test/certificates_test.cc

   1 /*
   2     Copyright (C) 2012 Carl Hetherington <cth@carlh.net>
   3
   4     This program is free software; you can redistribute it and/or modify
   5     it under the terms of the GNU General Public License as published by
   6     the Free Software Foundation; either version 2 of the License, or
   7     (at your option) any later version.
   8
   9     This program is distributed in the hope that it will be useful,
  10     but WITHOUT ANY WARRANTY; without even the implied warranty of
  11     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12     GNU General Public License for more details.
  13
  14     You should have received a copy of the GNU General Public License
  15     along with this program; if not, write to the Free Software
  16     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  17
  18 */
  19
  20 #include <boost/test/unit_test.hpp>
  21 #include "certificates.h"
  22 #include "signer.h"
  23 #include "util.h"
  24
  25 using std::list;
  26 using std::cout;
  27 using std::string;
  28 using boost::shared_ptr;
  29
  30 BOOST_AUTO_TEST_CASE (certificates)
  31 {
  32         dcp::CertificateChain c;
  33
  34         c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
  35         c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
  36         c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
  37
  38         dcp::CertificateChain::List leaf_to_root = c.leaf_to_root ();
  39
  40         dcp::CertificateChain::List::iterator i = leaf_to_root.begin ();
  41
  42         /* Leaf */
  43         BOOST_CHECK_EQUAL (*i, c.leaf ());
  44
  45         BOOST_CHECK_EQUAL (
  46                 c.leaf()->issuer(),
  47                 "dnQualifier=bmtwThq3srgxIAeRMjX6BFhgLDw=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
  48                 );
  49
  50         BOOST_CHECK_EQUAL (
  51                 c.leaf()->subject(),
  52                 "dnQualifier=d95fGDzERNdxfYPgphvAR8A18L4=,CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
  53                 );
  54
  55         ++i;
  56
  57         /* Intermediate */
  58         BOOST_CHECK_EQUAL (
  59                 (*i)->issuer(),
  60                 "dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
  61                 );
  62
  63         BOOST_CHECK_EQUAL (
  64                 (*i)->subject(),
  65                 "dnQualifier=bmtwThq3srgxIAeRMjX6BFhgLDw=,CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
  66                 );
  67
  68         ++i;
  69
  70         /* Root */
  71         BOOST_CHECK_EQUAL (*i, c.root ());
  72         BOOST_CHECK_EQUAL (
  73                 c.root()->issuer(),
  74                 "dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
  75                 );
  76
  77         BOOST_CHECK_EQUAL (c.root()->serial(), "5");
  78
  79         BOOST_CHECK_EQUAL (
  80                 c.root()->subject(),
  81                 "dnQualifier=ndND9A/cODo2rTdrbLVmfQnoaSc=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
  82                 );
  83
  84         /* Check that reconstruction from a string works */
  85         dcp::Certificate test (c.root()->certificate (true));
  86         BOOST_CHECK_EQUAL (test.certificate(), c.root()->certificate());
  87 }
  88
  89 /** Check that dcp::CertificateChain::valid() and ::attempt_reorder() basically work */
  90 BOOST_AUTO_TEST_CASE (certificates_validation)
  91 {
  92         dcp::CertificateChain good1;
  93         good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
  94         good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
  95         good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
  96         BOOST_CHECK (good1.valid ());
  97
  98         dcp::CertificateChain good2;
  99         good2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
 100         BOOST_CHECK (good2.valid ());
 101
 102         dcp::CertificateChain bad1;
 103         bad1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
 104         bad1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
 105         BOOST_CHECK (!bad1.valid ());
 106         BOOST_CHECK (!bad1.attempt_reorder ());
 107
 108         dcp::CertificateChain bad2;
 109         bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
 110         bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
 111         bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
 112         BOOST_CHECK (!bad2.valid ());
 113         BOOST_CHECK (bad2.attempt_reorder ());
 114
 115         dcp::CertificateChain bad3;
 116         bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
 117         bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
 118         bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
 119         BOOST_CHECK (!bad3.valid ());
 120         BOOST_CHECK (bad3.attempt_reorder ());
 121
 122         dcp::CertificateChain bad4;
 123         bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
 124         bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
 125         bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
 126         BOOST_CHECK (!bad4.valid ());
 127         BOOST_CHECK (bad4.attempt_reorder ());
 128
 129         dcp::CertificateChain bad5;
 130         bad5.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
 131         bad5.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
 132         BOOST_CHECK (!bad5.valid ());
 133         BOOST_CHECK (!bad5.attempt_reorder ());
 134 }
 135
 136 /** Check that dcp::Signer::valid() basically works */
 137 BOOST_AUTO_TEST_CASE (signer_validation)
 138 {
 139         /* Check a valid signer */
 140         dcp::CertificateChain chain;
 141         chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
 142         chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
 143         chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
 144         dcp::Signer signer (chain, dcp::file_to_string ("test/ref/crypt/leaf.key"));
 145         BOOST_CHECK (signer.valid ());
 146
 147         /* Put in an unrelated key and the signer should no longer be valid */
 148         dcp::Signer another_signer ("openssl");
 149         signer.set_key (another_signer.key ());
 150         BOOST_CHECK (!signer.valid ());
 151 }