read/write list of X509 certificates

This commit is contained in:
Alex Fabijanic 2017-09-26 21:43:22 -05:00
parent 4ac56bff0c
commit 1d18435e38
7 changed files with 496 additions and 89 deletions

View File

@ -38,13 +38,13 @@ class Crypto_API PKCS12Container
/// This class implements PKCS#12 container functionality. /// This class implements PKCS#12 container functionality.
{ {
public: public:
typedef std::vector<X509Certificate> CAList; typedef X509Certificate::List CAList;
explicit PKCS12Container(std::istream& istr, const std::string& password = ""); explicit PKCS12Container(std::istream& istr, const std::string& password = "");
/// Creates the PKCS12Container object from a stream. /// Creates the PKCS12Container object from a stream.
explicit PKCS12Container(const std::string& str, const std::string& password = ""); explicit PKCS12Container(const std::string& path, const std::string& password = "");
/// Creates the PKCS12Container object from a string. /// Creates the PKCS12Container object from a file.
PKCS12Container(const PKCS12Container& cont); PKCS12Container(const PKCS12Container& cont);
/// Copy constructor. /// Copy constructor.

View File

@ -22,6 +22,7 @@
#include "Poco/Crypto/OpenSSLInitializer.h" #include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/DateTime.h" #include "Poco/DateTime.h"
#include "Poco/SharedPtr.h" #include "Poco/SharedPtr.h"
#include <vector>
#include <set> #include <set>
#include <istream> #include <istream>
#include <openssl/ssl.h> #include <openssl/ssl.h>
@ -35,6 +36,8 @@ class Crypto_API X509Certificate
/// This class represents a X509 Certificate. /// This class represents a X509 Certificate.
{ {
public: public:
typedef std::vector<X509Certificate> List;
enum NID enum NID
/// Name identifier for extracting information from /// Name identifier for extracting information from
/// a certificate subject's or issuer's distinguished name. /// a certificate subject's or issuer's distinguished name.
@ -144,6 +147,13 @@ public:
void print(std::ostream& out) const; void print(std::ostream& out) const;
/// Prints the certificate information to ostream. /// Prints the certificate information to ostream.
static List readPEM(const std::string& pemFileName);
/// Reads and returns a list of certificates from
/// the specified PEM file.
static void writePEM(const std::string& pemFileName, const List& list);
/// Writes the list of certificates to the specified PEM file.
protected: protected:
void load(std::istream& stream); void load(std::istream& stream);
/// Loads the certificate from the given stream. The /// Loads the certificate from the given stream. The

View File

@ -13,6 +13,7 @@
#include "Poco/Crypto/X509Certificate.h" #include "Poco/Crypto/X509Certificate.h"
#include "Poco/Crypto/CryptoException.h"
#include "Poco/StreamCopier.h" #include "Poco/StreamCopier.h"
#include "Poco/String.h" #include "Poco/String.h"
#include "Poco/DateTimeParser.h" #include "Poco/DateTimeParser.h"
@ -294,6 +295,39 @@ bool X509Certificate::equals(const X509Certificate& otherCertificate) const
} }
X509Certificate::List X509Certificate::readPEM(const std::string& pemFileName)
{
List caCertList;
BIO* pBIO = BIO_new_file(pemFileName.c_str(), "r");
if (pBIO == NULL) throw OpenFileException("X509Certificate::readPEM()");
X509* x = PEM_read_bio_X509(pBIO, NULL, 0, NULL);
while(x)
{
caCertList.push_back(X509Certificate(x));
x = PEM_read_bio_X509(pBIO, NULL, 0, NULL);
}
BIO_free(pBIO);
return caCertList;
}
void X509Certificate::writePEM(const std::string& pemFileName, const List& list)
{
BIO* pBIO = BIO_new_file(pemFileName.c_str(), "a");
if (pBIO == NULL) throw OpenFileException("X509Certificate::writePEM()");
List::const_iterator it = list.begin();
List::const_iterator end = list.end();
for (; it != end; ++it)
{
if (!PEM_write_bio_X509(pBIO, const_cast<X509*>(it->certificate())))
{
throw OpenSSLException("X509Certificate::writePEM()");
}
}
BIO_free(pBIO);
}
void X509Certificate::print(std::ostream& out) const void X509Certificate::print(std::ostream& out) const
{ {
out << "subjectName: " << subjectName() << std::endl; out << "subjectName: " << subjectName() << std::endl;

View File

@ -0,0 +1,171 @@
Bag Attributes
friendlyName: vally-ca
subject=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3
issuer=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3
-----BEGIN CERTIFICATE-----
MIIFfjCCA2agAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCQ0gx
DDAKBgNVBAgMA1p1ZzEVMBMGA1UECgwMQ3J5cHRvIFZhbGx5MRYwFAYDVQQDDA1D
ViBSb290IENBIHYzMB4XDTE3MDkxMTA4Mjk0MFoXDTI3MDkwOTA4Mjk0MFowUjEL
MAkGA1UEBhMCQ0gxDDAKBgNVBAgMA1p1ZzEVMBMGA1UECgwMQ3J5cHRvIFZhbGx5
MR4wHAYDVQQDDBVDViBJbnRlcm1lZGlhdGUgQ0EgdjMwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCpbBbK49j5/ib4YpUnI58bWn+Znu0dFkjgjNWzhMa6
DTqAWa1LWjoDtajRwfKdhLoArJLeG6Z+fcC+kZcPjHxODz+3iBT+Wk6CZpL/aK9R
wwrW1exQtbck/KcGxI6jT2wjGJZA8qXlbbmF6uWaLIMCGFEnYOX0cVRhDab4DUbk
7Sy+LqUpskOskTp/6HeEI/fp/c7BtniJeA40+wTVfMlI2RBCrg0yx4Nq3C82MXoI
Cioth9mrO0HSe2lh5S83PbvblMloa8992K5I1ln7hWxL1x0yn7nbR3vb4dnBk+on
fSyk4NVKY7So+y+rDu28Pgb4KvvFKGCUcQW6ofBWNGBJksUYN4Ks9Cz5M1EGZlA8
ejGJJLNO7dH6B4Qxd8RyGEBnrtOTLinawRN7hVVGO6KkckhCyPLWz6XNiw05xrnp
i7e6cut7R0pJh3+TwbUKSaiqgUpcrUzKyzDd9YEhC9hcgbyddcIzXo4gAgboTRPS
pIb886OJTauEGAeFSKYMt2K4mgl8IN4UNQcg3WYVj5/CtV2DGmtKC8iFq7LvXL7o
FquDF5c8DGIyncRcCx+qWA7fLtbKLWR9NjjZkSSD+cKZpFXFBaWRTyu/8gtgNhsa
pvmPPP1YEBYHvgg4G4lmgXgm3M0jjfCe7bCQ1ZGpTiYsKU7VeV+OlWooAMD3KsGE
tQIDAQABo2YwZDAdBgNVHQ4EFgQUKR1WSx/kkX4vyXOsa2Ileg5+S2wwHwYDVR0j
BBgwFoAUIAnvmmnJbmIDRRQOKXD0hpaXvjMwEgYDVR0TAQH/BAgwBgEB/wIBADAO
BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAKKIqxh/IU8n1cADYqkJ
HPmHQvs2HPSacVa3ki7FMPnvdQbSTw29Y4Ff+PfYtUgKuki5n/wxLIncOYLW1Fta
gNSDJg0sk8ev+yOO7uSunRi1A5rNCQsBRcMx10/RUwTFnLfAZhnNBBApHdQBHvkb
X5ViSvVZmu3MNCFRbIVflGLZOaFkkbF55InhJ44MwSpdPZCsVMZIV2EYVwvxof61
SWfrPKxVtUvTW/aAVxU7bEC4IfiIpgWPcPfCRhC+bMhQkZsbRJJnbjX5QVyetl5e
animzcIBbtmf85GTfKe7Wx6w9Gep4eFRySQafAgnSxq/5uhnF8eju0axS4QK8O9m
9WK3Dw9kvSpGhHWX9rAhybKUX/Xnz/ka6KeIckP3eZIr4lgHd5NJhAEYlUCECmd1
Z9DKgorx1UWfZlYH0+uwZnS+XZJbY1+uEIqC8sOm1CPTXitG82rtx9By8/8zSomF
sLFvJE5O4LGmaA9zHgHQBAnthGlL68DlV6AJ2RZ0ZqrmKcsUgrFpTFg8VFcG9QiX
aGO9AMVKT9g6V0D2tIbFxjqLgdtbDRAD8/Cv3UyQpOxn7EH+yZEV7eYWN6+90dBe
fLkSM+vM6Ctrrv0zsEDf9zGCXQ/wIky5DQkDJq2A59Qg1hblbb+V+Ewg9Yn6W4gU
URAdKA40oMEYEt9bt+2lAy/Q
-----END CERTIFICATE-----
Bag Attributes
friendlyName: vally-ca
subject=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3
issuer=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3
-----BEGIN CERTIFICATE-----
MIIFejCCA2KgAwIBAgIJAMPsofzqoWBVMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
BAYTAkNIMQwwCgYDVQQIDANadWcxFTATBgNVBAoMDENyeXB0byBWYWxseTEWMBQG
A1UEAwwNQ1YgUm9vdCBDQSB2MzAeFw0xNzA5MTEwODI5MDFaFw0zNzA5MDYwODI5
MDFaMEoxCzAJBgNVBAYTAkNIMQwwCgYDVQQIDANadWcxFTATBgNVBAoMDENyeXB0
byBWYWxseTEWMBQGA1UEAwwNQ1YgUm9vdCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBAM93vldqDimKC3kRzQAOXJg+zM6uJNBelMba2ekZh48D
RZwoGUtW83x6pfiLr/jk43fCEul/cLZRVlinb7+8DruImr22WFG7gI/qFW5xic+I
vyLZHHlwm3Pz3QmVhfVtfd7ACbJq8VYC0w5GY5pXnW6+q31tqMQqr7Ppz2t1RtC5
wYKKY/zYbKkW/DOWcac6kr4lyUKVuIBSHnptgpamWmx/8qgMHYge77Xr/0uYWps3
R9umGIMW3Jas59D47WbHQQgPGuyHASwrjO5VrGkGFFY8Tv9k7AeFxOg41cP3nHPh
K9xokX3JNgX6b28YU5TdXjYcSNLFzdiamdPVKo6E+kaSutrBZz/Rfzw+aZUnNBDR
03WP7IyPuwuXzm4KJFkuu1rOD4jqddYemQlxhuWIGNwjleiSN2AS6/vX673PaY3Z
0pgFdu67KFkxaoclNiALDt8oEOyMPOGCmoUfm8YL2Tlig+AvjSgxjdwNcEd0F1wj
KG4IbWpfUlff0OsX2DPTGqxIxbsUwmKqjGDYtc3Cn4HqMWbPu/dkPFdWkLm/0zCU
K40tsi9MhygxGnqJZZKPFfp6cvRMcTpRSbjezBWqJRvxDdAmI3dT8yNktNXIYkb+
KGJdLuPMGH7J+MbJPoo81/HGPk2hQVarolierGPj7Au8MCY5XVeNUxyYJLRPKE5J
AgMBAAGjYzBhMB0GA1UdDgQWBBQgCe+aacluYgNFFA4pcPSGlpe+MzAfBgNVHSME
GDAWgBQgCe+aacluYgNFFA4pcPSGlpe+MzAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAHvPfm/KTms/T6MSeA1TM61Q/
qCBOSR4Osj8UA9Bz+6ueZWePTpPWWKdIzchzm+N1OAPkKfmzTsCmrneRMXFACdzd
tps2G0D8ZzrW2qZcb5lh4JnR/L9QmArcduZS+uDK8vlZZnMWpGuWUoeHyOHrltCv
vqgLPQ757SRsQvxFZIS1HKks9OGvKCnpEV9HeXKfTR/va6E9gmtG4kMA+BvkpxEe
hciwWRI3xcJ0cKj5PFiPPRFBr7TINnALiwodm7wDVafUCFREvuRZvt6BmpdI87dq
IwjXHaTlDeQirqn1KSRlCiQen/NFze9vZin/SnxU1ZR7SEWRBBQFuJvwUoDyfCIi
4l88h+OGtHStb4G1lL61kIB5GhuwbGIwgK/B1+fzjWdxze0/PHvWfy66eFBxtj09
TPPH5vA6gWtBQhhZfcoe4Szdnp3fBWkGvJhtB73jz0kkegn1eakHNUMrRj0Bdhcz
YXU2BiveoNkHFOTw2RMK/5HqO+pj3rBRh3TgQlJAEGWV+A2w7cQ+KJOSvPtx5hKb
QId8jf/oOFu85LZtmTYFXEbumQNVlTw/q0yDAV3LMe2HgztIc1qFErzsrqX5SuR/
rru5AWuLoMM4K+kKr8WkkgrD31BL+SnRO8BMjZuiPncxWnNUonSqRw58SH5St4Bk
D9vIMsVTPxxnOIRWskE=
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/C=US/O=Internet Security Research Group/CN=ISRG Root X1
issuer=/C=US/O=Internet Security Research Group/CN=ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
issuer=/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
issuer=/C=US/O=Internet Security Research Group/CN=ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1
WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX
NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf
89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl
Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc
Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz
uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB
AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU
BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB
FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo
SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js
LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF
BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG
AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD
VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB
ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx
A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM
UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2
DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1
eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu
OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw
p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY
2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0
ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR
PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b
rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt
-----END CERTIFICATE-----

View File

@ -0,0 +1,137 @@
Bag Attributes
friendlyName: vally
localKeyID: ED 49 E2 A7 BA 66 AF 36 58 98 85 03 44 85 AE 96 38 03 61 70
subject=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Server
issuer=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3
-----BEGIN CERTIFICATE-----
MIIFJjCCAw6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCQ0gx
DDAKBgNVBAgMA1p1ZzEVMBMGA1UECgwMQ3J5cHRvIFZhbGx5MR4wHAYDVQQDDBVD
ViBJbnRlcm1lZGlhdGUgQ0EgdjMwHhcNMTcwOTExMDgzMzM0WhcNMTgwOTIxMDgz
MzM0WjBGMQswCQYDVQQGEwJDSDEMMAoGA1UECAwDWnVnMRUwEwYDVQQKDAxDcnlw
dG8gVmFsbHkxEjAQBgNVBAMMCUNWIFNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANc9f4RDBs80TzfVtcEtrQ2HTemIcP5AA5W1Jy8bvKEDiqwR
+QxAY11vextRc8Sc/qKHd/o6rLIrdLAUigYWg7PqDgD7RdMxXcUps8g+hpQVmV06
Qk2pjc29SNQBxaGBSEZLXXBBZcqAI5nKsvqk8tiGgTvX2N7L7HsVrtuKWYMcjVhD
EyB38DpkytcV9VZ4iWhhPkb8DULtPIj/WY6e/C6ib7xkEa1S3Dd/Gl/0dJ2v3Fko
004oxjZ4kl7YXE1h62G6vTS3YCpiG7HtkTwY7xJX3vTJQo5uTGQtdO9MLTOR8p/o
ZFgnqG+BjlG1erg8X7yWT8CidFvLLG87eCsWKLUCAwEAAaOCARAwggEMMAkGA1Ud
EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NM
IEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGnSWrimyS1b
tezviaTL7HHstm37MHMGA1UdIwRsMGqAFCkdVksf5JF+L8lzrGtiJXoOfktsoU6k
TDBKMQswCQYDVQQGEwJDSDEMMAoGA1UECAwDWnVnMRUwEwYDVQQKDAxDcnlwdG8g
VmFsbHkxFjAUBgNVBAMMDUNWIFJvb3QgQ0EgdjOCAhAAMA4GA1UdDwEB/wQEAwIF
oDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAAiECzz06
40Hx0G6dKCTkTbV7HPtg/HAnt01QqdD3CmvFc6pz6sWhUd02uS2V9CcHbwuAjEIB
eYIxwl7SvecWhH5yFKWicdFFtlAFx1fM1lakNLbqzAxFloFU32MRR7QtyY2k0PTf
TrLMtpIEZv1LDnCpyBNOT4KEYU68QwyRp9fOhdymjDayfWon9KoiDlpksJsoX8yR
cxsunyIDRCUAQPqz+hwXic/lbgpd0U0KKA2hGFQggmEzfgwZtmR8/5ppnQj7s2ic
WOusuzedXKfZWd8eLcCHVxW3jzNiFQznHHQiiB8a0YIxQwm9oJPET+swblsgNFQY
Fl/5Utm3kJEH6v8Kuln8vaOCK6ALOGiMXi82ZMHCgZeF3IUdT0bw6MmBja3aycHr
tUhQgaaUycOwktKRYh9/VLVmqpaU1Mg6xU2huWXK7y2M9e+RgvmeI6IGb45+3Xxk
AGUaV+7xtO7OlGSfCw18Llziz9aXGTVjXoutsixJJLgC2UuyyHsTcS5WAFjJGrgS
uGHy/C6BY17SAVTZ0ljsmTjm7uF/kLMlsvNrIMHFY9cO0hs980LFqaBf4hiNViay
jGvzyDHzn2qSM2I/O0U3qYXjqjEMEthX6iTb3nVZaowP8TOIGCtT8GkupBOpQLsw
uHEshBWQgBjpucUmigEQsbCbr7KjG5pBi3A=
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3
issuer=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3
-----BEGIN CERTIFICATE-----
MIIFfjCCA2agAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCQ0gx
DDAKBgNVBAgMA1p1ZzEVMBMGA1UECgwMQ3J5cHRvIFZhbGx5MRYwFAYDVQQDDA1D
ViBSb290IENBIHYzMB4XDTE3MDkxMTA4Mjk0MFoXDTI3MDkwOTA4Mjk0MFowUjEL
MAkGA1UEBhMCQ0gxDDAKBgNVBAgMA1p1ZzEVMBMGA1UECgwMQ3J5cHRvIFZhbGx5
MR4wHAYDVQQDDBVDViBJbnRlcm1lZGlhdGUgQ0EgdjMwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCpbBbK49j5/ib4YpUnI58bWn+Znu0dFkjgjNWzhMa6
DTqAWa1LWjoDtajRwfKdhLoArJLeG6Z+fcC+kZcPjHxODz+3iBT+Wk6CZpL/aK9R
wwrW1exQtbck/KcGxI6jT2wjGJZA8qXlbbmF6uWaLIMCGFEnYOX0cVRhDab4DUbk
7Sy+LqUpskOskTp/6HeEI/fp/c7BtniJeA40+wTVfMlI2RBCrg0yx4Nq3C82MXoI
Cioth9mrO0HSe2lh5S83PbvblMloa8992K5I1ln7hWxL1x0yn7nbR3vb4dnBk+on
fSyk4NVKY7So+y+rDu28Pgb4KvvFKGCUcQW6ofBWNGBJksUYN4Ks9Cz5M1EGZlA8
ejGJJLNO7dH6B4Qxd8RyGEBnrtOTLinawRN7hVVGO6KkckhCyPLWz6XNiw05xrnp
i7e6cut7R0pJh3+TwbUKSaiqgUpcrUzKyzDd9YEhC9hcgbyddcIzXo4gAgboTRPS
pIb886OJTauEGAeFSKYMt2K4mgl8IN4UNQcg3WYVj5/CtV2DGmtKC8iFq7LvXL7o
FquDF5c8DGIyncRcCx+qWA7fLtbKLWR9NjjZkSSD+cKZpFXFBaWRTyu/8gtgNhsa
pvmPPP1YEBYHvgg4G4lmgXgm3M0jjfCe7bCQ1ZGpTiYsKU7VeV+OlWooAMD3KsGE
tQIDAQABo2YwZDAdBgNVHQ4EFgQUKR1WSx/kkX4vyXOsa2Ileg5+S2wwHwYDVR0j
BBgwFoAUIAnvmmnJbmIDRRQOKXD0hpaXvjMwEgYDVR0TAQH/BAgwBgEB/wIBADAO
BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAKKIqxh/IU8n1cADYqkJ
HPmHQvs2HPSacVa3ki7FMPnvdQbSTw29Y4Ff+PfYtUgKuki5n/wxLIncOYLW1Fta
gNSDJg0sk8ev+yOO7uSunRi1A5rNCQsBRcMx10/RUwTFnLfAZhnNBBApHdQBHvkb
X5ViSvVZmu3MNCFRbIVflGLZOaFkkbF55InhJ44MwSpdPZCsVMZIV2EYVwvxof61
SWfrPKxVtUvTW/aAVxU7bEC4IfiIpgWPcPfCRhC+bMhQkZsbRJJnbjX5QVyetl5e
animzcIBbtmf85GTfKe7Wx6w9Gep4eFRySQafAgnSxq/5uhnF8eju0axS4QK8O9m
9WK3Dw9kvSpGhHWX9rAhybKUX/Xnz/ka6KeIckP3eZIr4lgHd5NJhAEYlUCECmd1
Z9DKgorx1UWfZlYH0+uwZnS+XZJbY1+uEIqC8sOm1CPTXitG82rtx9By8/8zSomF
sLFvJE5O4LGmaA9zHgHQBAnthGlL68DlV6AJ2RZ0ZqrmKcsUgrFpTFg8VFcG9QiX
aGO9AMVKT9g6V0D2tIbFxjqLgdtbDRAD8/Cv3UyQpOxn7EH+yZEV7eYWN6+90dBe
fLkSM+vM6Ctrrv0zsEDf9zGCXQ/wIky5DQkDJq2A59Qg1hblbb+V+Ewg9Yn6W4gU
URAdKA40oMEYEt9bt+2lAy/Q
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3
issuer=/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3
-----BEGIN CERTIFICATE-----
MIIFejCCA2KgAwIBAgIJAMPsofzqoWBVMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
BAYTAkNIMQwwCgYDVQQIDANadWcxFTATBgNVBAoMDENyeXB0byBWYWxseTEWMBQG
A1UEAwwNQ1YgUm9vdCBDQSB2MzAeFw0xNzA5MTEwODI5MDFaFw0zNzA5MDYwODI5
MDFaMEoxCzAJBgNVBAYTAkNIMQwwCgYDVQQIDANadWcxFTATBgNVBAoMDENyeXB0
byBWYWxseTEWMBQGA1UEAwwNQ1YgUm9vdCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBAM93vldqDimKC3kRzQAOXJg+zM6uJNBelMba2ekZh48D
RZwoGUtW83x6pfiLr/jk43fCEul/cLZRVlinb7+8DruImr22WFG7gI/qFW5xic+I
vyLZHHlwm3Pz3QmVhfVtfd7ACbJq8VYC0w5GY5pXnW6+q31tqMQqr7Ppz2t1RtC5
wYKKY/zYbKkW/DOWcac6kr4lyUKVuIBSHnptgpamWmx/8qgMHYge77Xr/0uYWps3
R9umGIMW3Jas59D47WbHQQgPGuyHASwrjO5VrGkGFFY8Tv9k7AeFxOg41cP3nHPh
K9xokX3JNgX6b28YU5TdXjYcSNLFzdiamdPVKo6E+kaSutrBZz/Rfzw+aZUnNBDR
03WP7IyPuwuXzm4KJFkuu1rOD4jqddYemQlxhuWIGNwjleiSN2AS6/vX673PaY3Z
0pgFdu67KFkxaoclNiALDt8oEOyMPOGCmoUfm8YL2Tlig+AvjSgxjdwNcEd0F1wj
KG4IbWpfUlff0OsX2DPTGqxIxbsUwmKqjGDYtc3Cn4HqMWbPu/dkPFdWkLm/0zCU
K40tsi9MhygxGnqJZZKPFfp6cvRMcTpRSbjezBWqJRvxDdAmI3dT8yNktNXIYkb+
KGJdLuPMGH7J+MbJPoo81/HGPk2hQVarolierGPj7Au8MCY5XVeNUxyYJLRPKE5J
AgMBAAGjYzBhMB0GA1UdDgQWBBQgCe+aacluYgNFFA4pcPSGlpe+MzAfBgNVHSME
GDAWgBQgCe+aacluYgNFFA4pcPSGlpe+MzAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAHvPfm/KTms/T6MSeA1TM61Q/
qCBOSR4Osj8UA9Bz+6ueZWePTpPWWKdIzchzm+N1OAPkKfmzTsCmrneRMXFACdzd
tps2G0D8ZzrW2qZcb5lh4JnR/L9QmArcduZS+uDK8vlZZnMWpGuWUoeHyOHrltCv
vqgLPQ757SRsQvxFZIS1HKks9OGvKCnpEV9HeXKfTR/va6E9gmtG4kMA+BvkpxEe
hciwWRI3xcJ0cKj5PFiPPRFBr7TINnALiwodm7wDVafUCFREvuRZvt6BmpdI87dq
IwjXHaTlDeQirqn1KSRlCiQen/NFze9vZin/SnxU1ZR7SEWRBBQFuJvwUoDyfCIi
4l88h+OGtHStb4G1lL61kIB5GhuwbGIwgK/B1+fzjWdxze0/PHvWfy66eFBxtj09
TPPH5vA6gWtBQhhZfcoe4Szdnp3fBWkGvJhtB73jz0kkegn1eakHNUMrRj0Bdhcz
YXU2BiveoNkHFOTw2RMK/5HqO+pj3rBRh3TgQlJAEGWV+A2w7cQ+KJOSvPtx5hKb
QId8jf/oOFu85LZtmTYFXEbumQNVlTw/q0yDAV3LMe2HgztIc1qFErzsrqX5SuR/
rru5AWuLoMM4K+kKr8WkkgrD31BL+SnRO8BMjZuiPncxWnNUonSqRw58SH5St4Bk
D9vIMsVTPxxnOIRWskE=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: vally
localKeyID: ED 49 E2 A7 BA 66 AF 36 58 98 85 03 44 85 AE 96 38 03 61 70
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXPX+EQwbPNE83
1bXBLa0Nh03piHD+QAOVtScvG7yhA4qsEfkMQGNdb3sbUXPEnP6ih3f6OqyyK3Sw
FIoGFoOz6g4A+0XTMV3FKbPIPoaUFZldOkJNqY3NvUjUAcWhgUhGS11wQWXKgCOZ
yrL6pPLYhoE719jey+x7Fa7bilmDHI1YQxMgd/A6ZMrXFfVWeIloYT5G/A1C7TyI
/1mOnvwuom+8ZBGtUtw3fxpf9HSdr9xZKNNOKMY2eJJe2FxNYethur00t2AqYhux
7ZE8GO8SV970yUKObkxkLXTvTC0zkfKf6GRYJ6hvgY5RtXq4PF+8lk/AonRbyyxv
O3grFii1AgMBAAECggEBAIgkaPzSnIMBNj492ennpzcQZzKYz8ex29Kcs70zURuT
Luppr9qU+4TFF9wOqCgrmVBaWYQYCtXjcLpTM35oTUPGfrcWOHM+HW6xUvsMuXj/
NHNofzm6TmxdFqyqtkPSj1GPJ/nyE52DcYE8Wfr5zHUylpmwjIdX+ytbaq+IkdfA
VLMuD+dObu5T1tDnLF7ZUF5TY+P8P0C53JwG+o6Mhf2T8m7HeXVD5PcN8gR7OXpZ
Tczay/Iyq80LNh/fzCWI6SN3jnB/PVzNr0fnr043RNnGgFI+X6zO1WqVmKFJRbR0
80KvkN663OBXlLccErFZEWSlDqD42Pyx3qx9V1Du150CgYEA/fi6EEWMB96DBYCE
a9G0mlOq5xyiSiCyh2UDKllQpHltd4eYvYkYDLgxf+izw1uuJm4om9Xwi6rmOyHT
GnaSoRYThDb9e4Er3/T+SHfie8ixzOCPJsIKY5T3F5BFGyzJ4HF677XORd2gUfN6
RJUiDiDgPoe9Nt1tLg78xwFjeNcCgYEA2PWUqgQRYuXkGSMstiZoxgVnfpBacj61
9zb4va8PEDlOCu67W1/1aC28Ru/xOvctbWCphIeWSlHSqMmcML4n9mWP4RFauh3V
OCC3Fy0rup3L0/v29HIniOFTVV5GWKvwh5IamwbHj7gJVYYEKawJkmx1WDYdDMuN
Mry7SyUzfVMCgYA1QeZKqTrfH5McIUIjlfsobakmA8QohUjKyazrQYV+qBQDf8TQ
4iHP8QQ4TWT874nKd0k+vJNPxou3FLW/E+RVsVpwXFO1hXXc5fQ44CL3UDOwwdpj
B0fEcCWMpG1JcI/45/Met2JFFl+bL9KQ9TEKA2ziz/YmvjI5+VyaorjoSwKBgQCW
C2FBI4cSqoLRj64AWxfiuyIUOakTkaMu0Wm9ZTA5vCfpD6mrS/XgkqC/PnnKmd9k
4ZDbAxpBU80oxiWq4BerJBoZQXNJfBBVvOpisO6pJTAt7vefnsMQuyRyybxE3sR+
PeEAjfO9xT1PVFvUphIIndGZq/LzQmLoT/YHxjaR2QKBgGH2jML4xgh1tDbuRH0/
2ywEBeG/T36w9RJ0/BLcCIK0AT31T5B5MGBzKCg3Lv48tIsRgVHjsMJ+KeXiGZ8S
UjDcYc2ybTUND+2zXzoan8EFsE3YnBOAzSFDhknPokj1b2+wpgYi972HacaVdUBg
InZ2KnKbFAQMeYww5jeBHAto
-----END PRIVATE KEY-----

View File

@ -11,11 +11,10 @@
#include "PKCS12ContainerTest.h" #include "PKCS12ContainerTest.h"
#include "CppUnit/TestCaller.h" #include "CppUnit/TestCaller.h"
#include "CppUnit/TestSuite.h" #include "CppUnit/TestSuite.h"
#include "Poco/Crypto/X509Certificate.h"
#include "Poco/Crypto/PKCS12Container.h"
#include "Poco/Environment.h" #include "Poco/Environment.h"
#include "Poco/Path.h" #include "Poco/Path.h"
#include "Poco/File.h" #include "Poco/File.h"
#include "Poco/TemporaryFile.h"
#include <iostream> #include <iostream>
#include <sstream> #include <sstream>
#include <fstream> #include <fstream>
@ -25,6 +24,7 @@ using namespace Poco::Crypto;
using Poco::Environment; using Poco::Environment;
using Poco::Path; using Poco::Path;
using Poco::File; using Poco::File;
using Poco::TemporaryFile;
PKCS12ContainerTest::PKCS12ContainerTest(const std::string& name): CppUnit::TestCase(name) PKCS12ContainerTest::PKCS12ContainerTest(const std::string& name): CppUnit::TestCase(name)
@ -83,8 +83,16 @@ void PKCS12ContainerTest::full(const PKCS12Container& pkcs12)
assert (EVP_PKEY_RSA == pKey.type()); assert (EVP_PKEY_RSA == pKey.type());
assert (pkcs12.hasX509Certificate()); assert (pkcs12.hasX509Certificate());
X509Certificate x509 = pkcs12.getX509Certificate(); fullCert(pkcs12.getX509Certificate());
std::vector<int> certOrder;
for (int i = 0; i < 2; ++i) certOrder.push_back(i);
fullList(pkcs12.getCACerts(), certOrder);
}
void PKCS12ContainerTest::fullCert(const X509Certificate& x509)
{
std::string subjectName(x509.subjectName()); std::string subjectName(x509.subjectName());
std::string issuerName(x509.issuerName()); std::string issuerName(x509.issuerName());
std::string commonName(x509.commonName()); std::string commonName(x509.commonName());
@ -106,31 +114,34 @@ void PKCS12ContainerTest::full(const PKCS12Container& pkcs12)
assert (organizationUnitName.empty()); assert (organizationUnitName.empty());
assert (emailAddress.empty()); assert (emailAddress.empty());
assert (serialNumber.empty()); assert (serialNumber.empty());
}
PKCS12Container::CAList caList = pkcs12.getCACerts();
assert (2 == caList.size());
assert (caList[0].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3"); void PKCS12ContainerTest::fullList(const PKCS12Container::CAList& caList, const std::vector<int>& certOrder)
assert (caList[0].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3"); {
assert (caList[0].commonName() == "CV Root CA v3"); assert (certOrder.size() == caList.size());
assert (caList[0].subjectName(X509Certificate::NID_COUNTRY) == "CH");
assert (caList[0].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[0].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
assert (caList[0].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
assert (caList[0].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[0].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[0].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
assert (caList[1].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3"); assert (caList[certOrder[0]].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
assert (caList[1].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3"); assert (caList[certOrder[0]].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
assert (caList[1].commonName() == "CV Intermediate CA v3"); assert (caList[certOrder[0]].commonName() == "CV Root CA v3");
assert (caList[1].subjectName(X509Certificate::NID_COUNTRY) == "CH"); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
assert (caList[1].subjectName(X509Certificate::NID_LOCALITY_NAME).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[1].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug"); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
assert (caList[1].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally"); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
assert (caList[1].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[1].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[1].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
assert (caList[certOrder[1]].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3");
assert (caList[certOrder[1]].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
assert (caList[certOrder[1]].commonName() == "CV Intermediate CA v3");
assert (caList[certOrder[1]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
assert (caList[certOrder[1]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[certOrder[1]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
assert (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
assert (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[certOrder[1]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[certOrder[1]].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
} }
@ -157,65 +168,107 @@ void PKCS12ContainerTest::certsOnly(const PKCS12Container& pkcs12)
assert (!pkcs12.hasKey()); assert (!pkcs12.hasKey());
assert (!pkcs12.hasX509Certificate()); assert (!pkcs12.hasX509Certificate());
PKCS12Container::CAList caList = pkcs12.getCACerts(); std::vector<int> certOrder;
for (int i = 0; i < 5; ++i) certOrder.push_back(i);
certsOnlyList(pkcs12.getCACerts(), certOrder);
}
assert (5 == caList.size());
assert (caList[0].subjectName() == "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3"); void PKCS12ContainerTest::certsOnlyList(const PKCS12Container::CAList& caList, const std::vector<int>& certOrder)
assert (caList[0].issuerName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1"); {
assert (caList[0].commonName() == "Let's Encrypt Authority X3"); assert (certOrder.size() == caList.size());
assert (caList[0].subjectName(X509Certificate::NID_COUNTRY) == "US");
assert (caList[0].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[0].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
assert (caList[0].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
assert (caList[0].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[0].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[0].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
assert (caList[1].subjectName() == "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3"); assert (caList[certOrder[0]].subjectName() == "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3");
assert (caList[1].issuerName() == "/O=Digital Signature Trust Co./CN=DST Root CA X3"); assert (caList[certOrder[0]].issuerName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1");
assert (caList[1].commonName() == "Let's Encrypt Authority X3"); assert (caList[certOrder[0]].commonName() == "Let's Encrypt Authority X3");
assert (caList[1].subjectName(X509Certificate::NID_COUNTRY) == "US"); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_COUNTRY) == "US");
assert (caList[1].subjectName(X509Certificate::NID_LOCALITY_NAME).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[1].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
assert (caList[1].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt"); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
assert (caList[1].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[1].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[1].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty()); assert (caList[certOrder[0]].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
assert (caList[2].subjectName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1"); assert (caList[certOrder[1]].subjectName() == "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3");
assert (caList[2].issuerName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1"); assert (caList[certOrder[1]].issuerName() == "/O=Digital Signature Trust Co./CN=DST Root CA X3");
assert (caList[2].commonName() == "ISRG Root X1"); assert (caList[certOrder[1]].commonName() == "Let's Encrypt Authority X3");
assert (caList[2].subjectName(X509Certificate::NID_COUNTRY) == "US"); assert (caList[certOrder[1]].subjectName(X509Certificate::NID_COUNTRY) == "US");
assert (caList[2].subjectName(X509Certificate::NID_LOCALITY_NAME).empty()); assert (caList[certOrder[1]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[2].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty()); assert (caList[certOrder[1]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
assert (caList[2].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Internet Security Research Group"); assert (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
assert (caList[2].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty()); assert (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[2].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty()); assert (caList[certOrder[1]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[2].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty()); assert (caList[certOrder[1]].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
assert (caList[3].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3"); assert (caList[certOrder[2]].subjectName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1");
assert (caList[3].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3"); assert (caList[certOrder[2]].issuerName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1");
assert (caList[3].commonName() == "CV Root CA v3"); assert (caList[certOrder[2]].commonName() == "ISRG Root X1");
assert (caList[3].subjectName(X509Certificate::NID_COUNTRY) == "CH"); assert (caList[certOrder[2]].subjectName(X509Certificate::NID_COUNTRY) == "US");
assert (caList[3].subjectName(X509Certificate::NID_LOCALITY_NAME).empty()); assert (caList[certOrder[2]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[3].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug"); assert (caList[certOrder[2]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
assert (caList[3].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally"); assert (caList[certOrder[2]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Internet Security Research Group");
assert (caList[3].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty()); assert (caList[certOrder[2]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[3].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty()); assert (caList[certOrder[2]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[3].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty()); assert (caList[certOrder[2]].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
assert (caList[4].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3"); assert (caList[certOrder[3]].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
assert (caList[4].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3"); assert (caList[certOrder[3]].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
assert (caList[4].commonName() == "CV Intermediate CA v3"); assert (caList[certOrder[3]].commonName() == "CV Root CA v3");
assert (caList[4].subjectName(X509Certificate::NID_COUNTRY) == "CH"); assert (caList[certOrder[3]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
assert (caList[4].subjectName(X509Certificate::NID_LOCALITY_NAME).empty()); assert (caList[certOrder[3]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[4].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug"); assert (caList[certOrder[3]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
assert (caList[4].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally"); assert (caList[certOrder[3]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
assert (caList[4].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty()); assert (caList[certOrder[3]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[4].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty()); assert (caList[certOrder[3]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[4].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty()); assert (caList[certOrder[3]].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
assert (caList[certOrder[4]].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3");
assert (caList[certOrder[4]].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
assert (caList[certOrder[4]].commonName() == "CV Intermediate CA v3");
assert (caList[certOrder[4]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
assert (caList[certOrder[4]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
assert (caList[certOrder[4]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
assert (caList[certOrder[4]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
assert (caList[certOrder[4]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
assert (caList[certOrder[4]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
assert (caList[certOrder[4]].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
}
void PKCS12ContainerTest::testPEMReadWrite()
{
std::string file = getTestFilesPath("certs-only", "pem");
X509Certificate::List certsOnly = X509Certificate::readPEM(file);
assert (certsOnly.size() == 5);
// PEM is written by openssl in reverse order from p12
std::vector<int> certOrder;
for (int i = (int) certsOnly.size() - 1; i >= 0 ; --i) certOrder.push_back(i);
certsOnlyList(certsOnly, certOrder);
TemporaryFile tmpFile;
X509Certificate::writePEM(tmpFile.path(), certsOnly);
certsOnly.clear();
certsOnly = X509Certificate::readPEM(tmpFile.path());
certsOnlyList(certsOnly, certOrder);
file = getTestFilesPath("full", "pem");
X509Certificate::List full = X509Certificate::readPEM(file);
assert (full.size() == 3);
fullCert(full[0]);
full.erase(full.begin());
assert (full.size() == 2);
certOrder.clear();
for (int i = (int) full.size() - 1; i >= 0 ; --i) certOrder.push_back(i);
fullList(full, certOrder);
TemporaryFile tmpFile2;
X509Certificate::writePEM(tmpFile2.path(), full);
full.clear();
full = X509Certificate::readPEM(tmpFile2.path());
fullList(full, certOrder);
} }
@ -229,10 +282,10 @@ void PKCS12ContainerTest::tearDown()
} }
std::string PKCS12ContainerTest::getTestFilesPath(const std::string& name) std::string PKCS12ContainerTest::getTestFilesPath(const std::string& name, const std::string& ext)
{ {
std::ostringstream ostr; std::ostringstream ostr;
ostr << "data/" << name << ".p12"; ostr << "data/" << name << '.' << ext;
std::string fileName(ostr.str()); std::string fileName(ostr.str());
Poco::Path path(fileName); Poco::Path path(fileName);
if (Poco::File(path).exists()) if (Poco::File(path).exists())
@ -260,6 +313,7 @@ CppUnit::Test* PKCS12ContainerTest::suite()
CppUnit_addTest(pSuite, PKCS12ContainerTest, testFullPKCS12); CppUnit_addTest(pSuite, PKCS12ContainerTest, testFullPKCS12);
CppUnit_addTest(pSuite, PKCS12ContainerTest, testCertsOnlyPKCS12); CppUnit_addTest(pSuite, PKCS12ContainerTest, testCertsOnlyPKCS12);
CppUnit_addTest(pSuite, PKCS12ContainerTest, testPEMReadWrite);
return pSuite; return pSuite;
} }

View File

@ -16,14 +16,10 @@
#include "Poco/Crypto/Crypto.h" #include "Poco/Crypto/Crypto.h"
#include "CppUnit/TestCase.h" #include "CppUnit/TestCase.h"
#include "Poco/Crypto/PKCS12Container.h"
#include "Poco/Crypto/X509Certificate.h"
namespace Poco {
namespace Crypto {
class PKCS12Container;
}
}
class PKCS12ContainerTest: public CppUnit::TestCase class PKCS12ContainerTest: public CppUnit::TestCase
{ {
public: public:
@ -32,6 +28,7 @@ public:
void testFullPKCS12(); void testFullPKCS12();
void testCertsOnlyPKCS12(); void testCertsOnlyPKCS12();
void testPEMReadWrite();
void setUp(); void setUp();
void tearDown(); void tearDown();
@ -39,9 +36,13 @@ public:
static CppUnit::Test* suite(); static CppUnit::Test* suite();
private: private:
std::string getTestFilesPath(const std::string& name); std::string getTestFilesPath(const std::string& name,
const std::string& ext = "p12");
void certsOnly(const Poco::Crypto::PKCS12Container& pkcs12); void certsOnly(const Poco::Crypto::PKCS12Container& pkcs12);
void certsOnlyList(const Poco::Crypto::PKCS12Container::CAList& caList, const std::vector<int>& certOrder);
void full(const Poco::Crypto::PKCS12Container& pkcs12); void full(const Poco::Crypto::PKCS12Container& pkcs12);
void fullCert(const Poco::Crypto::X509Certificate& x509);
void fullList(const Poco::Crypto::PKCS12Container::CAList& caList, const std::vector<int>& certOrder);
}; };