string (private_test / "chain.pem"));
115 BOOST_CHECK (c.extra_data ());
118 BOOST_CHECK_THROW (dcp::Certificate (dcp::file_to_string (private_test / "no-begin.pem")), dcp::MiscError);
119 BOOST_CHECK_THROW (dcp::Certificate ("foo"), dcp::MiscError);
122 /** Check that dcp::CertificateChain::valid() and ::attempt_reorder() basically work */
123 BOOST_AUTO_TEST_CASE (certificates_validation)
125 dcp::CertificateChain good1;
126 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
127 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
128 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
129 BOOST_CHECK (good1.valid ());
131 dcp::CertificateChain good2;
132 good2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
133 BOOST_CHECK (good2.valid ());
135 dcp::CertificateChain bad1;
136 bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
137 bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
138 BOOST_CHECK (!bad1.valid ());
139 BOOST_CHECK (!bad1.attempt_reorder ());
141 dcp::CertificateChain bad2;
142 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
143 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
144 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
145 BOOST_CHECK (!bad2.valid ());
146 BOOST_CHECK (bad2.attempt_reorder ());
148 dcp::CertificateChain bad3;
149 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
150 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
151 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
152 BOOST_CHECK (!bad3.valid ());
153 BOOST_CHECK (bad3.attempt_reorder ());
155 dcp::CertificateChain bad4;
156 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
157 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
158 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
159 BOOST_CHECK (!bad4.valid ());
160 BOOST_CHECK (bad4.attempt_reorder ());
162 dcp::CertificateChain bad5;
163 bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
164 bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
165 BOOST_CHECK (!bad5.valid ());
166 BOOST_CHECK (!bad5.attempt_reorder ());
169 /** Check that dcp::Signer::valid() basically works */
170 BOOST_AUTO_TEST_CASE (signer_validation)
172 /* Check a valid signer */
173 dcp::CertificateChain chain;
174 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
175 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
176 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
177 chain.set_key (dcp::file_to_string ("test/ref/crypt/leaf.key"));
178 BOOST_CHECK (chain.valid ());
180 /* Put in an unrelated key and the signer should no longer be valid */
181 dcp::CertificateChain another_chain ("openssl");
182 chain.set_key (another_chain.key().get ());
183 BOOST_CHECK (!chain.valid ());