aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/test_certstor_macos.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests/test_certstor_macos.cpp')
-rw-r--r--src/tests/test_certstor_macos.cpp331
1 files changed, 331 insertions, 0 deletions
diff --git a/src/tests/test_certstor_macos.cpp b/src/tests/test_certstor_macos.cpp
new file mode 100644
index 000000000..243a150da
--- /dev/null
+++ b/src/tests/test_certstor_macos.cpp
@@ -0,0 +1,331 @@
+/*
+* (C) 1999-2019 Jack Lloyd
+* (C) 2019 René Meusel
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_CERTSTOR_MACOS)
+
+#include <botan/certstor_macos.h>
+#include <botan/ber_dec.h>
+#include <botan/der_enc.h>
+#include <botan/hex.h>
+
+namespace Botan_Tests {
+
+namespace {
+
+Botan::X509_DN read_dn(const std::string hex)
+ {
+ Botan::X509_DN dn;
+ Botan::BER_Decoder decoder(Botan::hex_decode(hex));
+ dn.decode_from(decoder);
+ return dn;
+ }
+
+Botan::X509_DN get_dn()
+ {
+ // Public key fingerprint of "DST Root CA X3"
+ // This certificate is in the standard "System Roots" of any macOS setup,
+ // serves as the trust root of botan.randombit.net and expires on
+ // Thursday, 30. September 2021 at 16:01:15 Central European Summer Time
+ return read_dn("303f31243022060355040a131b4469676974616c205369676e6174757265"
+ "20547275737420436f2e311730150603550403130e44535420526f6f7420"
+ "4341205833");
+ }
+
+std::vector<uint8_t> get_key_id()
+ {
+ // this is the same as the public key SHA1
+ return Botan::hex_decode("c4a7b1a47b2c71fadbe14b9075ffc41560858910");
+ }
+
+Botan::X509_DN get_unknown_dn()
+ {
+ // thats a D-Trust "Test Certificate". It should be fairly likely that
+ // _nobody_ will _ever_ have that in their system keychain
+ // CN: D-TRUST Limited Basic Test PU CA 1-4 2016
+ return read_dn("305b310b300906035504061302444531153013060355040a0c0c442d5472"
+ "75737420476d62483135303306035504030c2c442d5452555354204c696d"
+ "6974656420426173696320526f6f74205465737420505520434120312032"
+ "303135");
+ }
+
+Botan::X509_DN get_skewed_dn()
+ {
+ // This DN contains ASN.1 PrintableString fields that are not 'normalized'
+ // according to Apple's idea of a normalized PrintableString field:
+ // (1) It has leading and trailing white space
+ // (2) It contains multiple spaces between 'words'
+ return read_dn("304b312a3028060355040a132120204469676974616c2020205369676e61"
+ "7475726520547275737420436f2e2020311d301b06035504031314202044"
+ "5354202020526f6f742043412058332020");
+ }
+
+std::vector<uint8_t> get_unknown_key_id()
+ {
+ // this is the same as the public key SHA1
+ return Botan::hex_decode("785c0b67b536eeacbb2b27cf9123301abe7ab09a");
+ }
+
+Test::Result open_certificate_store()
+ {
+ Test::Result result("macOS Certificate Store - Open Keychain");
+
+ try
+ {
+ result.start_timer();
+ Botan::Certificate_Store_MacOS unused;
+ result.end_timer();
+ }
+ catch(std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+
+ result.test_success();
+
+ return result;
+ }
+
+Test::Result find_certificate_by_pubkey_sha1()
+ {
+ Test::Result result("macOS Certificate Store - Find Certificate by SHA1(pubkey)");
+
+ try
+ {
+ result.start_timer();
+ Botan::Certificate_Store_MacOS certstore;
+ auto cert = certstore.find_cert_by_pubkey_sha1(get_key_id());
+ result.end_timer();
+
+ if(result.test_not_null("found certificate", cert.get()))
+ {
+ auto cns = cert->subject_dn().get_attribute("CN");
+ result.test_is_eq("exactly one CN", cns.size(), 1ul);
+ result.test_eq("CN", cns.front(), "DST Root CA X3");
+ }
+ }
+ catch(std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+
+ result.test_throws("on invalid SHA1 hash data", [&]
+ {
+ Botan::Certificate_Store_MacOS certstore;
+ certstore.find_cert_by_pubkey_sha1({});
+ });
+
+ return result;
+ }
+
+Test::Result find_cert_by_subject_dn()
+ {
+ Test::Result result("macOS Certificate Store - Find Certificate by subject DN");
+
+ try
+ {
+ auto dn = get_dn();
+
+ result.start_timer();
+ Botan::Certificate_Store_MacOS certstore;
+ auto cert = certstore.find_cert(dn, std::vector<uint8_t>());
+ result.end_timer();
+
+ if(result.test_not_null("found certificate", cert.get()))
+ {
+ auto cns = cert->subject_dn().get_attribute("CN");
+ result.test_is_eq("exactly one CN", cns.size(), 1ul);
+ result.test_eq("CN", cns.front(), "DST Root CA X3");
+ }
+ }
+ catch(std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+
+ return result;
+ }
+
+Test::Result find_cert_by_subject_dn_and_key_id()
+ {
+ Test::Result result("macOS Certificate Store - Find Certificate by subject DN and key ID");
+
+ try
+ {
+ auto dn = get_dn();
+
+ result.start_timer();
+ Botan::Certificate_Store_MacOS certstore;
+ auto cert = certstore.find_cert(dn, get_key_id());
+ result.end_timer();
+
+ if(result.test_not_null("found certificate", cert.get()))
+ {
+ auto cns = cert->subject_dn().get_attribute("CN");
+ result.test_is_eq("exactly one CN", cns.size(), 1ul);
+ result.test_eq("CN", cns.front(), "DST Root CA X3");
+ }
+ }
+ catch(std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+
+ return result;
+ }
+
+Test::Result find_certs_by_subject_dn_and_key_id()
+ {
+ Test::Result result("macOS Certificate Store - Find Certificates by subject DN and key ID");
+
+ try
+ {
+ auto dn = get_dn();
+
+ result.start_timer();
+ Botan::Certificate_Store_MacOS certstore;
+ auto certs = certstore.find_all_certs(dn, get_key_id());
+ result.end_timer();
+
+ if(result.confirm("result not empty", !certs.empty()) &&
+ result.test_eq("exactly one certificate", certs.size(), 1))
+ {
+ auto cns = certs.front()->subject_dn().get_attribute("CN");
+ result.test_is_eq("exactly one CN", cns.size(), 1ul);
+ result.test_eq("CN", cns.front(), "DST Root CA X3");
+ }
+ }
+ catch(std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+
+ return result;
+ }
+
+Test::Result find_all_subjects()
+ {
+ Test::Result result("macOS Certificate Store - Find all Certificate Subjects");
+
+ try
+ {
+ result.start_timer();
+ Botan::Certificate_Store_MacOS certstore;
+ auto subjects = certstore.all_subjects();
+ result.end_timer();
+
+ if(result.confirm("result not empty", !subjects.empty()))
+ {
+ auto dn = get_dn();
+ auto needle = std::find_if(subjects.cbegin(),
+ subjects.cend(),
+ [=](const Botan::X509_DN &subject)
+ {
+ return subject == dn;
+ });
+
+ if(result.confirm("found expected certificate", needle != subjects.end()))
+ {
+ result.confirm("expected certificate", *needle == dn);
+ }
+ }
+ }
+ catch(std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+
+ return result;
+ }
+
+Test::Result no_certificate_matches()
+ {
+ Test::Result result("macOS Certificate Store - can deal with no matches (regression test)");
+
+ try
+ {
+ auto dn = get_unknown_dn();
+ auto kid = get_unknown_key_id();
+
+ result.start_timer();
+ Botan::Certificate_Store_MacOS certstore;
+
+ auto certs = certstore.find_all_certs(dn, kid);
+ auto cert = certstore.find_cert(dn, kid);
+ auto pubk_cert = certstore.find_cert_by_pubkey_sha1(kid);
+ result.end_timer();
+
+ result.confirm("find_all_certs did not find the dummy", certs.empty());
+ result.confirm("find_cert did not find the dummy", !cert);
+ result.confirm("find_cert_by_pubkey_sha1 did not find the dummy", !pubk_cert);
+ }
+ catch(std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+
+ return result;
+ }
+
+Test::Result certificate_matching_with_dn_normalization()
+ {
+ Test::Result result("macOS Certificate Store - normalization of X.509 DN (regression test)");
+
+ try
+ {
+ auto dn = get_skewed_dn();
+
+ result.start_timer();
+ Botan::Certificate_Store_MacOS certstore;
+
+ auto certs = certstore.find_all_certs(dn, std::vector<uint8_t>());
+ auto cert = certstore.find_cert(dn, std::vector<uint8_t>());
+ result.end_timer();
+
+ if(result.confirm("find_all_certs did find the skewed DN", !certs.empty()) &&
+ result.confirm("find_cert did find the skewed DN", cert != nullptr))
+ {
+ result.test_eq("it is the correct cert", certs.front()->subject_dn().get_first_attribute("CN"), "DST Root CA X3");
+ result.test_eq("it is the correct cert", cert->subject_dn().get_first_attribute("CN"), "DST Root CA X3");
+ }
+ }
+ catch(std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+
+ return result;
+ }
+
+class Certstor_macOS_Tests final : public Test
+ {
+ public:
+ std::vector<Test::Result> run() override
+ {
+ std::vector<Test::Result> results;
+
+ results.push_back(open_certificate_store());
+ results.push_back(find_certificate_by_pubkey_sha1());
+ results.push_back(find_cert_by_subject_dn());
+ results.push_back(find_cert_by_subject_dn_and_key_id());
+ results.push_back(find_certs_by_subject_dn_and_key_id());
+ results.push_back(find_all_subjects());
+ results.push_back(no_certificate_matches());
+ results.push_back(certificate_matching_with_dn_normalization());
+
+ return results;
+ }
+ };
+
+BOTAN_REGISTER_TEST("certstor_macos", Certstor_macOS_Tests);
+
+}
+
+}
+
+#endif