propagate from branch 'net.randombit.botan' (head 78a772f3855abc89c3eed2fe8735e8438463399c)

to branch 'net.randombit.botan.x509-path-validation' (head 9e678a8bc141087439a1238783006e9892a98450)
author: lloyd <[email protected]> 2012-02-03 20:02:03 +0000
committer: lloyd <[email protected]> 2012-02-03 20:02:03 +0000
commit: 03bc906a6a94d236f192fa3b1bb370c013fc753a (patch)
tree: 38b46703c4aae2e8ca78bc3b9b257f22685c23c9 /checks
parent: dd2011140c06661e1cc554aae560a2ef9162faff (diff)
parent: 696489bec89950051aedc53c7d162cdbe9d1125b (diff)
3 files changed, 25 insertions, 22 deletions
diff --git a/checks/nist_tests/Makefile b/checks/nist_tests/Makefile
index 3fcdf212b..96c958dd7 100644
--- a/checks/nist_tests/Makefile
+++ b/checks/nist_tests/Makefile
@@ -1,8 +1,10 @@
 
+BOTAN_CONFIG=botan-config
+
 CC=g++
 FLAGS=-g -Os -W -Wall -ansi
-LDFLAGS=-L../.. -lbotan-1.9
-CFLAGS=-I../../build/include
+LDFLAGS=$(shell $(BOTAN_CONFIG) --libs)
+CFLAGS=$(shell $(BOTAN_CONFIG) --cflags) -I../../build/include
 
 x509test: x509test.cpp
 	$(CC) $(FLAGS) $(CFLAGS) x509test.cpp $(LDFLAGS) -o x509test
diff --git a/checks/nist_tests/x509test.cpp b/checks/nist_tests/x509test.cpp
index 0c4c04029..66b274c6c 100644
--- a/checks/nist_tests/x509test.cpp
+++ b/checks/nist_tests/x509test.cpp
@@ -4,7 +4,7 @@
   which is available on NIST's web site.
 */
 
-#include <botan/x509stor.h>
+#include <botan/x509path.h>
 #include <botan/init.h>
 using namespace Botan;
 
@@ -106,9 +106,9 @@ void run_one_test(u32bit test_no, X509_Code expected,
 
    X509_Code result = VERIFIED;
 
-   X509_Store store;
+   Certificate_Store_Memory store;
 
-   store.add_cert(X509_Certificate(root_cert), true);
+   store.add_cert(X509_Certificate(root_cert));
 
    X509_Certificate end_user(to_verify);
 
@@ -130,9 +130,7 @@ void run_one_test(u32bit test_no, X509_Code expected,
          std::cout << std::endl;
          }
       */
-      result = store.add_crl(crl);
-      if(result != VERIFIED)
-         break;
+      store.add_crl(crl);
       }
 
    /* if everything has gone well up until now */
diff --git a/checks/x509.cpp b/checks/x509.cpp
index 8c6cd8187..919fa3508 100644
--- a/checks/x509.cpp
+++ b/checks/x509.cpp
@@ -21,7 +21,7 @@
 
 #if defined(BOTAN_HAS_X509_CERTIFICATES)
   #include <botan/x509self.h>
-  #include <botan/x509stor.h>
+  #include <botan/x509path.h>
   #include <botan/x509_ca.h>
   #include <botan/pkcs10.h>
 #endif
@@ -191,19 +191,21 @@ void do_x509_tests(RandomNumberGenerator& rng)
    X509_CRL crl1 = ca.new_crl(rng);
 
    /* Verify the certs */
-   X509_Store store;
+   Certificate_Store_Memory store;
 
-   store.add_cert(ca_cert, true); // second arg == true: trusted CA cert
+   store.add_certificate(ca_cert);
 
    std::cout << '.' << std::flush;
-   if(store.validate_cert(user1_cert) != VERIFIED)
+
+   Path_Validation_Result result_u1 = x509_path_validate(user1_cert, store);
+   if(result_u1.validation_result != VERIFIED)
       std::cout << "\nFAILED: User cert #1 did not validate" << std::endl;
 
-   if(store.validate_cert(user2_cert) != VERIFIED)
+   Path_Validation_Result result_u2 = x509_path_validate(user2_cert, store);
+   if(result_u2.validation_result != VERIFIED)
       std::cout << "\nFAILED: User cert #2 did not validate" << std::endl;
 
-   if(store.add_crl(crl1) != VERIFIED)
-      std::cout << "\nFAILED: CRL #1 did not validate" << std::endl;
+   store.add_crl(crl1);
 
    std::vector<CRL_Entry> revoked;
    revoked.push_back(CRL_Entry(user1_cert, CESSATION_OF_OPERATION));
@@ -211,23 +213,24 @@ void do_x509_tests(RandomNumberGenerator& rng)
 
    X509_CRL crl2 = ca.update_crl(crl1, revoked, rng);
 
-   if(store.add_crl(crl2) != VERIFIED)
-      std::cout << "\nFAILED: CRL #2 did not validate" << std::endl;
+   store.add_crl(crl2);
 
-   if(store.validate_cert(user1_cert) != CERT_IS_REVOKED)
+   result_u1 = x509_path_validate(user1_cert, store);
+   if(result_u1.validation_result != CERT_IS_REVOKED)
       std::cout << "\nFAILED: User cert #1 was not revoked" << std::endl;
 
-   if(store.validate_cert(user2_cert) != CERT_IS_REVOKED)
+   result_u2 = x509_path_validate(user2_cert, store);
+   if(result_u2.validation_result != CERT_IS_REVOKED)
       std::cout << "\nFAILED: User cert #2 was not revoked" << std::endl;
 
    revoked.clear();
    revoked.push_back(CRL_Entry(user1_cert, REMOVE_FROM_CRL));
    X509_CRL crl3 = ca.update_crl(crl2, revoked, rng);
 
-   if(store.add_crl(crl3) != VERIFIED)
-      std::cout << "\nFAILED: CRL #3 did not validate" << std::endl;
+   store.add_crl(crl3);
 
-   if(store.validate_cert(user1_cert) != VERIFIED)
+   result_u1 = x509_path_validate(user1_cert, store);
+   if(result_u1.validation_result != VERIFIED)
       std::cout << "\nFAILED: User cert #1 was not un-revoked" << std::endl;
 
    check_against_copy(ca_key, rng);
author	lloyd <[email protected]>	2012-02-03 20:02:03 +0000
committer	lloyd <[email protected]>	2012-02-03 20:02:03 +0000
commit	03bc906a6a94d236f192fa3b1bb370c013fc753a (patch)
tree	38b46703c4aae2e8ca78bc3b9b257f22685c23c9 /checks
parent	dd2011140c06661e1cc554aae560a2ef9162faff (diff)
parent	696489bec89950051aedc53c7d162cdbe9d1125b (diff)