pike.git
/
lib
/
modules
/
Standards.pmod
/
testsuite.in
version
»
Context lines:
10
20
40
80
file
none
3
pike.git/lib/modules/Standards.pmod/testsuite.in:345:
test_any([[ Crypto.RSA root_rsa = Crypto.RSA(); root_rsa->generate_key(512); string root = Standards.X509.make_root_certificate(root_rsa, 3600, ([ "commonName":"*" ])); object rtbs = Standards.X509.decode_certificate(root); Crypto.RSA cert_rsa = Crypto.RSA(); cert_rsa->generate_key(512); string c = Standards.X509.make_site_certificate(rtbs, root_rsa, cert_rsa, 3600, ([ "commonName":"*" ]));
-
mapping m = Standards.X509.verify_certificate_chain( ({ c }),
([
rtbs
->
subject
->
get
_
der(
) :
rtbs
->
public
_
key
]), 1);
-
return
m->verified;
+
mapping
auths = ([ rtbs->subject->get_der() : rtbs->public_key ]);
+
+
mapping
m = Standards.X509.verify_certificate_chain( ({ c }),
auths, 1);
+
if
(
!m
->
verified || m
->
error
_
code
)
return m;
+
+
c = Standards.X509.make_selfsigned_certificate(cert_rsa, 3600, ([ "commonName"
:
"*"
]));
+
m = Standards.X509.verify_certificate_chain( ({ c }), auths, 1);
+
if(m
->
verified || m->error
_
code!=Standards.X509.CERT_BAD_SIGNATURE)
return m;
+
+
c = Standards.X509.make_site_certificate(rtbs, root_rsa, cert_rsa, -3600, ([ "commonName":"*"
])
);
+
m = Standards.X509.verify_certificate_chain( ({ c })
,
auths,
1);
+
if(!m->verified
||
m->
error_code!=Standards.X509.CERT_TOO_OLD) return m
;
+
+
return 1;
]], 1)
-
+
test_true(mappingp(Standards.X509.load_authorities()))
+
define(test_cert, ([[ test_true(Standards.X509.verify_certificate(Standards.PEM.Messages(#"$1")->parts->CERTIFICATE->body, ([]))) ]])) dnl openssl req -x509 -nodes -days 365 -subj "/CN=PikeCert" -md5 -newkey rsa:2048 -out certfile.cer test_cert(-----BEGIN CERTIFICATE----- MIIC+TCCAeGgAwIBAgIJAK9S+nXAkU+DMA0GCSqGSIb3DQEBBAUAMBMxETAPBgNV BAMMCFBpa2VDZXJ0MB4XDTEzMTEyMTIxMjM1MFoXDTE0MTEyMTIxMjM1MFowEzER MA8GA1UEAwwIUGlrZUNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDacxSu60OEhmtfBd+p9oaQ+4w13Cwp70dwRrjPb/y33sFWKN3YZ+rq/8aNXPUO