2 Copyright (C) 2012 Carl Hetherington <cth@carlh.net>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 #include <boost/test/unit_test.hpp>
21 #include "certificates.h"
27 using boost::shared_ptr;
29 BOOST_AUTO_TEST_CASE (certificates)
31 dcp::CertificateChain c;
33 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
34 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
35 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
37 dcp::CertificateChain::List leaf_to_root = c.leaf_to_root ();
39 dcp::CertificateChain::List::iterator i = leaf_to_root.begin ();
42 BOOST_CHECK_EQUAL (*i, c.leaf ());
46 "O=example.org,OU=example.org,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,dnQualifier=bmtwThq3srgxIAeRMjX6BFhgLDw="
51 "O=example.org,OU=example.org,CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION,dnQualifier=d95fGDzERNdxfYPgphvAR8A18L4="
59 "O=example.org,OU=example.org,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc="
64 "O=example.org,OU=example.org,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,dnQualifier=bmtwThq3srgxIAeRMjX6BFhgLDw="
70 BOOST_CHECK_EQUAL (*i, c.root ());
73 "O=example.org,OU=example.org,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc="
76 BOOST_CHECK_EQUAL (c.root().serial(), "5");
80 "O=example.org,OU=example.org,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc="
83 /* Check that reconstruction from a string works */
84 dcp::Certificate test (c.root().certificate (true));
85 BOOST_CHECK_EQUAL (test.certificate(), c.root().certificate());
88 /** Check that dcp::CertificateChain::valid() and ::attempt_reorder() basically work */
89 BOOST_AUTO_TEST_CASE (certificates_validation)
91 dcp::CertificateChain good1;
92 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
93 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
94 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
95 BOOST_CHECK (good1.valid ());
97 dcp::CertificateChain good2;
98 good2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
99 BOOST_CHECK (good2.valid ());
101 dcp::CertificateChain bad1;
102 bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
103 bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
104 BOOST_CHECK (!bad1.valid ());
105 BOOST_CHECK (!bad1.attempt_reorder ());
107 dcp::CertificateChain bad2;
108 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
109 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
110 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
111 BOOST_CHECK (!bad2.valid ());
112 BOOST_CHECK (bad2.attempt_reorder ());
114 dcp::CertificateChain bad3;
115 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
116 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
117 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
118 BOOST_CHECK (!bad3.valid ());
119 BOOST_CHECK (bad3.attempt_reorder ());
121 dcp::CertificateChain bad4;
122 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
123 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
124 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
125 BOOST_CHECK (!bad4.valid ());
126 BOOST_CHECK (bad4.attempt_reorder ());
128 dcp::CertificateChain bad5;
129 bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
130 bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
131 BOOST_CHECK (!bad5.valid ());
132 BOOST_CHECK (!bad5.attempt_reorder ());
135 /** Check that dcp::Signer::valid() basically works */
136 BOOST_AUTO_TEST_CASE (signer_validation)
138 /* Check a valid signer */
139 dcp::CertificateChain chain;
140 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
141 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
142 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
143 dcp::Signer signer (chain, dcp::file_to_string ("test/ref/crypt/leaf.key"));
144 BOOST_CHECK (signer.valid ());
146 /* Put in an unrelated key and the signer should no longer be valid */
147 dcp::Signer another_signer ("openssl");
148 signer.set_key (another_signer.key ());
149 BOOST_CHECK (!signer.valid ());