Home Explore Help
Register Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

Add CSR test with Extension Request attribute

Juliusz Sosinowicz 3 years ago
parent
24b89928dc
commit
383df620bf
3 changed files with 42 additions and 3 deletions
Split View Show Diff Stats
  1. BIN
      certs/csr.ext.der
  2. 2 1
      certs/include.am
  3. 40 2
      tests/api.c

BIN
certs/csr.ext.der
View File


+ 2 - 1
certs/include.am
View File 

@@ -55,7 +55,8 @@ EXTRA_DIST += \
 
 	     certs/client-cert-ext.pem \
 
 	     certs/csr.attr.der \
 
 	     certs/csr.dsa.pem \
 
-	     certs/csr.signed.der
 
+	     certs/csr.signed.der \
 
+	     certs/csr.ext.der
 
 
 EXTRA_DIST += \
 
 	     certs/ca-key.der \

+ 40 - 2
tests/api.c
View File 

@@ -38183,11 +38183,13 @@ static void test_wolfSSL_X509_CRL(void)
 
 static void test_wolfSSL_d2i_X509_REQ(void)
 
 {
 
 #if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
 
-    /* ./certs/csr.signed.der and ./certs/csr.attr.der were
 
+    /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
 
      * generated by libest
 
-     * ./certs/csr.attr.der contains sample attributes */
 
+     * ./certs/csr.attr.der contains sample attributes
 
+     * ./certs/csr.ext.der contains sample extensions */
 
     const char* csrFile = "./certs/csr.signed.der";
 
     const char* csrPopFile = "./certs/csr.attr.der";
 
+    const char* csrExtFile = "./certs/csr.ext.der";
 
     /* ./certs/csr.dsa.pem is generated using
 
      * openssl req -newkey dsa:certs/dsaparams.pem \
 
      *     -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
 
@@ -38249,6 +38251,42 @@ static void test_wolfSSL_d2i_X509_REQ(void)
 
         AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
 
 #endif
 
 
+        X509_free(req);
 
+        BIO_free(bio);
 
+        EVP_PKEY_free(pub_key);
 
+    }
 
+    {
 
+#ifdef OPENSSL_ALL
 
+        X509_ATTRIBUTE* attr;
 
+        ASN1_TYPE *at;
 
+#endif
 
+        AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
 
+        /* This CSR contains an Extension Request attribute so
 
+         * we test extension parsing in a CSR attribute here. */
 
+        AssertNotNull(d2i_X509_REQ_bio(bio, &req));
 
+
 
+        /*
 
+         * Extract the public key from the CSR
 
+         */
 
+        AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
 
+
 
+        /*
 
+         * Verify the signature in the CSR
 
+         */
 
+        AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
 
+
 
+#ifdef OPENSSL_ALL
 
+        /*
 
+         * Obtain the challenge password from the CSR
 
+         */
 
+        AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
 
+                NID_pkcs9_challengePassword);
 
+        AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
 
+        AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
 
+        AssertNotNull(at->value.asn1_string);
 
+        AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
 
+#endif
 
+
 
         X509_free(req);
 
         BIO_free(bio);
 
         EVP_PKEY_free(pub_key);