mirror of
https://github.com/pocoproject/poco.git
synced 2024-12-14 02:57:45 +01:00
manually merge #3448, part 1 (Crypto)
This commit is contained in:
parent
82ef12b875
commit
11ffdc7807
@ -22,7 +22,9 @@
|
|||||||
#include "Poco/Mutex.h"
|
#include "Poco/Mutex.h"
|
||||||
#include "Poco/AtomicCounter.h"
|
#include "Poco/AtomicCounter.h"
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
#include <openssl/provider.h>
|
||||||
|
#endif
|
||||||
#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L
|
#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L
|
||||||
#include <openssl/fips.h>
|
#include <openssl/fips.h>
|
||||||
#endif
|
#endif
|
||||||
@ -50,10 +52,10 @@ class Crypto_API OpenSSLInitializer
|
|||||||
public:
|
public:
|
||||||
OpenSSLInitializer();
|
OpenSSLInitializer();
|
||||||
/// Automatically initialize OpenSSL on startup.
|
/// Automatically initialize OpenSSL on startup.
|
||||||
|
|
||||||
~OpenSSLInitializer();
|
~OpenSSLInitializer();
|
||||||
/// Automatically shut down OpenSSL on exit.
|
/// Automatically shut down OpenSSL on exit.
|
||||||
|
|
||||||
static void initialize();
|
static void initialize();
|
||||||
/// Initializes the OpenSSL machinery.
|
/// Initializes the OpenSSL machinery.
|
||||||
|
|
||||||
@ -71,7 +73,7 @@ protected:
|
|||||||
{
|
{
|
||||||
SEEDSIZE = 256
|
SEEDSIZE = 256
|
||||||
};
|
};
|
||||||
|
|
||||||
// OpenSSL multithreading support
|
// OpenSSL multithreading support
|
||||||
static void lock(int mode, int n, const char* file, int line);
|
static void lock(int mode, int n, const char* file, int line);
|
||||||
static unsigned long id();
|
static unsigned long id();
|
||||||
@ -82,6 +84,10 @@ protected:
|
|||||||
private:
|
private:
|
||||||
static Poco::FastMutex* _mutexes;
|
static Poco::FastMutex* _mutexes;
|
||||||
static Poco::AtomicCounter _rc;
|
static Poco::AtomicCounter _rc;
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
static OSSL_PROVIDER* _defaultProvider;
|
||||||
|
static OSSL_PROVIDER* _legacyProvider;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -98,20 +98,22 @@ namespace
|
|||||||
{
|
{
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||||
_pContext = EVP_CIPHER_CTX_new();
|
_pContext = EVP_CIPHER_CTX_new();
|
||||||
EVP_CipherInit(
|
if (!_pContext) throwError();
|
||||||
|
int rc = EVP_CipherInit(
|
||||||
_pContext,
|
_pContext,
|
||||||
_pCipher,
|
_pCipher,
|
||||||
&_key[0],
|
&_key[0],
|
||||||
_iv.empty() ? 0 : &_iv[0],
|
_iv.empty() ? 0 : &_iv[0],
|
||||||
(dir == DIR_ENCRYPT) ? 1 : 0);
|
(dir == DIR_ENCRYPT) ? 1 : 0);
|
||||||
#else
|
#else
|
||||||
EVP_CipherInit(
|
int rc = EVP_CipherInit(
|
||||||
&_context,
|
&_context,
|
||||||
_pCipher,
|
_pCipher,
|
||||||
&_key[0],
|
&_key[0],
|
||||||
_iv.empty() ? 0 : &_iv[0],
|
_iv.empty() ? 0 : &_iv[0],
|
||||||
(dir == DIR_ENCRYPT) ? 1 : 0);
|
(dir == DIR_ENCRYPT) ? 1 : 0);
|
||||||
#endif
|
#endif
|
||||||
|
if (rc == 0) throwError();
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
||||||
if (_iv.size() != EVP_CIPHER_iv_length(_pCipher) && EVP_CIPHER_mode(_pCipher) == EVP_CIPH_GCM_MODE)
|
if (_iv.size() != EVP_CIPHER_iv_length(_pCipher) && EVP_CIPHER_mode(_pCipher) == EVP_CIPH_GCM_MODE)
|
||||||
|
@ -60,6 +60,10 @@ namespace Crypto {
|
|||||||
|
|
||||||
Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
|
Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
|
||||||
Poco::AtomicCounter OpenSSLInitializer::_rc;
|
Poco::AtomicCounter OpenSSLInitializer::_rc;
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
|
||||||
|
OSSL_PROVIDER* OpenSSLInitializer::_defaultProvider(0);
|
||||||
|
OSSL_PROVIDER* OpenSSLInitializer::_legacyProvider(0);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
OpenSSLInitializer::OpenSSLInitializer()
|
OpenSSLInitializer::OpenSSLInitializer()
|
||||||
@ -93,12 +97,17 @@ void OpenSSLInitializer::initialize()
|
|||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
OpenSSL_add_all_algorithms();
|
OpenSSL_add_all_algorithms();
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
_defaultProvider = OSSL_PROVIDER_load(NULL, "default");
|
||||||
|
_legacyProvider = OSSL_PROVIDER_load(NULL, "legacy");
|
||||||
|
#endif
|
||||||
|
|
||||||
char seed[SEEDSIZE];
|
char seed[SEEDSIZE];
|
||||||
RandomInputStream rnd;
|
RandomInputStream rnd;
|
||||||
rnd.read(seed, sizeof(seed));
|
rnd.read(seed, sizeof(seed));
|
||||||
RAND_seed(seed, SEEDSIZE);
|
RAND_seed(seed, SEEDSIZE);
|
||||||
|
|
||||||
int nMutexes = CRYPTO_num_locks();
|
int nMutexes = CRYPTO_num_locks();
|
||||||
_mutexes = new Poco::FastMutex[nMutexes];
|
_mutexes = new Poco::FastMutex[nMutexes];
|
||||||
CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
|
CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
|
||||||
@ -107,8 +116,8 @@ void OpenSSLInitializer::initialize()
|
|||||||
// https://sourceforge.net/p/poco/bugs/110/
|
// https://sourceforge.net/p/poco/bugs/110/
|
||||||
//
|
//
|
||||||
// From http://www.openssl.org/docs/crypto/threads.html :
|
// From http://www.openssl.org/docs/crypto/threads.html :
|
||||||
// "If the application does not register such a callback using CRYPTO_THREADID_set_callback(),
|
// "If the application does not register such a callback using CRYPTO_THREADID_set_callback(),
|
||||||
// then a default implementation is used - on Windows and BeOS this uses the system's
|
// then a default implementation is used - on Windows and BeOS this uses the system's
|
||||||
// default thread identifying APIs"
|
// default thread identifying APIs"
|
||||||
CRYPTO_set_id_callback(&OpenSSLInitializer::id);
|
CRYPTO_set_id_callback(&OpenSSLInitializer::id);
|
||||||
#endif
|
#endif
|
||||||
@ -130,8 +139,13 @@ void OpenSSLInitializer::uninitialize()
|
|||||||
CRYPTO_set_id_callback(0);
|
CRYPTO_set_id_callback(0);
|
||||||
#endif
|
#endif
|
||||||
delete [] _mutexes;
|
delete [] _mutexes;
|
||||||
|
|
||||||
CONF_modules_free();
|
CONF_modules_free();
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
OSSL_PROVIDER_unload(_defaultProvider);
|
||||||
|
OSSL_PROVIDER_unload(_legacyProvider);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -171,7 +171,15 @@ void PKCS12Container::load(PKCS12* pPKCS12, const std::string& password)
|
|||||||
int certCount = sk_X509_num(pCA);
|
int certCount = sk_X509_num(pCA);
|
||||||
for (int i = 0; i < certCount; ++i)
|
for (int i = 0; i < certCount; ++i)
|
||||||
{
|
{
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
X509* pX509 = sk_X509_value(pCA, i);
|
X509* pX509 = sk_X509_value(pCA, i);
|
||||||
|
#else
|
||||||
|
// Cert order is reversed on OpenSSL < 3.
|
||||||
|
// https://github.com/openssl/openssl/issues/16421
|
||||||
|
// https://github.com/openssl/openssl/pull/12641
|
||||||
|
// https://github.com/jeroen/openssl/commit/f5eb85eb0fd432406a24abda6511c449eaee6162
|
||||||
|
X509* pX509 = sk_X509_value(pCA, certCount - i - 1);
|
||||||
|
#endif
|
||||||
if (pX509)
|
if (pX509)
|
||||||
{
|
{
|
||||||
_caCertList.push_back(X509Certificate(pX509, true));
|
_caCertList.push_back(X509Certificate(pX509, true));
|
||||||
|
@ -134,29 +134,29 @@ void PKCS12ContainerTest::fullList(const PKCS12Container::CAList& caList,
|
|||||||
assertTrue (caNamesList[certOrder[1]].empty());
|
assertTrue (caNamesList[certOrder[1]].empty());
|
||||||
}
|
}
|
||||||
|
|
||||||
assertTrue (caList[certOrder[0]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
assertTrue (caList[certOrder[0]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Intermediate CA v3");
|
||||||
assertTrue (caList[certOrder[0]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
assertTrue (caList[certOrder[0]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
||||||
assertTrue (caList[certOrder[0]].commonName() == "CV Root CA v3");
|
assertTrue (caList[certOrder[0]].commonName() == "CV Intermediate CA v3");
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
||||||
assertTrue (caList[certOrder[0]].serialNumber() == "C3ECA1FCEAA16055");
|
assertTrue (caList[certOrder[0]].serialNumber() == "1000");
|
||||||
assertTrue (caList[certOrder[0]].version() == 3);
|
assertTrue (caList[certOrder[0]].version() == 3);
|
||||||
assertTrue (caList[certOrder[0]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
assertTrue (caList[certOrder[0]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
||||||
|
|
||||||
assertTrue (caList[certOrder[1]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Intermediate CA v3");
|
assertTrue (caList[certOrder[1]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
||||||
assertTrue (caList[certOrder[1]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
assertTrue (caList[certOrder[1]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
||||||
assertTrue (caList[certOrder[1]].commonName() == "CV Intermediate CA v3");
|
assertTrue (caList[certOrder[1]].commonName() == "CV Root CA v3");
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
||||||
assertTrue (caList[certOrder[1]].serialNumber() == "1000");
|
assertTrue (caList[certOrder[1]].serialNumber() == "C3ECA1FCEAA16055");
|
||||||
assertTrue (caList[certOrder[1]].version() == 3);
|
assertTrue (caList[certOrder[1]].version() == 3);
|
||||||
assertTrue (caList[certOrder[1]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
assertTrue (caList[certOrder[1]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
||||||
}
|
}
|
||||||
@ -200,36 +200,36 @@ void PKCS12ContainerTest::certsOnlyList(const PKCS12Container::CAList& caList,
|
|||||||
|
|
||||||
if (caNamesList.size())
|
if (caNamesList.size())
|
||||||
{
|
{
|
||||||
assertTrue (caNamesList[certOrder[0]].empty());
|
assertTrue (caNamesList[certOrder[0]] == "vally-ca");
|
||||||
assertTrue (caNamesList[certOrder[1]].empty());
|
assertTrue (caNamesList[certOrder[1]] == "vally-ca");
|
||||||
assertTrue (caNamesList[certOrder[2]].empty());
|
assertTrue (caNamesList[certOrder[2]].empty());
|
||||||
assertTrue (caNamesList[certOrder[3]] == "vally-ca");
|
assertTrue (caNamesList[certOrder[3]].empty());
|
||||||
assertTrue (caNamesList[certOrder[4]] == "vally-ca");
|
assertTrue (caNamesList[certOrder[4]].empty());
|
||||||
}
|
}
|
||||||
|
|
||||||
assertTrue (caList[certOrder[0]].subjectName() == "C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3");
|
assertTrue (caList[certOrder[0]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Intermediate CA v3");
|
||||||
assertTrue (caList[certOrder[0]].issuerName() == "C=US,O=Internet Security Research Group,CN=ISRG Root X1");
|
assertTrue (caList[certOrder[0]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
||||||
assertTrue (caList[certOrder[0]].commonName() == "Let's Encrypt Authority X3");
|
assertTrue (caList[certOrder[0]].commonName() == "CV Intermediate CA v3");
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_COUNTRY) == "US");
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
||||||
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
||||||
assertTrue (caList[certOrder[0]].serialNumber() == "D3B17226342332DCF40528512AEC9C6A");
|
assertTrue (caList[certOrder[0]].serialNumber()== "1000");
|
||||||
assertTrue (caList[certOrder[0]].version() == 3);
|
assertTrue (caList[certOrder[0]].version() == 3);
|
||||||
assertTrue (caList[certOrder[0]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
assertTrue (caList[certOrder[0]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
||||||
|
|
||||||
assertTrue (caList[certOrder[1]].subjectName() == "C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3");
|
assertTrue (caList[certOrder[1]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
||||||
assertTrue (caList[certOrder[1]].issuerName() == "O=Digital Signature Trust Co.,CN=DST Root CA X3");
|
assertTrue (caList[certOrder[1]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
||||||
assertTrue (caList[certOrder[1]].commonName() == "Let's Encrypt Authority X3");
|
assertTrue (caList[certOrder[1]].commonName() == "CV Root CA v3");
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_COUNTRY) == "US");
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
||||||
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
||||||
assertTrue (caList[certOrder[1]].serialNumber() == "0A0141420000015385736A0B85ECA708");
|
assertTrue (caList[certOrder[1]].serialNumber() == "C3ECA1FCEAA16055");
|
||||||
assertTrue (caList[certOrder[1]].version() == 3);
|
assertTrue (caList[certOrder[1]].version() == 3);
|
||||||
assertTrue (caList[certOrder[1]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
assertTrue (caList[certOrder[1]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
||||||
|
|
||||||
@ -246,31 +246,32 @@ void PKCS12ContainerTest::certsOnlyList(const PKCS12Container::CAList& caList,
|
|||||||
assertTrue (caList[certOrder[2]].version() == 3);
|
assertTrue (caList[certOrder[2]].version() == 3);
|
||||||
assertTrue (caList[certOrder[2]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
assertTrue (caList[certOrder[2]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
||||||
|
|
||||||
assertTrue (caList[certOrder[3]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
assertTrue (caList[certOrder[3]].subjectName() == "C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3");
|
||||||
assertTrue (caList[certOrder[3]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
assertTrue (caList[certOrder[3]].issuerName() == "O=Digital Signature Trust Co.,CN=DST Root CA X3");
|
||||||
assertTrue (caList[certOrder[3]].commonName() == "CV Root CA v3");
|
assertTrue (caList[certOrder[3]].commonName() == "Let's Encrypt Authority X3");
|
||||||
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
|
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_COUNTRY) == "US");
|
||||||
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
||||||
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
|
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
|
||||||
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
|
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
|
||||||
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
||||||
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
||||||
assertTrue (caList[certOrder[3]].serialNumber() == "C3ECA1FCEAA16055");
|
assertTrue (caList[certOrder[3]].serialNumber() == "0A0141420000015385736A0B85ECA708");
|
||||||
assertTrue (caList[certOrder[3]].version() == 3);
|
assertTrue (caList[certOrder[3]].version() == 3);
|
||||||
assertTrue (caList[certOrder[3]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
assertTrue (caList[certOrder[3]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
||||||
|
|
||||||
assertTrue (caList[certOrder[4]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Intermediate CA v3");
|
assertTrue (caList[certOrder[4]].subjectName() == "C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3");
|
||||||
assertTrue (caList[certOrder[4]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
|
assertTrue (caList[certOrder[4]].issuerName() == "C=US,O=Internet Security Research Group,CN=ISRG Root X1");
|
||||||
assertTrue (caList[certOrder[4]].commonName() == "CV Intermediate CA v3");
|
assertTrue (caList[certOrder[4]].commonName() == "Let's Encrypt Authority X3");
|
||||||
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
|
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_COUNTRY) == "US");
|
||||||
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
|
||||||
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
|
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
|
||||||
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
|
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
|
||||||
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
|
||||||
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
|
||||||
assertTrue (caList[certOrder[4]].serialNumber()== "1000");
|
assertTrue (caList[certOrder[4]].serialNumber() == "D3B17226342332DCF40528512AEC9C6A");
|
||||||
assertTrue (caList[certOrder[4]].version() == 3);
|
assertTrue (caList[certOrder[4]].version() == 3);
|
||||||
assertTrue (caList[certOrder[4]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
assertTrue (caList[certOrder[4]].signatureAlgorithm() == "sha256WithRSAEncryption");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -281,9 +282,8 @@ void PKCS12ContainerTest::testPEMReadWrite()
|
|||||||
std::string file = getTestFilesPath("certs-only", "pem");
|
std::string file = getTestFilesPath("certs-only", "pem");
|
||||||
X509Certificate::List certsOnly = X509Certificate::readPEM(file);
|
X509Certificate::List certsOnly = X509Certificate::readPEM(file);
|
||||||
assertTrue (certsOnly.size() == 5);
|
assertTrue (certsOnly.size() == 5);
|
||||||
// PEM is written by openssl in reverse order from p12
|
|
||||||
std::vector<int> certOrder;
|
std::vector<int> certOrder;
|
||||||
for(int i = (int)certsOnly.size() - 1; i >= 0; --i) certOrder.push_back(i);
|
for(int i = 0; i < certsOnly.size(); ++i) certOrder.push_back(i);
|
||||||
certsOnlyList(certsOnly, PKCS12Container::CANameList(), certOrder);
|
certsOnlyList(certsOnly, PKCS12Container::CANameList(), certOrder);
|
||||||
|
|
||||||
TemporaryFile tmpFile;
|
TemporaryFile tmpFile;
|
||||||
@ -301,7 +301,7 @@ void PKCS12ContainerTest::testPEMReadWrite()
|
|||||||
assertTrue (full.size() == 2);
|
assertTrue (full.size() == 2);
|
||||||
|
|
||||||
certOrder.clear();
|
certOrder.clear();
|
||||||
for(int i = (int)full.size() - 1; i >= 0; --i) certOrder.push_back(i);
|
for(int i = 0; i < full.size(); ++i) certOrder.push_back(i);
|
||||||
fullList(full, PKCS12Container::CANameList(), certOrder);
|
fullList(full, PKCS12Container::CANameList(), certOrder);
|
||||||
|
|
||||||
TemporaryFile tmpFile2;
|
TemporaryFile tmpFile2;
|
||||||
|
Loading…
Reference in New Issue
Block a user