add Crypto PKCS12/EC; update VS projects

Crypto/testsuite/src/CryptoTestSuite.cpp

@@ -8,10 +8,17 @@
 //
 
 
+#include "Poco/Platform.h"
+// see https://github.com/openssl/openssl/blob/master/doc/man3/OPENSSL_Applink.pod
+#if defined(POCO_OS_FAMILY_WINDOWS)
+#include "openssl/applink.c"
+#endif
 #include "CryptoTestSuite.h"
 #include "CryptoTest.h"
 #include "RSATest.h"
+#include "ECTest.h"
 #include "DigestEngineTest.h"
+#include "PKCS12ContainerTest.h"
 
 
 CppUnit::Test* CryptoTestSuite::suite()
@@ -20,7 +27,8 @@ CppUnit::Test* CryptoTestSuite::suite()
 
 	pSuite->addTest(CryptoTest::suite());
 	pSuite->addTest(RSATest::suite());
+	pSuite->addTest(ECTest::suite());
 	pSuite->addTest(DigestEngineTest::suite());
-
+	pSuite->addTest(PKCS12ContainerTest::suite());
 	return pSuite;
 }

Crypto/testsuite/src/ECTest.cpp

@@ -0,0 +1,327 @@
+//
+// ECTest.cpp
+//
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "ECTest.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include "Poco/Crypto/ECKey.h"
+#include "Poco/Crypto/EVPPKey.h"
+#include "Poco/Crypto/ECDSADigestEngine.h"
+#include <openssl/pem.h>
+#include <iostream>
+#include <sstream>
+#include <cstring>
+
+
+using namespace Poco::Crypto;
+
+
+ECTest::ECTest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+ECTest::~ECTest()
+{
+}
+
+
+void ECTest::testEVPPKey()
+{
+	try
+	{
+		EVPPKey* pKey = new EVPPKey("secp521r1");
+		assert (pKey != 0);
+		assert (pKey->type() == EVP_PKEY_EC);
+
+		BIO* bioPriv1 = BIO_new(BIO_s_mem());
+		BIO* bioPub1 = BIO_new(BIO_s_mem());
+		assert (0 != PEM_write_bio_PrivateKey(bioPriv1, *pKey, NULL, NULL, 0, 0, NULL));
+		assert (0 != PEM_write_bio_PUBKEY(bioPub1, *pKey));
+		char* pPrivData1;
+		long sizePriv1 = BIO_get_mem_data(bioPriv1, &pPrivData1);
+		char* pPubData1;
+		long sizePub1 = BIO_get_mem_data(bioPub1, &pPubData1);
+
+		// construct EVPPKey from EVP_PKEY*
+		EVPPKey evpPKey(pKey->operator EVP_PKEY*());
+		assert (evpPKey.type() == EVP_PKEY_EC);
+		// EVPPKey makes duplicate, so freeing the original must be ok
+		delete pKey;
+
+		BIO* bioPriv2 = BIO_new(BIO_s_mem());
+		BIO* bioPub2 = BIO_new(BIO_s_mem());
+		assert (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey, NULL, NULL, 0, 0, NULL));
+		assert (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey));
+		char* pPrivData2;
+		long sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+		char* pPubData2;
+		long sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+		assert (sizePriv1 && (sizePriv1 == sizePriv2));
+		assert (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+		assert (sizePub1 && (sizePub1 == sizePub2));
+		assert (0 == memcmp(pPubData1, pPubData2, sizePub1));
+
+		BIO_free(bioPub2);
+		BIO_free(bioPriv2);
+
+		// copy
+		EVPPKey evpPKey2(evpPKey);
+		assert (evpPKey2.type() == EVP_PKEY_EC);
+		bioPriv2 = BIO_new(BIO_s_mem());
+		bioPub2 = BIO_new(BIO_s_mem());
+		assert (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey2, NULL, NULL, 0, 0, NULL));
+		assert (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey2));
+		sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+		sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+		assert (sizePriv1 && (sizePriv1 == sizePriv2));
+		assert (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+		assert (sizePub1 && (sizePub1 == sizePub2));
+		assert (0 == memcmp(pPubData1, pPubData2, sizePub1));
+
+#ifdef POCO_ENABLE_CPP11
+
+		BIO_free(bioPub2);
+		BIO_free(bioPriv2);
+
+		// move
+		EVPPKey evpPKey3(std::move(evpPKey2));
+		assert (evpPKey3.type() == EVP_PKEY_EC);
+		bioPriv2 = BIO_new(BIO_s_mem());
+		bioPub2 = BIO_new(BIO_s_mem());
+		assert (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey3, NULL, NULL, 0, 0, NULL));
+		assert (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey3));
+		sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+		sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+		assert (sizePriv1 && (sizePriv1 == sizePriv2));
+		assert (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+		assert (sizePub1 && (sizePub1 == sizePub2));
+		assert (0 == memcmp(pPubData1, pPubData2, sizePub1));
+#endif POCO_ENABLE_CPP11
+
+		BIO_free(bioPub2);
+		BIO_free(bioPriv2);
+		BIO_free(bioPub1);
+		BIO_free(bioPriv1);
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::testECNewKeys()
+{
+	try
+	{
+		ECKey key("secp521r1");
+		std::ostringstream strPub;
+		std::ostringstream strPriv;
+		key.save(&strPub, &strPriv, "testpwd");
+		std::string pubKey = strPub.str();
+		std::string privKey = strPriv.str();
+
+		// now do the round trip
+		std::istringstream iPub(pubKey);
+		std::istringstream iPriv(privKey);
+		ECKey key2(&iPub, &iPriv, "testpwd");
+
+		std::istringstream iPriv2(privKey);
+		ECKey key3(0, &iPriv2,  "testpwd");
+		std::ostringstream strPub3;
+		key3.save(&strPub3);
+		std::string pubFromPrivate = strPub3.str();
+		assert (pubFromPrivate == pubKey);
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::testECNewKeysNoPassphrase()
+{
+	try
+	{
+		ECKey key("secp521r1");
+		std::ostringstream strPub;
+		std::ostringstream strPriv;
+		key.save(&strPub, &strPriv);
+		std::string pubKey = strPub.str();
+		std::string privKey = strPriv.str();
+
+		// now do the round trip
+		std::istringstream iPub(pubKey);
+		std::istringstream iPriv(privKey);
+		ECKey key2(&iPub, &iPriv);
+
+		std::istringstream iPriv2(privKey);
+		ECKey key3(0, &iPriv2);
+		std::ostringstream strPub3;
+		key3.save(&strPub3);
+		std::string pubFromPrivate = strPub3.str();
+		assert (pubFromPrivate == pubKey);
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::testECDSASignSha256()
+{
+	try
+	{
+		std::string msg("Test this sign message");
+		ECKey key("secp521r1");
+		ECDSADigestEngine eng(key, "SHA256");
+		eng.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+		const Poco::DigestEngine::Digest& sig = eng.signature();
+
+		// verify
+		std::ostringstream strPub;
+		key.save(&strPub);
+		std::string pubKey = strPub.str();
+		std::istringstream iPub(pubKey);
+		ECKey keyPub(&iPub);
+		ECDSADigestEngine eng2(keyPub, "SHA256");
+		eng2.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+		assert(eng2.verify(sig));
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::testECDSASignManipulated()
+{
+	try
+	{
+		std::string msg("Test this sign message");
+		std::string msgManip("Test that sign message");
+		ECKey key("secp521r1");
+		ECDSADigestEngine eng(key, "SHA256");
+		eng.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+		const Poco::DigestEngine::Digest& sig = eng.signature();
+		std::string hexDig = Poco::DigestEngine::digestToHex(sig);
+
+		// verify
+		std::ostringstream strPub;
+		key.save(&strPub);
+		std::string pubKey = strPub.str();
+		std::istringstream iPub(pubKey);
+		ECKey keyPub(&iPub);
+		ECDSADigestEngine eng2(keyPub, "SHA256");
+		eng2.update(msgManip.c_str(), static_cast<unsigned>(msgManip.length()));
+		assert (!eng2.verify(sig));
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::testECCipher()
+{/*
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(ECKey(ECKey::KL_1024, ECKey::EXP_SMALL));
+	for (std::size_t n = 1; n <= 1200; n++)
+	{
+		std::string val(n, 'x');
+		std::string enc = pCipher->encryptString(val);
+		std::string dec = pCipher->decryptString(enc);
+		assert (dec == val);
+	}
+*/}
+
+
+void ECTest::testECCipherLarge()
+{/*
+	std::vector<std::size_t> sizes;
+	sizes.push_back (2047);
+	sizes.push_back (2048);
+	sizes.push_back (2049);
+	sizes.push_back (4095);
+	sizes.push_back (4096);
+	sizes.push_back (4097);
+	sizes.push_back (8191);
+	sizes.push_back (8192);
+	sizes.push_back (8193);
+	sizes.push_back (16383);
+	sizes.push_back (16384);
+	sizes.push_back (16385);
+	
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(ECKey(ECKey::KL_1024, ECKey::EXP_SMALL));
+	for (std::vector<std::size_t>::const_iterator it = sizes.begin(); it != sizes.end(); ++it)
+	{
+		std::string val(*it, 'x');
+		std::string enc = pCipher->encryptString(val);
+		std::string dec = pCipher->decryptString(enc);
+		assert (dec == val);
+	}
+*/}
+
+
+void ECTest::testECCertificate()
+{/*
+	std::istringstream str(anyPem);
+	X509Certificate cert(str);
+	ECKey publicKey(cert);
+	std::istringstream str2(anyPem);
+	ECKey privateKey(0, &str2, "test");
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(publicKey);
+	Cipher::Ptr pCipher2 = CipherFactory::defaultFactory().createCipher(privateKey);
+	std::string val("lets do some encryption");
+	
+	std::string enc = pCipher->encryptString(val);
+	std::string dec = pCipher2->decryptString(enc);
+	assert (dec == val);
+*/}
+
+
+void ECTest::setUp()
+{
+}
+
+
+void ECTest::tearDown()
+{
+}
+
+
+CppUnit::Test* ECTest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("ECTest");
+
+	CppUnit_addTest(pSuite, ECTest, testEVPPKey);
+	CppUnit_addTest(pSuite, ECTest, testECNewKeys);
+	CppUnit_addTest(pSuite, ECTest, testECNewKeysNoPassphrase);
+	CppUnit_addTest(pSuite, ECTest, testECDSASignSha256);
+	CppUnit_addTest(pSuite, ECTest, testECDSASignManipulated);
+	CppUnit_addTest(pSuite, ECTest, testECCipher);
+	CppUnit_addTest(pSuite, ECTest, testECCipherLarge);
+	CppUnit_addTest(pSuite, ECTest, testECCertificate);
+
+	return pSuite;
+}

Crypto/testsuite/src/ECTest.h

@@ -0,0 +1,46 @@
+//
+// ECTest.h
+//
+//
+// Definition of the ECTest class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef ECTest_INCLUDED
+#define ECTest_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "CppUnit/TestCase.h"
+
+
+class ECTest: public CppUnit::TestCase
+{
+public:
+	ECTest(const std::string& name);
+	~ECTest();
+
+	void testEVPPKey();
+	void testECNewKeys();
+	void testECNewKeysNoPassphrase();
+	void testECDSASignSha256();
+	void testECDSASignManipulated();
+	void testECCipher();
+	void testECCipherLarge();
+	void testECCertificate();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+};
+
+
+#endif // ECTest_INCLUDED

Crypto/testsuite/src/PKCS12ContainerTest.cpp

@@ -0,0 +1,244 @@
+//
+// PKCS12ContainerTest.cpp
+//
+// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "PKCS12ContainerTest.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include "Poco/Crypto/X509Certificate.h"
+#include "Poco/Crypto/PKCS12Container.h"
+#include "Poco/Environment.h"
+#include "Poco/Path.h"
+#include "Poco/File.h"
+#include <iostream>
+#include <sstream>
+#include <fstream>
+
+
+using Poco::Crypto::PKCS12Container;
+using Poco::Crypto::X509Certificate;
+using Poco::Environment;
+using Poco::Path;
+using Poco::File;
+
+
+PKCS12ContainerTest::PKCS12ContainerTest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+PKCS12ContainerTest::~PKCS12ContainerTest()
+{
+}
+
+
+void PKCS12ContainerTest::testFullPKCS12()
+{
+	try
+	{
+		std::string file = getTestFilesPath("full");
+		full(PKCS12Container(file.c_str(), "crypto"));
+
+		std::ifstream ifs(file.c_str(), std::ios::binary);
+		full(PKCS12Container(ifs, "crypto"));
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void PKCS12ContainerTest::full(const PKCS12Container& pkcs12)
+{
+	assert ("vally" == pkcs12.getFriendlyName());
+
+	assert (pkcs12.hasKey());
+	assert (pkcs12.hasX509Certificate());
+	X509Certificate x509 = pkcs12.getX509Certificate();
+
+	std::string subjectName(x509.subjectName());
+	std::string issuerName(x509.issuerName());
+	std::string commonName(x509.commonName());
+	std::string country(x509.subjectName(X509Certificate::NID_COUNTRY));
+	std::string localityName(x509.subjectName(X509Certificate::NID_LOCALITY_NAME));
+	std::string stateOrProvince(x509.subjectName(X509Certificate::NID_STATE_OR_PROVINCE));
+	std::string organizationName(x509.subjectName(X509Certificate::NID_ORGANIZATION_NAME));
+	std::string organizationUnitName(x509.subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME));
+	std::string emailAddress(x509.subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS));
+	std::string serialNumber(x509.subjectName(X509Certificate::NID_SERIAL_NUMBER));
+
+	assert (subjectName == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Server");
+	assert (issuerName == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3");
+	assert (commonName == "CV Server");
+	assert (country == "CH");
+	assert (localityName.empty());
+	assert (stateOrProvince == "Zug");
+	assert (organizationName == "Crypto Vally");
+	assert (organizationUnitName.empty());
+	assert (emailAddress.empty());
+	assert (serialNumber.empty());
+
+	PKCS12Container::CAList caList = pkcs12.getCACerts();
+	assert (2 == caList.size());
+
+	assert (caList[0].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
+	assert (caList[0].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
+	assert (caList[0].commonName() == "CV Root CA v3");
+	assert (caList[0].subjectName(X509Certificate::NID_COUNTRY) == "CH");
+	assert (caList[0].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assert (caList[0].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
+	assert (caList[0].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
+	assert (caList[0].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assert (caList[0].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assert (caList[0].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
+
+	assert (caList[1].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3");
+	assert (caList[1].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
+	assert (caList[1].commonName() == "CV Intermediate CA v3");
+	assert (caList[1].subjectName(X509Certificate::NID_COUNTRY) == "CH");
+	assert (caList[1].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assert (caList[1].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
+	assert (caList[1].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
+	assert (caList[1].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assert (caList[1].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assert (caList[1].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
+}
+
+
+void PKCS12ContainerTest::testCertsOnlyPKCS12()
+{
+	try
+	{
+		std::string file = getTestFilesPath("certs-only");
+		certsOnly(PKCS12Container(file.c_str(), "crypto"));
+
+		std::ifstream ifs(file.c_str(), std::ios::binary);
+		certsOnly(PKCS12Container(ifs, "crypto"));
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void PKCS12ContainerTest::certsOnly(const PKCS12Container& pkcs12)
+{
+	assert (!pkcs12.hasKey());
+	assert (!pkcs12.hasX509Certificate());
+
+	PKCS12Container::CAList caList = pkcs12.getCACerts();
+
+	assert (5 == caList.size());
+
+	assert (caList[0].subjectName() == "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3");
+	assert (caList[0].issuerName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1");
+	assert (caList[0].commonName() == "Let's Encrypt Authority X3");
+	assert (caList[0].subjectName(X509Certificate::NID_COUNTRY) == "US");
+	assert (caList[0].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assert (caList[0].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
+	assert (caList[0].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
+	assert (caList[0].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assert (caList[0].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assert (caList[0].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
+
+	assert (caList[1].subjectName() == "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3");
+	assert (caList[1].issuerName() == "/O=Digital Signature Trust Co./CN=DST Root CA X3");
+	assert (caList[1].commonName() == "Let's Encrypt Authority X3");
+	assert (caList[1].subjectName(X509Certificate::NID_COUNTRY) == "US");
+	assert (caList[1].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assert (caList[1].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
+	assert (caList[1].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
+	assert (caList[1].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assert (caList[1].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assert (caList[1].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
+
+	assert (caList[2].subjectName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1");
+	assert (caList[2].issuerName() == "/C=US/O=Internet Security Research Group/CN=ISRG Root X1");
+	assert (caList[2].commonName() == "ISRG Root X1");
+	assert (caList[2].subjectName(X509Certificate::NID_COUNTRY) == "US");
+	assert (caList[2].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assert (caList[2].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
+	assert (caList[2].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Internet Security Research Group");
+	assert (caList[2].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assert (caList[2].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assert (caList[2].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
+
+	assert (caList[3].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
+	assert (caList[3].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
+	assert (caList[3].commonName() == "CV Root CA v3");
+	assert (caList[3].subjectName(X509Certificate::NID_COUNTRY) == "CH");
+	assert (caList[3].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assert (caList[3].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
+	assert (caList[3].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
+	assert (caList[3].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assert (caList[3].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assert (caList[3].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
+
+	assert (caList[4].subjectName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Intermediate CA v3");
+	assert (caList[4].issuerName() == "/C=CH/ST=Zug/O=Crypto Vally/CN=CV Root CA v3");
+	assert (caList[4].commonName() == "CV Intermediate CA v3");
+	assert (caList[4].subjectName(X509Certificate::NID_COUNTRY) == "CH");
+	assert (caList[4].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assert (caList[4].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
+	assert (caList[4].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
+	assert (caList[4].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assert (caList[4].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assert (caList[4].subjectName(X509Certificate::NID_SERIAL_NUMBER).empty());
+
+}
+
+
+void PKCS12ContainerTest::setUp()
+{
+}
+
+
+void PKCS12ContainerTest::tearDown()
+{
+}
+
+
+std::string PKCS12ContainerTest::getTestFilesPath(const std::string& name)
+{
+	std::ostringstream ostr;
+	ostr << "data/" << name << ".p12";
+	std::string fileName(ostr.str());
+	Poco::Path path(fileName);
+	if (Poco::File(path).exists())
+	{
+		return fileName;
+	}
+
+	ostr.str("");
+	ostr << "/Crypto/testsuite/data/" << name << ".p12";
+	fileName = Poco::Environment::get("POCO_BASE") + ostr.str();
+	path = fileName;
+
+	if (!Poco::File(path).exists())
+	{
+		std::cerr << "Can't find " << fileName << std::endl;
+		throw Poco::NotFoundException("cannot locate directory containing valid Crypto test files");
+	}
+	return fileName;
+}
+
+
+CppUnit::Test* PKCS12ContainerTest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("PKCS12ContainerTest");
+
+	CppUnit_addTest(pSuite, PKCS12ContainerTest, testFullPKCS12);
+	CppUnit_addTest(pSuite, PKCS12ContainerTest, testCertsOnlyPKCS12);
+
+	return pSuite;
+}

Crypto/testsuite/src/PKCS12ContainerTest.h

@@ -0,0 +1,48 @@
+//
+// PKCS12ContainerTest.h
+//
+// Definition of the PKCS12ContainerTest class.
+//
+// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef PKCS12ContainerTest_INCLUDED
+#define PKCS12ContainerTest_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "CppUnit/TestCase.h"
+
+
+namespace Poco {
+namespace Crypto {
+	class PKCS12Container;
+}
+}
+
+class PKCS12ContainerTest: public CppUnit::TestCase
+{
+public:
+	PKCS12ContainerTest(const std::string& name);
+	~PKCS12ContainerTest();
+
+	void testFullPKCS12();
+	void testCertsOnlyPKCS12();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+	std::string getTestFilesPath(const std::string& name);
+	void certsOnly(const Poco::Crypto::PKCS12Container& pkcs12);
+	void full(const Poco::Crypto::PKCS12Container& pkcs12);
+};
+
+
+#endif // PKCS12ContainerTest_INCLUDED