Adding upstream version 3.7.9.upstream/3.7.9upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 138 insertions, 0 deletions

diff --git a/tests/p11-kit-trust.sh b/tests/p11-kit-trust.sh
new file mode 100755
index 0000000..b47004a
--- /dev/null
+++ b/tests/p11-kit-trust.sh
@@ -0,0 +1,138 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of p11-kit.
+#
+# p11-kit is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# p11-kit is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+: ${srcdir=.}
+: ${P11TOOL=../src/p11tool${EXEEXT}}
+: ${CERTTOOL=../src/certtool${EXEEXT}}
+: ${DIFF=diff}
+
+EXPORTED_FILE=out.$$.tmp
+DER_FILE=out-der.$$.tmp
+TMPFILE=out-tmp.$$.tmp
+
+for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/;do
+	if test -f "${lib}/p11-kit-trust.so"; then
+		MODULE="${lib}/p11-kit-trust.so"
+		echo "located ${MODULE}"
+		break
+	fi
+done
+
+if ! test -x "${P11TOOL}"; then
+	echo "p11tool was not found"
+	exit 77
+fi
+
+if ! test -f "${MODULE}"; then
+	echo "p11-kit trust module was not found"
+	exit 77
+fi
+
+TRUST_PATH="${srcdir}/p11-kit-trust-data/"
+CACERT=${TRUST_PATH}/Example_Root_CA.pem
+
+# Test whether a CA extracted from a trust store can retrieve stapled
+# extensions.
+
+OPTS="--provider ${MODULE} --provider-opts trusted,p11-kit:paths=\"${TRUST_PATH}\""
+
+# Informational
+${P11TOOL} --list-all-certs ${OPTS} 'pkcs11:'
+
+
+####
+# Test 1: Extract the CA certificate from store
+
+${P11TOOL} --export 'pkcs11:object=Example%20CA' ${OPTS} --outder --outfile ${EXPORTED_FILE}
+if test "$?" != "0"; then
+	echo "Exporting failed (1)"
+	exit 1
+fi
+
+${CERTTOOL} -i --infile ${CACERT} --outder --outfile ${DER_FILE}
+if test "$?" != "0"; then
+	echo "Exporting failed (2)"
+	exit 1
+fi
+
+${DIFF} ${EXPORTED_FILE} ${DER_FILE}
+if test "$?" != "0"; then
+	echo "Files ${EXPORTED_FILE} and ${DER_FILE} are not identical"
+	exit 1
+fi
+
+rm -f ${EXPORTED_FILE} ${DER_FILE} ${TMPFILE}
+
+echo "Root CA retrieval test passed..."
+
+####
+# Test 2: Extract the certificate from store with the stapled data
+
+${P11TOOL} --export-stapled 'pkcs11:object=Example%20CA' ${OPTS} --outder --outfile ${EXPORTED_FILE}
+if test "$?" != "0"; then
+	echo "Exporting failed (3)"
+	exit 1
+fi
+
+${CERTTOOL} -i --infile ${CACERT} --outder --outfile ${DER_FILE}
+if test "$?" != "0"; then
+	echo "Exporting failed (4)"
+	exit 1
+fi
+
+${DIFF} ${EXPORTED_FILE} ${DER_FILE}
+if test "$?" = "0"; then
+	echo "Files are identical; no extensions were stapled"
+	exit 1
+fi
+
+${CERTTOOL} -i --inder --infile ${EXPORTED_FILE} --outfile ${TMPFILE}
+if test "$?" != "0"; then
+	echo "PEM converting failed"
+	exit 1
+fi
+
+grep -i "Name Constraints" ${TMPFILE}
+if test "$?" != "0"; then
+	cat ${TMPFILE}
+	echo "No name constraints found (1)"
+	exit 1
+fi
+
+grep -i "Permitted" ${TMPFILE}
+if test "$?" != "0"; then
+	cat ${TMPFILE}
+	echo "No name constraints found (2)"
+	exit 1
+fi
+
+grep -i "DNSname: example.com" ${TMPFILE}
+if test "$?" != "0"; then
+	cat ${TMPFILE}
+	echo "No name constraints found (3)"
+	exit 1
+fi
+
+echo "Root CA with stapled extensions retrieval test passed..."
+
+rm -f ${EXPORTED_FILE} ${DER_FILE} ${TMPFILE}
+exit 0