aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/test_name_constraint.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests/test_name_constraint.cpp')
-rw-r--r--src/tests/test_name_constraint.cpp96
1 files changed, 96 insertions, 0 deletions
diff --git a/src/tests/test_name_constraint.cpp b/src/tests/test_name_constraint.cpp
new file mode 100644
index 000000000..01bdfc3ef
--- /dev/null
+++ b/src/tests/test_name_constraint.cpp
@@ -0,0 +1,96 @@
+/*
+* (C) 2015,2016 Kai Michaelis
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_X509_CERTIFICATES)
+ #include <botan/x509path.h>
+ #include <botan/internal/filesystem.h>
+#endif
+
+#include <algorithm>
+#include <fstream>
+#include <iomanip>
+#include <string>
+#include <vector>
+#include <map>
+#include <cstdlib>
+
+namespace Botan_Tests {
+
+namespace {
+
+#if defined(BOTAN_HAS_X509_CERTIFICATES)
+
+class Name_Constraint_Tests : public Test
+ {
+ public:
+ std::vector<Test::Result> run() override
+ {
+ const std::vector<std::tuple<std::string,std::string,std::string,std::string>> test_cases = {
+ std::make_tuple(
+ "Root_Email_Name_Constraint.crt",
+ "Invalid_Email_Name_Constraint.crt",
+ "Invalid Email Name Constraint",
+ "Certificate does not pass name constraint"),
+ std::make_tuple(
+ "Root_DN_Name_Constraint.crt",
+ "Invalid_DN_Name_Constraint.crt",
+ "Invalid DN Name Constraint",
+ "Certificate does not pass name constraint"),
+ std::make_tuple(
+ "Root_DN_Name_Constraint.crt",
+ "Valid_DN_Name_Constraint.crt",
+ "Valid DN Name Constraint",
+ "Verified"),
+ std::make_tuple(
+ "Root_DNS_Name_Constraint.crt",
+ "Valid_DNS_Name_Constraint.crt",
+ "aexample.com",
+ "Verified"),
+ std::make_tuple(
+ "Root_IP_Name_Constraint.crt",
+ "Valid_IP_Name_Constraint.crt",
+ "Valid IP Name Constraint",
+ "Verified"),
+ std::make_tuple(
+ "Root_IP_Name_Constraint.crt",
+ "Invalid_IP_Name_Constraint.crt",
+ "Invalid IP Name Constraint",
+ "Certificate does not pass name constraint"),
+ };
+ std::vector<Test::Result> results;
+ const Botan::Path_Validation_Restrictions default_restrictions;
+
+ for(const auto& t: test_cases)
+ {
+ Botan::X509_Certificate root(Test::data_file("name_constraint/" + std::get<0>(t)));
+ Botan::X509_Certificate sub(Test::data_file("name_constraint/" + std::get<1>(t)));
+ Botan::Certificate_Store_In_Memory trusted;
+ Test::Result result("X509v3 Name Constraints: " + std::get<1>(t));
+
+ trusted.add_certificate(root);
+ Botan::Path_Validation_Result path_result = Botan::x509_path_validate(
+ sub, default_restrictions, trusted, std::get<2>(t), Botan::Usage_Type::TLS_SERVER_AUTH);
+
+ if(path_result.successful_validation() && path_result.trust_root() != root)
+ path_result = Botan::Path_Validation_Result(Botan::Certificate_Status_Code::CANNOT_ESTABLISH_TRUST);
+
+ result.test_eq("validation result", path_result.result_string(), std::get<3>(t));
+ results.push_back(result);
+ }
+
+ return results;
+ }
+ };
+
+BOTAN_REGISTER_TEST("x509_path_name_constraint", Name_Constraint_Tests);
+
+#endif
+
+}
+
+}