pike.git
/
lib
/
modules
/
Standards.pmod
/
testsuite.in
version
»
Context lines:
10
20
40
80
file
none
3
pike.git/lib/modules/Standards.pmod/testsuite.in:381:
if( !Standards.X509.verify_certificate(s, ([])) ) return h; } return 1; ]], 1) ]]) test_any([[ Crypto.RSA root_rsa = Crypto.RSA(); root_rsa->generate_key(512);
-
string root = Standards.X509.make_root_certificate(root_rsa, 3600, ([ "commonName":"
*
" ]));
+
string root = Standards.X509.make_root_certificate(root_rsa, 3600, ([ "commonName":"
DaRoot
" ]));
object rtbs = Standards.X509.decode_certificate(root); Crypto.RSA cert_rsa = Crypto.RSA(); cert_rsa->generate_key(512); string c = Standards.X509.make_site_certificate(rtbs, root_rsa, cert_rsa, 3600, ([ "commonName":"*" ])); mapping auths = ([ rtbs->subject->get_der() : rtbs->public_key ]); mapping m = Standards.X509.verify_certificate_chain( ({ c }), auths, 1);
-
if(!m->verified || m->error_code) return
m
;
+
if(!m->verified || m->error_code
|| m->self_signed
)
+
return
m+(["line":__LINE__])
;
c = Standards.X509.make_selfsigned_certificate(cert_rsa, 3600, ([ "commonName":"*" ])); m = Standards.X509.verify_certificate_chain( ({ c }), auths, 1);
-
if(m->verified || m->error_code!=Standards.X509.CERT_
BAD
_
SIGNATURE
) return
m
;
+
if(
!
m->verified || m->error_code!=Standards.X509.CERT_
ROOT
_
UNTRUSTED
)
+
return
m+(["line":__LINE__])
;
c = Standards.X509.make_site_certificate(rtbs, root_rsa, cert_rsa, -3600, ([ "commonName":"*" ])); m = Standards.X509.verify_certificate_chain( ({ c }), auths, 1);
-
if(!m->verified || m->error_code!=Standards.X509.CERT_TOO_OLD) return
m
;
+
if(!m->verified || m->error_code!=Standards.X509.CERT_TOO_OLD)
+
return
m+(["line":__LINE__])
;
-
+
{
+
object dn = Standards.PKCS.Certificate.build_distinguished_name(
+
([ "commonName" : "*" ]) );
+
object val = Standards.ASN1.Types.Sequence( ({
+
Standards.ASN1.Types.UTC()->set_posix( time()+1000 ),
+
Standards.ASN1.Types.UTC()->set_posix( time()+2000 ),
+
}) );
+
object tbs = Standards.X509.make_tbs(rtbs->subject,
+
cert_rsa->pkcs_signature_algorithm_id(Crypto.SHA256),
+
dn, cert_rsa->pkcs_public_key(),
+
Standards.ASN1.Types.Integer(1), val, 0);
+
c = Standards.X509.sign_tbs(tbs, root_rsa, Crypto.SHA256)->get_der();
+
}
+
m = Standards.X509.verify_certificate_chain( ({ c }), auths, 1);
+
if(!m->verified || m->error_code!=Standards.X509.CERT_TOO_NEW)
+
return m+(["line":__LINE__]);
+
return 1; ]], 1) test_true(mappingp(Standards.X509.load_authorities())) define(test_cert, ([[ test_true(Standards.X509.verify_certificate(Standards.PEM.Messages(#"$1")->parts->CERTIFICATE->body, ([]))) ]])) dnl openssl req -x509 -nodes -days 365 -subj "/CN=PikeCert" -md5 -newkey rsa:2048 -out certfile.cer