*/
+#include <boost/test/unit_test.hpp>
+#include "certificates.h"
+#include "signer.h"
+#include "util.h"
+
+using std::list;
+using std::string;
+using boost::shared_ptr;
+
+/** Check that loading certificates from files via strings works */
BOOST_AUTO_TEST_CASE (certificates)
{
- libdcp::CertificateChain c;
+ dcp::CertificateChain c;
+
+ c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+
+ dcp::CertificateChain::List leaf_to_root = c.leaf_to_root ();
- c.add (shared_ptr<libdcp::Certificate> (new libdcp::Certificate ("test/data/crypt/ca.self-signed.pem")));
- c.add (shared_ptr<libdcp::Certificate> (new libdcp::Certificate ("test/data/crypt/intermediate.signed.pem")));
- c.add (shared_ptr<libdcp::Certificate> (new libdcp::Certificate ("test/data/crypt/leaf.signed.pem")));
+ dcp::CertificateChain::List::iterator i = leaf_to_root.begin ();
+
+ /* Leaf */
+ BOOST_CHECK_EQUAL (*i, c.leaf ());
BOOST_CHECK_EQUAL (
- c.root()->issuer(),
- "/O=example.org/OU=example.org/CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION/dnQualifier=rTeK7x+nopFkyphflooz6p2ZM7A="
+ c.leaf().issuer(),
+ "dnQualifier=6eat8r33US71avuQEojmH\\+bjk84=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
+ );
+
+ BOOST_CHECK_EQUAL (
+ c.leaf().subject(),
+ "dnQualifier=QFVlym7fuql6bPOnY38aaO1ZPW4=,CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
+ );
+
+ ++i;
+
+ /* Intermediate */
+ BOOST_CHECK_EQUAL (
+ i->issuer(),
+ "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
+ );
+
+ BOOST_CHECK_EQUAL (
+ i->subject(),
+ "dnQualifier=6eat8r33US71avuQEojmH\\+bjk84=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
);
+ ++i;
+
+ /* Root */
+ BOOST_CHECK_EQUAL (*i, c.root ());
BOOST_CHECK_EQUAL (
- libdcp::Certificate::name_for_xml (c.root()->issuer()),
- "dnQualifier=rTeK7x\\+nopFkyphflooz6p2ZM7A=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
+ c.root().issuer(),
+ "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
);
- BOOST_CHECK_EQUAL (c.root()->serial(), "5");
+ BOOST_CHECK_EQUAL (c.root().serial(), "5");
BOOST_CHECK_EQUAL (
- libdcp::Certificate::name_for_xml (c.root()->subject()),
- "dnQualifier=rTeK7x\\+nopFkyphflooz6p2ZM7A=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
+ c.root().subject(),
+ "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
);
+
+ /* Check that reconstruction from a string works */
+ dcp::Certificate test (c.root().certificate (true));
+ BOOST_CHECK_EQUAL (test.certificate(), c.root().certificate());
+}
+
+/** Check that dcp::CertificateChain::valid() and ::attempt_reorder() basically work */
+BOOST_AUTO_TEST_CASE (certificates_validation)
+{
+ dcp::CertificateChain good1;
+ good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ BOOST_CHECK (good1.valid ());
+
+ dcp::CertificateChain good2;
+ good2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ BOOST_CHECK (good2.valid ());
+
+ dcp::CertificateChain bad1;
+ bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ BOOST_CHECK (!bad1.valid ());
+ BOOST_CHECK (!bad1.attempt_reorder ());
+
+ dcp::CertificateChain bad2;
+ bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ BOOST_CHECK (!bad2.valid ());
+ BOOST_CHECK (bad2.attempt_reorder ());
+
+ dcp::CertificateChain bad3;
+ bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ BOOST_CHECK (!bad3.valid ());
+ BOOST_CHECK (bad3.attempt_reorder ());
+
+ dcp::CertificateChain bad4;
+ bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ BOOST_CHECK (!bad4.valid ());
+ BOOST_CHECK (bad4.attempt_reorder ());
+
+ dcp::CertificateChain bad5;
+ bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ BOOST_CHECK (!bad5.valid ());
+ BOOST_CHECK (!bad5.attempt_reorder ());
+}
+
+/** Check that dcp::Signer::valid() basically works */
+BOOST_AUTO_TEST_CASE (signer_validation)
+{
+ /* Check a valid signer */
+ dcp::CertificateChain chain;
+ chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ dcp::Signer signer (chain, dcp::file_to_string ("test/ref/crypt/leaf.key"));
+ BOOST_CHECK (signer.valid ());
+
+ /* Put in an unrelated key and the signer should no longer be valid */
+ dcp::Signer another_signer ("openssl");
+ signer.set_key (another_signer.key ());
+ BOOST_CHECK (!signer.valid ());
}