|
|
|
|
/* Copyright (c) 2016, Google Inc.
|
|
|
|
|
*
|
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
|
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
|
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
|
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
|
|
|
|
|
|
#include <algorithm>
|
|
|
|
|
#include <functional>
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
|
|
#include <gtest/gtest.h>
|
|
|
|
|
|
|
|
|
|
#include <openssl/asn1.h>
|
|
|
|
|
#include <openssl/bio.h>
|
|
|
|
|
#include <openssl/bytestring.h>
|
|
|
|
|
#include <openssl/crypto.h>
|
|
|
|
|
#include <openssl/curve25519.h>
|
|
|
|
|
#include <openssl/digest.h>
|
|
|
|
|
#include <openssl/err.h>
|
|
|
|
|
#include <openssl/nid.h>
|
|
|
|
|
#include <openssl/pem.h>
|
|
|
|
|
#include <openssl/pool.h>
|
|
|
|
|
#include <openssl/x509.h>
|
|
|
|
|
#include <openssl/x509v3.h>
|
|
|
|
|
|
|
|
|
|
#include "internal.h"
|
|
|
|
|
#include "../internal.h"
|
|
|
|
|
#include "../test/test_util.h"
|
|
|
|
|
#include "../x509v3/internal.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
std::string GetTestData(const char *path);
|
|
|
|
|
|
|
|
|
|
static const char kCrossSigningRootPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
|
|
|
|
|
ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
|
|
|
|
|
dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE
|
|
|
|
|
ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
|
|
|
|
|
dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp
|
|
|
|
|
ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5
|
|
|
|
|
EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP
|
|
|
|
|
RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud
|
|
|
|
|
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud
|
|
|
|
|
DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF
|
|
|
|
|
lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC
|
|
|
|
|
CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr
|
|
|
|
|
+3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3
|
|
|
|
|
YFXvkME=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kRootCAPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE
|
|
|
|
|
ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx
|
|
|
|
|
MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU
|
|
|
|
|
RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
|
|
|
|
|
iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM
|
|
|
|
|
2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ
|
|
|
|
|
w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO
|
|
|
|
|
BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G
|
|
|
|
|
A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j
|
|
|
|
|
BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za
|
|
|
|
|
kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN
|
|
|
|
|
+9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2
|
|
|
|
|
kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kRootCrossSignedPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
|
|
|
|
|
ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
|
|
|
|
|
dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE
|
|
|
|
|
ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI
|
|
|
|
|
hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU
|
|
|
|
|
8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE
|
|
|
|
|
bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb
|
|
|
|
|
SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD
|
|
|
|
|
AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc
|
|
|
|
|
flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB
|
|
|
|
|
CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q
|
|
|
|
|
9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU
|
|
|
|
|
90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kIntermediatePEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV
|
|
|
|
|
BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw
|
|
|
|
|
MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg
|
|
|
|
|
VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB
|
|
|
|
|
AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl
|
|
|
|
|
blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu
|
|
|
|
|
CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID
|
|
|
|
|
AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
|
|
|
|
|
AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy
|
|
|
|
|
BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB
|
|
|
|
|
gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY
|
|
|
|
|
ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB
|
|
|
|
|
aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kIntermediateSelfSignedPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
|
|
|
|
|
BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
|
|
|
|
|
IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv
|
|
|
|
|
cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ
|
|
|
|
|
KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX
|
|
|
|
|
jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS
|
|
|
|
|
JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N
|
|
|
|
|
WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF
|
|
|
|
|
BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2
|
|
|
|
|
211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
|
|
|
|
|
DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT
|
|
|
|
|
6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI
|
|
|
|
|
E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kLeafPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE
|
|
|
|
|
ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg
|
|
|
|
|
Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y
|
|
|
|
|
aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3
|
|
|
|
|
DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c
|
|
|
|
|
oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j
|
|
|
|
|
5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh
|
|
|
|
|
TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
|
|
|
|
|
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0
|
|
|
|
|
4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB
|
|
|
|
|
gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y
|
|
|
|
|
rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU
|
|
|
|
|
xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kLeafNoKeyUsagePEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
|
|
|
|
|
BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
|
|
|
|
|
IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv
|
|
|
|
|
cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G
|
|
|
|
|
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp
|
|
|
|
|
ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk
|
|
|
|
|
j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ
|
|
|
|
|
YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1
|
|
|
|
|
27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN
|
|
|
|
|
AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe
|
|
|
|
|
6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D
|
|
|
|
|
uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kForgeryPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE
|
|
|
|
|
ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w
|
|
|
|
|
IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv
|
|
|
|
|
cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf
|
|
|
|
|
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy
|
|
|
|
|
xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm
|
|
|
|
|
0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3
|
|
|
|
|
OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
|
|
|
|
|
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM
|
|
|
|
|
8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG
|
|
|
|
|
9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf
|
|
|
|
|
DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4
|
|
|
|
|
4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kExamplePSSCert is an example RSA-PSS self-signed certificate, signed with
|
|
|
|
|
// the default hash functions.
|
|
|
|
|
static const char kExamplePSSCert[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL
|
|
|
|
|
MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy
|
|
|
|
|
bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5
|
|
|
|
|
NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK
|
|
|
|
|
DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
|
|
|
|
|
MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8
|
|
|
|
|
0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3
|
|
|
|
|
13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO
|
|
|
|
|
MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ
|
|
|
|
|
QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC
|
|
|
|
|
AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w
|
|
|
|
|
xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN
|
|
|
|
|
Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters.
|
|
|
|
|
static const char kBadPSSCertPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
|
|
|
|
|
AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
|
|
|
|
|
VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
|
|
|
|
|
NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
|
|
|
|
|
ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
|
|
|
|
|
qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
|
|
|
|
|
IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
|
|
|
|
|
IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
|
|
|
|
|
dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
|
|
|
|
|
QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
|
|
|
|
|
5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
|
|
|
|
|
4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
|
|
|
|
|
Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
|
|
|
|
|
BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
|
|
|
|
|
xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
|
|
|
|
|
plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
|
|
|
|
|
DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
|
|
|
|
|
NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
|
|
|
|
|
lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kRSAKey[] = R"(
|
|
|
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
|
|
|
MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92
|
|
|
|
|
kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF
|
|
|
|
|
KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB
|
|
|
|
|
AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe
|
|
|
|
|
i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+
|
|
|
|
|
WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ
|
|
|
|
|
m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj
|
|
|
|
|
QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk
|
|
|
|
|
aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj
|
|
|
|
|
LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk
|
|
|
|
|
104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/
|
|
|
|
|
tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd
|
|
|
|
|
moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==
|
|
|
|
|
-----END RSA PRIVATE KEY-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kP256Key[] = R"(
|
|
|
|
|
-----BEGIN PRIVATE KEY-----
|
|
|
|
|
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ
|
|
|
|
|
TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N
|
|
|
|
|
Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB
|
|
|
|
|
-----END PRIVATE KEY-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kCRLTestRoot is a test root certificate. It has private key:
|
|
|
|
|
//
|
|
|
|
|
// -----BEGIN RSA PRIVATE KEY-----
|
|
|
|
|
// MIIEpAIBAAKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3BS/dUBpbrzd1aeFzN
|
|
|
|
|
// lI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+5R/Du0iCb1tCZIPY
|
|
|
|
|
// 07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWpuRqO6rctN9qUoMlT
|
|
|
|
|
// IAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n8H922qmvPNA9idmX
|
|
|
|
|
// 9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbLP2o9orxGx7aCtnnB
|
|
|
|
|
// ZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABAoIBAQCJF9MTHfHGkk+/
|
|
|
|
|
// DwCXlA0Wg0e6hBuHl10iNobYkMWIl/xXjOknhYiqOqb181py76472SVC5ERprC+r
|
|
|
|
|
// Lf0PXzqKuA117mnkwT2bYLCL9Skf8WEhoFLQNbVlloF6wYjqXcYgKYKh8HgQbZl4
|
|
|
|
|
// aLg2YQl2NADTNABsUWj/4H2WEelsODVviqfFs725lFg9KHDI8zxAZXLzDt/M9uVL
|
|
|
|
|
// GxJiX12tr0AwaeAFZ1oPM/y+LznM3N3+Ht3jHHw3jZ/u8Z1RdAmdpu3bZ6tbwGBr
|
|
|
|
|
// 9edsH5rKkm9aBvMrY7eX5VHqaqyRNFyG152ZOJh4XiiFG7EmgTPCpaHo50Y018Re
|
|
|
|
|
// grVtk+FBAoGBANY3lY+V8ZOwMxSHes+kTnoimHO5Ob7nxrOC71i27x+4HHsYUeAr
|
|
|
|
|
// /zOOghiDIn+oNkuiX5CIOWZKx159Bp65CPpCbTb/fh+HYnSgXFgCw7XptycO7LXM
|
|
|
|
|
// 5GwR5jSfpfzBFdYxjxoUzDMFBwTEYRTm0HkUHkH+s+ajjw5wqqbcGLcfAoGBAMM8
|
|
|
|
|
// DKW6Tb66xsf708f0jonAjKYTLZ+WOcwsBEWSFHoY8dUjvW5gqx5acHTEsc5ZTeh4
|
|
|
|
|
// BCFLa+Mn9cuJWVJNs09k7Xb2PNl92HQ4GN2vbdkJhExbkT6oLDHg1hVD0w8KLfz1
|
|
|
|
|
// lTAW6pS+6CdOHMEJpvqx89EgU/1GgIQ1fXYczE75AoGAKeJoXdDFkUjsU+FBhAPu
|
|
|
|
|
// TDcjc80Nm2QaF9NMFR5/lsYa236f06MGnQAKM9zADBHJu/Qdl1brUjLg1HrBppsr
|
|
|
|
|
// RDNkw1IlSOjhuUf5hkPUHGd8Jijm440SRIcjabqla8wdBupdvo2+d2NOQgJbsQiI
|
|
|
|
|
// ToQ+fkzcxAXK3Nnuo/1436UCgYBjLH7UNOZHS8OsVM0I1r8NVKVdu4JCfeJQR8/H
|
|
|
|
|
// s2P5ffBir+wLRMnH+nMDreMQiibcPxMCArkERAlE4jlgaJ38Z62E76KLbLTmnJRt
|
|
|
|
|
// EC9Bv+bXjvAiHvWMRMUbOj/ddPNVez7Uld+FvdBaHwDWQlvzHzBWfBCOKSEhh7Z6
|
|
|
|
|
// qDhUqQKBgQDPMDx2i5rfmQp3imV9xUcCkIRsyYQVf8Eo7NV07IdUy/otmksgn4Zt
|
|
|
|
|
// Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM
|
|
|
|
|
// vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ==
|
|
|
|
|
// -----END RSA PRIVATE KEY-----
|
|
|
|
|
static const char kCRLTestRoot[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV
|
|
|
|
|
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
|
|
|
|
|
aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0
|
|
|
|
|
MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
|
|
|
|
|
A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq
|
|
|
|
|
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B
|
|
|
|
|
S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+
|
|
|
|
|
5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp
|
|
|
|
|
uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n
|
|
|
|
|
8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL
|
|
|
|
|
P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw
|
|
|
|
|
TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3
|
|
|
|
|
N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
|
|
|
|
|
AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz
|
|
|
|
|
EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN
|
|
|
|
|
XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B
|
|
|
|
|
3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5
|
|
|
|
|
24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw
|
|
|
|
|
amd8GKMZQvP0ufGnUn7D7uartA==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kCRLTestLeaf[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx
|
|
|
|
|
EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ
|
|
|
|
|
BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa
|
|
|
|
|
MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC
|
|
|
|
|
b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA
|
|
|
|
|
A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9
|
|
|
|
|
8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP
|
|
|
|
|
ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx
|
|
|
|
|
e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX
|
|
|
|
|
+saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu
|
|
|
|
|
OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC
|
|
|
|
|
MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
|
|
|
|
|
MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3
|
|
|
|
|
lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw
|
|
|
|
|
XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ
|
|
|
|
|
ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh
|
|
|
|
|
lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql
|
|
|
|
|
ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC
|
|
|
|
|
5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG
|
|
|
|
|
tjJMFw==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kBasicCRL[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
|
|
|
|
|
Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
|
|
|
|
|
HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
|
|
|
|
|
ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
|
|
|
|
|
eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
|
|
|
|
|
dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
|
|
|
|
|
diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
|
|
|
|
|
/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kRevokedCRL[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
|
|
|
|
|
Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX
|
|
|
|
|
DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB
|
|
|
|
|
AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d
|
|
|
|
|
sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH
|
|
|
|
|
NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5
|
|
|
|
|
OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp
|
|
|
|
|
Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO
|
|
|
|
|
xzfKY2TzxLiOmctG0hXFkH5J
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kBadIssuerCRL[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN
|
|
|
|
|
Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC
|
|
|
|
|
AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF
|
|
|
|
|
AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP
|
|
|
|
|
t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB
|
|
|
|
|
cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL
|
|
|
|
|
TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q
|
|
|
|
|
L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g
|
|
|
|
|
Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kKnownCriticalCRL is kBasicCRL but with a critical issuing distribution point
|
|
|
|
|
// extension.
|
|
|
|
|
static const char kKnownCriticalCRL[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
|
|
|
|
|
Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV
|
|
|
|
|
HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq
|
|
|
|
|
3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs
|
|
|
|
|
kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs
|
|
|
|
|
fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN
|
|
|
|
|
xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h
|
|
|
|
|
6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP
|
|
|
|
|
9dMWxqhQlv23osLp
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
|
|
|
|
|
static const char kUnknownCriticalCRL[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
|
|
|
|
|
Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV
|
|
|
|
|
HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA
|
|
|
|
|
GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib
|
|
|
|
|
Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC
|
|
|
|
|
yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ
|
|
|
|
|
+wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC
|
|
|
|
|
nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB
|
|
|
|
|
kwzzU2rL3G65CrZ7H0SZsQ==
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
|
|
|
|
|
// point extension followed by an unknown critical extension
|
|
|
|
|
static const char kUnknownCriticalCRL2[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
|
|
|
|
|
Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV
|
|
|
|
|
HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G
|
|
|
|
|
CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO
|
|
|
|
|
myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq
|
|
|
|
|
5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4
|
|
|
|
|
tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN
|
|
|
|
|
KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne
|
|
|
|
|
YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing
|
|
|
|
|
// distribution point extension.
|
|
|
|
|
static const char kBadExtensionCRL[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
|
|
|
|
|
Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV
|
|
|
|
|
HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3
|
|
|
|
|
i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q
|
|
|
|
|
mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ
|
|
|
|
|
NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A
|
|
|
|
|
3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+
|
|
|
|
|
7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp
|
|
|
|
|
o/1TpfOMSGhMyMoyPrk=
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kAlgorithmMismatchCRL is kBasicCRL but with mismatched AlgorithmIdentifiers
|
|
|
|
|
// in the outer structure and signed portion. The signature reflects the signed
|
|
|
|
|
// portion.
|
|
|
|
|
static const char kAlgorithmMismatchCRL[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
|
|
|
|
|
Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
|
|
|
|
|
HRQEAwIBATANBgkqhkiG9w0BAQwFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
|
|
|
|
|
ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
|
|
|
|
|
eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
|
|
|
|
|
dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
|
|
|
|
|
diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
|
|
|
|
|
/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kAlgorithmMismatchCRL2 is kBasicCRL but with mismatched AlgorithmIdentifiers
|
|
|
|
|
// in the outer structure and signed portion. The signature reflects the outer
|
|
|
|
|
// structure.
|
|
|
|
|
static const char kAlgorithmMismatchCRL2[] = R"(
|
|
|
|
|
-----BEGIN X509 CRL-----
|
|
|
|
|
MIIBpzCBkAIBATANBgkqhkiG9w0BAQwFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
|
|
|
CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
|
|
|
|
|
Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
|
|
|
|
|
HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAjCWtU7AK8nQ5TCFfzvbU04MWNuLp
|
|
|
|
|
iZfqapRSRyMta4pyRomK773rEmJmYOc/ZNeIphVOlupMgGC2wyv5Z/SD1mxccJbv
|
|
|
|
|
SlUWciwjskjgvyyU9KnJ5xPgf3e3Fl3G0u9yJEFd4mg6fRavs5pEDX56b0f+SkG+
|
|
|
|
|
Vl1FZU94Uylm2kCqk9fRpTxualPGP6dksj3Aitt4x2Vdni4sUfg9vIEEOx2jnisq
|
|
|
|
|
iLqpT94IdETCWAciE0dgbogdOOsNzMqSASfHM/XPigYLXpYgfaR8fca6OKDwFsVH
|
|
|
|
|
SrkFz8Se3F6mCHnbDzYElbmA46iKU2J12LTrso3Ewq/qHq0mebfp2z0y6g==
|
|
|
|
|
-----END X509 CRL-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kEd25519Cert is a self-signed Ed25519 certificate.
|
|
|
|
|
static const char kEd25519Cert[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET
|
|
|
|
|
MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
|
|
|
|
|
dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE
|
|
|
|
|
BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
|
|
|
|
|
ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj
|
|
|
|
|
Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD
|
|
|
|
|
VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr
|
|
|
|
|
ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL
|
|
|
|
|
r+VHVKUhsrvcdCelnXRrrSD7xWAL
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in
|
|
|
|
|
// the signature algorithm.
|
|
|
|
|
static const char kEd25519CertNull[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV
|
|
|
|
|
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
|
|
|
|
|
IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD
|
|
|
|
|
VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg
|
|
|
|
|
V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa
|
|
|
|
|
piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf
|
|
|
|
|
BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG
|
|
|
|
|
AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr
|
|
|
|
|
recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kX25519 is the example X25519 certificate from
|
|
|
|
|
// https://tools.ietf.org/html/rfc8410#section-10.2
|
|
|
|
|
static const char kX25519Cert[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
|
|
|
|
|
N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
|
|
|
|
|
DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
|
|
|
|
|
ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
|
|
|
|
|
BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
|
|
|
|
|
/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
|
|
|
|
|
w1AH9efZBw==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
|
|
|
|
|
// contains SANS for example.com, test@example.com, 127.0.0.1, and
|
|
|
|
|
// https://example.com/. (The latter is useless for now since crypto/x509
|
|
|
|
|
// doesn't deal with URI SANs directly.)
|
|
|
|
|
static const char kSANTypesLeaf[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV
|
|
|
|
|
BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw
|
|
|
|
|
MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx
|
|
|
|
|
FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
|
|
|
|
gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9
|
|
|
|
|
KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc
|
|
|
|
|
O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G
|
|
|
|
|
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
|
|
|
|
|
VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS
|
|
|
|
|
gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0
|
|
|
|
|
QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG
|
|
|
|
|
9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf
|
|
|
|
|
dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk
|
|
|
|
|
jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// -----BEGIN RSA PRIVATE KEY-----
|
|
|
|
|
// MIICWwIBAAKBgQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+
|
|
|
|
|
// l3mYQPtPbRT9KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB
|
|
|
|
|
// 1NkrKyQjd1scO711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQAB
|
|
|
|
|
// AoGACwf7z0i1DxOI2zSwFimLghfyCSp8mgT3fbZ3Wj0SebYu6ZUffjceneM/AVrq
|
|
|
|
|
// gGYHYLOVHcWJqfkl7X3hPo9SDhzLx0mM545/q21ZWCwjhswH7WiCEqV2/zeDO9WU
|
|
|
|
|
// NIO1VU0VoLm0AQ7ZvwnyB+fpgF9kkkDtbBJW7XWrfNVtlnECQQD97YENpEJ3X1kj
|
|
|
|
|
// 3rrkrHWDkKAyoWWY1i8Fm7LnganC9Bv6AVwgn5ZlE/479aWHF8vbOFEA3pFPiNZJ
|
|
|
|
|
// t9FTCfpJAkEA3RCXjGI0Y6GALFLwEs+nL/XZAfJaIpJEZVLCVosYQOSaMS4SchfC
|
|
|
|
|
// GGYVquT7ZgKk9uvz89Fg87OtBMWS9lrkHwJADGkGLKeBhBoJ3kHtem2fVK3F1pOi
|
|
|
|
|
// xoR5SdnhNYVVyaxqjZ5xZTrHe+stOrr3uxGDqhQniVZXXb6/Ul0Egv1y2QJAVg/h
|
|
|
|
|
// kAujba4wIhFf2VLyOZ+yjil1ocPj0LZ5Zgvcs1bMGJ1hHP3W2HzVrqRaowoggui1
|
|
|
|
|
// HpTC891dXGA2qKYV7QJAFDmT2A7OVvh3y4AEgzVwHrDmCMwMHKjCIntS7fjxrJnF
|
|
|
|
|
// YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w==
|
|
|
|
|
// -----END RSA PRIVATE KEY-----
|
|
|
|
|
|
|
|
|
|
static const char kSANTypesRoot[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE
|
|
|
|
|
ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw
|
|
|
|
|
MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ
|
|
|
|
|
MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/
|
|
|
|
|
EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy
|
|
|
|
|
SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J
|
|
|
|
|
1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/
|
|
|
|
|
BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E
|
|
|
|
|
BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3
|
|
|
|
|
1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f
|
|
|
|
|
c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH
|
|
|
|
|
bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms
|
|
|
|
|
d5YVX0c90VMnUhF/dlrqS9U=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// -----BEGIN RSA PRIVATE KEY-----
|
|
|
|
|
// MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V
|
|
|
|
|
// Imi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2
|
|
|
|
|
// m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQAB
|
|
|
|
|
// AoGALEF5daZqc+aEsp8X1yky3nsoheyPL0kqSBWii33IFemZgKcSaRnAoqjPWWLS
|
|
|
|
|
// 8dHj0I/4rej2MW8iuezVSpDak9tK5boHORC3w4p/wifkizQkLt1DANxTVbzcKvrt
|
|
|
|
|
// aZ7LjVaKkhjRJbLddniowFHkkWVbUccjvzcUd7Y2VuLbAhECQQDq4FE88aHio8zg
|
|
|
|
|
// bxSd0PwjEFwLYQTR19u812SoR8PmR6ofIL+pDwOV+fVs+OGcAAOgkhIukOrksQ4A
|
|
|
|
|
// 1cKtnyhXAkEA/gRI+u3tZ7UE1twIkBfZ6IvCdRodkPqHAYIxMRLzL+MhyZt4MEGc
|
|
|
|
|
// Ngb/F6U9/WOBFnoR/PI7IwE3ejutzKcL+QJBAKh+6eilk7QKPETZi1m3/dmNt+p1
|
|
|
|
|
// 3EZJ65pqjwxmB3Rg/vs7vCMk4TarTdSyKu+F1xRPFfoP/mK3Xctdjj6NyhsCQAYF
|
|
|
|
|
// 7/0TOzfkUPMPUJyqFB6xgbDpJ55ScnUUsznoqx+NkTWInDb4t02IqO/UmT2y6FKy
|
|
|
|
|
// Hk8TJ1fTJY+ebqaVp3ECQApx9gQ+n0zIhx97FMUuiRse73xkcW4+pZ8nF+8DmeQL
|
|
|
|
|
// /JKuuFGmzkG+rUbXFmo/Zg2ozVplw71NnQJ4znPsf7A=
|
|
|
|
|
// -----END RSA PRIVATE KEY-----
|
|
|
|
|
|
|
|
|
|
// The following four certificates were generated with this Go program, varying
|
|
|
|
|
// |includeNetscapeExtension| and defining rootKeyPEM and rootCertPEM to be
|
|
|
|
|
// strings containing the kSANTypesRoot, above.
|
|
|
|
|
|
|
|
|
|
// package main
|
|
|
|
|
|
|
|
|
|
// import (
|
|
|
|
|
// "crypto/ecdsa"
|
|
|
|
|
// "crypto/elliptic"
|
|
|
|
|
// "crypto/rand"
|
|
|
|
|
// "crypto/x509"
|
|
|
|
|
// "crypto/x509/pkix"
|
|
|
|
|
// "encoding/asn1"
|
|
|
|
|
// "encoding/pem"
|
|
|
|
|
// "math/big"
|
|
|
|
|
// "os"
|
|
|
|
|
// "time"
|
|
|
|
|
// )
|
|
|
|
|
|
|
|
|
|
// const includeNetscapeExtension = true
|
|
|
|
|
|
|
|
|
|
// func main() {
|
|
|
|
|
// block, _ := pem.Decode([]byte(rootKeyPEM))
|
|
|
|
|
// rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
|
|
|
|
|
// block, _ = pem.Decode([]byte(rootCertPEM))
|
|
|
|
|
// root, _ := x509.ParseCertificate(block.Bytes)
|
|
|
|
|
|
|
|
|
|
// interTemplate := &x509.Certificate{
|
|
|
|
|
// SerialNumber: big.NewInt(2),
|
|
|
|
|
// Subject: pkix.Name{
|
|
|
|
|
// CommonName: "No Basic Constraints (Netscape)",
|
|
|
|
|
// },
|
|
|
|
|
// NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
|
|
|
|
|
// NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
// if includeNetscapeExtension {
|
|
|
|
|
// interTemplate.ExtraExtensions = []pkix.Extension{
|
|
|
|
|
// pkix.Extension{
|
|
|
|
|
// Id: asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113730, 1, 1}),
|
|
|
|
|
// Value: []byte{0x03, 0x02, 2, 0x04},
|
|
|
|
|
// },
|
|
|
|
|
// }
|
|
|
|
|
// } else {
|
|
|
|
|
// interTemplate.KeyUsage = x509.KeyUsageCertSign
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
// interKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
|
|
|
|
|
|
|
|
// interDER, err := x509.CreateCertificate(rand.Reader, interTemplate, root, &interKey.PublicKey, rootPriv)
|
|
|
|
|
// if err != nil {
|
|
|
|
|
// panic(err)
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
// pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: interDER})
|
|
|
|
|
|
|
|
|
|
// inter, _ := x509.ParseCertificate(interDER)
|
|
|
|
|
|
|
|
|
|
// leafTemplate := &x509.Certificate{
|
|
|
|
|
// SerialNumber: big.NewInt(3),
|
|
|
|
|
// Subject: pkix.Name{
|
|
|
|
|
// CommonName: "Leaf from CA with no Basic Constraints",
|
|
|
|
|
// },
|
|
|
|
|
// NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
|
|
|
|
|
// NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
|
|
|
|
|
// BasicConstraintsValid: true,
|
|
|
|
|
// }
|
|
|
|
|
// leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
|
|
|
|
|
|
|
|
// leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, inter, &leafKey.PublicKey, interKey)
|
|
|
|
|
// if err != nil {
|
|
|
|
|
// panic(err)
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
// pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
// kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains
|
|
|
|
|
// certSign in the keyUsage.
|
|
|
|
|
static const char kNoBasicConstraintsCertSignIntermediate[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw
|
|
|
|
|
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1
|
|
|
|
|
OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO
|
|
|
|
|
BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq
|
|
|
|
|
hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9
|
|
|
|
|
ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW
|
|
|
|
|
xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kNoBasicConstraintsCertSignLeaf[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj
|
|
|
|
|
IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx
|
|
|
|
|
MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50
|
|
|
|
|
czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB
|
|
|
|
|
w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO
|
|
|
|
|
MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o
|
|
|
|
|
eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24
|
|
|
|
|
Djy3Zw==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains
|
|
|
|
|
// a Netscape certificate-type extension that asserts a type of "SSL CA".
|
|
|
|
|
static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg
|
|
|
|
|
KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi
|
|
|
|
|
PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH
|
|
|
|
|
1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4
|
|
|
|
|
QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju
|
|
|
|
|
tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF
|
|
|
|
|
G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M
|
|
|
|
|
P9p6HuyLrmn0c/F0
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kNoBasicConstraintsNetscapeCALeaf[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp
|
|
|
|
|
YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw
|
|
|
|
|
MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp
|
|
|
|
|
YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2
|
|
|
|
|
tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q
|
|
|
|
|
DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh
|
|
|
|
|
aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj
|
|
|
|
|
XyPwWPbymSTpzKhB4xB7qQ==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kSelfSignedMismatchAlgorithms[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV
|
|
|
|
|
BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3
|
|
|
|
|
MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH
|
|
|
|
|
DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
|
|
|
|
|
ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS
|
|
|
|
|
g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR
|
|
|
|
|
mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1
|
|
|
|
|
4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV
|
|
|
|
|
nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn
|
|
|
|
|
kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE//
|
|
|
|
|
i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q
|
|
|
|
|
H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb
|
|
|
|
|
8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv
|
|
|
|
|
gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD
|
|
|
|
|
THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw
|
|
|
|
|
UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h
|
|
|
|
|
upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
|
|
|
|
|
AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be
|
|
|
|
|
PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj
|
|
|
|
|
mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd
|
|
|
|
|
VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+
|
|
|
|
|
JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r
|
|
|
|
|
yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV
|
|
|
|
|
cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy
|
|
|
|
|
R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3
|
|
|
|
|
pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn
|
|
|
|
|
BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m
|
|
|
|
|
KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
|
|
|
|
|
// *.host1.test as the common name and a SAN list of *.host2.test and
|
|
|
|
|
// foo.host3.test.
|
|
|
|
|
static const char kCommonNameWithSANs[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z
|
|
|
|
|
MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
|
|
|
|
|
AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07
|
|
|
|
|
zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
|
|
|
|
|
jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ
|
|
|
|
|
KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL
|
|
|
|
|
4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM
|
|
|
|
|
enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
|
|
|
|
|
// *.host1.test as the common name and no SAN list.
|
|
|
|
|
static const char kCommonNameWithoutSANs[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT
|
|
|
|
|
QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB
|
|
|
|
|
BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE
|
|
|
|
|
0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+
|
|
|
|
|
VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5
|
|
|
|
|
4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2
|
|
|
|
|
+YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO
|
|
|
|
|
pFFXI2B5usgI
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kCommonNameWithEmailSAN is a leaf certificate signed by kSANTypesRoot, with
|
|
|
|
|
// *.host1.test as the common name and the email address test@host2.test in the
|
|
|
|
|
// SAN list.
|
|
|
|
|
static const char kCommonNameWithEmailSAN[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
|
|
|
|
|
zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs
|
|
|
|
|
8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/
|
|
|
|
|
BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl
|
|
|
|
|
c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2
|
|
|
|
|
HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv
|
|
|
|
|
NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ
|
|
|
|
|
aet/mER21Z/9ZsTUoJQPJw==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kCommonNameWithIPSAN is a leaf certificate signed by kSANTypesRoot, with
|
|
|
|
|
// *.host1.test as the common name and the IP address 127.0.0.1 in the
|
|
|
|
|
// SAN list.
|
|
|
|
|
static const char kCommonNameWithIPSAN[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
|
|
|
|
|
zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX
|
|
|
|
|
KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/
|
|
|
|
|
BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A
|
|
|
|
|
AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO
|
|
|
|
|
DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju
|
|
|
|
|
mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU
|
|
|
|
|
D0+O6KI=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kConstrainedIntermediate is an intermediate signed by kSANTypesRoot, with
|
|
|
|
|
// permitted DNS names of permitted1.test and foo.permitted2.test and an
|
|
|
|
|
// excluded DNS name of excluded.permitted1.test. Its private key is:
|
|
|
|
|
//
|
|
|
|
|
// -----BEGIN PRIVATE KEY-----
|
|
|
|
|
// MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTXUM4tJWM7OzATty
|
|
|
|
|
// JhNOfIv/d8heWFBeKOfMR+RfaROhRANCAASbbbWYiN6mn+BCpg4XNpibOH0D/DN4
|
|
|
|
|
// kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzKLY1y
|
|
|
|
|
// -----END PRIVATE KEY-----
|
|
|
|
|
static const char kConstrainedIntermediate[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl
|
|
|
|
|
cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X
|
|
|
|
|
NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK
|
|
|
|
|
LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc
|
|
|
|
|
flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv
|
|
|
|
|
by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw
|
|
|
|
|
DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI
|
|
|
|
|
9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6
|
|
|
|
|
cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz
|
|
|
|
|
UyM=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kCommonNamePermittedLeaf is a leaf certificate signed by
|
|
|
|
|
// kConstrainedIntermediate. Its common name is permitted by the name
|
|
|
|
|
// constraints.
|
|
|
|
|
static const char kCommonNamePermittedLeaf[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
|
|
|
|
|
bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
|
|
|
|
|
MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD
|
|
|
|
|
VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
|
|
|
|
|
QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc
|
|
|
|
|
emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD
|
|
|
|
|
AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY
|
|
|
|
|
yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kCommonNamePermitted[] = "foo.permitted1.test";
|
|
|
|
|
|
|
|
|
|
// kCommonNameNotPermittedLeaf is a leaf certificate signed by
|
|
|
|
|
// kConstrainedIntermediate. Its common name is not permitted by the name
|
|
|
|
|
// constraints.
|
|
|
|
|
static const char kCommonNameNotPermittedLeaf[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
|
|
|
|
|
bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
|
|
|
|
|
MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb
|
|
|
|
|
MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
|
|
|
|
|
AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM
|
|
|
|
|
HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO
|
|
|
|
|
PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN
|
|
|
|
|
5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kCommonNameNotPermitted[] = "not-permitted.test";
|
|
|
|
|
|
|
|
|
|
// kCommonNameNotPermittedWithSANsLeaf is a leaf certificate signed by
|
|
|
|
|
// kConstrainedIntermediate. Its common name is not permitted by the name
|
|
|
|
|
// constraints but it has a SAN list.
|
|
|
|
|
static const char kCommonNameNotPermittedWithSANsLeaf[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
|
|
|
|
|
bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
|
|
|
|
|
MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3
|
|
|
|
|
aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49
|
|
|
|
|
AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR
|
|
|
|
|
93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC
|
|
|
|
|
MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl
|
|
|
|
|
ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl
|
|
|
|
|
4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kCommonNameNotPermittedWithSANs[] = "not-permitted.test";
|
|
|
|
|
|
|
|
|
|
// kCommonNameNotDNSLeaf is a leaf certificate signed by
|
|
|
|
|
// kConstrainedIntermediate. Its common name is not a DNS name.
|
|
|
|
|
static const char kCommonNameNotDNSLeaf[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
|
|
|
|
|
bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
|
|
|
|
|
MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE
|
|
|
|
|
AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc
|
|
|
|
|
Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ
|
|
|
|
|
Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC
|
|
|
|
|
IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH
|
|
|
|
|
RHNlAkTK2TnUaVn3fGSylaLiFS1r
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kCommonNameNotDNS[] = "Not a DNS name";
|
|
|
|
|
|
|
|
|
|
// The following six certificates are issued by |kSANTypesRoot| and have
|
|
|
|
|
// different extended key usage values. They were created with the following
|
|
|
|
|
// Go program:
|
|
|
|
|
//
|
|
|
|
|
// func main() {
|
|
|
|
|
// block, _ := pem.Decode([]byte(rootKeyPEM))
|
|
|
|
|
// rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
|
|
|
|
|
// block, _ = pem.Decode([]byte(rootCertPEM))
|
|
|
|
|
// root, _ := x509.ParseCertificate(block.Bytes)
|
|
|
|
|
//
|
|
|
|
|
// leafTemplate := &x509.Certificate{
|
|
|
|
|
// SerialNumber: big.NewInt(3),
|
|
|
|
|
// Subject: pkix.Name{
|
|
|
|
|
// CommonName: "EKU msSGC",
|
|
|
|
|
// },
|
|
|
|
|
// NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
|
|
|
|
|
// NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
|
|
|
|
|
// BasicConstraintsValid: true,
|
|
|
|
|
// ExtKeyUsage: []x509.ExtKeyUsage{FILL IN HERE},
|
|
|
|
|
// }
|
|
|
|
|
// leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
|
|
|
// leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, root, &leafKey.PublicKey, rootPriv)
|
|
|
|
|
// if err != nil {
|
|
|
|
|
// panic(err)
|
|
|
|
|
// }
|
|
|
|
|
// pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
static const char kMicrosoftSGCCert[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
|
|
|
|
|
AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2
|
|
|
|
|
mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK
|
|
|
|
|
KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U
|
|
|
|
|
BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I
|
|
|
|
|
rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe
|
|
|
|
|
aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0
|
|
|
|
|
cC4l0r/6jik=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kNetscapeSGCCert[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
|
|
|
|
|
AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x
|
|
|
|
|
kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ
|
|
|
|
|
YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE
|
|
|
|
|
J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc
|
|
|
|
|
8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W
|
|
|
|
|
dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M
|
|
|
|
|
RQHX6HQJJg==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kServerEKUCert[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
|
|
|
|
|
AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ
|
|
|
|
|
SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI
|
|
|
|
|
KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
|
|
|
|
|
jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL
|
|
|
|
|
iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I
|
|
|
|
|
6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP
|
|
|
|
|
2hoEMdz2
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kServerEKUPlusMicrosoftSGCCert[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
|
|
|
|
|
AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z
|
|
|
|
|
ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI
|
|
|
|
|
KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA
|
|
|
|
|
N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS
|
|
|
|
|
SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa
|
|
|
|
|
KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H
|
|
|
|
|
5V9oXd1bodEqVsOZ/mur24Ku
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kAnyEKU[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
|
|
|
|
|
AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu
|
|
|
|
|
1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE
|
|
|
|
|
VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw
|
|
|
|
|
DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq
|
|
|
|
|
uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3
|
|
|
|
|
/OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz
|
|
|
|
|
L6A=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
static const char kNoEKU[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
|
|
|
|
|
bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
|
|
|
|
|
MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
|
|
|
|
|
AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz
|
|
|
|
|
KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw
|
|
|
|
|
ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB
|
|
|
|
|
AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF
|
|
|
|
|
T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3
|
|
|
|
|
TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// CertFromPEM parses the given, NUL-terminated pem block and returns an
|
|
|
|
|
// |X509*|.
|
|
|
|
|
static bssl::UniquePtr<X509> CertFromPEM(const char *pem) {
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
|
|
|
|
|
return bssl::UniquePtr<X509>(
|
|
|
|
|
PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CRLFromPEM parses the given, NUL-terminated pem block and returns an
|
|
|
|
|
// |X509_CRL*|.
|
|
|
|
|
static bssl::UniquePtr<X509_CRL> CRLFromPEM(const char *pem) {
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
|
|
|
|
|
return bssl::UniquePtr<X509_CRL>(
|
|
|
|
|
PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PrivateKeyFromPEM parses the given, NUL-terminated pem block and returns an
|
|
|
|
|
// |EVP_PKEY*|.
|
|
|
|
|
static bssl::UniquePtr<EVP_PKEY> PrivateKeyFromPEM(const char *pem) {
|
|
|
|
|
bssl::UniquePtr<BIO> bio(
|
|
|
|
|
BIO_new_mem_buf(const_cast<char *>(pem), strlen(pem)));
|
|
|
|
|
return bssl::UniquePtr<EVP_PKEY>(
|
|
|
|
|
PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CertsToStack converts a vector of |X509*| to an OpenSSL STACK_OF(X509),
|
|
|
|
|
// bumping the reference counts for each certificate in question.
|
|
|
|
|
static bssl::UniquePtr<STACK_OF(X509)> CertsToStack(
|
|
|
|
|
const std::vector<X509 *> &certs) {
|
|
|
|
|
bssl::UniquePtr<STACK_OF(X509)> stack(sk_X509_new_null());
|
|
|
|
|
if (!stack) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
for (auto cert : certs) {
|
|
|
|
|
if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return stack;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CRLsToStack converts a vector of |X509_CRL*| to an OpenSSL
|
|
|
|
|
// STACK_OF(X509_CRL), bumping the reference counts for each CRL in question.
|
|
|
|
|
static bssl::UniquePtr<STACK_OF(X509_CRL)> CRLsToStack(
|
|
|
|
|
const std::vector<X509_CRL *> &crls) {
|
|
|
|
|
bssl::UniquePtr<STACK_OF(X509_CRL)> stack(sk_X509_CRL_new_null());
|
|
|
|
|
if (!stack) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
for (auto crl : crls) {
|
|
|
|
|
if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return stack;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const time_t kReferenceTime = 1474934400 /* Sep 27th, 2016 */;
|
|
|
|
|
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
static int Verify(
|
|
|
|
|
X509 *leaf, const std::vector<X509 *> &roots,
|
|
|
|
|
const std::vector<X509 *> &intermediates,
|
|
|
|
|
const std::vector<X509_CRL *> &crls, unsigned long flags,
|
|
|
|
|
bool use_additional_untrusted,
|
|
|
|
|
std::function<void(X509_VERIFY_PARAM *)> configure_callback,
|
|
|
|
|
int (*verify_callback)(int, X509_STORE_CTX *) = nullptr) {
|
|
|
|
|
bssl::UniquePtr<STACK_OF(X509)> roots_stack(CertsToStack(roots));
|
|
|
|
|
bssl::UniquePtr<STACK_OF(X509)> intermediates_stack(
|
|
|
|
|
CertsToStack(intermediates));
|
|
|
|
|
bssl::UniquePtr<STACK_OF(X509_CRL)> crls_stack(CRLsToStack(crls));
|
|
|
|
|
|
|
|
|
|
if (!roots_stack ||
|
|
|
|
|
!intermediates_stack ||
|
|
|
|
|
!crls_stack) {
|
|
|
|
|
return X509_V_ERR_UNSPECIFIED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
|
|
|
|
|
bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
|
|
|
|
|
if (!ctx ||
|
|
|
|
|
!store) {
|
|
|
|
|
return X509_V_ERR_UNSPECIFIED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (use_additional_untrusted) {
|
|
|
|
|
X509_STORE_set0_additional_untrusted(store.get(),
|
|
|
|
|
intermediates_stack.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!X509_STORE_CTX_init(
|
|
|
|
|
ctx.get(), store.get(), leaf,
|
|
|
|
|
use_additional_untrusted ? nullptr : intermediates_stack.get())) {
|
|
|
|
|
return X509_V_ERR_UNSPECIFIED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get());
|
|
|
|
|
X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());
|
|
|
|
|
|
|
|
|
|
X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx.get());
|
|
|
|
|
X509_VERIFY_PARAM_set_time(param, kReferenceTime);
|
|
|
|
|
if (configure_callback) {
|
|
|
|
|
configure_callback(param);
|
|
|
|
|
}
|
|
|
|
|
if (flags) {
|
|
|
|
|
X509_VERIFY_PARAM_set_flags(param, flags);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
if (X509_verify_cert(ctx.get()) != 1) {
|
|
|
|
|
return X509_STORE_CTX_get_error(ctx.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return X509_V_OK;
|
|
|
|
|
}
|
|
|
|
|
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
static int Verify(
|
|
|
|
|
X509 *leaf, const std::vector<X509 *> &roots,
|
|
|
|
|
const std::vector<X509 *> &intermediates,
|
|
|
|
|
const std::vector<X509_CRL *> &crls, unsigned long flags = 0,
|
|
|
|
|
std::function<void(X509_VERIFY_PARAM *)> configure_callback = nullptr) {
|
|
|
|
|
const int r1 = Verify(leaf, roots, intermediates, crls, flags, false,
|
|
|
|
|
configure_callback);
|
|
|
|
|
const int r2 =
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
Verify(leaf, roots, intermediates, crls, flags, true, configure_callback);
|
|
|
|
|
|
|
|
|
|
if (r1 != r2) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Verify with, and without, use_additional_untrusted gave different "
|
|
|
|
|
"results: %d vs %d.\n",
|
|
|
|
|
r1, r2);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return r1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestVerify) {
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
// cross_signing_root
|
|
|
|
|
// |
|
|
|
|
|
// root_cross_signed root
|
|
|
|
|
// \ /
|
|
|
|
|
// intermediate
|
|
|
|
|
// | |
|
|
|
|
|
// leaf leaf_no_key_usage
|
|
|
|
|
// |
|
|
|
|
|
// forgery
|
|
|
|
|
bssl::UniquePtr<X509> cross_signing_root(CertFromPEM(kCrossSigningRootPEM));
|
|
|
|
|
bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
|
|
|
|
|
bssl::UniquePtr<X509> root_cross_signed(CertFromPEM(kRootCrossSignedPEM));
|
|
|
|
|
bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
|
|
|
|
|
bssl::UniquePtr<X509> intermediate_self_signed(
|
|
|
|
|
CertFromPEM(kIntermediateSelfSignedPEM));
|
|
|
|
|
bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
|
|
|
|
|
bssl::UniquePtr<X509> leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM));
|
|
|
|
|
bssl::UniquePtr<X509> forgery(CertFromPEM(kForgeryPEM));
|
|
|
|
|
|
|
|
|
|
ASSERT_TRUE(cross_signing_root);
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
ASSERT_TRUE(root_cross_signed);
|
|
|
|
|
ASSERT_TRUE(intermediate);
|
|
|
|
|
ASSERT_TRUE(intermediate_self_signed);
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
ASSERT_TRUE(forgery);
|
|
|
|
|
ASSERT_TRUE(leaf_no_key_usage);
|
|
|
|
|
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
// Most of these tests work with or without |X509_V_FLAG_TRUSTED_FIRST|,
|
|
|
|
|
// though in different ways.
|
|
|
|
|
for (bool trusted_first : {true, false}) {
|
|
|
|
|
SCOPED_TRACE(trusted_first);
|
|
|
|
|
std::function<void(X509_VERIFY_PARAM *)> configure_callback;
|
|
|
|
|
if (!trusted_first) {
|
|
|
|
|
// Note we need the callback to clear the flag. Setting |flags| to zero
|
|
|
|
|
// only skips setting new flags.
|
|
|
|
|
configure_callback = [&](X509_VERIFY_PARAM *param) {
|
|
|
|
|
X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST);
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// No trust anchors configured.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
|
|
|
|
|
Verify(leaf.get(), /*roots=*/{}, /*intermediates=*/{},
|
|
|
|
|
/*crls=*/{}, /*flags=*/0, configure_callback));
|
|
|
|
|
ASSERT_EQ(
|
|
|
|
|
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
|
|
|
|
|
Verify(leaf.get(), /*roots=*/{}, {intermediate.get()}, /*crls=*/{},
|
|
|
|
|
/*flags=*/0, configure_callback));
|
|
|
|
|
|
|
|
|
|
// Each chain works individually.
|
|
|
|
|
ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
|
|
|
|
|
/*crls=*/{}, /*flags=*/0, configure_callback));
|
|
|
|
|
ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {cross_signing_root.get()},
|
|
|
|
|
{intermediate.get(), root_cross_signed.get()},
|
|
|
|
|
/*crls=*/{}, /*flags=*/0, configure_callback));
|
|
|
|
|
|
|
|
|
|
// When both roots are available, we pick one or the other.
|
|
|
|
|
ASSERT_EQ(X509_V_OK,
|
|
|
|
|
Verify(leaf.get(), {cross_signing_root.get(), root.get()},
|
|
|
|
|
{intermediate.get(), root_cross_signed.get()}, /*crls=*/{},
|
|
|
|
|
/*flags=*/0, configure_callback));
|
|
|
|
|
|
|
|
|
|
// This is the “altchains” test – we remove the cross-signing CA but include
|
|
|
|
|
// the cross-sign in the intermediates. With |trusted_first|, we
|
|
|
|
|
// preferentially stop path-building at |intermediate|. Without
|
|
|
|
|
// |trusted_first|, the "altchains" logic repairs it.
|
|
|
|
|
ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()},
|
|
|
|
|
{intermediate.get(), root_cross_signed.get()},
|
|
|
|
|
/*crls=*/{}, /*flags=*/0, configure_callback));
|
|
|
|
|
|
|
|
|
|
// If |X509_V_FLAG_NO_ALT_CHAINS| is set and |trusted_first| is disabled, we
|
|
|
|
|
// get stuck on |root_cross_signed|. If either feature is enabled, we can
|
|
|
|
|
// build the path.
|
|
|
|
|
//
|
|
|
|
|
// This test exists to confirm our current behavior, but these modes are
|
|
|
|
|
// just workarounds for not having an actual path-building verifier. If we
|
|
|
|
|
// fix it, this test can be removed.
|
|
|
|
|
ASSERT_EQ(trusted_first ? X509_V_OK
|
|
|
|
|
: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
|
|
|
|
|
Verify(leaf.get(), {root.get()},
|
|
|
|
|
{intermediate.get(), root_cross_signed.get()}, /*crls=*/{},
|
|
|
|
|
/*flags=*/X509_V_FLAG_NO_ALT_CHAINS, configure_callback));
|
|
|
|
|
|
|
|
|
|
// |forgery| is signed by |leaf_no_key_usage|, but is rejected because the
|
|
|
|
|
// leaf is not a CA.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_INVALID_CA,
|
|
|
|
|
Verify(forgery.get(), {intermediate_self_signed.get()},
|
|
|
|
|
{leaf_no_key_usage.get()}, /*crls=*/{}, /*flags=*/0,
|
|
|
|
|
configure_callback));
|
|
|
|
|
|
|
|
|
|
// Test that one cannot skip Basic Constraints checking with a contorted set
|
|
|
|
|
// of roots and intermediates. This is a regression test for CVE-2015-1793.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_INVALID_CA,
|
|
|
|
|
Verify(forgery.get(),
|
|
|
|
|
{intermediate_self_signed.get(), root_cross_signed.get()},
|
|
|
|
|
{leaf_no_key_usage.get(), intermediate.get()}, /*crls=*/{},
|
|
|
|
|
/*flags=*/0, configure_callback));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char kHostname[] = "example.com";
|
|
|
|
|
static const char kWrongHostname[] = "example2.com";
|
|
|
|
|
static const char kEmail[] = "test@example.com";
|
|
|
|
|
static const char kWrongEmail[] = "test2@example.com";
|
|
|
|
|
static const uint8_t kIP[4] = {127, 0, 0, 1};
|
|
|
|
|
static const uint8_t kWrongIP[4] = {127, 0, 0, 2};
|
|
|
|
|
static const char kIPString[] = "127.0.0.1";
|
|
|
|
|
static const char kWrongIPString[] = "127.0.0.2";
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, ZeroLengthsWithX509PARAM) {
|
|
|
|
|
bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
|
|
|
|
|
bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
|
|
|
|
|
std::vector<X509_CRL *> empty_crls;
|
|
|
|
|
|
|
|
|
|
struct X509Test {
|
|
|
|
|
const char *correct_value;
|
|
|
|
|
size_t correct_value_len;
|
|
|
|
|
const char *incorrect_value;
|
|
|
|
|
size_t incorrect_value_len;
|
|
|
|
|
int (*func)(X509_VERIFY_PARAM *, const char *, size_t);
|
|
|
|
|
int mismatch_error;
|
|
|
|
|
};
|
|
|
|
|
const std::vector<X509Test> kTests = {
|
|
|
|
|
{kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
|
|
|
|
|
X509_VERIFY_PARAM_set1_host, X509_V_ERR_HOSTNAME_MISMATCH},
|
|
|
|
|
{kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
|
|
|
|
|
X509_VERIFY_PARAM_set1_email, X509_V_ERR_EMAIL_MISMATCH},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
for (size_t i = 0; i < kTests.size(); i++) {
|
|
|
|
|
SCOPED_TRACE(i);
|
|
|
|
|
const X509Test &test = kTests[i];
|
|
|
|
|
|
|
|
|
|
// The correct value should work.
|
|
|
|
|
ASSERT_EQ(X509_V_OK,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
|
|
|
|
|
[&test](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_TRUE(test.func(param, test.correct_value,
|
|
|
|
|
test.correct_value_len));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// The wrong value should trigger a verification error.
|
|
|
|
|
ASSERT_EQ(test.mismatch_error,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
|
|
|
|
|
[&test](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_TRUE(test.func(param, test.incorrect_value,
|
|
|
|
|
test.incorrect_value_len));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// Passing zero as the length, unlike OpenSSL, should trigger an error and
|
|
|
|
|
// should cause verification to fail.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_INVALID_CALL,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
|
|
|
|
|
[&test](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_FALSE(test.func(param, test.correct_value, 0));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// Passing an empty value should be an error when setting and should cause
|
|
|
|
|
// verification to fail.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_INVALID_CALL,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
|
|
|
|
|
[&test](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_FALSE(test.func(param, nullptr, 0));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// Passing a value with embedded NULs should also be an error and should
|
|
|
|
|
// also cause verification to fail.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_INVALID_CALL,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
|
|
|
|
|
[&test](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_FALSE(test.func(param, "a", 2));
|
|
|
|
|
}));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// IP addresses work slightly differently:
|
|
|
|
|
|
|
|
|
|
// The correct value should still work.
|
|
|
|
|
ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
|
|
|
|
|
false, [](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(
|
|
|
|
|
param, kIP, sizeof(kIP)));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// Incorrect values should still fail.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_IP_ADDRESS_MISMATCH,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
|
|
|
|
|
[](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(param, kWrongIP,
|
|
|
|
|
sizeof(kWrongIP)));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// Zero length values should trigger an error when setting and cause
|
|
|
|
|
// verification to always fail.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_INVALID_CALL,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
|
|
|
|
|
[](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, kIP, 0));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// ... and so should NULL values.
|
|
|
|
|
ASSERT_EQ(X509_V_ERR_INVALID_CALL,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
|
|
|
|
|
[](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, nullptr, 0));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// Zero bytes in an IP address are, of course, fine. This is tested above
|
|
|
|
|
// because |kIP| contains zeros.
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, ZeroLengthsWithCheckFunctions) {
|
|
|
|
|
bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
1, X509_check_host(leaf.get(), kHostname, strlen(kHostname), 0, nullptr));
|
|
|
|
|
EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname,
|
|
|
|
|
strlen(kWrongHostname), 0, nullptr));
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(1, X509_check_email(leaf.get(), kEmail, strlen(kEmail), 0));
|
|
|
|
|
EXPECT_NE(1,
|
|
|
|
|
X509_check_email(leaf.get(), kWrongEmail, strlen(kWrongEmail), 0));
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(1, X509_check_ip(leaf.get(), kIP, sizeof(kIP), 0));
|
|
|
|
|
EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, sizeof(kWrongIP), 0));
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(1, X509_check_ip_asc(leaf.get(), kIPString, 0));
|
|
|
|
|
EXPECT_NE(1, X509_check_ip_asc(leaf.get(), kWrongIPString, 0));
|
|
|
|
|
|
|
|
|
|
// OpenSSL supports passing zero as the length for host and email. We do not
|
|
|
|
|
// and it should always fail.
|
|
|
|
|
EXPECT_NE(1, X509_check_host(leaf.get(), kHostname, 0, 0, nullptr));
|
|
|
|
|
EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname, 0, 0, nullptr));
|
|
|
|
|
|
|
|
|
|
EXPECT_NE(1, X509_check_email(leaf.get(), kEmail, 0, 0));
|
|
|
|
|
EXPECT_NE(1, X509_check_email(leaf.get(), kWrongEmail, 0, 0));
|
|
|
|
|
|
|
|
|
|
EXPECT_NE(1, X509_check_ip(leaf.get(), kIP, 0, 0));
|
|
|
|
|
EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, 0, 0));
|
|
|
|
|
|
|
|
|
|
// Unlike all the other functions, |X509_check_ip_asc| doesn't take a length,
|
|
|
|
|
// so it cannot be zero.
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestCRL) {
|
|
|
|
|
bssl::UniquePtr<X509> root(CertFromPEM(kCRLTestRoot));
|
|
|
|
|
bssl::UniquePtr<X509> leaf(CertFromPEM(kCRLTestLeaf));
|
|
|
|
|
bssl::UniquePtr<X509_CRL> basic_crl(CRLFromPEM(kBasicCRL));
|
|
|
|
|
bssl::UniquePtr<X509_CRL> revoked_crl(CRLFromPEM(kRevokedCRL));
|
|
|
|
|
bssl::UniquePtr<X509_CRL> bad_issuer_crl(CRLFromPEM(kBadIssuerCRL));
|
|
|
|
|
bssl::UniquePtr<X509_CRL> known_critical_crl(CRLFromPEM(kKnownCriticalCRL));
|
|
|
|
|
bssl::UniquePtr<X509_CRL> unknown_critical_crl(
|
|
|
|
|
CRLFromPEM(kUnknownCriticalCRL));
|
|
|
|
|
bssl::UniquePtr<X509_CRL> unknown_critical_crl2(
|
|
|
|
|
CRLFromPEM(kUnknownCriticalCRL2));
|
|
|
|
|
bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl(
|
|
|
|
|
CRLFromPEM(kAlgorithmMismatchCRL));
|
|
|
|
|
bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl2(
|
|
|
|
|
CRLFromPEM(kAlgorithmMismatchCRL2));
|
|
|
|
|
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
ASSERT_TRUE(basic_crl);
|
|
|
|
|
ASSERT_TRUE(revoked_crl);
|
|
|
|
|
ASSERT_TRUE(bad_issuer_crl);
|
|
|
|
|
ASSERT_TRUE(known_critical_crl);
|
|
|
|
|
ASSERT_TRUE(unknown_critical_crl);
|
|
|
|
|
ASSERT_TRUE(unknown_critical_crl2);
|
|
|
|
|
ASSERT_TRUE(algorithm_mismatch_crl);
|
|
|
|
|
ASSERT_TRUE(algorithm_mismatch_crl2);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {root.get()},
|
|
|
|
|
{basic_crl.get()}, X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
X509_V_ERR_CERT_REVOKED,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {root.get()},
|
|
|
|
|
{basic_crl.get(), revoked_crl.get()}, X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
|
|
|
|
|
std::vector<X509_CRL *> empty_crls;
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {root.get()}, empty_crls,
|
|
|
|
|
X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {root.get()},
|
|
|
|
|
{bad_issuer_crl.get()}, X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {root.get()},
|
|
|
|
|
{known_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {root.get()},
|
|
|
|
|
{unknown_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {root.get()},
|
|
|
|
|
{unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {root.get()},
|
|
|
|
|
{algorithm_mismatch_crl.get()}, X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {root.get()},
|
|
|
|
|
{algorithm_mismatch_crl2.get()}, X509_V_FLAG_CRL_CHECK));
|
|
|
|
|
|
|
|
|
|
// Parsing kBadExtensionCRL should fail.
|
|
|
|
|
EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, ManyNamesAndConstraints) {
|
|
|
|
|
bssl::UniquePtr<X509> many_constraints(CertFromPEM(
|
|
|
|
|
GetTestData("crypto/x509/test/many_constraints.pem").c_str()));
|
|
|
|
|
ASSERT_TRUE(many_constraints);
|
|
|
|
|
bssl::UniquePtr<X509> many_names1(
|
|
|
|
|
CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str()));
|
|
|
|
|
ASSERT_TRUE(many_names1);
|
|
|
|
|
bssl::UniquePtr<X509> many_names2(
|
|
|
|
|
CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str()));
|
|
|
|
|
ASSERT_TRUE(many_names2);
|
|
|
|
|
bssl::UniquePtr<X509> many_names3(
|
|
|
|
|
CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str()));
|
|
|
|
|
ASSERT_TRUE(many_names3);
|
|
|
|
|
bssl::UniquePtr<X509> some_names1(
|
|
|
|
|
CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str()));
|
|
|
|
|
ASSERT_TRUE(some_names1);
|
|
|
|
|
bssl::UniquePtr<X509> some_names2(
|
|
|
|
|
CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str()));
|
|
|
|
|
ASSERT_TRUE(some_names2);
|
|
|
|
|
bssl::UniquePtr<X509> some_names3(
|
|
|
|
|
CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str()));
|
|
|
|
|
ASSERT_TRUE(some_names3);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
|
|
|
|
|
Verify(many_names1.get(), {many_constraints.get()},
|
|
|
|
|
{many_constraints.get()}, {}));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
|
|
|
|
|
Verify(many_names2.get(), {many_constraints.get()},
|
|
|
|
|
{many_constraints.get()}, {}));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
|
|
|
|
|
Verify(many_names3.get(), {many_constraints.get()},
|
|
|
|
|
{many_constraints.get()}, {}));
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
|
|
|
|
|
{many_constraints.get()}, {}));
|
|
|
|
|
EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
|
|
|
|
|
{many_constraints.get()}, {}));
|
|
|
|
|
EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
|
|
|
|
|
{many_constraints.get()}, {}));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bssl::UniquePtr<GENERAL_NAME> MakeGeneralName(int type,
|
|
|
|
|
const std::string &value) {
|
|
|
|
|
if (type != GEN_EMAIL && type != GEN_DNS && type != GEN_URI) {
|
|
|
|
|
// This function only supports the IA5String types.
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
bssl::UniquePtr<ASN1_IA5STRING> str(ASN1_IA5STRING_new());
|
|
|
|
|
bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
|
|
|
|
|
if (!str || !name ||
|
|
|
|
|
!ASN1_STRING_set(str.get(), value.data(), value.size())) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
name->type = type;
|
|
|
|
|
name->d.ia5 = str.release();
|
|
|
|
|
return name;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bssl::UniquePtr<X509> MakeTestCert(const char *issuer,
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
const char *subject, EVP_PKEY *key,
|
|
|
|
|
bool is_ca) {
|
|
|
|
|
bssl::UniquePtr<X509> cert(X509_new());
|
|
|
|
|
if (!cert || //
|
|
|
|
|
!X509_set_version(cert.get(), X509_VERSION_3) ||
|
|
|
|
|
!X509_NAME_add_entry_by_txt(
|
|
|
|
|
X509_get_issuer_name(cert.get()), "CN", MBSTRING_UTF8,
|
|
|
|
|
reinterpret_cast<const uint8_t *>(issuer), -1, -1, 0) ||
|
|
|
|
|
!X509_NAME_add_entry_by_txt(
|
|
|
|
|
X509_get_subject_name(cert.get()), "CN", MBSTRING_UTF8,
|
|
|
|
|
reinterpret_cast<const uint8_t *>(subject), -1, -1, 0) ||
|
|
|
|
|
!X509_set_pubkey(cert.get(), key) ||
|
|
|
|
|
!ASN1_TIME_adj(X509_getm_notBefore(cert.get()), kReferenceTime, -1, 0) ||
|
|
|
|
|
!ASN1_TIME_adj(X509_getm_notAfter(cert.get()), kReferenceTime, 1, 0)) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
bssl::UniquePtr<BASIC_CONSTRAINTS> bc(BASIC_CONSTRAINTS_new());
|
|
|
|
|
if (!bc) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
bc->ca = is_ca ? 0xff : 0x00;
|
|
|
|
|
if (!X509_add1_ext_i2d(cert.get(), NID_basic_constraints, bc.get(),
|
|
|
|
|
/*crit=*/1, /*flags=*/0)) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
return cert;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, NameConstraints) {
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
|
|
|
|
|
ASSERT_TRUE(key);
|
|
|
|
|
|
|
|
|
|
const struct {
|
|
|
|
|
int type;
|
|
|
|
|
std::string name;
|
|
|
|
|
std::string constraint;
|
|
|
|
|
int result;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
// Empty string matches everything.
|
|
|
|
|
{GEN_DNS, "foo.example.com", "", X509_V_OK},
|
|
|
|
|
// Name constraints match the entire subtree.
|
|
|
|
|
{GEN_DNS, "foo.example.com", "example.com", X509_V_OK},
|
|
|
|
|
{GEN_DNS, "foo.example.com", "EXAMPLE.COM", X509_V_OK},
|
|
|
|
|
{GEN_DNS, "foo.example.com", "xample.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_DNS, "foo.example.com", "unrelated.much.longer.name.example",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
// A leading dot means at least one component must be added.
|
|
|
|
|
{GEN_DNS, "foo.example.com", ".example.com", X509_V_OK},
|
|
|
|
|
{GEN_DNS, "foo.example.com", "foo.example.com", X509_V_OK},
|
|
|
|
|
{GEN_DNS, "foo.example.com", ".foo.example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_DNS, "foo.example.com", ".xample.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_DNS, "foo.example.com", ".unrelated.much.longer.name.example",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
// NUL bytes, if not rejected, should not confuse the matching logic.
|
|
|
|
|
{GEN_DNS, std::string({'a', '\0', 'a'}), std::string({'a', '\0', 'b'}),
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
|
|
|
|
|
// Names must be emails.
|
|
|
|
|
{GEN_EMAIL, "not-an-email.example", "not-an-email.example",
|
|
|
|
|
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
|
|
|
|
|
// A leading dot matches all local names and all subdomains
|
|
|
|
|
{GEN_EMAIL, "foo@bar.example.com", ".example.com", X509_V_OK},
|
|
|
|
|
{GEN_EMAIL, "foo@bar.example.com", ".EXAMPLE.COM", X509_V_OK},
|
|
|
|
|
{GEN_EMAIL, "foo@bar.example.com", ".bar.example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
// Without a leading dot, the host must match exactly.
|
|
|
|
|
{GEN_EMAIL, "foo@example.com", "example.com", X509_V_OK},
|
|
|
|
|
{GEN_EMAIL, "foo@example.com", "EXAMPLE.COM", X509_V_OK},
|
|
|
|
|
{GEN_EMAIL, "foo@bar.example.com", "example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
// If the constraint specifies a mailbox, it specifies the whole thing.
|
|
|
|
|
// The halves are compared insensitively.
|
|
|
|
|
{GEN_EMAIL, "foo@example.com", "foo@example.com", X509_V_OK},
|
|
|
|
|
{GEN_EMAIL, "foo@example.com", "foo@EXAMPLE.COM", X509_V_OK},
|
|
|
|
|
{GEN_EMAIL, "foo@example.com", "FOO@example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_EMAIL, "foo@example.com", "bar@example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
// OpenSSL ignores a stray leading @.
|
|
|
|
|
{GEN_EMAIL, "foo@example.com", "@example.com", X509_V_OK},
|
|
|
|
|
{GEN_EMAIL, "foo@example.com", "@EXAMPLE.COM", X509_V_OK},
|
|
|
|
|
{GEN_EMAIL, "foo@bar.example.com", "@example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
|
|
|
|
|
// Basic syntax check.
|
|
|
|
|
{GEN_URI, "not-a-url", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
|
|
|
|
|
{GEN_URI, "foo:not-a-url", "not-a-url",
|
|
|
|
|
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
|
|
|
|
|
{GEN_URI, "foo:/not-a-url", "not-a-url",
|
|
|
|
|
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
|
|
|
|
|
{GEN_URI, "foo:///not-a-url", "not-a-url",
|
|
|
|
|
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
|
|
|
|
|
{GEN_URI, "foo://:not-a-url", "not-a-url",
|
|
|
|
|
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
|
|
|
|
|
{GEN_URI, "foo://", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
|
|
|
|
|
// Hosts are an exact match.
|
|
|
|
|
{GEN_URI, "foo://example.com", "example.com", X509_V_OK},
|
|
|
|
|
{GEN_URI, "foo://example.com:443", "example.com", X509_V_OK},
|
|
|
|
|
{GEN_URI, "foo://example.com/whatever", "example.com", X509_V_OK},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com", "example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com:443", "example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com/whatever", "example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com", "xample.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com:443", "xample.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com/whatever", "xample.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com", "some-other-name.example",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com:443", "some-other-name.example",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com/whatever", "some-other-name.example",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
// A leading dot allows components to be added.
|
|
|
|
|
{GEN_URI, "foo://example.com", ".example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com:443", ".example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com/whatever", ".example.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com", ".example.com", X509_V_OK},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com:443", ".example.com", X509_V_OK},
|
|
|
|
|
{GEN_URI, "foo://bar.example.com/whatever", ".example.com", X509_V_OK},
|
|
|
|
|
{GEN_URI, "foo://example.com", ".some-other-name.example",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com:443", ".some-other-name.example",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com/whatever", ".some-other-name.example",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com", ".xample.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com:443", ".xample.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
{GEN_URI, "foo://example.com/whatever", ".xample.com",
|
|
|
|
|
X509_V_ERR_PERMITTED_VIOLATION},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kTests) {
|
|
|
|
|
SCOPED_TRACE(t.type);
|
|
|
|
|
SCOPED_TRACE(t.name);
|
|
|
|
|
SCOPED_TRACE(t.constraint);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<GENERAL_NAME> name = MakeGeneralName(t.type, t.name);
|
|
|
|
|
ASSERT_TRUE(name);
|
|
|
|
|
bssl::UniquePtr<GENERAL_NAMES> names(GENERAL_NAMES_new());
|
|
|
|
|
ASSERT_TRUE(names);
|
|
|
|
|
ASSERT_TRUE(bssl::PushToStack(names.get(), std::move(name)));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<NAME_CONSTRAINTS> nc(NAME_CONSTRAINTS_new());
|
|
|
|
|
ASSERT_TRUE(nc);
|
|
|
|
|
nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null();
|
|
|
|
|
ASSERT_TRUE(nc->permittedSubtrees);
|
|
|
|
|
bssl::UniquePtr<GENERAL_SUBTREE> subtree(GENERAL_SUBTREE_new());
|
|
|
|
|
ASSERT_TRUE(subtree);
|
|
|
|
|
GENERAL_NAME_free(subtree->base);
|
|
|
|
|
subtree->base = MakeGeneralName(t.type, t.constraint).release();
|
|
|
|
|
ASSERT_TRUE(subtree->base);
|
|
|
|
|
ASSERT_TRUE(bssl::PushToStack(nc->permittedSubtrees, std::move(subtree)));
|
|
|
|
|
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
bssl::UniquePtr<X509> root =
|
|
|
|
|
MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
ASSERT_TRUE(X509_add1_ext_i2d(root.get(), NID_name_constraints, nc.get(),
|
|
|
|
|
/*crit=*/1, /*flags=*/0));
|
|
|
|
|
ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
|
|
|
|
|
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
bssl::UniquePtr<X509> leaf =
|
|
|
|
|
MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false);
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
ASSERT_TRUE(X509_add1_ext_i2d(leaf.get(), NID_subject_alt_name, names.get(),
|
|
|
|
|
/*crit=*/0, /*flags=*/0));
|
|
|
|
|
ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
|
|
|
|
|
|
|
|
|
|
int ret = Verify(leaf.get(), {root.get()}, {}, {}, 0);
|
|
|
|
|
EXPECT_EQ(t.result, ret) << X509_verify_cert_error_string(ret);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, PrintGeneralName) {
|
|
|
|
|
// TODO(https://crbug.com/boringssl/430): Add more tests. Also fix the
|
|
|
|
|
// external projects that use this to extract the SAN list and unexport.
|
|
|
|
|
bssl::UniquePtr<GENERAL_NAME> gen = MakeGeneralName(GEN_DNS, "example.com");
|
|
|
|
|
ASSERT_TRUE(gen);
|
|
|
|
|
bssl::UniquePtr<STACK_OF(CONF_VALUE)> values(
|
|
|
|
|
i2v_GENERAL_NAME(nullptr, gen.get(), nullptr));
|
|
|
|
|
ASSERT_TRUE(values);
|
|
|
|
|
ASSERT_EQ(1u, sk_CONF_VALUE_num(values.get()));
|
|
|
|
|
const CONF_VALUE *value = sk_CONF_VALUE_value(values.get(), 0);
|
|
|
|
|
EXPECT_STREQ(value->name, "DNS");
|
|
|
|
|
EXPECT_STREQ(value->value, "example.com");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestPSS) {
|
|
|
|
|
bssl::UniquePtr<X509> cert(CertFromPEM(kExamplePSSCert));
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
|
|
|
|
|
ASSERT_TRUE(pkey);
|
|
|
|
|
|
|
|
|
|
ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestPSSBadParameters) {
|
|
|
|
|
bssl::UniquePtr<X509> cert(CertFromPEM(kBadPSSCertPEM));
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
|
|
|
|
|
ASSERT_TRUE(pkey);
|
|
|
|
|
|
|
|
|
|
ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestEd25519) {
|
|
|
|
|
bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519Cert));
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
|
|
|
|
|
ASSERT_TRUE(pkey);
|
|
|
|
|
|
|
|
|
|
ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestEd25519BadParameters) {
|
|
|
|
|
bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519CertNull));
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
|
|
|
|
|
ASSERT_TRUE(pkey);
|
|
|
|
|
|
|
|
|
|
ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
|
|
|
|
|
|
|
|
|
|
uint32_t err = ERR_get_error();
|
|
|
|
|
ASSERT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
|
|
|
|
|
ASSERT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestX25519) {
|
|
|
|
|
bssl::UniquePtr<X509> cert(CertFromPEM(kX25519Cert));
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
|
|
|
|
|
ASSERT_TRUE(pkey);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(EVP_PKEY_id(pkey.get()), EVP_PKEY_X25519);
|
|
|
|
|
|
|
|
|
|
constexpr uint8_t kExpectedPublicValue[] = {
|
|
|
|
|
0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
|
|
|
|
|
0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
|
|
|
|
|
0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a,
|
|
|
|
|
};
|
|
|
|
|
uint8_t public_value[sizeof(kExpectedPublicValue)];
|
|
|
|
|
size_t public_value_size = sizeof(public_value);
|
|
|
|
|
ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pkey.get(), public_value,
|
|
|
|
|
&public_value_size));
|
|
|
|
|
EXPECT_EQ(Bytes(kExpectedPublicValue),
|
|
|
|
|
Bytes(public_value, public_value_size));
|
|
|
|
|
}
|
|
|
|
|
|
Add functions for manipulating X.509 TBS structures.
When generating a signature with some external signing process, the
caller needs to fill in the TBSCertificate (including the signature
algorithms), serialize the TBSCertificate, and then fill in the
signature.
We have i2d_re_X509_tbs (originally from CT I believe), but there are no
setters for the signature algorithms or the signature. Add
X509_set1_signature_algo, which mirrors upstream's
X509_REQ_set1_signature_algo, and X509_set1_signature_value, which is
new. Upstream has X509_REQ_set0_signature, but that requires the caller
manually assemble an ASN1_BIT_STRING. Taking the byte string seems less
error-prone.
Additionally, add i2d_X509_tbs and i2d_X509_CRL_tbs, for the non-"re"
variants of those APIs. Conscrypt needs to extract the TBS portion of a
certificate and a CRL, to implement X509Certificate.getTBSCertificate()
and X509CRL.getTBSCertList(). There, the aim is to get the data to
verify on an existing immutable certificate. OpenSSL has avoided
exporting the X509_CINF type, which I think is correct, so instead this
mirrors i2d_re_X509_tbs. (This does mean mirroring the confusing i2d
calling convention though.)
These new functions should unblock getting rid of a bunch of direct
struct accesses.
Later on, we should reorganize this header into immutable APIs for
verification and mutable APIs for generation. Even though we're stuck
the mistake of a common type for both use cases, I think splitting up
them up will let us rationalize the caches in the X509 objects a bit.
Change-Id: I96e6ab5cee3608e07b2ed7465c449a72ca10a393
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43784
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
static bssl::UniquePtr<X509> ReencodeCertificate(X509 *cert) {
|
|
|
|
|
uint8_t *der = nullptr;
|
|
|
|
|
int len = i2d_X509(cert, &der);
|
|
|
|
|
bssl::UniquePtr<uint8_t> free_der(der);
|
|
|
|
|
if (len <= 0) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const uint8_t *inp = der;
|
|
|
|
|
return bssl::UniquePtr<X509>(d2i_X509(nullptr, &inp, len));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) {
|
|
|
|
|
// Make a certificate like signed with |md_ctx|'s settings.'
|
|
|
|
|
bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
|
|
|
|
|
if (!cert || !X509_sign_ctx(cert.get(), md_ctx)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ensure that |pkey| may still be used to verify the resulting signature. All
|
|
|
|
|
// settings in |md_ctx| must have been serialized appropriately.
|
Add functions for manipulating X.509 TBS structures.
When generating a signature with some external signing process, the
caller needs to fill in the TBSCertificate (including the signature
algorithms), serialize the TBSCertificate, and then fill in the
signature.
We have i2d_re_X509_tbs (originally from CT I believe), but there are no
setters for the signature algorithms or the signature. Add
X509_set1_signature_algo, which mirrors upstream's
X509_REQ_set1_signature_algo, and X509_set1_signature_value, which is
new. Upstream has X509_REQ_set0_signature, but that requires the caller
manually assemble an ASN1_BIT_STRING. Taking the byte string seems less
error-prone.
Additionally, add i2d_X509_tbs and i2d_X509_CRL_tbs, for the non-"re"
variants of those APIs. Conscrypt needs to extract the TBS portion of a
certificate and a CRL, to implement X509Certificate.getTBSCertificate()
and X509CRL.getTBSCertList(). There, the aim is to get the data to
verify on an existing immutable certificate. OpenSSL has avoided
exporting the X509_CINF type, which I think is correct, so instead this
mirrors i2d_re_X509_tbs. (This does mean mirroring the confusing i2d
calling convention though.)
These new functions should unblock getting rid of a bunch of direct
struct accesses.
Later on, we should reorganize this header into immutable APIs for
verification and mutable APIs for generation. Even though we're stuck
the mistake of a common type for both use cases, I think splitting up
them up will let us rationalize the caches in the X509 objects a bit.
Change-Id: I96e6ab5cee3608e07b2ed7465c449a72ca10a393
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43784
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
if (!X509_verify(cert.get(), pkey)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Re-encode the certificate. X509 objects contain a cached TBSCertificate
|
|
|
|
|
// encoding and |X509_sign_ctx| should have refreshed that cache.
|
|
|
|
|
bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
|
|
|
|
|
return copy && X509_verify(copy.get(), pkey);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, RSASign) {
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
|
|
|
|
|
ASSERT_TRUE(pkey);
|
|
|
|
|
// Test PKCS#1 v1.5.
|
|
|
|
|
bssl::ScopedEVP_MD_CTX md_ctx;
|
|
|
|
|
ASSERT_TRUE(
|
|
|
|
|
EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
|
|
|
|
|
ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
|
|
|
|
|
|
|
|
|
|
// Test RSA-PSS with custom parameters.
|
|
|
|
|
md_ctx.Reset();
|
|
|
|
|
EVP_PKEY_CTX *pkey_ctx;
|
|
|
|
|
ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
|
|
|
|
|
pkey.get()));
|
|
|
|
|
ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
|
|
|
|
|
ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()));
|
|
|
|
|
ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
|
|
|
|
|
|
|
|
|
|
// RSA-PSS with salt length matching hash length should work when passing in
|
|
|
|
|
// -1 or the value explicitly.
|
|
|
|
|
md_ctx.Reset();
|
|
|
|
|
ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
|
|
|
|
|
pkey.get()));
|
|
|
|
|
ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
|
|
|
|
|
ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
|
|
|
|
|
ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
|
|
|
|
|
|
|
|
|
|
md_ctx.Reset();
|
|
|
|
|
ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
|
|
|
|
|
pkey.get()));
|
|
|
|
|
ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
|
|
|
|
|
ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 32));
|
|
|
|
|
ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
|
|
|
|
|
}
|
|
|
|
|
|
Add functions for manipulating X.509 TBS structures.
When generating a signature with some external signing process, the
caller needs to fill in the TBSCertificate (including the signature
algorithms), serialize the TBSCertificate, and then fill in the
signature.
We have i2d_re_X509_tbs (originally from CT I believe), but there are no
setters for the signature algorithms or the signature. Add
X509_set1_signature_algo, which mirrors upstream's
X509_REQ_set1_signature_algo, and X509_set1_signature_value, which is
new. Upstream has X509_REQ_set0_signature, but that requires the caller
manually assemble an ASN1_BIT_STRING. Taking the byte string seems less
error-prone.
Additionally, add i2d_X509_tbs and i2d_X509_CRL_tbs, for the non-"re"
variants of those APIs. Conscrypt needs to extract the TBS portion of a
certificate and a CRL, to implement X509Certificate.getTBSCertificate()
and X509CRL.getTBSCertList(). There, the aim is to get the data to
verify on an existing immutable certificate. OpenSSL has avoided
exporting the X509_CINF type, which I think is correct, so instead this
mirrors i2d_re_X509_tbs. (This does mean mirroring the confusing i2d
calling convention though.)
These new functions should unblock getting rid of a bunch of direct
struct accesses.
Later on, we should reorganize this header into immutable APIs for
verification and mutable APIs for generation. Even though we're stuck
the mistake of a common type for both use cases, I think splitting up
them up will let us rationalize the caches in the X509 objects a bit.
Change-Id: I96e6ab5cee3608e07b2ed7465c449a72ca10a393
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43784
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
// Test the APIs for manually signing a certificate.
|
|
|
|
|
TEST(X509Test, RSASignManual) {
|
|
|
|
|
const int kSignatureNID = NID_sha384WithRSAEncryption;
|
|
|
|
|
const EVP_MD *kSignatureHash = EVP_sha384();
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
|
|
|
|
|
ASSERT_TRUE(pkey);
|
|
|
|
|
bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
|
|
|
|
|
ASSERT_TRUE(algor);
|
|
|
|
|
ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
|
|
|
|
|
V_ASN1_NULL, nullptr));
|
|
|
|
|
|
|
|
|
|
// Test certificates made both from other certificates and |X509_new|, in case
|
|
|
|
|
// there are bugs in filling in fields from different states. (Parsed
|
|
|
|
|
// certificate contain a TBSCertificate cache, and |X509_new| initializes
|
|
|
|
|
// fields based on complex ASN.1 template logic.)
|
|
|
|
|
for (bool new_cert : {true, false}) {
|
|
|
|
|
SCOPED_TRACE(new_cert);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> cert;
|
|
|
|
|
if (new_cert) {
|
|
|
|
|
cert.reset(X509_new());
|
|
|
|
|
// Fill in some fields for the certificate arbitrarily.
|
|
|
|
|
EXPECT_TRUE(X509_set_version(cert.get(), X509_VERSION_3));
|
Add functions for manipulating X.509 TBS structures.
When generating a signature with some external signing process, the
caller needs to fill in the TBSCertificate (including the signature
algorithms), serialize the TBSCertificate, and then fill in the
signature.
We have i2d_re_X509_tbs (originally from CT I believe), but there are no
setters for the signature algorithms or the signature. Add
X509_set1_signature_algo, which mirrors upstream's
X509_REQ_set1_signature_algo, and X509_set1_signature_value, which is
new. Upstream has X509_REQ_set0_signature, but that requires the caller
manually assemble an ASN1_BIT_STRING. Taking the byte string seems less
error-prone.
Additionally, add i2d_X509_tbs and i2d_X509_CRL_tbs, for the non-"re"
variants of those APIs. Conscrypt needs to extract the TBS portion of a
certificate and a CRL, to implement X509Certificate.getTBSCertificate()
and X509CRL.getTBSCertList(). There, the aim is to get the data to
verify on an existing immutable certificate. OpenSSL has avoided
exporting the X509_CINF type, which I think is correct, so instead this
mirrors i2d_re_X509_tbs. (This does mean mirroring the confusing i2d
calling convention though.)
These new functions should unblock getting rid of a bunch of direct
struct accesses.
Later on, we should reorganize this header into immutable APIs for
verification and mutable APIs for generation. Even though we're stuck
the mistake of a common type for both use cases, I think splitting up
them up will let us rationalize the caches in the X509 objects a bit.
Change-Id: I96e6ab5cee3608e07b2ed7465c449a72ca10a393
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43784
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
EXPECT_TRUE(ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1));
|
|
|
|
|
EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0));
|
|
|
|
|
EXPECT_TRUE(
|
|
|
|
|
X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24));
|
|
|
|
|
X509_NAME *subject = X509_get_subject_name(cert.get());
|
|
|
|
|
X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
|
|
|
|
|
reinterpret_cast<const uint8_t *>("Test"), -1,
|
|
|
|
|
-1, 0);
|
|
|
|
|
EXPECT_TRUE(X509_set_issuer_name(cert.get(), subject));
|
|
|
|
|
EXPECT_TRUE(X509_set_pubkey(cert.get(), pkey.get()));
|
|
|
|
|
} else {
|
|
|
|
|
// Extract fields from a parsed certificate.
|
|
|
|
|
cert = CertFromPEM(kLeafPEM);
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
|
|
|
|
|
// We should test with a different algorithm from what is already in the
|
|
|
|
|
// certificate.
|
|
|
|
|
EXPECT_NE(kSignatureNID, X509_get_signature_nid(cert.get()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Fill in the signature algorithm.
|
|
|
|
|
ASSERT_TRUE(X509_set1_signature_algo(cert.get(), algor.get()));
|
|
|
|
|
|
|
|
|
|
// Extract the TBSCertificiate.
|
|
|
|
|
uint8_t *tbs_cert = nullptr;
|
|
|
|
|
int tbs_cert_len = i2d_re_X509_tbs(cert.get(), &tbs_cert);
|
|
|
|
|
bssl::UniquePtr<uint8_t> free_tbs_cert(tbs_cert);
|
|
|
|
|
ASSERT_GT(tbs_cert_len, 0);
|
|
|
|
|
|
|
|
|
|
// Generate a signature externally and fill it in.
|
|
|
|
|
bssl::ScopedEVP_MD_CTX md_ctx;
|
|
|
|
|
ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
|
|
|
|
|
nullptr, pkey.get()));
|
|
|
|
|
size_t sig_len;
|
|
|
|
|
ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs_cert,
|
|
|
|
|
tbs_cert_len));
|
|
|
|
|
std::vector<uint8_t> sig(sig_len);
|
|
|
|
|
ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs_cert,
|
|
|
|
|
tbs_cert_len));
|
|
|
|
|
sig.resize(sig_len);
|
|
|
|
|
ASSERT_TRUE(X509_set1_signature_value(cert.get(), sig.data(), sig.size()));
|
|
|
|
|
|
|
|
|
|
// Check the signature.
|
|
|
|
|
EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
|
|
|
|
|
|
|
|
|
|
// Re-encode the certificate. X509 objects contain a cached TBSCertificate
|
|
|
|
|
// encoding and |i2d_re_X509_tbs| should have refreshed that cache.
|
|
|
|
|
bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
|
|
|
|
|
ASSERT_TRUE(copy);
|
|
|
|
|
EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, Ed25519Sign) {
|
|
|
|
|
uint8_t pub_bytes[32], priv_bytes[64];
|
|
|
|
|
ED25519_keypair(pub_bytes, priv_bytes);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pub(
|
|
|
|
|
EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, pub_bytes, 32));
|
|
|
|
|
ASSERT_TRUE(pub);
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> priv(
|
|
|
|
|
EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, priv_bytes, 32));
|
|
|
|
|
ASSERT_TRUE(priv);
|
|
|
|
|
|
|
|
|
|
bssl::ScopedEVP_MD_CTX md_ctx;
|
|
|
|
|
ASSERT_TRUE(
|
|
|
|
|
EVP_DigestSignInit(md_ctx.get(), nullptr, nullptr, nullptr, priv.get()));
|
|
|
|
|
ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
|
|
|
|
|
const char *pem) {
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
|
|
|
|
|
if (!bio) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char *name, *header;
|
|
|
|
|
uint8_t *data;
|
|
|
|
|
long data_len;
|
|
|
|
|
if (!PEM_read_bio(bio.get(), &name, &header, &data, &data_len)) {
|
|
|
|
|
fprintf(stderr, "failed to read PEM data.\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
OPENSSL_free(name);
|
|
|
|
|
OPENSSL_free(header);
|
|
|
|
|
|
|
|
|
|
out->reset(data);
|
|
|
|
|
*out_len = data_len;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestFromBuffer) {
|
|
|
|
|
size_t data_len;
|
|
|
|
|
bssl::UniquePtr<uint8_t> data;
|
|
|
|
|
ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<CRYPTO_BUFFER> buf(
|
|
|
|
|
CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
|
|
|
|
|
ASSERT_TRUE(buf);
|
|
|
|
|
bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
|
|
|
|
|
const uint8_t *enc_pointer = root->cert_info->enc.enc;
|
|
|
|
|
const uint8_t *buf_pointer = CRYPTO_BUFFER_data(buf.get());
|
|
|
|
|
ASSERT_GE(enc_pointer, buf_pointer);
|
|
|
|
|
ASSERT_LT(enc_pointer, buf_pointer + CRYPTO_BUFFER_len(buf.get()));
|
|
|
|
|
buf.reset();
|
|
|
|
|
|
|
|
|
|
/* This ensures the X509 took a reference to |buf|, otherwise this will be a
|
|
|
|
|
* reference to free memory and ASAN should notice. */
|
|
|
|
|
ASSERT_EQ(0x30, enc_pointer[0]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestFromBufferWithTrailingData) {
|
|
|
|
|
size_t data_len;
|
|
|
|
|
bssl::UniquePtr<uint8_t> data;
|
|
|
|
|
ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
|
|
|
|
|
|
|
|
|
|
std::unique_ptr<uint8_t[]> trailing_data(new uint8_t[data_len + 1]);
|
|
|
|
|
OPENSSL_memcpy(trailing_data.get(), data.get(), data_len);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data(
|
|
|
|
|
CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr));
|
|
|
|
|
ASSERT_TRUE(buf_trailing_data);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> root_trailing_data(
|
|
|
|
|
X509_parse_from_buffer(buf_trailing_data.get()));
|
|
|
|
|
ASSERT_FALSE(root_trailing_data);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestFromBufferModified) {
|
|
|
|
|
size_t data_len;
|
|
|
|
|
bssl::UniquePtr<uint8_t> data;
|
|
|
|
|
ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<CRYPTO_BUFFER> buf(
|
|
|
|
|
CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
|
|
|
|
|
ASSERT_TRUE(buf);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
|
|
|
|
|
ASN1_INTEGER_set(fourty_two.get(), 42);
|
|
|
|
|
X509_set_serialNumber(root.get(), fourty_two.get());
|
|
|
|
|
|
|
|
|
|
ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
|
|
|
|
|
|
Remove some BoringSSL-only X509_CINF functions.
These functions are not in any released version of OpenSSL. The history
is they were added to 1.0.2 beta for CT, but then removed in favor of
i2d_re_X509_tbs. We forked in between the two events.
I'm not sure what the reasoning was upstream's end. I'm thinking:
- X509 currently only captures the serialized TBSCertificate. It might
be nice to capture the whole Certificate to avoid needing a
serialization in X509_cmp and make it easier to interop with other
stacks. (Unclear.) That would require not exporting the X509_CINF
standalone for serialization.
- The modified bit means, without locking, i2d_X509 is not const or
thread-safe. We *might* be able to shift the re-encoding to
i2d_re_X509_tbs, which is already inherently non-const. That requires
not having X509_CINF_set_modified.
I'm not sure how feasible either of these are, but between that,
upstream alignment, and X509_CINF otherwise being absent from public
accessors, it seems worth removing.
Update-Note: X509_get_cert_info, X509_CINF_set_modified, and
X509_CINF_get_signature are removed. I believe all callers have been
updated. Callers should use i2d_re_X509_tbs, i2d_X509_tbs, and
X509_get0_tbs_sigalg instead.
Change-Id: Ic1906ba383faa7903973cb498402518985dd838c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46985
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
// Re-encode the TBSCertificate.
|
|
|
|
|
i2d_re_X509_tbs(root.get(), nullptr);
|
|
|
|
|
|
|
|
|
|
ASSERT_NE(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestFromBufferReused) {
|
|
|
|
|
size_t data_len;
|
|
|
|
|
bssl::UniquePtr<uint8_t> data;
|
|
|
|
|
ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<CRYPTO_BUFFER> buf(
|
|
|
|
|
CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
|
|
|
|
|
ASSERT_TRUE(buf);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
|
|
|
|
|
size_t data2_len;
|
|
|
|
|
bssl::UniquePtr<uint8_t> data2;
|
|
|
|
|
ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
|
|
|
|
|
|
|
|
|
|
X509 *x509p = root.get();
|
|
|
|
|
const uint8_t *inp = data2.get();
|
|
|
|
|
X509 *ret = d2i_X509(&x509p, &inp, data2_len);
|
|
|
|
|
ASSERT_EQ(root.get(), ret);
|
|
|
|
|
ASSERT_EQ(nullptr, root->buf);
|
|
|
|
|
|
|
|
|
|
// Free |data2| and ensure that |root| took its own copy. Otherwise the
|
|
|
|
|
// following will trigger a use-after-free.
|
|
|
|
|
data2.reset();
|
|
|
|
|
|
|
|
|
|
uint8_t *i2d = nullptr;
|
|
|
|
|
int i2d_len = i2d_X509(root.get(), &i2d);
|
|
|
|
|
ASSERT_GE(i2d_len, 0);
|
|
|
|
|
bssl::UniquePtr<uint8_t> i2d_storage(i2d);
|
|
|
|
|
|
|
|
|
|
ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
|
|
|
|
|
|
|
|
|
|
ASSERT_EQ(static_cast<long>(data2_len), i2d_len);
|
|
|
|
|
ASSERT_EQ(0, OPENSSL_memcmp(data2.get(), i2d, i2d_len));
|
|
|
|
|
ASSERT_EQ(nullptr, root->buf);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestFailedParseFromBuffer) {
|
|
|
|
|
static const uint8_t kNonsense[] = {1, 2, 3, 4, 5};
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<CRYPTO_BUFFER> buf(
|
|
|
|
|
CRYPTO_BUFFER_new(kNonsense, sizeof(kNonsense), nullptr));
|
|
|
|
|
ASSERT_TRUE(buf);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buf.get()));
|
|
|
|
|
ASSERT_FALSE(cert);
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
|
|
|
|
|
// Test a buffer with trailing data.
|
|
|
|
|
size_t data_len;
|
|
|
|
|
bssl::UniquePtr<uint8_t> data;
|
|
|
|
|
ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
|
|
|
|
|
|
|
|
|
|
std::unique_ptr<uint8_t[]> data_with_trailing_byte(new uint8_t[data_len + 1]);
|
|
|
|
|
OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len);
|
|
|
|
|
data_with_trailing_byte[data_len] = 0;
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
|
|
|
|
|
CRYPTO_BUFFER_new(data_with_trailing_byte.get(), data_len + 1, nullptr));
|
|
|
|
|
ASSERT_TRUE(buf_with_trailing_byte);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> root(
|
|
|
|
|
X509_parse_from_buffer(buf_with_trailing_byte.get()));
|
|
|
|
|
ASSERT_FALSE(root);
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, TestPrintUTCTIME) {
|
|
|
|
|
static const struct {
|
|
|
|
|
const char *val, *want;
|
|
|
|
|
} asn1_utctime_tests[] = {
|
|
|
|
|
{"", "Bad time value"},
|
|
|
|
|
|
|
|
|
|
// Correct RFC 5280 form. Test years < 2000 and > 2000.
|
|
|
|
|
{"090303125425Z", "Mar 3 12:54:25 2009 GMT"},
|
|
|
|
|
{"900303125425Z", "Mar 3 12:54:25 1990 GMT"},
|
|
|
|
|
{"000303125425Z", "Mar 3 12:54:25 2000 GMT"},
|
|
|
|
|
|
|
|
|
|
// Correct form, bad values.
|
|
|
|
|
{"000000000000Z", "Bad time value"},
|
|
|
|
|
{"999999999999Z", "Bad time value"},
|
|
|
|
|
|
|
|
|
|
// Missing components. Not legal RFC 5280, but permitted.
|
|
|
|
|
{"090303125425", "Mar 3 12:54:25 2009"},
|
|
|
|
|
{"9003031254", "Mar 3 12:54:00 1990"},
|
|
|
|
|
{"9003031254Z", "Mar 3 12:54:00 1990 GMT"},
|
|
|
|
|
|
|
|
|
|
// GENERALIZEDTIME confused for UTCTIME.
|
|
|
|
|
{"20090303125425Z", "Bad time value"},
|
|
|
|
|
|
|
|
|
|
// Legal ASN.1, but not legal RFC 5280.
|
|
|
|
|
{"9003031254+0800", "Bad time value"},
|
|
|
|
|
{"9003031254-0800", "Bad time value"},
|
|
|
|
|
|
|
|
|
|
// Trailing garbage.
|
|
|
|
|
{"9003031254Z ", "Bad time value"},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
for (auto t : asn1_utctime_tests) {
|
|
|
|
|
SCOPED_TRACE(t.val);
|
|
|
|
|
bssl::UniquePtr<ASN1_UTCTIME> tm(ASN1_UTCTIME_new());
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
|
|
|
|
|
|
|
|
|
|
// Use this instead of ASN1_UTCTIME_set() because some callers get
|
|
|
|
|
// type-confused and pass ASN1_GENERALIZEDTIME to ASN1_UTCTIME_print().
|
|
|
|
|
// ASN1_UTCTIME_set_string() is stricter, and would reject the inputs in
|
|
|
|
|
// question.
|
|
|
|
|
ASSERT_TRUE(ASN1_STRING_set(tm.get(), t.val, strlen(t.val)));
|
|
|
|
|
const int ok = ASN1_UTCTIME_print(bio.get(), tm.get());
|
|
|
|
|
|
|
|
|
|
const uint8_t *contents;
|
|
|
|
|
size_t len;
|
|
|
|
|
ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len));
|
|
|
|
|
EXPECT_EQ(ok, (strcmp(t.want, "Bad time value") != 0) ? 1 : 0);
|
|
|
|
|
EXPECT_EQ(t.want,
|
|
|
|
|
std::string(reinterpret_cast<const char *>(contents), len));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, PrettyPrintIntegers) {
|
|
|
|
|
static const char *kTests[] = {
|
|
|
|
|
// Small numbers are pretty-printed in decimal.
|
|
|
|
|
"0",
|
|
|
|
|
"-1",
|
|
|
|
|
"1",
|
|
|
|
|
"42",
|
|
|
|
|
"-42",
|
|
|
|
|
"256",
|
|
|
|
|
"-256",
|
|
|
|
|
// Large numbers are pretty-printed in hex to avoid taking quadratic time.
|
|
|
|
|
"0x0123456789",
|
|
|
|
|
"-0x0123456789",
|
|
|
|
|
};
|
|
|
|
|
for (const char *in : kTests) {
|
|
|
|
|
SCOPED_TRACE(in);
|
|
|
|
|
BIGNUM *bn = nullptr;
|
|
|
|
|
ASSERT_TRUE(BN_asc2bn(&bn, in));
|
|
|
|
|
bssl::UniquePtr<BIGNUM> free_bn(bn);
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
bssl::UniquePtr<ASN1_INTEGER> asn1(BN_to_ASN1_INTEGER(bn, nullptr));
|
|
|
|
|
ASSERT_TRUE(asn1);
|
|
|
|
|
bssl::UniquePtr<char> out(i2s_ASN1_INTEGER(nullptr, asn1.get()));
|
|
|
|
|
ASSERT_TRUE(out.get());
|
|
|
|
|
EXPECT_STREQ(in, out.get());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
bssl::UniquePtr<ASN1_ENUMERATED> asn1(BN_to_ASN1_ENUMERATED(bn, nullptr));
|
|
|
|
|
ASSERT_TRUE(asn1);
|
|
|
|
|
bssl::UniquePtr<char> out(i2s_ASN1_ENUMERATED(nullptr, asn1.get()));
|
|
|
|
|
ASSERT_TRUE(out.get());
|
|
|
|
|
EXPECT_STREQ(in, out.get());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, X509NameSet) {
|
|
|
|
|
bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
|
|
|
|
|
EXPECT_TRUE(X509_NAME_add_entry_by_txt(
|
|
|
|
|
name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("US"),
|
|
|
|
|
-1, -1, 0));
|
|
|
|
|
EXPECT_EQ(X509_NAME_entry_count(name.get()), 1);
|
|
|
|
|
EXPECT_TRUE(X509_NAME_add_entry_by_txt(
|
|
|
|
|
name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("CA"),
|
|
|
|
|
-1, -1, 0));
|
|
|
|
|
EXPECT_EQ(X509_NAME_entry_count(name.get()), 2);
|
|
|
|
|
EXPECT_TRUE(X509_NAME_add_entry_by_txt(
|
|
|
|
|
name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("UK"),
|
|
|
|
|
-1, -1, 0));
|
|
|
|
|
EXPECT_EQ(X509_NAME_entry_count(name.get()), 3);
|
|
|
|
|
EXPECT_TRUE(X509_NAME_add_entry_by_txt(
|
|
|
|
|
name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("JP"),
|
|
|
|
|
-1, 1, 0));
|
|
|
|
|
EXPECT_EQ(X509_NAME_entry_count(name.get()), 4);
|
|
|
|
|
|
|
|
|
|
// Check that the correct entries get incremented when inserting new entry.
|
|
|
|
|
EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1);
|
|
|
|
|
EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, NoBasicConstraintsCertSign) {
|
|
|
|
|
bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
|
|
|
|
|
bssl::UniquePtr<X509> intermediate(
|
|
|
|
|
CertFromPEM(kNoBasicConstraintsCertSignIntermediate));
|
|
|
|
|
bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf));
|
|
|
|
|
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
ASSERT_TRUE(intermediate);
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
|
|
|
|
|
// The intermediate has keyUsage certSign, but is not marked as a CA in the
|
|
|
|
|
// basicConstraints.
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_INVALID_CA,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, NoBasicConstraintsNetscapeCA) {
|
|
|
|
|
bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
|
|
|
|
|
bssl::UniquePtr<X509> intermediate(
|
|
|
|
|
CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate));
|
|
|
|
|
bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf));
|
|
|
|
|
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
ASSERT_TRUE(intermediate);
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
|
|
|
|
|
// The intermediate has a Netscape certificate type of "SSL CA", but is not
|
|
|
|
|
// marked as a CA in the basicConstraints.
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_INVALID_CA,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, MismatchAlgorithms) {
|
|
|
|
|
bssl::UniquePtr<X509> cert(CertFromPEM(kSelfSignedMismatchAlgorithms));
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
|
|
|
|
|
ASSERT_TRUE(pkey);
|
|
|
|
|
|
|
|
|
|
EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
|
|
|
|
|
uint32_t err = ERR_get_error();
|
|
|
|
|
EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
|
|
|
|
|
EXPECT_EQ(X509_R_SIGNATURE_ALGORITHM_MISMATCH, ERR_GET_REASON(err));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, PEMX509Info) {
|
|
|
|
|
std::string cert = kRootCAPEM;
|
|
|
|
|
auto cert_obj = CertFromPEM(kRootCAPEM);
|
|
|
|
|
ASSERT_TRUE(cert_obj);
|
|
|
|
|
|
|
|
|
|
std::string rsa = kRSAKey;
|
|
|
|
|
auto rsa_obj = PrivateKeyFromPEM(kRSAKey);
|
|
|
|
|
ASSERT_TRUE(rsa_obj);
|
|
|
|
|
|
|
|
|
|
std::string crl = kBasicCRL;
|
|
|
|
|
auto crl_obj = CRLFromPEM(kBasicCRL);
|
|
|
|
|
ASSERT_TRUE(crl_obj);
|
|
|
|
|
|
|
|
|
|
std::string unknown =
|
|
|
|
|
"-----BEGIN UNKNOWN-----\n"
|
|
|
|
|
"AAAA\n"
|
|
|
|
|
"-----END UNKNOWN-----\n";
|
|
|
|
|
|
|
|
|
|
std::string invalid =
|
|
|
|
|
"-----BEGIN CERTIFICATE-----\n"
|
|
|
|
|
"AAAA\n"
|
|
|
|
|
"-----END CERTIFICATE-----\n";
|
|
|
|
|
|
|
|
|
|
// Each X509_INFO contains at most one certificate, CRL, etc. The format
|
|
|
|
|
// creates a new X509_INFO when a repeated type is seen.
|
|
|
|
|
std::string pem =
|
|
|
|
|
// The first few entries have one of everything in different orders.
|
|
|
|
|
cert + rsa + crl +
|
|
|
|
|
rsa + crl + cert +
|
|
|
|
|
// Unknown types are ignored.
|
|
|
|
|
crl + unknown + cert + rsa +
|
|
|
|
|
// Seeing a new certificate starts a new entry, so now we have a bunch of
|
|
|
|
|
// certificate-only entries.
|
|
|
|
|
cert + cert + cert +
|
|
|
|
|
// The key folds into the certificate's entry.
|
|
|
|
|
cert + rsa +
|
|
|
|
|
// Doubled keys also start new entries.
|
|
|
|
|
rsa + rsa + rsa + rsa + crl +
|
|
|
|
|
// As do CRLs.
|
|
|
|
|
crl + crl;
|
|
|
|
|
|
|
|
|
|
const struct ExpectedInfo {
|
|
|
|
|
const X509 *cert;
|
|
|
|
|
const EVP_PKEY *key;
|
|
|
|
|
const X509_CRL *crl;
|
|
|
|
|
} kExpected[] = {
|
|
|
|
|
{cert_obj.get(), rsa_obj.get(), crl_obj.get()},
|
|
|
|
|
{cert_obj.get(), rsa_obj.get(), crl_obj.get()},
|
|
|
|
|
{cert_obj.get(), rsa_obj.get(), crl_obj.get()},
|
|
|
|
|
{cert_obj.get(), nullptr, nullptr},
|
|
|
|
|
{cert_obj.get(), nullptr, nullptr},
|
|
|
|
|
{cert_obj.get(), nullptr, nullptr},
|
|
|
|
|
{cert_obj.get(), rsa_obj.get(), nullptr},
|
|
|
|
|
{nullptr, rsa_obj.get(), nullptr},
|
|
|
|
|
{nullptr, rsa_obj.get(), nullptr},
|
|
|
|
|
{nullptr, rsa_obj.get(), nullptr},
|
|
|
|
|
{nullptr, rsa_obj.get(), crl_obj.get()},
|
|
|
|
|
{nullptr, nullptr, crl_obj.get()},
|
|
|
|
|
{nullptr, nullptr, crl_obj.get()},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) {
|
|
|
|
|
if (expected->cert != nullptr) {
|
|
|
|
|
EXPECT_EQ(0, X509_cmp(expected->cert, info->x509));
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_EQ(nullptr, info->x509);
|
|
|
|
|
}
|
|
|
|
|
if (expected->crl != nullptr) {
|
|
|
|
|
EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl));
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_EQ(nullptr, info->crl);
|
|
|
|
|
}
|
|
|
|
|
if (expected->key != nullptr) {
|
|
|
|
|
ASSERT_NE(nullptr, info->x_pkey);
|
|
|
|
|
// EVP_PKEY_cmp returns one if the keys are equal.
|
|
|
|
|
EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey));
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_EQ(nullptr, info->x_pkey);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size()));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
bssl::UniquePtr<STACK_OF(X509_INFO)> infos(
|
|
|
|
|
PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
|
|
|
|
|
ASSERT_TRUE(infos);
|
|
|
|
|
ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
|
|
|
|
|
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
|
|
|
|
|
SCOPED_TRACE(i);
|
|
|
|
|
check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Passing an existing stack appends to it.
|
|
|
|
|
bio.reset(BIO_new_mem_buf(pem.data(), pem.size()));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
ASSERT_EQ(infos.get(),
|
|
|
|
|
PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
|
|
|
|
|
ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
|
|
|
|
|
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
|
|
|
|
|
SCOPED_TRACE(i);
|
|
|
|
|
check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
|
|
|
|
|
check_info(
|
|
|
|
|
&kExpected[i],
|
|
|
|
|
sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Gracefully handle errors in both the append and fresh cases.
|
|
|
|
|
std::string bad_pem = cert + cert + invalid;
|
|
|
|
|
|
|
|
|
|
bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
bssl::UniquePtr<STACK_OF(X509_INFO)> infos2(
|
|
|
|
|
PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
|
|
|
|
|
EXPECT_FALSE(infos2);
|
|
|
|
|
|
|
|
|
|
bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
EXPECT_FALSE(
|
|
|
|
|
PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
|
|
|
|
|
EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, ReadBIOEmpty) {
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(nullptr, 0));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
|
|
|
|
|
// CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
|
|
|
|
|
// certificates.
|
|
|
|
|
bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
|
|
|
|
|
EXPECT_FALSE(x509);
|
|
|
|
|
uint32_t err = ERR_get_error();
|
|
|
|
|
EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
|
|
|
|
|
EXPECT_EQ(ASN1_R_HEADER_TOO_LONG, ERR_GET_REASON(err));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, ReadBIOOneByte) {
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf("\x30", 1));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
|
|
|
|
|
// CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
|
|
|
|
|
// certificates. This EOF appeared after some data, however, so we do not wish
|
|
|
|
|
// to signal EOF.
|
|
|
|
|
bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
|
|
|
|
|
EXPECT_FALSE(x509);
|
|
|
|
|
uint32_t err = ERR_get_error();
|
|
|
|
|
EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
|
|
|
|
|
EXPECT_EQ(ASN1_R_NOT_ENOUGH_DATA, ERR_GET_REASON(err));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, PartialBIOReturn) {
|
|
|
|
|
// Create a filter BIO that only reads and writes one byte at a time.
|
|
|
|
|
bssl::UniquePtr<BIO_METHOD> method(BIO_meth_new(0, nullptr));
|
|
|
|
|
ASSERT_TRUE(method);
|
|
|
|
|
ASSERT_TRUE(BIO_meth_set_create(method.get(), [](BIO *b) -> int {
|
|
|
|
|
BIO_set_init(b, 1);
|
|
|
|
|
return 1;
|
|
|
|
|
}));
|
|
|
|
|
ASSERT_TRUE(
|
|
|
|
|
BIO_meth_set_read(method.get(), [](BIO *b, char *out, int len) -> int {
|
|
|
|
|
return BIO_read(BIO_next(b), out, std::min(len, 1));
|
|
|
|
|
}));
|
|
|
|
|
ASSERT_TRUE(BIO_meth_set_write(
|
|
|
|
|
method.get(), [](BIO *b, const char *in, int len) -> int {
|
|
|
|
|
return BIO_write(BIO_next(b), in, std::min(len, 1));
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new(method.get()));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
BIO *mem_bio = BIO_new(BIO_s_mem());
|
|
|
|
|
ASSERT_TRUE(mem_bio);
|
|
|
|
|
BIO_push(bio.get(), mem_bio); // BIO_push takes ownership.
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
uint8_t *der = nullptr;
|
|
|
|
|
int der_len = i2d_X509(cert.get(), &der);
|
|
|
|
|
ASSERT_GT(der_len, 0);
|
|
|
|
|
bssl::UniquePtr<uint8_t> free_der(der);
|
|
|
|
|
|
|
|
|
|
// Write the certificate into the BIO. Though we only write one byte at a
|
|
|
|
|
// time, the write should succeed.
|
|
|
|
|
ASSERT_EQ(1, i2d_X509_bio(bio.get(), cert.get()));
|
|
|
|
|
const uint8_t *der2;
|
|
|
|
|
size_t der2_len;
|
|
|
|
|
ASSERT_TRUE(BIO_mem_contents(mem_bio, &der2, &der2_len));
|
|
|
|
|
EXPECT_EQ(Bytes(der, static_cast<size_t>(der_len)), Bytes(der2, der2_len));
|
|
|
|
|
|
|
|
|
|
// Read the certificate back out of the BIO. Though we only read one byte at a
|
|
|
|
|
// time, the read should succeed.
|
|
|
|
|
bssl::UniquePtr<X509> cert2(d2i_X509_bio(bio.get(), nullptr));
|
|
|
|
|
ASSERT_TRUE(cert2);
|
|
|
|
|
EXPECT_EQ(0, X509_cmp(cert.get(), cert2.get()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, CommonNameFallback) {
|
|
|
|
|
bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
bssl::UniquePtr<X509> with_sans = CertFromPEM(kCommonNameWithSANs);
|
|
|
|
|
ASSERT_TRUE(with_sans);
|
|
|
|
|
bssl::UniquePtr<X509> without_sans = CertFromPEM(kCommonNameWithoutSANs);
|
|
|
|
|
ASSERT_TRUE(without_sans);
|
|
|
|
|
bssl::UniquePtr<X509> with_email = CertFromPEM(kCommonNameWithEmailSAN);
|
|
|
|
|
ASSERT_TRUE(with_email);
|
|
|
|
|
bssl::UniquePtr<X509> with_ip = CertFromPEM(kCommonNameWithIPSAN);
|
|
|
|
|
ASSERT_TRUE(with_ip);
|
|
|
|
|
|
|
|
|
|
auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
|
|
|
|
|
return Verify(
|
|
|
|
|
leaf, {root.get()}, {}, {}, 0, false, [&](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
|
|
|
|
|
X509_VERIFY_PARAM_set_hostflags(param, flags);
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// By default, the common name is ignored if the SAN list is present but
|
|
|
|
|
// otherwise is checked.
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_sans.get(), 0 /* no flags */, "foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
verify_cert(with_sans.get(), 0 /* no flags */, "foo.host2.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
verify_cert(with_sans.get(), 0 /* no flags */, "foo.host3.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(), 0 /* no flags */,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_email.get(), 0 /* no flags */, "foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_ip.get(), 0 /* no flags */, "foo.host1.test"));
|
|
|
|
|
|
|
|
|
|
// X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT is ignored.
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
|
|
|
|
|
"foo.host2.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
|
|
|
|
|
"foo.host3.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(),
|
|
|
|
|
X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_email.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_ip.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
|
|
|
|
|
// X509_CHECK_FLAG_NEVER_CHECK_SUBJECT implements the correct behavior: the
|
|
|
|
|
// common name is never checked.
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
|
|
|
|
|
"foo.host2.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
|
|
|
|
|
"foo.host3.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(without_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_email.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(with_ip.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
|
|
|
|
|
"foo.host1.test"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, LooksLikeDNSName) {
|
|
|
|
|
static const char *kValid[] = {
|
|
|
|
|
"example.com",
|
|
|
|
|
"eXample123-.com",
|
|
|
|
|
"*.example.com",
|
|
|
|
|
"exa_mple.com",
|
|
|
|
|
"example.com.",
|
|
|
|
|
"project-dev:us-central1:main",
|
|
|
|
|
};
|
|
|
|
|
static const char *kInvalid[] = {
|
|
|
|
|
"-eXample123-.com",
|
|
|
|
|
"",
|
|
|
|
|
".",
|
|
|
|
|
"*",
|
|
|
|
|
"*.",
|
|
|
|
|
"example..com",
|
|
|
|
|
".example.com",
|
|
|
|
|
"example.com..",
|
|
|
|
|
"*foo.example.com",
|
|
|
|
|
"foo.*.example.com",
|
|
|
|
|
"foo,bar",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
for (const char *str : kValid) {
|
|
|
|
|
SCOPED_TRACE(str);
|
|
|
|
|
EXPECT_TRUE(x509v3_looks_like_dns_name(
|
|
|
|
|
reinterpret_cast<const uint8_t *>(str), strlen(str)));
|
|
|
|
|
}
|
|
|
|
|
for (const char *str : kInvalid) {
|
|
|
|
|
SCOPED_TRACE(str);
|
|
|
|
|
EXPECT_FALSE(x509v3_looks_like_dns_name(
|
|
|
|
|
reinterpret_cast<const uint8_t *>(str), strlen(str)));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, CommonNameAndNameConstraints) {
|
|
|
|
|
bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
bssl::UniquePtr<X509> intermediate = CertFromPEM(kConstrainedIntermediate);
|
|
|
|
|
ASSERT_TRUE(intermediate);
|
|
|
|
|
bssl::UniquePtr<X509> permitted = CertFromPEM(kCommonNamePermittedLeaf);
|
|
|
|
|
ASSERT_TRUE(permitted);
|
|
|
|
|
bssl::UniquePtr<X509> not_permitted =
|
|
|
|
|
CertFromPEM(kCommonNameNotPermittedLeaf);
|
|
|
|
|
ASSERT_TRUE(not_permitted);
|
|
|
|
|
bssl::UniquePtr<X509> not_permitted_with_sans =
|
|
|
|
|
CertFromPEM(kCommonNameNotPermittedWithSANsLeaf);
|
|
|
|
|
ASSERT_TRUE(not_permitted_with_sans);
|
|
|
|
|
bssl::UniquePtr<X509> not_dns = CertFromPEM(kCommonNameNotDNSLeaf);
|
|
|
|
|
ASSERT_TRUE(not_dns);
|
|
|
|
|
|
|
|
|
|
auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
|
|
|
|
|
return Verify(
|
|
|
|
|
leaf, {root.get()}, {intermediate.get()}, {}, 0, false,
|
|
|
|
|
[&](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
|
|
|
|
|
X509_VERIFY_PARAM_set_hostflags(param, flags);
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Certificates which would otherwise trigger the common name fallback are
|
|
|
|
|
// rejected whenever there are name constraints. We do this whether or not
|
|
|
|
|
// the common name matches the constraints.
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
|
|
|
|
|
verify_cert(permitted.get(), 0 /* no flags */, kCommonNamePermitted));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
|
|
|
|
|
verify_cert(not_permitted.get(), 0 /* no flags */,
|
|
|
|
|
kCommonNameNotPermitted));
|
|
|
|
|
|
|
|
|
|
// This occurs even if the built-in name checks aren't used. The caller may
|
|
|
|
|
// separately call |X509_check_host|.
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
|
|
|
|
|
Verify(not_permitted.get(), {root.get()}, {intermediate.get()}, {},
|
|
|
|
|
0 /* no flags */, false, nullptr));
|
|
|
|
|
|
|
|
|
|
// If the leaf certificate has SANs, the common name fallback is always
|
|
|
|
|
// disabled, so the name constraints do not apply.
|
|
|
|
|
EXPECT_EQ(X509_V_OK, Verify(not_permitted_with_sans.get(), {root.get()},
|
|
|
|
|
{intermediate.get()}, {}, 0, false, nullptr));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(not_permitted_with_sans.get(), 0 /* no flags */,
|
|
|
|
|
kCommonNameNotPermittedWithSANs));
|
|
|
|
|
|
|
|
|
|
// If the common name does not look like a DNS name, we apply neither name
|
|
|
|
|
// constraints nor common name fallback.
|
|
|
|
|
EXPECT_EQ(X509_V_OK, Verify(not_dns.get(), {root.get()}, {intermediate.get()},
|
|
|
|
|
{}, 0, false, nullptr));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
|
|
|
|
|
verify_cert(not_dns.get(), 0 /* no flags */, kCommonNameNotDNS));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, ServerGatedCryptoEKUs) {
|
|
|
|
|
bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
bssl::UniquePtr<X509> ms_sgc = CertFromPEM(kMicrosoftSGCCert);
|
|
|
|
|
ASSERT_TRUE(ms_sgc);
|
|
|
|
|
bssl::UniquePtr<X509> ns_sgc = CertFromPEM(kNetscapeSGCCert);
|
|
|
|
|
ASSERT_TRUE(ns_sgc);
|
|
|
|
|
bssl::UniquePtr<X509> server_eku = CertFromPEM(kServerEKUCert);
|
|
|
|
|
ASSERT_TRUE(server_eku);
|
|
|
|
|
bssl::UniquePtr<X509> server_eku_plus_ms_sgc =
|
|
|
|
|
CertFromPEM(kServerEKUPlusMicrosoftSGCCert);
|
|
|
|
|
ASSERT_TRUE(server_eku_plus_ms_sgc);
|
|
|
|
|
bssl::UniquePtr<X509> any_eku = CertFromPEM(kAnyEKU);
|
|
|
|
|
ASSERT_TRUE(any_eku);
|
|
|
|
|
bssl::UniquePtr<X509> no_eku = CertFromPEM(kNoEKU);
|
|
|
|
|
ASSERT_TRUE(no_eku);
|
|
|
|
|
|
|
|
|
|
auto verify_cert = [&root](X509 *leaf) {
|
|
|
|
|
return Verify(leaf, {root.get()}, /*intermediates=*/{}, /*crls=*/{},
|
|
|
|
|
/*flags=*/0, /*use_additional_untrusted=*/false,
|
|
|
|
|
[&](X509_VERIFY_PARAM *param) {
|
|
|
|
|
ASSERT_TRUE(X509_VERIFY_PARAM_set_purpose(
|
|
|
|
|
param, X509_PURPOSE_SSL_SERVER));
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Neither the Microsoft nor Netscape SGC EKU should be sufficient for
|
|
|
|
|
// |X509_PURPOSE_SSL_SERVER|. The "any" EKU probably, technically, should be.
|
|
|
|
|
// However, we've never accepted it and it's not acceptable in leaf
|
|
|
|
|
// certificates by the Baseline, so perhaps we don't need this complexity.
|
|
|
|
|
for (X509 *leaf : {ms_sgc.get(), ns_sgc.get(), any_eku.get()}) {
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE, verify_cert(leaf));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The server-auth EKU is sufficient, and it doesn't matter if an SGC EKU is
|
|
|
|
|
// also included. Lastly, not specifying an EKU is also valid.
|
|
|
|
|
for (X509 *leaf : {server_eku.get(), server_eku_plus_ms_sgc.get(),
|
|
|
|
|
no_eku.get()}) {
|
|
|
|
|
EXPECT_EQ(X509_V_OK, verify_cert(leaf));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test that invalid extensions are rejected by, if not the parser, at least the
|
|
|
|
|
// verifier.
|
|
|
|
|
TEST(X509Test, InvalidExtensions) {
|
|
|
|
|
bssl::UniquePtr<X509> root = CertFromPEM(
|
|
|
|
|
GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str());
|
|
|
|
|
ASSERT_TRUE(root);
|
|
|
|
|
bssl::UniquePtr<X509> intermediate = CertFromPEM(
|
|
|
|
|
GetTestData("crypto/x509/test/invalid_extension_intermediate.pem")
|
|
|
|
|
.c_str());
|
|
|
|
|
ASSERT_TRUE(intermediate);
|
|
|
|
|
bssl::UniquePtr<X509> leaf = CertFromPEM(
|
|
|
|
|
GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str());
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
|
|
|
|
|
// Sanity-check that the baseline chain is accepted.
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}));
|
|
|
|
|
|
|
|
|
|
static const char *kExtensions[] = {
|
|
|
|
|
"authority_key_identifier",
|
|
|
|
|
"basic_constraints",
|
|
|
|
|
"ext_key_usage",
|
|
|
|
|
"key_usage",
|
|
|
|
|
"name_constraints",
|
|
|
|
|
"subject_alt_name",
|
|
|
|
|
"subject_key_identifier",
|
|
|
|
|
};
|
|
|
|
|
for (const char *ext : kExtensions) {
|
|
|
|
|
SCOPED_TRACE(ext);
|
|
|
|
|
bssl::UniquePtr<X509> invalid_root = CertFromPEM(
|
|
|
|
|
GetTestData((std::string("crypto/x509/test/invalid_extension_root_") +
|
|
|
|
|
ext + ".pem")
|
|
|
|
|
.c_str())
|
|
|
|
|
.c_str());
|
|
|
|
|
ASSERT_TRUE(invalid_root);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> invalid_intermediate = CertFromPEM(
|
|
|
|
|
GetTestData(
|
|
|
|
|
(std::string("crypto/x509/test/invalid_extension_intermediate_") +
|
|
|
|
|
ext + ".pem")
|
|
|
|
|
.c_str())
|
|
|
|
|
.c_str());
|
|
|
|
|
ASSERT_TRUE(invalid_intermediate);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> invalid_leaf = CertFromPEM(
|
|
|
|
|
GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") +
|
|
|
|
|
ext + ".pem")
|
|
|
|
|
.c_str())
|
|
|
|
|
.c_str());
|
|
|
|
|
ASSERT_TRUE(invalid_leaf);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
X509_V_ERR_INVALID_EXTENSION,
|
|
|
|
|
Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {}));
|
|
|
|
|
|
|
|
|
|
// If the invalid extension is on an intermediate or root,
|
|
|
|
|
// |X509_verify_cert| notices by way of being unable to build a path to
|
|
|
|
|
// a valid issuer.
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
|
|
|
|
|
Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {}));
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
|
|
|
|
|
Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {}));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number
|
|
|
|
|
// encoded explicitly, rather than omitted as required by DER.
|
|
|
|
|
static const char kExplicitDefaultVersionPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
|
|
|
|
|
QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
|
|
|
|
|
dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
|
|
|
|
|
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
|
|
|
|
|
dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
|
|
|
|
|
v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
|
|
|
|
|
HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
|
|
|
|
|
BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
|
|
|
|
|
FA==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kNegativeVersionPEM is an X.509 certificate with a negative version number.
|
|
|
|
|
static const char kNegativeVersionPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
|
|
|
|
|
QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
|
|
|
|
|
dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
|
|
|
|
|
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
|
|
|
|
|
dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
|
|
|
|
|
v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
|
|
|
|
|
HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
|
|
|
|
|
BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
|
|
|
|
|
FA==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kFutureVersionPEM is an X.509 certificate with a version number value of
|
|
|
|
|
// three, which is not defined. (v3 has value two).
|
|
|
|
|
static const char kFutureVersionPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
|
|
|
|
|
QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
|
|
|
|
|
dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
|
|
|
|
|
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
|
|
|
|
|
dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
|
|
|
|
|
v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
|
|
|
|
|
HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
|
|
|
|
|
BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
|
|
|
|
|
FA==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kOverflowVersionPEM is an X.509 certificate with a version field which
|
|
|
|
|
// overflows |uint64_t|.
|
|
|
|
|
static const char kOverflowVersionPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBoDCCAUegJgIkAP//////////////////////////////////////////////
|
|
|
|
|
AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
|
|
|
|
|
U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X
|
|
|
|
|
DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR
|
|
|
|
|
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
|
|
|
|
|
IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX
|
|
|
|
|
a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw
|
|
|
|
|
CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd
|
|
|
|
|
xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kV1WithExtensionsPEM is an X.509v1 certificate with extensions.
|
|
|
|
|
static const char kV1WithExtensionsPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
|
|
|
|
|
EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
|
|
|
|
|
eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
|
|
|
|
|
EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
|
|
|
|
|
Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
|
|
|
|
|
Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
|
|
|
|
|
lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud
|
|
|
|
|
IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI
|
|
|
|
|
zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe
|
|
|
|
|
eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kV2WithExtensionsPEM is an X.509v2 certificate with extensions.
|
|
|
|
|
static const char kV2WithExtensionsPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
|
|
|
|
|
QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
|
|
|
|
|
dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
|
|
|
|
|
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
|
|
|
|
|
dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
|
|
|
|
|
v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
|
|
|
|
|
HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
|
|
|
|
|
HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
|
|
|
|
|
BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
|
|
|
|
|
BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
|
|
|
|
|
static const char kV1WithIssuerUniqueIDPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
|
|
|
|
|
EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
|
|
|
|
|
eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
|
|
|
|
|
EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
|
|
|
|
|
Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
|
|
|
|
|
Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
|
|
|
|
|
lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
|
|
|
|
|
7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
|
|
|
|
|
MlJhXnXJFA==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
|
|
|
|
|
static const char kV1WithSubjectUniqueIDPEM[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
|
|
|
|
|
EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
|
|
|
|
|
eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
|
|
|
|
|
EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
|
|
|
|
|
Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
|
|
|
|
|
Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
|
|
|
|
|
lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
|
|
|
|
|
7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
|
|
|
|
|
MlJhXnXJFA==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
// Test that the X.509 parser enforces versions are valid and match the fields
|
|
|
|
|
// present.
|
|
|
|
|
TEST(X509Test, InvalidVersion) {
|
|
|
|
|
// kExplicitDefaultVersionPEM is invalid but, for now, we accept it. See
|
|
|
|
|
// https://crbug.com/boringssl/364.
|
|
|
|
|
EXPECT_TRUE(CertFromPEM(kExplicitDefaultVersionPEM));
|
|
|
|
|
|
|
|
|
|
EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM));
|
|
|
|
|
EXPECT_FALSE(CertFromPEM(kFutureVersionPEM));
|
|
|
|
|
EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM));
|
|
|
|
|
EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
|
|
|
|
|
EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
|
|
|
|
|
EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM));
|
|
|
|
|
EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Unlike upstream OpenSSL, we require a non-null store in
|
|
|
|
|
// |X509_STORE_CTX_init|.
|
|
|
|
|
TEST(X509Test, NullStore) {
|
|
|
|
|
bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
|
|
|
|
|
ASSERT_TRUE(ctx);
|
|
|
|
|
EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, BasicConstraints) {
|
|
|
|
|
const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID;
|
|
|
|
|
|
|
|
|
|
static const struct {
|
|
|
|
|
const char *file;
|
|
|
|
|
uint32_t flags;
|
|
|
|
|
int path_len;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
{"basic_constraints_none.pem", 0, -1},
|
|
|
|
|
{"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1},
|
|
|
|
|
{"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0},
|
|
|
|
|
{"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1},
|
|
|
|
|
{"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10},
|
|
|
|
|
{"basic_constraints_leaf.pem", EXFLAG_BCONS, -1},
|
|
|
|
|
{"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
for (const auto &test : kTests) {
|
|
|
|
|
SCOPED_TRACE(test.file);
|
|
|
|
|
|
|
|
|
|
std::string path = "crypto/x509/test/";
|
|
|
|
|
path += test.file;
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path.c_str()).c_str());
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask);
|
|
|
|
|
EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get()));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The following strings are test certificates signed by kP256Key and kRSAKey,
|
|
|
|
|
// with missing, NULL, or invalid algorithm parameters.
|
|
|
|
|
static const char kP256NoParam[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
|
|
|
|
|
DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
|
|
|
|
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
|
|
|
|
|
DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
|
|
|
|
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy
|
|
|
|
|
aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy
|
|
|
|
|
gGzFYg==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kP256NullParam[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw
|
|
|
|
|
IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl
|
|
|
|
|
c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3
|
|
|
|
|
qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw
|
|
|
|
|
DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX
|
|
|
|
|
UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r
|
|
|
|
|
t6uPxHrmpUY=
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kP256InvalidParam[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD
|
|
|
|
|
EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD
|
|
|
|
|
VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N
|
|
|
|
|
lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L
|
|
|
|
|
z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF
|
|
|
|
|
AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y
|
|
|
|
|
fLULTZnynuQUULQkRcF7S7T2WpIL
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kRSANoParam[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg
|
|
|
|
|
Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
|
|
|
|
|
dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
|
|
|
|
|
Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
|
|
|
|
|
MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh
|
|
|
|
|
brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N
|
|
|
|
|
l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY
|
|
|
|
|
TWUH2ieFP3l+ecj1SeQR
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kRSANullParam[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0
|
|
|
|
|
MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU
|
|
|
|
|
ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr
|
|
|
|
|
t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ
|
|
|
|
|
MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL
|
|
|
|
|
fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy
|
|
|
|
|
seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua
|
|
|
|
|
SwmQUz4bRpckRBj+sIyp1We+pg==
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
static const char kRSAInvalidParam[] = R"(
|
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
|
MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE
|
|
|
|
|
AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG
|
|
|
|
|
A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e
|
|
|
|
|
DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt
|
|
|
|
|
S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB
|
|
|
|
|
AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0
|
|
|
|
|
4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8
|
|
|
|
|
5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9
|
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
|
)";
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, AlgorithmParameters) {
|
|
|
|
|
// P-256 parameters should be omitted, but we accept NULL ones.
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
|
|
|
|
|
ASSERT_TRUE(key);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> cert = CertFromPEM(kP256NoParam);
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
EXPECT_TRUE(X509_verify(cert.get(), key.get()));
|
|
|
|
|
|
|
|
|
|
cert = CertFromPEM(kP256NullParam);
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
EXPECT_TRUE(X509_verify(cert.get(), key.get()));
|
|
|
|
|
|
|
|
|
|
cert = CertFromPEM(kP256InvalidParam);
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
EXPECT_FALSE(X509_verify(cert.get(), key.get()));
|
|
|
|
|
uint32_t err = ERR_get_error();
|
|
|
|
|
EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
|
|
|
|
|
EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
|
|
|
|
|
|
|
|
|
|
// RSA parameters should be NULL, but we accept omitted ones.
|
|
|
|
|
key = PrivateKeyFromPEM(kRSAKey);
|
|
|
|
|
ASSERT_TRUE(key);
|
|
|
|
|
|
|
|
|
|
cert = CertFromPEM(kRSANoParam);
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
EXPECT_TRUE(X509_verify(cert.get(), key.get()));
|
|
|
|
|
|
|
|
|
|
cert = CertFromPEM(kRSANullParam);
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
EXPECT_TRUE(X509_verify(cert.get(), key.get()));
|
|
|
|
|
|
|
|
|
|
cert = CertFromPEM(kRSAInvalidParam);
|
|
|
|
|
ASSERT_TRUE(cert);
|
|
|
|
|
EXPECT_FALSE(X509_verify(cert.get(), key.get()));
|
|
|
|
|
err = ERR_get_error();
|
|
|
|
|
EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
|
|
|
|
|
EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(X509Test, GeneralName) {
|
|
|
|
|
const std::vector<uint8_t> kNames[] = {
|
|
|
|
|
// [0] {
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
|
|
|
|
|
// [0] {
|
|
|
|
|
// SEQUENCE {}
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
|
|
|
|
|
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00},
|
|
|
|
|
// [0] {
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
|
|
|
|
|
// [0] {
|
|
|
|
|
// [APPLICATION 0] {}
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
|
|
|
|
|
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00},
|
|
|
|
|
// [0] {
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
|
|
|
|
|
// [0] {
|
|
|
|
|
// UTF8String { "a" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
|
|
|
|
|
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61},
|
|
|
|
|
// [0] {
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
|
|
|
|
|
// [0] {
|
|
|
|
|
// UTF8String { "a" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
|
|
|
|
|
0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61},
|
|
|
|
|
// [0] {
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
|
|
|
|
|
// [0] {
|
|
|
|
|
// UTF8String { "b" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
|
|
|
|
|
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62},
|
|
|
|
|
// [0] {
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
|
|
|
|
|
// [0] {
|
|
|
|
|
// BOOLEAN { TRUE }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
|
|
|
|
|
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff},
|
|
|
|
|
// [0] {
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
|
|
|
|
|
// [0] {
|
|
|
|
|
// BOOLEAN { FALSE }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
|
|
|
|
|
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00},
|
|
|
|
|
// [1 PRIMITIVE] { "a" }
|
|
|
|
|
{0x81, 0x01, 0x61},
|
|
|
|
|
// [1 PRIMITIVE] { "b" }
|
|
|
|
|
{0x81, 0x01, 0x62},
|
|
|
|
|
// [2 PRIMITIVE] { "a" }
|
|
|
|
|
{0x82, 0x01, 0x61},
|
|
|
|
|
// [2 PRIMITIVE] { "b" }
|
|
|
|
|
{0x82, 0x01, 0x62},
|
|
|
|
|
// [4] {
|
|
|
|
|
// SEQUENCE {
|
|
|
|
|
// SET {
|
|
|
|
|
// SEQUENCE {
|
|
|
|
|
// # commonName
|
|
|
|
|
// OBJECT_IDENTIFIER { 2.5.4.3 }
|
|
|
|
|
// UTF8String { "a" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
|
|
|
|
|
0x03, 0x0c, 0x01, 0x61},
|
|
|
|
|
// [4] {
|
|
|
|
|
// SEQUENCE {
|
|
|
|
|
// SET {
|
|
|
|
|
// SEQUENCE {
|
|
|
|
|
// # commonName
|
|
|
|
|
// OBJECT_IDENTIFIER { 2.5.4.3 }
|
|
|
|
|
// UTF8String { "b" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
|
|
|
|
|
0x03, 0x0c, 0x01, 0x62},
|
|
|
|
|
// [5] {
|
|
|
|
|
// [1] {
|
|
|
|
|
// UTF8String { "a" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61},
|
|
|
|
|
// [5] {
|
|
|
|
|
// [1] {
|
|
|
|
|
// UTF8String { "b" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62},
|
|
|
|
|
// [5] {
|
|
|
|
|
// [0] {
|
|
|
|
|
// UTF8String {}
|
|
|
|
|
// }
|
|
|
|
|
// [1] {
|
|
|
|
|
// UTF8String { "a" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61},
|
|
|
|
|
// [5] {
|
|
|
|
|
// [0] {
|
|
|
|
|
// UTF8String { "a" }
|
|
|
|
|
// }
|
|
|
|
|
// [1] {
|
|
|
|
|
// UTF8String { "a" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61},
|
|
|
|
|
// [5] {
|
|
|
|
|
// [0] {
|
|
|
|
|
// UTF8String { "b" }
|
|
|
|
|
// }
|
|
|
|
|
// [1] {
|
|
|
|
|
// UTF8String { "a" }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
{0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61},
|
|
|
|
|
// [6 PRIMITIVE] { "a" }
|
|
|
|
|
{0x86, 0x01, 0x61},
|
|
|
|
|
// [6 PRIMITIVE] { "b" }
|
|
|
|
|
{0x86, 0x01, 0x62},
|
|
|
|
|
// [7 PRIMITIVE] { `11111111` }
|
|
|
|
|
{0x87, 0x04, 0x11, 0x11, 0x11, 0x11},
|
|
|
|
|
// [7 PRIMITIVE] { `22222222`}
|
|
|
|
|
{0x87, 0x04, 0x22, 0x22, 0x22, 0x22},
|
|
|
|
|
// [7 PRIMITIVE] { `11111111111111111111111111111111` }
|
|
|
|
|
{0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
|
|
|
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
|
|
|
|
|
// [7 PRIMITIVE] { `22222222222222222222222222222222` }
|
|
|
|
|
{0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
|
|
|
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22},
|
|
|
|
|
// [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 }
|
|
|
|
|
{0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
|
|
|
|
|
0x09, 0x02, 0x01},
|
|
|
|
|
// [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 }
|
|
|
|
|
{0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
|
|
|
|
|
0x09, 0x02, 0x02},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Every name should be equal to itself and not equal to any others.
|
|
|
|
|
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) {
|
|
|
|
|
SCOPED_TRACE(Bytes(kNames[i]));
|
|
|
|
|
|
|
|
|
|
const uint8_t *ptr = kNames[i].data();
|
|
|
|
|
bssl::UniquePtr<GENERAL_NAME> a(
|
|
|
|
|
d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size()));
|
|
|
|
|
ASSERT_TRUE(a);
|
|
|
|
|
ASSERT_EQ(ptr, kNames[i].data() + kNames[i].size());
|
|
|
|
|
|
|
|
|
|
for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) {
|
|
|
|
|
SCOPED_TRACE(Bytes(kNames[j]));
|
|
|
|
|
|
|
|
|
|
ptr = kNames[j].data();
|
|
|
|
|
bssl::UniquePtr<GENERAL_NAME> b(
|
|
|
|
|
d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size()));
|
|
|
|
|
ASSERT_TRUE(b);
|
|
|
|
|
ASSERT_EQ(ptr, kNames[j].data() + kNames[j].size());
|
|
|
|
|
|
|
|
|
|
if (i == j) {
|
|
|
|
|
EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0);
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test that extracting fields of an |X509_ALGOR| works correctly.
|
|
|
|
|
TEST(X509Test, X509AlgorExtract) {
|
|
|
|
|
static const char kTestOID[] = "1.2.840.113554.4.1.72585.2";
|
|
|
|
|
const struct {
|
|
|
|
|
int param_type;
|
|
|
|
|
std::vector<uint8_t> param_der;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
// No parameter.
|
|
|
|
|
{V_ASN1_UNDEF, {}},
|
|
|
|
|
// BOOLEAN { TRUE }
|
|
|
|
|
{V_ASN1_BOOLEAN, {0x01, 0x01, 0xff}},
|
|
|
|
|
// BOOLEAN { FALSE }
|
|
|
|
|
{V_ASN1_BOOLEAN, {0x01, 0x01, 0x00}},
|
|
|
|
|
// OCTET_STRING { "a" }
|
|
|
|
|
{V_ASN1_OCTET_STRING, {0x04, 0x01, 0x61}},
|
|
|
|
|
// BIT_STRING { `01` `00` }
|
|
|
|
|
{V_ASN1_BIT_STRING, {0x03, 0x02, 0x01, 0x00}},
|
|
|
|
|
// INTEGER { -1 }
|
|
|
|
|
{V_ASN1_INTEGER, {0x02, 0x01, 0xff}},
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
|
|
|
|
|
{V_ASN1_OBJECT,
|
|
|
|
|
{0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
|
|
|
|
|
0x09, 0x02}},
|
|
|
|
|
// NULL {}
|
|
|
|
|
{V_ASN1_NULL, {0x05, 0x00}},
|
|
|
|
|
// SEQUENCE {}
|
|
|
|
|
{V_ASN1_SEQUENCE, {0x30, 0x00}},
|
|
|
|
|
// SET {}
|
|
|
|
|
{V_ASN1_SET, {0x31, 0x00}},
|
|
|
|
|
// [0] { UTF8String { "a" } }
|
|
|
|
|
{V_ASN1_OTHER, {0xa0, 0x03, 0x0c, 0x01, 0x61}},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kTests) {
|
|
|
|
|
SCOPED_TRACE(Bytes(t.param_der));
|
|
|
|
|
|
|
|
|
|
// Assemble an AlgorithmIdentifier with the parameter.
|
|
|
|
|
bssl::ScopedCBB cbb;
|
|
|
|
|
CBB seq, oid;
|
|
|
|
|
ASSERT_TRUE(CBB_init(cbb.get(), 64));
|
|
|
|
|
ASSERT_TRUE(CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE));
|
|
|
|
|
ASSERT_TRUE(CBB_add_asn1(&seq, &oid, CBS_ASN1_OBJECT));
|
|
|
|
|
ASSERT_TRUE(CBB_add_asn1_oid_from_text(&oid, kTestOID, strlen(kTestOID)));
|
|
|
|
|
ASSERT_TRUE(CBB_add_bytes(&seq, t.param_der.data(), t.param_der.size()));
|
|
|
|
|
ASSERT_TRUE(CBB_flush(cbb.get()));
|
|
|
|
|
|
|
|
|
|
const uint8_t *ptr = CBB_data(cbb.get());
|
|
|
|
|
bssl::UniquePtr<X509_ALGOR> alg(
|
|
|
|
|
d2i_X509_ALGOR(nullptr, &ptr, CBB_len(cbb.get())));
|
|
|
|
|
ASSERT_TRUE(alg);
|
|
|
|
|
|
|
|
|
|
const ASN1_OBJECT *obj;
|
|
|
|
|
int param_type;
|
|
|
|
|
const void *param_value;
|
|
|
|
|
X509_ALGOR_get0(&obj, ¶m_type, ¶m_value, alg.get());
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(param_type, t.param_type);
|
|
|
|
|
char oid_buf[sizeof(kTestOID)];
|
|
|
|
|
ASSERT_EQ(int(sizeof(oid_buf) - 1),
|
|
|
|
|
OBJ_obj2txt(oid_buf, sizeof(oid_buf), obj,
|
|
|
|
|
/*always_return_oid=*/1));
|
|
|
|
|
EXPECT_STREQ(oid_buf, kTestOID);
|
|
|
|
|
|
|
|
|
|
// |param_type| and |param_value| must be consistent with |ASN1_TYPE|.
|
|
|
|
|
if (param_type == V_ASN1_UNDEF) {
|
|
|
|
|
EXPECT_EQ(nullptr, param_value);
|
|
|
|
|
} else {
|
|
|
|
|
bssl::UniquePtr<ASN1_TYPE> param(ASN1_TYPE_new());
|
|
|
|
|
ASSERT_TRUE(param);
|
|
|
|
|
ASSERT_TRUE(ASN1_TYPE_set1(param.get(), param_type, param_value));
|
|
|
|
|
|
|
|
|
|
uint8_t *param_der = nullptr;
|
|
|
|
|
int param_len = i2d_ASN1_TYPE(param.get(), ¶m_der);
|
|
|
|
|
ASSERT_GE(param_len, 0);
|
|
|
|
|
bssl::UniquePtr<uint8_t> free_param_der(param_der);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(Bytes(param_der, param_len), Bytes(t.param_der));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test the various |X509_ATTRIBUTE| creation functions.
|
|
|
|
|
TEST(X509Test, Attribute) {
|
|
|
|
|
// The friendlyName attribute has a BMPString value. See RFC 2985,
|
|
|
|
|
// section 5.5.1.
|
|
|
|
|
static const uint8_t kTest1[] = {0x26, 0x03}; // U+2603 SNOWMAN
|
|
|
|
|
static const uint8_t kTest1UTF8[] = {0xe2, 0x98, 0x83};
|
|
|
|
|
static const uint8_t kTest2[] = {0, 't', 0, 'e', 0, 's', 0, 't'};
|
|
|
|
|
|
|
|
|
|
auto check_attribute = [&](X509_ATTRIBUTE *attr, bool has_test2) {
|
|
|
|
|
EXPECT_EQ(NID_friendlyName, OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)));
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(has_test2 ? 2 : 1, X509_ATTRIBUTE_count(attr));
|
|
|
|
|
|
|
|
|
|
// The first attribute should contain |kTest1|.
|
|
|
|
|
const ASN1_TYPE *value = X509_ATTRIBUTE_get0_type(attr, 0);
|
|
|
|
|
ASSERT_TRUE(value);
|
|
|
|
|
EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
|
|
|
|
|
EXPECT_EQ(Bytes(kTest1),
|
|
|
|
|
Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
|
|
|
|
|
ASN1_STRING_length(value->value.bmpstring)));
|
|
|
|
|
|
|
|
|
|
// |X509_ATTRIBUTE_get0_data| requires the type match.
|
|
|
|
|
EXPECT_FALSE(
|
|
|
|
|
X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_OCTET_STRING, nullptr));
|
|
|
|
|
const ASN1_BMPSTRING *bmpstring = static_cast<const ASN1_BMPSTRING *>(
|
|
|
|
|
X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_BMPSTRING, nullptr));
|
|
|
|
|
ASSERT_TRUE(bmpstring);
|
|
|
|
|
EXPECT_EQ(Bytes(kTest1), Bytes(ASN1_STRING_get0_data(bmpstring),
|
|
|
|
|
ASN1_STRING_length(bmpstring)));
|
|
|
|
|
|
|
|
|
|
if (has_test2) {
|
|
|
|
|
value = X509_ATTRIBUTE_get0_type(attr, 1);
|
|
|
|
|
ASSERT_TRUE(value);
|
|
|
|
|
EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
|
|
|
|
|
EXPECT_EQ(Bytes(kTest2),
|
|
|
|
|
Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
|
|
|
|
|
ASN1_STRING_length(value->value.bmpstring)));
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, 1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, 2));
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
|
|
|
|
|
ASSERT_TRUE(str);
|
|
|
|
|
ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
|
|
|
|
|
|
|
|
|
|
// Test |X509_ATTRIBUTE_create|.
|
|
|
|
|
bssl::UniquePtr<X509_ATTRIBUTE> attr(
|
|
|
|
|
X509_ATTRIBUTE_create(NID_friendlyName, V_ASN1_BMPSTRING, str.get()));
|
|
|
|
|
ASSERT_TRUE(attr);
|
|
|
|
|
str.release(); // |X509_ATTRIBUTE_create| takes ownership on success.
|
|
|
|
|
check_attribute(attr.get(), /*has_test2=*/false);
|
|
|
|
|
|
|
|
|
|
// Test the |MBSTRING_*| form of |X509_ATTRIBUTE_set1_data|.
|
|
|
|
|
attr.reset(X509_ATTRIBUTE_new());
|
|
|
|
|
ASSERT_TRUE(attr);
|
|
|
|
|
ASSERT_TRUE(
|
|
|
|
|
X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
|
|
|
|
|
ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), MBSTRING_UTF8, kTest1UTF8,
|
|
|
|
|
sizeof(kTest1UTF8)));
|
|
|
|
|
check_attribute(attr.get(), /*has_test2=*/false);
|
|
|
|
|
|
|
|
|
|
// Test the |ASN1_STRING| form of |X509_ATTRIBUTE_set1_data|.
|
|
|
|
|
ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, kTest2,
|
|
|
|
|
sizeof(kTest2)));
|
|
|
|
|
check_attribute(attr.get(), /*has_test2=*/true);
|
|
|
|
|
|
|
|
|
|
// Test the |ASN1_TYPE| form of |X509_ATTRIBUTE_set1_data|.
|
|
|
|
|
attr.reset(X509_ATTRIBUTE_new());
|
|
|
|
|
ASSERT_TRUE(attr);
|
|
|
|
|
ASSERT_TRUE(
|
|
|
|
|
X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
|
|
|
|
|
str.reset(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
|
|
|
|
|
ASSERT_TRUE(str);
|
|
|
|
|
ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
|
|
|
|
|
ASSERT_TRUE(
|
|
|
|
|
X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, str.get(), -1));
|
|
|
|
|
check_attribute(attr.get(), /*has_test2=*/false);
|
|
|
|
|
}
|
Enable X509_V_FLAG_TRUSTED_FIRST by default.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
Bug: 439
Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
3 years ago
|
|
|
|
|
|
|
|
// Test that, by default, |X509_V_FLAG_TRUSTED_FIRST| is set, which means we'll
|
|
|
|
|
// skip over server-sent expired intermediates when there is a local trust
|
|
|
|
|
// anchor that works better.
|
|
|
|
|
TEST(X509Test, TrustedFirst) {
|
|
|
|
|
// Generate the following certificates:
|
|
|
|
|
//
|
|
|
|
|
// Root 2 (in store, expired)
|
|
|
|
|
// |
|
|
|
|
|
// Root 1 (in store) Root 1 (cross-sign)
|
|
|
|
|
// \ /
|
|
|
|
|
// Intermediate
|
|
|
|
|
// |
|
|
|
|
|
// Leaf
|
|
|
|
|
bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
|
|
|
|
|
ASSERT_TRUE(key);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> root2 =
|
|
|
|
|
MakeTestCert("Root 2", "Root 2", key.get(), /*is_ca=*/true);
|
|
|
|
|
ASSERT_TRUE(root2);
|
|
|
|
|
ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root2.get()), kReferenceTime,
|
|
|
|
|
/*offset_day=*/0,
|
|
|
|
|
/*offset_sec=*/-1));
|
|
|
|
|
ASSERT_TRUE(X509_sign(root2.get(), key.get(), EVP_sha256()));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> root1 =
|
|
|
|
|
MakeTestCert("Root 1", "Root 1", key.get(), /*is_ca=*/true);
|
|
|
|
|
ASSERT_TRUE(root1);
|
|
|
|
|
ASSERT_TRUE(X509_sign(root1.get(), key.get(), EVP_sha256()));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> root1_cross =
|
|
|
|
|
MakeTestCert("Root 2", "Root 1", key.get(), /*is_ca=*/true);
|
|
|
|
|
ASSERT_TRUE(root1_cross);
|
|
|
|
|
ASSERT_TRUE(X509_sign(root1_cross.get(), key.get(), EVP_sha256()));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> intermediate =
|
|
|
|
|
MakeTestCert("Root 1", "Intermediate", key.get(), /*is_ca=*/true);
|
|
|
|
|
ASSERT_TRUE(intermediate);
|
|
|
|
|
ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509> leaf =
|
|
|
|
|
MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
|
|
|
|
|
ASSERT_TRUE(leaf);
|
|
|
|
|
ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
|
|
|
|
|
|
|
|
|
|
// As a control, confirm that |leaf| -> |intermediate| -> |root1| is valid,
|
|
|
|
|
// but the path through |root1_cross| is expired.
|
|
|
|
|
EXPECT_EQ(X509_V_OK,
|
|
|
|
|
Verify(leaf.get(), {root1.get()}, {intermediate.get()}, {}));
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
|
|
|
|
|
Verify(leaf.get(), {root2.get()},
|
|
|
|
|
{intermediate.get(), root1_cross.get()}, {}));
|
|
|
|
|
|
|
|
|
|
// By default, we should find the |leaf| -> |intermediate| -> |root2| chain,
|
|
|
|
|
// skipping |root1_cross|.
|
|
|
|
|
EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root1.get(), root2.get()},
|
|
|
|
|
{intermediate.get(), root1_cross.get()}, {}));
|
|
|
|
|
|
|
|
|
|
// When |X509_V_FLAG_TRUSTED_FIRST| is disabled, we get stuck on the expired
|
|
|
|
|
// intermediate. Note we need the callback to clear the flag. Setting |flags|
|
|
|
|
|
// to zero only skips setting new flags.
|
|
|
|
|
//
|
|
|
|
|
// This test exists to confirm our current behavior, but these modes are just
|
|
|
|
|
// workarounds for not having an actual path-building verifier. If we fix it,
|
|
|
|
|
// this test can be removed.
|
|
|
|
|
EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
|
|
|
|
|
Verify(leaf.get(), {root1.get(), root2.get()},
|
|
|
|
|
{intermediate.get(), root1_cross.get()}, {}, /*flags=*/0,
|
|
|
|
|
[&](X509_VERIFY_PARAM *param) {
|
|
|
|
|
X509_VERIFY_PARAM_clear_flags(param,
|
|
|
|
|
X509_V_FLAG_TRUSTED_FIRST);
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// Even when |X509_V_FLAG_TRUSTED_FIRST| is disabled, if |root2| is not
|
|
|
|
|
// trusted, the alt chains logic recovers the path.
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
X509_V_OK,
|
|
|
|
|
Verify(leaf.get(), {root1.get()}, {intermediate.get(), root1_cross.get()},
|
|
|
|
|
{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
|
|
|
|
|
X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST);
|
|
|
|
|
}));
|
|
|
|
|
}
|
