From bb979980ca50bb0a79a028f36ca7c467a1346f33 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 8 May 2018 16:24:41 -0600 Subject: [PATCH] add test case for parsing URI from certificate --- certs/client-uri-cert.pem | 89 ++++++++++++++++++++++++++++++++++++ certs/renewcerts.sh | 16 +++++++ certs/renewcerts/wolfssl.cnf | 7 +++ tests/api.c | 21 +++++++++ 4 files changed, 133 insertions(+) create mode 100644 certs/client-uri-cert.pem diff --git a/certs/client-uri-cert.pem b/certs/client-uri-cert.pem new file mode 100644 index 000000000..1a96baccd --- /dev/null +++ b/certs/client-uri-cert.pem @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9402123678722384441 (0x827b0dabd4896239) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: May 8 21:54:16 2018 GMT + Not After : Feb 1 21:54:16 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:82:7B:0D:AB:D4:89:62:39 + + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Alternative Name: + URI:https://www.wolfssl.com + Signature Algorithm: sha256WithRSAEncryption + 18:bb:46:7a:13:a5:32:c2:aa:1c:60:cf:d1:b7:59:f3:86:fd: + b4:db:62:6e:40:4d:d3:cb:b5:8f:0a:45:43:9f:0b:50:7b:ac: + 41:ed:27:32:a5:b3:fb:6a:a5:9c:36:00:f2:88:da:dd:80:b5: + 49:29:6c:4d:1c:22:24:07:5b:7b:9a:88:8b:21:a0:62:43:1c: + 14:23:d2:08:a8:27:cc:f2:d5:4f:e2:5c:b1:f8:3c:f5:7c:b2: + ef:b1:ad:1e:fe:a9:92:5f:00:26:fb:f3:8d:e2:c7:38:8a:9a: + e4:a8:4a:29:61:44:f6:80:61:09:5d:49:9b:1c:10:e0:1e:27: + 03:26:e2:46:01:83:49:6a:1d:5f:6e:71:c8:1e:61:44:32:2a: + 84:cd:5a:45:d3:9f:a4:ec:76:4b:1a:6c:26:ca:55:d7:c3:ad: + 94:57:7b:8b:d4:9f:be:25:3d:e2:30:08:d5:fb:18:9a:aa:ee: + c1:ce:bb:ea:de:5d:a7:77:40:c2:b1:57:aa:11:43:41:69:73: + 0c:bd:87:0e:b9:8d:ba:f9:cc:ac:38:60:8a:62:32:2a:c0:0d: + 1c:88:d3:d3:92:d6:f1:2e:82:67:8e:f5:42:b9:e4:28:b3:fd: + fb:7c:9a:16:5f:fe:20:da:37:5f:c2:5e:74:9b:99:f3:de:35: + 45:8d:49:28 +-----BEGIN CERTIFICATE----- +MIIExDCCA6ygAwIBAgIJAIJ7DavUiWI5MA0GCSqGSIb3DQEBCwUAMIGRMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG +A1UECgwMd29sZlNTTF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53 +b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0x +ODA1MDgyMTU0MTZaFw0yMTAyMDEyMTU0MTZaMIGRMQswCQYDVQQGEwJVUzEQMA4G +A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNT +TF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf +MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Q +uml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRp +pugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk +4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOw +zu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx +04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOCARswggEXMB0G +A1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCBxgYDVR0jBIG+MIG7gBQz2EVm +12iHGH5UDXAnkccm14VlwKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfMjA0 +ODEMMAoGA1UECwwDVVJJMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCCew2r1IliOTAJBgNVHRMEAjAA +MCIGA1UdEQQbMBmGF2h0dHBzOi8vd3d3LndvbGZzc2wuY29tMA0GCSqGSIb3DQEB +CwUAA4IBAQAYu0Z6E6UywqocYM/Rt1nzhv2022JuQE3Ty7WPCkVDnwtQe6xB7Scy +pbP7aqWcNgDyiNrdgLVJKWxNHCIkB1t7moiLIaBiQxwUI9IIqCfM8tVP4lyx+Dz1 +fLLvsa0e/qmSXwAm+/ON4sc4iprkqEopYUT2gGEJXUmbHBDgHicDJuJGAYNJah1f +bnHIHmFEMiqEzVpF05+k7HZLGmwmylXXw62UV3uL1J++JT3iMAjV+xiaqu7Bzrvq +3l2nd0DCsVeqEUNBaXMMvYcOuY26+cysOGCKYjIqwA0ciNPTktbxLoJnjvVCueQo +s/37fJoWX/4g2jdfwl50m5nz3jVFjUko +-----END CERTIFICATE----- diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index 39bcc135d..f42b004ce 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -22,6 +22,7 @@ # client-ca.pem # test/digsigku.pem # ecc-privOnlyCert.pem +# uri-cert.pem # updates the following crls: # crl/cliCrl.pem # crl/crl.pem @@ -45,6 +46,21 @@ function run_renewcerts(){ # To generate these all in sha1 add the flag "-sha1" on appropriate lines # That is all lines beginning with: "openssl req" + ############################################################ + #### update the self-signed (2048-bit) client-uri-cert.pem # + ############################################################ + echo "Updating 2048-bit client-uri-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nURI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr + + + openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions uri -signkey client-key.pem -out client-uri-cert.pem + rm client-cert.csr + + openssl x509 -in client-uri-cert.pem -text > tmp.pem + mv tmp.pem client-uri-cert.pem + ############################################################ #### update the self-signed (2048-bit) client-cert.pem ##### ############################################################ diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index c251cc71e..91c0312b9 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -220,6 +220,13 @@ keyUsage=critical, digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage=serverAuth nsCertType=server +# test parsing URI +[ uri ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=CA:false +subjectAltName=URI:https://www.wolfssl.com + #tsa default [ tsa ] default_tsa = tsa_config1 diff --git a/tests/api.c b/tests/api.c index 11bcbded3..e2ebaaea1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2956,6 +2956,26 @@ static void test_wolfSSL_PKCS5(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */ } +/* test parsing URI from certificate */ +static void test_wolfSSL_URI(void) +{ +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ + && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + WOLFSSL_X509* x509; + const char uri[] = "./certs/client-uri-cert.pem"; + + printf(testingFmt, "wolfSSL URI parse"); + + x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM); + AssertNotNull(x509); + + wolfSSL_FreeX509(x509); + + printf(resultFmt, passed); +#endif +} + /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade * version allowed. * POST: 1 on success. @@ -18612,6 +18632,7 @@ void ApiTest(void) test_wolfSSL_PKCS12(); test_wolfSSL_PKCS8(); test_wolfSSL_PKCS5(); + test_wolfSSL_URI(); /*OCSP Stapling. */ AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS);