2 Copyright (C) 2012 Carl Hetherington <cth@carlh.net>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 #include <boost/test/unit_test.hpp>
21 #include "certificate.h"
22 #include "certificate_chain.h"
24 #include "exceptions.h"
29 using boost::shared_ptr;
31 /** Check that loading certificates from files via strings works */
32 BOOST_AUTO_TEST_CASE (certificates1)
34 dcp::CertificateChain c;
36 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
37 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
38 c.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
40 dcp::CertificateChain::List leaf_to_root = c.leaf_to_root ();
42 dcp::CertificateChain::List::iterator i = leaf_to_root.begin ();
45 BOOST_CHECK_EQUAL (*i, c.leaf ());
49 "dnQualifier=6eat8r33US71avuQEojmH\\+bjk84=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
54 "dnQualifier=QFVlym7fuql6bPOnY38aaO1ZPW4=,CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
62 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
67 "dnQualifier=6eat8r33US71avuQEojmH\\+bjk84=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
73 BOOST_CHECK_EQUAL (*i, c.root ());
76 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
79 BOOST_CHECK_EQUAL (c.root().serial(), "5");
83 "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
86 /* Check that reconstruction from a string works */
87 dcp::Certificate test (c.root().certificate (true));
88 BOOST_CHECK_EQUAL (test.certificate(), c.root().certificate());
91 /** Check some more certificate-from-strings */
92 BOOST_AUTO_TEST_CASE (certificates2)
94 dcp::Certificate c (dcp::file_to_string (private_test / "CA.GDC-TECH.COM_SA2100_A14903.crt.crt"));
95 BOOST_CHECK_EQUAL (c.certificate(true), dcp::file_to_string (private_test / "CA.GDC-TECH.COM_SA2100_A14903.crt.crt.reformatted"));
97 BOOST_CHECK_THROW (dcp::Certificate ("foo"), dcp::MiscError);
100 /** Check that dcp::CertificateChain::valid() and ::attempt_reorder() basically work */
101 BOOST_AUTO_TEST_CASE (certificates_validation)
103 dcp::CertificateChain good1;
104 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
105 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
106 good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
107 BOOST_CHECK (good1.valid ());
109 dcp::CertificateChain good2;
110 good2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
111 BOOST_CHECK (good2.valid ());
113 dcp::CertificateChain bad1;
114 bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
115 bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
116 BOOST_CHECK (!bad1.valid ());
117 BOOST_CHECK (!bad1.attempt_reorder ());
119 dcp::CertificateChain bad2;
120 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
121 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
122 bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
123 BOOST_CHECK (!bad2.valid ());
124 BOOST_CHECK (bad2.attempt_reorder ());
126 dcp::CertificateChain bad3;
127 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
128 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
129 bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
130 BOOST_CHECK (!bad3.valid ());
131 BOOST_CHECK (bad3.attempt_reorder ());
133 dcp::CertificateChain bad4;
134 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
135 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
136 bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
137 BOOST_CHECK (!bad4.valid ());
138 BOOST_CHECK (bad4.attempt_reorder ());
140 dcp::CertificateChain bad5;
141 bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
142 bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
143 BOOST_CHECK (!bad5.valid ());
144 BOOST_CHECK (!bad5.attempt_reorder ());
147 /** Check that dcp::Signer::valid() basically works */
148 BOOST_AUTO_TEST_CASE (signer_validation)
150 /* Check a valid signer */
151 dcp::CertificateChain chain;
152 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
153 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
154 chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
155 chain.set_key (dcp::file_to_string ("test/ref/crypt/leaf.key"));
156 BOOST_CHECK (chain.valid ());
158 /* Put in an unrelated key and the signer should no longer be valid */
159 dcp::CertificateChain another_chain ("openssl");
160 chain.set_key (another_chain.key().get ());
161 BOOST_CHECK (!chain.valid ());