ocspapitest.c 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. /*
  2. * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include <openssl/opensslconf.h>
  11. #include <openssl/crypto.h>
  12. #include <openssl/ocsp.h>
  13. #include <openssl/x509.h>
  14. #include <openssl/asn1.h>
  15. #include <openssl/pem.h>
  16. #include "testutil.h"
  17. static const char *certstr;
  18. static const char *privkeystr;
  19. #ifndef OPENSSL_NO_OCSP
  20. static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out)
  21. {
  22. BIO *certbio, *keybio;
  23. X509 *cert = NULL;
  24. EVP_PKEY *key = NULL;
  25. if (!TEST_ptr(certbio = BIO_new_file(certstr, "r")))
  26. return 0;
  27. cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
  28. BIO_free(certbio);
  29. if (!TEST_ptr(keybio = BIO_new_file(privkeystr, "r")))
  30. goto end;
  31. key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
  32. BIO_free(keybio);
  33. if (!TEST_ptr(cert) || !TEST_ptr(key))
  34. goto end;
  35. *cert_out = cert;
  36. *key_out = key;
  37. return 1;
  38. end:
  39. X509_free(cert);
  40. EVP_PKEY_free(key);
  41. return 0;
  42. }
  43. static OCSP_BASICRESP *make_dummy_resp(void)
  44. {
  45. const unsigned char namestr[] = "openssl.example.com";
  46. unsigned char keybytes[128] = {7};
  47. OCSP_BASICRESP *bs = OCSP_BASICRESP_new();
  48. OCSP_BASICRESP *bs_out = NULL;
  49. OCSP_CERTID *cid = NULL;
  50. ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL));
  51. ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200);
  52. X509_NAME *name = X509_NAME_new();
  53. ASN1_BIT_STRING *key = ASN1_BIT_STRING_new();
  54. ASN1_INTEGER *serial = ASN1_INTEGER_new();
  55. if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC,
  56. namestr, -1, -1, 1)
  57. || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))
  58. || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1))
  59. goto err;
  60. cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);
  61. if (!TEST_ptr(bs)
  62. || !TEST_ptr(thisupd)
  63. || !TEST_ptr(nextupd)
  64. || !TEST_ptr(cid)
  65. || !TEST_true(OCSP_basic_add1_status(bs, cid,
  66. V_OCSP_CERTSTATUS_UNKNOWN,
  67. 0, NULL, thisupd, nextupd)))
  68. goto err;
  69. bs_out = bs;
  70. bs = NULL;
  71. err:
  72. ASN1_TIME_free(thisupd);
  73. ASN1_TIME_free(nextupd);
  74. ASN1_BIT_STRING_free(key);
  75. ASN1_INTEGER_free(serial);
  76. OCSP_CERTID_free(cid);
  77. OCSP_BASICRESP_free(bs);
  78. X509_NAME_free(name);
  79. return bs_out;
  80. }
  81. static int test_resp_signer(void)
  82. {
  83. OCSP_BASICRESP *bs = NULL;
  84. X509 *signer = NULL, *tmp;
  85. EVP_PKEY *key = NULL;
  86. STACK_OF(X509) *extra_certs = NULL;
  87. int ret = 0;
  88. /*
  89. * Test a response with no certs at all; get the signer from the
  90. * extra certs given to OCSP_resp_get0_signer().
  91. */
  92. bs = make_dummy_resp();
  93. extra_certs = sk_X509_new_null();
  94. if (!TEST_ptr(bs)
  95. || !TEST_ptr(extra_certs)
  96. || !TEST_true(get_cert_and_key(&signer, &key))
  97. || !TEST_true(sk_X509_push(extra_certs, signer))
  98. || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
  99. NULL, OCSP_NOCERTS)))
  100. goto err;
  101. if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs))
  102. || !TEST_int_eq(X509_cmp(tmp, signer), 0))
  103. goto err;
  104. OCSP_BASICRESP_free(bs);
  105. /* Do it again but include the signer cert */
  106. bs = make_dummy_resp();
  107. tmp = NULL;
  108. if (!TEST_ptr(bs)
  109. || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
  110. NULL, 0)))
  111. goto err;
  112. if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL))
  113. || !TEST_int_eq(X509_cmp(tmp, signer), 0))
  114. goto err;
  115. ret = 1;
  116. err:
  117. OCSP_BASICRESP_free(bs);
  118. sk_X509_free(extra_certs);
  119. X509_free(signer);
  120. EVP_PKEY_free(key);
  121. return ret;
  122. }
  123. #endif
  124. int setup_tests(void)
  125. {
  126. if (!TEST_ptr(certstr = test_get_argument(0))
  127. || !TEST_ptr(privkeystr = test_get_argument(1)))
  128. return 0;
  129. #ifndef OPENSSL_NO_OCSP
  130. ADD_TEST(test_resp_signer);
  131. #endif
  132. return 1;
  133. }