diff options
Diffstat (limited to '')
| -rwxr-xr-x | tests/cert-tests/pem-decoding.sh | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/tests/cert-tests/pem-decoding.sh b/tests/cert-tests/pem-decoding.sh new file mode 100755 index 0000000..dc9380c --- /dev/null +++ b/tests/cert-tests/pem-decoding.sh @@ -0,0 +1,223 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +. "${srcdir}/../scripts/common.sh" + +TMPFILE=tmp-$$.pem.tmp +TMPFILE1=tmp1-$$.pem.tmp +TMPFILE2=tmp2-$$.pem.tmp + +#check whether "funny" spaces can be interpreted +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/funny-spacing.pem" >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Funny-spacing cert decoding failed 1" + exit ${rc} +fi + +#check whether a BMPString attribute can be properly decoded +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/bmpstring.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "BMPString cert decoding failed 1" + exit ${rc} +fi + +check_if_equal "${srcdir}/data/bmpstring.pem" ${TMPFILE} "Algorithm Security Level" +rc=$? + +if test "${rc}" != "0"; then + echo "BMPString cert decoding failed 2" + exit ${rc} +fi + +#check whether complex-cert is decoded as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/complex-cert.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "Complex cert decoding failed 1" + exit ${rc} +fi + +check_if_equal "${srcdir}/data/complex-cert.pem" ${TMPFILE} "Not After:|Algorithm Security Level" +rc=$? + +if test "${rc}" != "0"; then + echo "Complex cert decoding failed 2" + exit ${rc} +fi + +#check whether the cert with many othernames is decoded as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/xmpp-othername.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "XMPP cert decoding failed 1" + exit ${rc} +fi + +check_if_equal "${srcdir}/data/xmpp-othername.pem" ${TMPFILE} "^warning|Not After:|Algorithm Security Level" +rc=$? + +if test "${rc}" != "0"; then + echo "XMPP cert decoding failed 2" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/template-krb5name.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "XMPP cert decoding failed 1" + exit ${rc} +fi + +grep "KRB5Principal:" ${TMPFILE} >${TMPFILE1} +grep "KRB5Principal:" "${srcdir}/data/template-krb5name-full.pem" >${TMPFILE2} +check_if_equal ${TMPFILE1} ${TMPFILE2} +rc=$? + +if test "${rc}" != "0"; then + echo "KRB5 principalname cert decoding failed 1" + exit ${rc} +fi + + +#check whether the cert with GOST parameters is decoded as expected +if test "${ENABLE_GOST}" = "1"; then + GOSTCERT="${srcdir}/data/gost-cert.pem" +else + GOSTCERT="${srcdir}/data/gost-cert-nogost.pem" +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${GOSTCERT}" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "GOST cert decoding failed 1" + exit ${rc} +fi + +check_if_equal ${TMPFILE} "${GOSTCERT}" +rc=$? + +if test "${rc}" != "0"; then + echo "GOST cert decoding failed 2" + exit ${rc} +fi + +#check whether the cert with GOST 31.10/11-94 parameters is decoded as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/gost94-cert.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "GOST94 cert decoding failed 1" + exit ${rc} +fi + +check_if_equal ${TMPFILE} "${srcdir}/data/gost94-cert.pem" "Algorithm Security Level" +rc=$? + +if test "${rc}" != "0"; then + echo "GOST94 cert decoding failed 2" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/multi-value-dn.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "MV-DN cert decoding failed 1" + exit ${rc} +fi + +# Needed for FIPS140 mode +check_if_equal "${srcdir}/data/multi-value-dn.pem" ${TMPFILE} "Algorithm Security Level:" +rc=$? + +if test "${rc}" != "0"; then + echo "MV-DN cert decoding failed 2" + exit ${rc} +fi + +#check if --no-text works as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/cert-ecc256.pem" --no-text --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text -k --certificate-info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text -k --certificate-info failed 2" + exit 1 +fi + +#check if --no-text works as expected +${VALGRIND} "${CERTTOOL}" --certificate-pubkey --infile "${srcdir}/data/cert-ecc256.pem" --no-text --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text cert pubkey failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text cert pubkey failed 2" + exit 1 +fi + +#check if --no-text works as expected +${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/cert-ecc256.pem" --no-text --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text pubkey info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text pubkey info failed 2" + exit 1 +fi + +rm -f ${TMPFILE} ${TMPFILE1} ${TMPFILE2} + +exit 0 |