2 Copyright (C) 2012 Carl Hetherington <cth@carlh.net>
4 This file is part of libdcp.
6 libdcp is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 libdcp is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with libdcp. If not, see <http://www.gnu.org/licenses/>.
20 #include "certificate.h"
21 #include "certificate_chain.h"
23 #include "exceptions.h"
25 #include <boost/test/unit_test.hpp>
30 using boost::shared_ptr;
32 /** Check that loading certificates from files via strings works */
33 BOOST_AUTO_TEST_CASE (certificates1)
35 dcp::CertificateChain c;
37 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
38 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
39 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
41 dcp::CertificateChain::List leaf_to_root = c.leaf_to_root ();
43 dcp::CertificateChain::List::iterator i = leaf_to_root.begin ();
46 BOOST_CHECK_EQUAL (*i, c.leaf ());
47 BOOST_CHECK_EQUAL (i->thumbprint(), "EZg5wDcihccWqwdg59Y8D+IJpYM=");
51 "dnQualifier=6eat8r33US71avuQEojmH\\+bjk84=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
56 "dnQualifier=QFVlym7fuql6bPOnY38aaO1ZPW4=,CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
62 BOOST_CHECK_EQUAL (i->thumbprint(), "GwM6ex2UVlWclH8f1uV7W1n0EEU=");
65 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
70 "dnQualifier=6eat8r33US71avuQEojmH\\+bjk84=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
76 BOOST_CHECK_EQUAL (*i, c.root ());
77 BOOST_CHECK_EQUAL (i->thumbprint(), "zU8NVNwI2PYejmSYRntG7c6sdTw=");
80 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
83 BOOST_CHECK_EQUAL (c.root().serial(), "5");
87 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
90 /* Check that reconstruction from a string works */
91 dcp::Certificate test (c.root().certificate (true));
92 BOOST_CHECK_EQUAL (test.certificate(), c.root().certificate());
95 /** Check some more certificate-from-strings */
96 BOOST_AUTO_TEST_CASE (certificates2)
99 dcp::Certificate c (dcp::file_to_string (private_test / "CA.GDC-TECH.COM_SA2100_A14903.crt.crt"));
100 BOOST_CHECK_EQUAL (c.certificate(true), dcp::file_to_string (private_test / "CA.GDC-TECH.COM_SA2100_A14903.crt.crt.reformatted"));
104 dcp::Certificate c (dcp::file_to_string (private_test / "usl-cert.pem"));
105 BOOST_CHECK_EQUAL (c.certificate(true), dcp::file_to_string (private_test / "usl-cert.pem.trimmed"));
109 /* This is a chain, not an individual certificate, so it should throw an exception */
110 BOOST_CHECK_THROW (dcp::Certificate (dcp::file_to_string (private_test / "chain.pem")), dcp::MiscError);
113 BOOST_CHECK_THROW (dcp::Certificate (dcp::file_to_string (private_test / "no-begin.pem")), dcp::MiscError);
114 BOOST_CHECK_THROW (dcp::Certificate ("foo"), dcp::MiscError);
117 /** Check that dcp::CertificateChain::chain_valid() and ::root_to_leaf() basically work */
118 BOOST_AUTO_TEST_CASE (certificates_validation1)
120 dcp::CertificateChain good;
121 good.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
122 good.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
123 good.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
124 BOOST_CHECK (good.chain_valid(good._certificates));
127 /** Check that dcp::CertificateChain::chain_valid() and ::root_to_leaf() basically work */
128 BOOST_AUTO_TEST_CASE (certificates_validation2)
130 dcp::CertificateChain good;
131 good.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
132 BOOST_CHECK (good.chain_valid(good._certificates));
135 /** Check that dcp::CertificateChain::chain_valid() and ::root_to_leaf() basically work */
136 BOOST_AUTO_TEST_CASE (certificates_validation3)
138 dcp::CertificateChain bad;
139 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
140 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
141 BOOST_CHECK (!bad.chain_valid(bad._certificates));
142 BOOST_CHECK_THROW (bad.root_to_leaf(), dcp::CertificateChainError);
145 /** Check that dcp::CertificateChain::chain_valid() and ::root_to_leaf() basically work */
146 BOOST_AUTO_TEST_CASE (certificates_validation4)
148 dcp::CertificateChain bad;
149 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
150 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
151 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
152 BOOST_CHECK (!bad.chain_valid(bad._certificates));
153 BOOST_CHECK_NO_THROW (bad.root_to_leaf());
156 /** Check that dcp::CertificateChain::chain_valid() and ::root_to_leaf() basically work */
157 BOOST_AUTO_TEST_CASE (certificates_validation5)
159 dcp::CertificateChain bad;
160 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
161 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
162 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
163 BOOST_CHECK (!bad.chain_valid(bad._certificates));
164 BOOST_CHECK_NO_THROW (bad.root_to_leaf());
167 /** Check that dcp::CertificateChain::chain_valid() and ::root_to_leaf() basically work */
168 BOOST_AUTO_TEST_CASE (certificates_validation6)
170 dcp::CertificateChain bad;
171 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
172 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
173 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
174 BOOST_CHECK (!bad.chain_valid(bad._certificates));
175 BOOST_CHECK_NO_THROW (bad.root_to_leaf());
178 /** Check that dcp::CertificateChain::chain_valid() and ::root_to_leaf() basically work */
179 BOOST_AUTO_TEST_CASE (certificates_validation7)
181 dcp::CertificateChain bad;
182 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
183 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
184 BOOST_CHECK (!bad.chain_valid(bad._certificates));
185 BOOST_CHECK_THROW (bad.root_to_leaf(), dcp::CertificateChainError);
188 /** Check that dcp::CertificateChain::chain_valid() and ::root_to_leaf() basically work */
189 BOOST_AUTO_TEST_CASE (certificates_validation8)
191 dcp::CertificateChain bad;
192 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
193 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
194 bad.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
195 BOOST_CHECK (!bad.chain_valid(bad._certificates));
196 BOOST_CHECK_THROW (bad.root_to_leaf(), dcp::CertificateChainError);
199 /** Check that we can create a valid chain */
200 BOOST_AUTO_TEST_CASE (certificates_validation9)
202 dcp::CertificateChain good (
203 boost::filesystem::path ("openssl"),
207 ".dcpomatic.smpte-430-2.ROOT",
208 ".dcpomatic.smpte-430-2.INTERMEDIATE",
209 "CS.dcpomatic.smpte-430-2.LEAF"
212 BOOST_CHECK_NO_THROW (good.root_to_leaf());
215 /** Check that we can create a valid chain */
216 BOOST_AUTO_TEST_CASE (certificates_validation10)
218 dcp::CertificateChain good (boost::filesystem::path ("openssl"), 10 * 365);
219 BOOST_CHECK_NO_THROW (good.root_to_leaf());
222 /** Check that dcp::Signer::valid() basically works */
223 BOOST_AUTO_TEST_CASE (signer_validation)
225 /* Check a valid signer */
226 dcp::CertificateChain chain;
227 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
228 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
229 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
230 chain.set_key (dcp::file_to_string ("test/ref/crypt/leaf.key"));
231 BOOST_CHECK (chain.valid ());
233 /* Put in an unrelated key and the signer should no longer be valid */
234 dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"), 10 * 365);
235 chain.set_key (another_chain.key().get ());
236 BOOST_CHECK (!chain.valid ());
239 /** Check reading of a certificate chain from a string */
240 BOOST_AUTO_TEST_CASE (certificate_chain_from_string)
242 dcp::CertificateChain a (dcp::file_to_string (private_test / "chain.pem"), 10 * 365);
243 BOOST_CHECK_EQUAL (a.root_to_leaf().size(), 3);
245 dcp::CertificateChain b (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"), 10 * 365);
246 BOOST_CHECK_EQUAL (b.root_to_leaf().size(), 1);