* https://www.openssl.org/source/license.html
*/
-#include "cmp_testlib.h"
-
-DEFINE_STACK_OF(X509)
+#include "helpers/cmp_testlib.h"
static const char *ir_protected_f;
static const char *ir_unprotected_f;
int expected;
} CMP_PROTECT_TEST_FIXTURE;
+static OSSL_LIB_CTX *libctx = NULL;
+static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
+
static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
{
OSSL_CMP_CTX_free(fixture->cmp_ctx);
if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
return NULL;
fixture->test_case_name = test_case_name;
- if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL))) {
+ if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) {
tear_down(fixture);
return NULL;
}
{
int ret = 0;
OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
+ X509_STORE *store;
STACK_OF(X509) *chain =
- ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq,
+ ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL,
fixture->certs, fixture->cert);
if (TEST_ptr(chain)) {
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
sk_X509_pop_free(chain, X509_free);
}
+ if (!ret)
+ return 0;
+
+ if (TEST_ptr(store = X509_STORE_new())
+ && TEST_true(X509_STORE_add_cert(store, root))) {
+ X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store),
+ X509_V_FLAG_NO_CHECK_TIME);
+ chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq,
+ store, fixture->certs, fixture->cert);
+ ret = TEST_int_eq(fixture->expected, chain != NULL);
+ if (ret && chain != NULL) {
+ /* Check whether chain built is equal to the expected one */
+ ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
+ sk_X509_pop_free(chain, X509_free);
+ }
+ }
+ X509_STORE_free(store);
return ret;
}
static int test_cmp_build_cert_chain(void)
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
+ fixture->expected = 1;
fixture->cert = endentity2;
if (!TEST_ptr(fixture->certs = sk_X509_new_null())
|| !TEST_ptr(fixture->chain = sk_X509_new_null())
static int test_cmp_build_cert_chain_missing_intermediate(void)
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
+ fixture->expected = 0;
fixture->cert = endentity2;
if (!TEST_ptr(fixture->certs = sk_X509_new_null())
|| !TEST_ptr(fixture->chain = sk_X509_new_null())
return result;
}
-static int test_cmp_build_cert_chain_missing_root(void)
+static int test_cmp_build_cert_chain_no_root(void)
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
+ fixture->expected = 1;
fixture->cert = endentity2;
if (!TEST_ptr(fixture->certs = sk_X509_new_null())
|| !TEST_ptr(fixture->chain = sk_X509_new_null())
static int test_cmp_build_cert_chain_no_certs(void)
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
+ fixture->expected = 0;
fixture->cert = endentity2;
if (!TEST_ptr(fixture->certs = sk_X509_new_null())
|| !TEST_ptr(fixture->chain = sk_X509_new_null())
X509_free(intermediate);
OSSL_CMP_MSG_free(ir_protected);
OSSL_CMP_MSG_free(ir_unprotected);
-
+ OSSL_LIB_CTX_free(libctx);
}
+#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \
+ "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \
+ "Intermediate_CA.crt module_name [module_conf_file]\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
int setup_tests(void)
{
char *server_f;
|| !TEST_ptr(endentity2_f = test_get_argument(7))
|| !TEST_ptr(root_f = test_get_argument(8))
|| !TEST_ptr(intermediate_f = test_get_argument(9))) {
- TEST_error("usage: cmp_protect_test server.pem "
- "IR_protected.der IR_unprotected.der IP_PBM.der "
- "server.crt server.pem"
- "EndEntity1.crt EndEntity2.crt "
- "Root_CA.crt Intermediate_CA.crt\n");
+ TEST_error("usage: cmp_protect_test %s", USAGE);
return 0;
}
- if (!TEST_ptr(loadedkey = load_pem_key(server_key_f))
- || !TEST_ptr(cert = load_pem_cert(server_cert_f, NULL)))
+
+ if (!test_get_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
+ return 0;
+
+ if (!TEST_ptr(loadedkey = load_pem_key(server_key_f, libctx))
+ || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx)))
return 0;
- if (!TEST_ptr(loadedprivkey = load_pem_key(server_f)))
+ if (!TEST_ptr(loadedprivkey = load_pem_key(server_f, libctx)))
return 0;
if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
loadedpubkey = loadedprivkey;
if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f))
|| !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)))
return 0;
- if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, NULL))
- || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, NULL))
- || !TEST_ptr(root = load_pem_cert(root_f, NULL))
- || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, NULL)))
+ if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx))
+ || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx))
+ || !TEST_ptr(root = load_pem_cert(root_f, libctx))
+ || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx)))
return 0;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
return 0;
#ifndef OPENSSL_NO_EC
ADD_TEST(test_cmp_build_cert_chain);
- ADD_TEST(test_cmp_build_cert_chain_missing_root);
+ ADD_TEST(test_cmp_build_cert_chain_no_root);
ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
ADD_TEST(test_cmp_build_cert_chain_no_certs);
#endif