X-Git-Url: https://git.carlh.net/gitweb/?a=blobdiff_plain;f=test%2Fcertificates_test.cc;h=520cb99cd5160af6dd259603b15a12d123d2cfef;hb=491ac453512ac1982f62fc0d2a310586427601d7;hp=690afa774a6c6c19f6e64667b218c88c1516562c;hpb=bfb33feb40c5b014e9eae3958b1ecb8161f1d090;p=libdcp.git diff --git a/test/certificates_test.cc b/test/certificates_test.cc index 690afa77..520cb99c 100644 --- a/test/certificates_test.cc +++ b/test/certificates_test.cc @@ -19,32 +19,35 @@ #include #include "certificates.h" +#include "signer.h" +#include "util.h" using std::list; +using std::string; using boost::shared_ptr; BOOST_AUTO_TEST_CASE (certificates) { dcp::CertificateChain c; - c.add (shared_ptr (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem")))); - c.add (shared_ptr (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem")))); - c.add (shared_ptr (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem")))); + c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))); + c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))); + c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))); - list > leaf_to_root = c.leaf_to_root (); + dcp::CertificateChain::List leaf_to_root = c.leaf_to_root (); - list >::iterator i = leaf_to_root.begin (); + dcp::CertificateChain::List::iterator i = leaf_to_root.begin (); /* Leaf */ BOOST_CHECK_EQUAL (*i, c.leaf ()); BOOST_CHECK_EQUAL ( - c.leaf()->issuer(), + c.leaf().issuer(), "dnQualifier=bmtwThq3srgxIAeRMjX6BFhgLDw=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org" ); BOOST_CHECK_EQUAL ( - c.leaf()->subject(), + c.leaf().subject(), "dnQualifier=d95fGDzERNdxfYPgphvAR8A18L4=,CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION,OU=example.org,O=example.org" ); @@ -52,12 +55,12 @@ BOOST_AUTO_TEST_CASE (certificates) /* Intermediate */ BOOST_CHECK_EQUAL ( - (*i)->issuer(), + i->issuer(), "dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org" ); BOOST_CHECK_EQUAL ( - (*i)->subject(), + i->subject(), "dnQualifier=bmtwThq3srgxIAeRMjX6BFhgLDw=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org" ); @@ -66,18 +69,82 @@ BOOST_AUTO_TEST_CASE (certificates) /* Root */ BOOST_CHECK_EQUAL (*i, c.root ()); BOOST_CHECK_EQUAL ( - c.root()->issuer(), + c.root().issuer(), "dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org" ); - BOOST_CHECK_EQUAL (c.root()->serial(), "5"); + BOOST_CHECK_EQUAL (c.root().serial(), "5"); BOOST_CHECK_EQUAL ( - c.root()->subject(), + c.root().subject(), "dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org" ); /* Check that reconstruction from a string works */ - dcp::Certificate test (c.root()->certificate (true)); - BOOST_CHECK_EQUAL (test.certificate(), c.root()->certificate()); + dcp::Certificate test (c.root().certificate (true)); + BOOST_CHECK_EQUAL (test.certificate(), c.root().certificate()); +} + +/** Check that dcp::CertificateChain::valid() and ::attempt_reorder() basically work */ +BOOST_AUTO_TEST_CASE (certificates_validation) +{ + dcp::CertificateChain good1; + good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))); + good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))); + good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))); + BOOST_CHECK (good1.valid ()); + + dcp::CertificateChain good2; + good2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))); + BOOST_CHECK (good2.valid ()); + + dcp::CertificateChain bad1; + bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))); + bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))); + BOOST_CHECK (!bad1.valid ()); + BOOST_CHECK (!bad1.attempt_reorder ()); + + dcp::CertificateChain bad2; + bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))); + bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))); + bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))); + BOOST_CHECK (!bad2.valid ()); + BOOST_CHECK (bad2.attempt_reorder ()); + + dcp::CertificateChain bad3; + bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))); + bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))); + bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))); + BOOST_CHECK (!bad3.valid ()); + BOOST_CHECK (bad3.attempt_reorder ()); + + dcp::CertificateChain bad4; + bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))); + bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))); + bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))); + BOOST_CHECK (!bad4.valid ()); + BOOST_CHECK (bad4.attempt_reorder ()); + + dcp::CertificateChain bad5; + bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))); + bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))); + BOOST_CHECK (!bad5.valid ()); + BOOST_CHECK (!bad5.attempt_reorder ()); +} + +/** Check that dcp::Signer::valid() basically works */ +BOOST_AUTO_TEST_CASE (signer_validation) +{ + /* Check a valid signer */ + dcp::CertificateChain chain; + chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))); + chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))); + chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))); + dcp::Signer signer (chain, dcp::file_to_string ("test/ref/crypt/leaf.key")); + BOOST_CHECK (signer.valid ()); + + /* Put in an unrelated key and the signer should no longer be valid */ + dcp::Signer another_signer ("openssl"); + signer.set_key (another_signer.key ()); + BOOST_CHECK (!signer.valid ()); }