/*
- Copyright (C) 2012 Carl Hetherington <cth@carlh.net>
+ Copyright (C) 2012-2019 Carl Hetherington <cth@carlh.net>
This file is part of libdcp.
You should have received a copy of the GNU General Public License
along with libdcp. If not, see <http://www.gnu.org/licenses/>.
+
+ In addition, as a special exception, the copyright holders give
+ permission to link the code of portions of this program with the
+ OpenSSL library under certain conditions as described in each
+ individual source file, and distribute linked combinations
+ including the two.
+
+ You must obey the GNU General Public License in all respects
+ for all of the code used other than OpenSSL. If you modify
+ file(s) with this exception, you may extend this exception to your
+ version of the file(s), but you are not obligated to do so. If you
+ do not wish to do so, delete this exception statement from your
+ version. If you delete this exception statement from all source
+ files in the program, then also delete it here.
*/
#include "certificate.h"
using std::list;
using std::string;
-using boost::shared_ptr;
+using std::shared_ptr;
/** Check that loading certificates from files via strings works */
BOOST_AUTO_TEST_CASE (certificates1)
{
dcp::CertificateChain good (
boost::filesystem::path ("openssl"),
+ 10 * 365,
"dcpomatic.com",
"dcpomatic.com",
".dcpomatic.smpte-430-2.ROOT",
/** Check that we can create a valid chain */
BOOST_AUTO_TEST_CASE (certificates_validation10)
{
- dcp::CertificateChain good (boost::filesystem::path ("openssl"));
+ dcp::CertificateChain good (boost::filesystem::path ("openssl"), 10 * 365);
BOOST_CHECK_NO_THROW (good.root_to_leaf());
}
BOOST_CHECK (chain.valid ());
/* Put in an unrelated key and the signer should no longer be valid */
- dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"));
+ dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"), 10 * 365);
chain.set_key (another_chain.key().get ());
BOOST_CHECK (!chain.valid ());
}
BOOST_AUTO_TEST_CASE (certificate_chain_from_string)
{
dcp::CertificateChain a (dcp::file_to_string (private_test / "chain.pem"));
- BOOST_CHECK_EQUAL (a.root_to_leaf().size(), 3);
+ BOOST_CHECK_EQUAL (a.root_to_leaf().size(), 3U);
dcp::CertificateChain b (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"));
- BOOST_CHECK_EQUAL (b.root_to_leaf().size(), 1);
+ BOOST_CHECK_EQUAL (b.root_to_leaf().size(), 1U);
+}
+
+/** Check not_before and not_after */
+BOOST_AUTO_TEST_CASE (certificate_not_before_after)
+{
+ dcp::Certificate c (dcp::file_to_string("test/ref/crypt/ca.self-signed.pem"));
+ auto not_before = c.not_before();
+ BOOST_CHECK_EQUAL (not_before.second(), 8);
+ BOOST_CHECK_EQUAL (not_before.minute(), 20);
+ BOOST_CHECK_EQUAL (not_before.hour(), 13);
+ BOOST_CHECK_EQUAL (not_before.day(), 5);
+ BOOST_CHECK_EQUAL (not_before.month(), 6);
+ BOOST_CHECK_EQUAL (not_before.year(), 2015);
+ auto not_after = c.not_after();
+ BOOST_CHECK_EQUAL (not_after.second(), 8);
+ BOOST_CHECK_EQUAL (not_after.minute(), 20);
+ BOOST_CHECK_EQUAL (not_after.hour(), 13);
+ BOOST_CHECK_EQUAL (not_after.day(), 2);
+ BOOST_CHECK_EQUAL (not_after.month(), 6);
+ BOOST_CHECK_EQUAL (not_after.year(), 2025);
+}
+
+
+/** Check for correct escaping of public key digests */
+BOOST_AUTO_TEST_CASE(certificate_public_key_digest)
+{
+ BOOST_CHECK_EQUAL(dcp::public_key_digest("test/data/private.key"), "MekIXGBkYdh28siMnnF\\/Zs2JeK8=");
+ BOOST_CHECK_EQUAL(dcp::public_key_digest("test/data/private2.key"), "dfjStQNFTdVpfzgmxQCb3x\\+y2SY=");
}
+
+
+/** Create some certificates and check that the dnQualifier read from the header is always what is should be;
+ * previously it would not be if the digest contained \ or + (DoM #2716).
+ */
+BOOST_AUTO_TEST_CASE(certificate_dn_qualifiers)
+{
+ for (auto i = 0; i < 50; ++i) {
+ dcp::CertificateChain chain(boost::filesystem::path("openssl"), 10 * 365);
+ for (auto cert: chain.unordered()) {
+ BOOST_CHECK_EQUAL(dcp::escape_digest(cert.subject_dn_qualifier()), dcp::public_key_digest(cert.public_key()));
+ }
+ }
+}
+
projects / libdcp.git / blobdiff