From a9cd9687398ca6c7a780dd91a213b514797fa9fc Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 22 Apr 2011 20:57:44 +0000 Subject: Some changes circa Feb 22 --- checks/nist_tests/Makefile | 2 +- checks/nist_tests/x509test.cpp | 10 ++++------ checks/x509.cpp | 31 +++++++++++++++++-------------- 3 files changed, 22 insertions(+), 21 deletions(-) (limited to 'checks') diff --git a/checks/nist_tests/Makefile b/checks/nist_tests/Makefile index 6d0ebb78f..96c958dd7 100644 --- a/checks/nist_tests/Makefile +++ b/checks/nist_tests/Makefile @@ -4,7 +4,7 @@ BOTAN_CONFIG=botan-config CC=g++ FLAGS=-g -Os -W -Wall -ansi LDFLAGS=$(shell $(BOTAN_CONFIG) --libs) -CFLAGS=$(shell $(BOTAN_CONFIG) --cflags) +CFLAGS=$(shell $(BOTAN_CONFIG) --cflags) -I../../build/include x509test: x509test.cpp $(CC) $(FLAGS) $(CFLAGS) x509test.cpp $(LDFLAGS) -o x509test diff --git a/checks/nist_tests/x509test.cpp b/checks/nist_tests/x509test.cpp index 7f4fe94ee..d89e7c341 100644 --- a/checks/nist_tests/x509test.cpp +++ b/checks/nist_tests/x509test.cpp @@ -4,7 +4,7 @@ on NIST's web site. */ -#include +#include #include using namespace Botan; @@ -110,9 +110,9 @@ void run_one_test(u32bit test_no, X509_Code expected, X509_Code result = VERIFIED; - X509_Store store; + Certificate_Store_Memory store; - store.add_cert(X509_Certificate(root_cert), true); + store.add_cert(X509_Certificate(root_cert)); X509_Certificate end_user(to_verify); @@ -134,9 +134,7 @@ void run_one_test(u32bit test_no, X509_Code expected, std::cout << std::endl; } */ - result = store.add_crl(crl); - if(result != VERIFIED) - break; + store.add_crl(crl); } /* if everything has gone well up until now */ diff --git a/checks/x509.cpp b/checks/x509.cpp index 43d374411..e7d7b663d 100644 --- a/checks/x509.cpp +++ b/checks/x509.cpp @@ -21,7 +21,7 @@ #if defined(BOTAN_HAS_X509_CERTIFICATES) #include - #include + #include #include #include #endif @@ -191,19 +191,21 @@ void do_x509_tests(RandomNumberGenerator& rng) X509_CRL crl1 = ca.new_crl(rng); /* Verify the certs */ - X509_Store store; + Certificate_Store_Memory store; - store.add_cert(ca_cert, true); // second arg == true: trusted CA cert + store.add_certificate(ca_cert); std::cout << '.' << std::flush; - if(store.validate_cert(user1_cert) != VERIFIED) + + Path_Validation_Result result_u1 = x509_path_validate(user1_cert, store); + if(result_u1.validation_result != VERIFIED) std::cout << "\nFAILED: User cert #1 did not validate" << std::endl; - if(store.validate_cert(user2_cert) != VERIFIED) + Path_Validation_Result result_u2 = x509_path_validate(user2_cert, store); + if(result_u2.validation_result != VERIFIED) std::cout << "\nFAILED: User cert #2 did not validate" << std::endl; - if(store.add_crl(crl1) != VERIFIED) - std::cout << "\nFAILED: CRL #1 did not validate" << std::endl; + store.add_crl(crl1); std::vector revoked; revoked.push_back(CRL_Entry(user1_cert, CESSATION_OF_OPERATION)); @@ -211,23 +213,24 @@ void do_x509_tests(RandomNumberGenerator& rng) X509_CRL crl2 = ca.update_crl(crl1, revoked, rng); - if(store.add_crl(crl2) != VERIFIED) - std::cout << "\nFAILED: CRL #2 did not validate" << std::endl; + store.add_crl(crl2); - if(store.validate_cert(user1_cert) != CERT_IS_REVOKED) + result_u1 = x509_path_validate(user1_cert, store); + if(result_u1.validation_result != CERT_IS_REVOKED) std::cout << "\nFAILED: User cert #1 was not revoked" << std::endl; - if(store.validate_cert(user2_cert) != CERT_IS_REVOKED) + result_u2 = x509_path_validate(user2_cert, store); + if(result_u2.validation_result != CERT_IS_REVOKED) std::cout << "\nFAILED: User cert #2 was not revoked" << std::endl; revoked.clear(); revoked.push_back(CRL_Entry(user1_cert, REMOVE_FROM_CRL)); X509_CRL crl3 = ca.update_crl(crl2, revoked, rng); - if(store.add_crl(crl3) != VERIFIED) - std::cout << "\nFAILED: CRL #3 did not validate" << std::endl; + store.add_crl(crl3); - if(store.validate_cert(user1_cert) != VERIFIED) + result_u1 = x509_path_validate(user1_cert, store); + if(result_u1.validation_result != VERIFIED) std::cout << "\nFAILED: User cert #1 was not un-revoked" << std::endl; check_against_copy(ca_key, rng); -- cgit v1.2.3