1 files changed, 99 insertions, 0 deletions

diff --git a/guile/tests/x509-certificates.scm b/guile/tests/x509-certificates.scm
new file mode 100644
index 0000000..874c8ac
--- /dev/null
+++ b/guile/tests/x509-certificates.scm
@@ -0,0 +1,99 @@
+;;; GnuTLS --- Guile bindings for GnuTLS.
+;;; Copyright (C) 2007-2012, 2021 Free Software Foundation, Inc.
+;;;
+;;; GnuTLS is free software; you can redistribute it and/or
+;;; modify it under the terms of the GNU Lesser General Public
+;;; License as published by the Free Software Foundation; either
+;;; version 2.1 of the License, or (at your option) any later version.
+;;;
+;;; GnuTLS is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+;;; Lesser General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Lesser General Public
+;;; License along with GnuTLS; if not, write to the Free Software
+;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+;;; Written by Ludovic Courtès <ludo@chbouib.org>.
+
+
+;;;
+;;; Exercise the X.509 certificate API.
+;;;
+
+(use-modules (gnutls)
+             (gnutls build tests)
+             (srfi srfi-4)
+             (srfi srfi-11)
+             (ice-9 format))
+
+(define %certificate-file
+  (search-path %load-path "x509-certificate.pem"))
+
+(define %private-key-file
+  (search-path %load-path "x509-key.pem"))
+
+(define %first-oid
+  ;; The certificate's first OID.
+  "2.5.4.6")
+
+(define %signature-algorithm
+  ;; The certificate's signature algorithm.
+  sign-algorithm/rsa-sha1)
+
+(define %sha1-fingerprint
+  ;; The certificate's SHA-1 fingerprint.
+  "7c55df47de718869d55998ee1e9301331ccd0601")
+
+(define %sha256-fingerprint
+  ;; The certificate's SHA-256 fingerprint.
+  "0db40a5ee20169d25f090e4d165d87266b1a04722cddec4da36692c81c3096f6")
+
+
+(define (file-size file)
+  (stat:size (stat file)))
+
+(define (u8vector->hex-string u8vector)
+  (string-join (map (lambda (u8) (format #f "~2,'0x" u8))
+                    (u8vector->list u8vector))
+               ""))
+
+
+(run-test
+    (lambda ()
+      (let ((raw-certificate (make-u8vector (file-size %certificate-file)))
+            (raw-privkey     (make-u8vector (file-size %private-key-file))))
+
+        (uniform-vector-read! raw-certificate
+                              (open-input-file %certificate-file))
+        (uniform-vector-read! raw-privkey
+                              (open-input-file %private-key-file))
+
+        (let ((cert (import-x509-certificate raw-certificate
+                                             x509-certificate-format/pem))
+              (sec  (import-x509-private-key raw-privkey
+                                             x509-certificate-format/pem)))
+
+          (and (x509-certificate? cert)
+               (x509-private-key? sec)
+               (string? (x509-certificate-dn cert))
+               (string? (x509-certificate-issuer-dn cert))
+               (string=? (x509-certificate-dn-oid cert 0) %first-oid)
+               (eq? (x509-certificate-signature-algorithm cert)
+                    %signature-algorithm)
+               (x509-certificate-matches-hostname? cert "localhost")
+               (let-values (((type name)
+                             (x509-certificate-subject-alternative-name
+                              cert 0)))
+                 (and (string? name)
+                      (string?
+                       (x509-subject-alternative-name->string type))))
+               (equal? (u8vector->hex-string
+                        (x509-certificate-fingerprint cert digest/sha1))
+                       %sha1-fingerprint)
+               (equal? (u8vector->hex-string
+                        (x509-certificate-fingerprint cert digest/sha256))
+                       %sha256-fingerprint))))))
+
+;;; arch-tag: eef09b52-30e8-472a-8b93-cb636434f6eb