using std::list;
using std::string;
-using boost::shared_ptr;
+using std::shared_ptr;
/** Check that loading certificates from files via strings works */
BOOST_AUTO_TEST_CASE (certificates1)
{
dcp::CertificateChain good (
boost::filesystem::path ("openssl"),
+ 10 * 365,
"dcpomatic.com",
"dcpomatic.com",
".dcpomatic.smpte-430-2.ROOT",
/** Check that we can create a valid chain */
BOOST_AUTO_TEST_CASE (certificates_validation10)
{
- dcp::CertificateChain good (boost::filesystem::path ("openssl"));
+ dcp::CertificateChain good (boost::filesystem::path ("openssl"), 10 * 365);
BOOST_CHECK_NO_THROW (good.root_to_leaf());
}
BOOST_CHECK (chain.valid ());
/* Put in an unrelated key and the signer should no longer be valid */
- dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"));
+ dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"), 10 * 365);
chain.set_key (another_chain.key().get ());
BOOST_CHECK (!chain.valid ());
}
BOOST_AUTO_TEST_CASE (certificate_chain_from_string)
{
dcp::CertificateChain a (dcp::file_to_string (private_test / "chain.pem"));
- BOOST_CHECK_EQUAL (a.root_to_leaf().size(), 3);
+ BOOST_CHECK_EQUAL (a.root_to_leaf().size(), 3U);
dcp::CertificateChain b (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"));
- BOOST_CHECK_EQUAL (b.root_to_leaf().size(), 1);
+ BOOST_CHECK_EQUAL (b.root_to_leaf().size(), 1U);
}
/** Check not_before and not_after */
BOOST_AUTO_TEST_CASE (certificate_not_before_after)
{
dcp::Certificate c (dcp::file_to_string("test/ref/crypt/ca.self-signed.pem"));
- struct tm not_before = c.not_before();
- BOOST_CHECK_EQUAL (not_before.tm_sec, 8);
- BOOST_CHECK_EQUAL (not_before.tm_min, 20);
- BOOST_CHECK_EQUAL (not_before.tm_hour, 13);
- BOOST_CHECK_EQUAL (not_before.tm_mday, 5);
- BOOST_CHECK_EQUAL (not_before.tm_mon, 5);
- BOOST_CHECK_EQUAL (not_before.tm_year, 115);
- struct tm not_after = c.not_after();
- BOOST_CHECK_EQUAL (not_after.tm_sec, 8);
- BOOST_CHECK_EQUAL (not_after.tm_min, 20);
- BOOST_CHECK_EQUAL (not_after.tm_hour, 13);
- BOOST_CHECK_EQUAL (not_after.tm_mday, 2);
- BOOST_CHECK_EQUAL (not_after.tm_mon, 5);
- BOOST_CHECK_EQUAL (not_after.tm_year, 125);
+ auto not_before = c.not_before();
+ BOOST_CHECK_EQUAL (not_before.second(), 8);
+ BOOST_CHECK_EQUAL (not_before.minute(), 20);
+ BOOST_CHECK_EQUAL (not_before.hour(), 13);
+ BOOST_CHECK_EQUAL (not_before.day(), 5);
+ BOOST_CHECK_EQUAL (not_before.month(), 6);
+ BOOST_CHECK_EQUAL (not_before.year(), 2015);
+ auto not_after = c.not_after();
+ BOOST_CHECK_EQUAL (not_after.second(), 8);
+ BOOST_CHECK_EQUAL (not_after.minute(), 20);
+ BOOST_CHECK_EQUAL (not_after.hour(), 13);
+ BOOST_CHECK_EQUAL (not_after.day(), 2);
+ BOOST_CHECK_EQUAL (not_after.month(), 6);
+ BOOST_CHECK_EQUAL (not_after.year(), 2025);
}
+
+
+/** Check for correct escaping of public key digests */
+BOOST_AUTO_TEST_CASE(certificate_public_key_digest)
+{
+ BOOST_CHECK_EQUAL(dcp::public_key_digest("test/data/private.key"), "MekIXGBkYdh28siMnnF\\/Zs2JeK8=");
+ BOOST_CHECK_EQUAL(dcp::public_key_digest("test/data/private2.key"), "dfjStQNFTdVpfzgmxQCb3x\\+y2SY=");
+}
+
+
+/** Create some certificates and check that the dnQualifier read from the header is always what is should be;
+ * previously it would not be if the digest contained \ or + (DoM #2716).
+ */
+BOOST_AUTO_TEST_CASE(certificate_dn_qualifiers)
+{
+ for (auto i = 0; i < 50; ++i) {
+ dcp::CertificateChain chain(boost::filesystem::path("openssl"), 10 * 365);
+ for (auto cert: chain.unordered()) {
+ BOOST_CHECK_EQUAL(dcp::escape_digest(cert.subject_dn_qualifier()), dcp::public_key_digest(cert.public_key()));
+ }
+ }
+}
+