aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPavol Žáčik <zacik.pa@gmail.com>2019-12-03 16:19:20 +0100
committerPavol Žáčik <zacik.pa@gmail.com>2019-12-03 18:55:24 +0100
commit001b5250d61f8700438a9f609c6a3e5cb81a5de8 (patch)
tree7e16ac17fff93c1221e6b513c67668e73951bc8a /src
parent45e6d019fa11de84cd88d56d7e7c607714ac555d (diff)
Add tests for CRLs in FFI API
Diffstat (limited to 'src')
-rw-r--r--src/tests/test_ffi.cpp77
1 files changed, 77 insertions, 0 deletions
diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp
index 03974589d..4baf3983c 100644
--- a/src/tests/test_ffi.cpp
+++ b/src/tests/test_ffi.cpp
@@ -61,6 +61,7 @@ class FFI_Unit_Tests final : public Test
results.push_back(ffi_test_mp(rng));
results.push_back(ffi_test_pkcs_hash_id());
results.push_back(ffi_test_cert_validation());
+ results.push_back(ffi_test_crl());
#if defined(BOTAN_HAS_AES)
results.push_back(ffi_test_block_ciphers());
@@ -280,6 +281,55 @@ class FFI_Unit_Tests final : public Test
return result;
}
+
+ Test::Result ffi_test_crl()
+ {
+ Test::Result result("FFI CRL");
+
+#if defined(BOTAN_HAS_X509_CERTIFICATES)
+
+ const char *crl_string = "-----BEGIN X509 CRL-----\n"
+ "MIICoTCCAQkCAQEwDQYJKoZIhvcNAQELBQAwgZQxLTArBgNVBAMTJFVzYWJsZSBj\n"
+ "ZXJ0IHZhbGlkYXRpb246IFRlbXBvcmFyeSBDQTE5MDcGA1UECxMwQ2VudHJlIGZv\n"
+ "ciBSZXNlYXJjaCBvbiBDcnlwdG9ncmFwaHkgYW5kIFNlY3VyaXR5MRswGQYDVQQK\n"
+ "ExJNYXNhcnlrIFVuaXZlcnNpdHkxCzAJBgNVBAYTAkNaGA8yMDUwMDIyNTE1MjE0\n"
+ "MloYDzIwNTAwMjI1MTUyNDQxWjAAoDowODAfBgNVHSMEGDAWgBRKzxAvI4+rVVo/\n"
+ "JzLigRznREyB+TAVBgNVHRQEDgIMXcr16yNys/gjeuCFMA0GCSqGSIb3DQEBCwUA\n"
+ "A4IBgQCfxv/5REM/KUnzeVycph3dJr1Yrtxhc6pZmQ9pMzSW/nawLN3rUHm5oG44\n"
+ "ZuQgjvzE4PnbU0/DNRu/4w3H58kgrctJHHXbbvkU3lf2ZZLh2wBl+EUh92+/COow\n"
+ "ZyGB+jqj/XwB99hYUhrY6NLEWRz08kpgG6dnNMEU0uFqdQKWk0CQPnmgPRgDb8BW\n"
+ "IuMBcjY7aF9XoCZFOqPYdEvUKzAo4QGCf7uJ7fNGS3LqvjaLjAHJseSr5/yR7Q9r\n"
+ "nEdI38yKPbRj0tNHe7j+BbYg31C+X+AZZKJtlTg8GxYR3qfQio1kDgpZ3rQLzHY3\n"
+ "ea2MLX/Kdx9cPSwh4KwlcDxQmQKoELb4EnZW1CScSBHi9HQyCBNyCkgkOBMGcJqz\n"
+ "Ihq1dGeSf8eca9+Avk5kAQ3yjXK1TI2CDEi0msrXLr9XbgowXiOLLzR+rYkhQz+V\n"
+ "RnIoBwjnrGoJoz636KS170SZCB9ARNs17WE4IvbJdZrTXNOGaVZCQUUpiLRj4ZSO\n"
+ "Na/nobI=\n"
+ "-----END X509 CRL-----";
+
+ botan_x509_crl_t bytecrl;
+ REQUIRE_FFI_OK(botan_x509_crl_load, (&bytecrl, (const uint8_t*)crl_string, 966));
+
+ botan_x509_crl_t crl;
+ REQUIRE_FFI_OK(botan_x509_crl_load_file, (&crl, Test::data_file("x509/nist/root.crl").c_str()));
+
+ botan_x509_cert_t cert1;
+ REQUIRE_FFI_OK(botan_x509_cert_load_file, (&cert1, Test::data_file("x509/nist/test01/end.crt").c_str()));
+ TEST_FFI_RC(-1, botan_x509_is_revoked, (crl, cert1));
+ TEST_FFI_OK(botan_x509_cert_destroy, (cert1));
+
+ botan_x509_cert_t cert2;
+ REQUIRE_FFI_OK(botan_x509_cert_load_file, (&cert2, Test::data_file("x509/nist/test20/int.crt").c_str()));
+ TEST_FFI_RC(0, botan_x509_is_revoked, (crl, cert2));
+ TEST_FFI_RC(-1, botan_x509_is_revoked, (bytecrl, cert2));
+ TEST_FFI_OK(botan_x509_cert_destroy, (cert2));
+
+ TEST_FFI_OK(botan_x509_crl_destroy, (crl));
+ TEST_FFI_OK(botan_x509_crl_destroy, (bytecrl));
+#endif
+ return result;
+ }
+
+
Test::Result ffi_test_cert_validation()
{
Test::Result result("FFI Cert validation");
@@ -318,11 +368,38 @@ class FFI_Unit_Tests final : public Test
result.confirm("Validation passed", rc == 0);
result.test_eq("Validation status string", botan_x509_cert_validation_status(rc), "Verified");
+ TEST_FFI_RC(1, botan_x509_cert_verify_with_crl, (&rc, end7, subs, 2, nullptr, 0, nullptr, 0, "x509/farce", 0, nullptr, 0));
+ result.confirm("Validation failed", rc == 3000);
+ result.test_eq("Validation status string", botan_x509_cert_validation_status(rc), "Certificate issuer not found");
+
+ botan_x509_crl_t rootcrl;
+
+ REQUIRE_FFI_OK(botan_x509_crl_load_file, (&rootcrl, Test::data_file("x509/nist/root.crl").c_str()));
+ TEST_FFI_RC(0, botan_x509_cert_verify_with_crl, (&rc, end7, subs, 2, &root, 1, &rootcrl, 1, nullptr, 80, nullptr, 0));
+ result.confirm("Validation passed", rc == 0);
+ result.test_eq("Validation status string", botan_x509_cert_validation_status(rc), "Verified");
+
+ botan_x509_cert_t end20;
+ botan_x509_cert_t sub20;
+ botan_x509_crl_t sub20crl;
+ REQUIRE_FFI_OK(botan_x509_cert_load_file, (&end20, Test::data_file("x509/nist/test20/end.crt").c_str()));
+ REQUIRE_FFI_OK(botan_x509_cert_load_file, (&sub20, Test::data_file("x509/nist/test20/int.crt").c_str()));
+ REQUIRE_FFI_OK(botan_x509_crl_load_file, (&sub20crl, Test::data_file("x509/nist/test20/int.crl").c_str()));
+ botan_x509_crl_t crls[2] = {sub20crl, rootcrl};
+ TEST_FFI_RC(1, botan_x509_cert_verify_with_crl, (&rc, end20, &sub20, 1, &root, 1, crls, 2, nullptr, 80, nullptr, 0));
+ result.confirm("Validation failed", rc == 5000);
+ result.test_eq("Validation status string", botan_x509_cert_validation_status(rc),
+ "Certificate is revoked");
+
TEST_FFI_OK(botan_x509_cert_destroy, (end2));
TEST_FFI_OK(botan_x509_cert_destroy, (sub2));
TEST_FFI_OK(botan_x509_cert_destroy, (end7));
TEST_FFI_OK(botan_x509_cert_destroy, (sub7));
+ TEST_FFI_OK(botan_x509_cert_destroy, (end20));
+ TEST_FFI_OK(botan_x509_cert_destroy, (sub20));
+ TEST_FFI_OK(botan_x509_crl_destroy, (sub20crl));
TEST_FFI_OK(botan_x509_cert_destroy, (root));
+ TEST_FFI_OK(botan_x509_crl_destroy, (rootcrl));
#endif
return result;