diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/x509/cert_status.cpp | 10 | ||||
-rw-r--r-- | src/tests/unit_x509.cpp | 64 |
2 files changed, 69 insertions, 5 deletions
diff --git a/src/lib/x509/cert_status.cpp b/src/lib/x509/cert_status.cpp index e08e8efcc..76a102aef 100644 --- a/src/lib/x509/cert_status.cpp +++ b/src/lib/x509/cert_status.cpp @@ -27,7 +27,7 @@ const char* to_string(Certificate_Status_Code code) case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK: return "Signature method too weak"; case Certificate_Status_Code::UNTRUSTED_HASH: - return "Untrusted hash"; + return "Hash function used is considered too weak for security"; case Certificate_Status_Code::CERT_NOT_YET_VALID: return "Certificate is not yet valid"; @@ -36,9 +36,9 @@ const char* to_string(Certificate_Status_Code code) case Certificate_Status_Code::OCSP_NOT_YET_VALID: return "OCSP is not yet valid"; case Certificate_Status_Code::OCSP_HAS_EXPIRED: - return "OCSP has expired"; + return "OCSP response has expired"; case Certificate_Status_Code::CRL_NOT_YET_VALID: - return "CRL is not yet valid"; + return "CRL response is not yet valid"; case Certificate_Status_Code::CRL_HAS_EXPIRED: return "CRL has expired"; @@ -54,9 +54,9 @@ const char* to_string(Certificate_Status_Code code) return "Certificate issuer does not match subject of issuing cert"; case Certificate_Status_Code::POLICY_ERROR: - return "Policy error"; + return "Certificate policy error"; case Certificate_Status_Code::INVALID_USAGE: - return "Invalid usage"; + return "Certificate does not allow the requested usage"; case Certificate_Status_Code::CERT_CHAIN_TOO_LONG: return "Certificate chain too long"; case Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER: diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index ae860067c..7a22033a8 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -98,6 +98,69 @@ std::unique_ptr<Botan::Private_Key> make_a_private_key(const std::string& algo) } +Test::Result test_cert_status_strings() + { + Test::Result result("Certificate_Status_Code to_string"); + + std::set<std::string> seen; + + result.test_eq("Same string", + Botan::to_string(Botan::Certificate_Status_Code::OK), + Botan::to_string(Botan::Certificate_Status_Code::VERIFIED)); + + const std::vector<Botan::Certificate_Status_Code> codes = { + Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD, + Botan::Certificate_Status_Code::OCSP_SIGNATURE_OK, + Botan::Certificate_Status_Code::VALID_CRL_CHECKED, + Botan::Certificate_Status_Code::OCSP_NO_HTTP, + + Botan::Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK, + Botan::Certificate_Status_Code::UNTRUSTED_HASH, + Botan::Certificate_Status_Code::NO_REVOCATION_DATA, + Botan::Certificate_Status_Code::CERT_NOT_YET_VALID, + Botan::Certificate_Status_Code::CERT_HAS_EXPIRED, + Botan::Certificate_Status_Code::OCSP_NOT_YET_VALID, + Botan::Certificate_Status_Code::OCSP_HAS_EXPIRED, + Botan::Certificate_Status_Code::CRL_NOT_YET_VALID, + Botan::Certificate_Status_Code::CRL_HAS_EXPIRED, + Botan::Certificate_Status_Code::CERT_ISSUER_NOT_FOUND, + Botan::Certificate_Status_Code::CANNOT_ESTABLISH_TRUST, + Botan::Certificate_Status_Code::CERT_CHAIN_LOOP, + Botan::Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT, + Botan::Certificate_Status_Code::CHAIN_NAME_MISMATCH, + Botan::Certificate_Status_Code::POLICY_ERROR, + Botan::Certificate_Status_Code::INVALID_USAGE, + Botan::Certificate_Status_Code::CERT_CHAIN_TOO_LONG, + Botan::Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER, + Botan::Certificate_Status_Code::NAME_CONSTRAINT_ERROR, + Botan::Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER, + Botan::Certificate_Status_Code::OCSP_CERT_NOT_LISTED, + Botan::Certificate_Status_Code::OCSP_BAD_STATUS, + Botan::Certificate_Status_Code::CERT_NAME_NOMATCH, + Botan::Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION, + Botan::Certificate_Status_Code::OCSP_SIGNATURE_ERROR, + Botan::Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND, + Botan::Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE, + Botan::Certificate_Status_Code::OCSP_RESPONSE_INVALID, + Botan::Certificate_Status_Code::CERT_IS_REVOKED, + Botan::Certificate_Status_Code::CRL_BAD_SIGNATURE, + Botan::Certificate_Status_Code::SIGNATURE_ERROR, + Botan::Certificate_Status_Code::CERT_PUBKEY_INVALID, + }; + + for(auto code : codes) + { + std::string s = Botan::to_string(code); + result.confirm("String is long enough to be informative", s.size() > 12); + result.test_eq("No duplicates", seen.count(s), 0); + seen.insert(s); + } + + return result; + + } + + Test::Result test_x509_dates() { Test::Result result("X509_Time"); @@ -702,6 +765,7 @@ class X509_Cert_Unit_Tests : public Test results.push_back(valid_constraints_result); results.push_back(test_x509_dates()); + results.push_back(test_cert_status_strings()); return results; } |