openvpn3/test__openssl__x509certinfo_8cpp_source.html

//    OpenVPN -- An application to securely tunnel IP networks

//               over a single port, with support for SSL/TLS-based

//               session authentication and key exchange,

//               packet encryption, packet authentication, and

//               packet compression.

//

//    Copyright (C) 2012- OpenVPN Inc.

//

//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception

//

//

//

//    Basic unit test for the openvpn/openssl/pki/x509certinfo.hpp functions

//


#include <string>


#include "test_common.hpp"

#include "openvpn/openssl/pki/x509.hpp"

#include "openvpn/openssl/pki/x509certinfo.hpp"


using namespace openvpn;


namespace unittests {


std::string test_cert = "-----BEGIN CERTIFICATE-----\n"

                        "MIIFrjCCA5agAwIBAgIJFXABl4gwlJIEMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV\n"

                        "BAYTAlVTMQswCQYDVQQIDAJDQTETMBEGA1UEBwwKUGxlYXNhbnRvbjEYMBYGA1UE\n"

                        "CgwPT3BlblZQTi1URVNULUNBMSUwIwYJKoZIhvcNAQkBFhZleGFtcGxlLmNhQGV4\n"

                        "YW1wbGUubmV0MB4XDTE5MTAwMjEyMzY0OFoXDTI5MDkyOTEyMzY0OFowezELMAkG\n"

                        "A1UEBhMCVVMxCzAJBgNVBAgMAkNBMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxHTAb\n"

                        "BgNVBAMMFHNlcnZlci0xLmV4YW1wbGUubmV0MSkwJwYJKoZIhvcNAQkBFhpleGFt\n"

                        "cGxlLXNlcnZlckBleGFtcGxlLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\n"

                        "AQoCggEBAN7KKMU2A7X74KYn+agBvQmW2zr/OFH/PJn6sMk94aDAIWsa7KccuV8W\n"

                        "d/69XH2FXK2ygSd9df8kO8mGkDl1w5nC/LUk5V0KNqsZGLyNDRvulSFJ2eQChOOs\n"

                        "snOdpf17e/yzs08KY5RME9+HBWx2GpQQWHVsmqvPF+pPJnBctOm8azBOAUZRDBuj\n"

                        "TxCWtwLwVjnFHGSATETuvCiTPuDa9sbw5ibCLFz9ge94ptXcXEU6z+GuighQI9rU\n"

                        "o8BVFF6DiaWZn3jC5KsA1dX81c+UpDpxwOpG9MXg8RRm8rWwsvC/RvjVYjGDBdra\n"

                        "oSuHWPjzH1DIJ31ptjKUPAVdR8ZxAGcCAwEAAaOCAT4wggE6MAkGA1UdEwQCMAAw\n"

                        "EQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVUZXN0IENlcnRpZmlj\n"

                        "YXRlIC0gTk9UIEZPUiBQUk9EVUNUSU9OMB0GA1UdDgQWBBRsQDoK1XxrwQdrKmcC\n"

                        "7/HfbSrQFTCBogYDVR0jBIGaMIGXgBTa10VpSdTIo1PhrwMuGmGrUMerq6F0pHIw\n"

                        "cDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRMwEQYDVQQHDApQbGVhc2FudG9u\n"

                        "MRgwFgYDVQQKDA9PcGVuVlBOLVRFU1QtQ0ExJTAjBgkqhkiG9w0BCQEWFmV4YW1w\n"

                        "bGUuY2FAZXhhbXBsZS5uZXSCCQDm/rJ9Tz3bEDATBgNVHSUEDDAKBggrBgEFBQcD\n"

                        "ATALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAHl41WvFsh+nscCx+1X2\n"

                        "RudmnsuKHFUAktpAOdG3vh+5zh2v3PZYWoS4sgmBl0Zvia4VC/xTrcC2ywJILLAM\n"

                        "cda6CUXMF3+kJMi+qlgn6WRn9RsUHLQFa1/y7zNkuo38zkLlJaiKPQfm1YPkUtnr\n"

                        "n74W9XBrZ2rWBsqL2XCDayEs1IAjL9zs0F1Bs0MCgf+BccCu7wFL886+Y8mhAkRJ\n"

                        "c0aniG/bsawOrrF8JwW2MP/QpPls2BSWmfwJASxX57AbSQ8TmMf289ozTupcBVMC\n"

                        "N973ks9n/35cRtW9SHtwpdsb4nvXFZi6DCfyS3PBpHgi/mRuhgWWSLaVr40RnlHI\n"

                        "NvW0x7SPJwkbHeWz6PStrZJLjkJ9LuvRQwb2+wH6SjIxQiJ/AMXlSL2USASdLR32\n"

                        "eiPUWq5xalTrNQINcnEfVT/ruTInY2vytUaQgFTQvJKp0DJZZHEmkvEQC77IkI7Y\n"

                        "ED4Icu9CLCpXN7axV4Ga0iM53kX4MsDt419mmD8NoYJciHzBZHuJ6cD1tAsUUov7\n"

                        "NJZQLYfixIs63ZNEgb5gCkKywy40gZ+jaK3ard5LzyRUhgWHXdV7oZU7DkY5yAON\n"

                        "63gBg9THgEvcEhG/Ci60y6pB+YpXTiVGkuJvqLdSCn3qota8v+/Fm9ujrlJk1evR\n"

                        "fYFKjF0w1F5ftfpCbucSMbqt\n"

                        "-----END CERTIFICATE-----\n";


TEST(OpenSSL_X509_get_subject, old_format)

{

    OpenSSLPKI::X509 x509crt(test_cert, "Embedded Test Server Cert");

    std::string expect(

        "/C=US/ST=CA/O=OpenVPN-TEST/CN=server-1.example.net/"

        "emailAddress=example-server@example.net");


    ASSERT_EQ(OpenSSLPKI::x509_get_subject(x509crt.obj()), expect);

    ASSERT_EQ(OpenSSLPKI::x509_get_subject(x509crt.obj(), false), expect);

}


TEST(OpenSSL_X509_get_subject, new_format)

{

    OpenSSLPKI::X509 x509crt(test_cert, "Embedded Test Server Cert");

    std::string expect(

        "C=US, ST=CA, O=OpenVPN-TEST, CN=server-1.example.net, "

        "emailAddress=example-server@example.net");


    ASSERT_EQ(OpenSSLPKI::x509_get_subject(x509crt.obj(), true), expect);

}


TEST(OpenSSL_X509_get_serial, numeric)

{

    OpenSSLPKI::X509 x509crt(test_cert, "Embedded Test Server Cert");

    std::string expect("395452524166311612932");


    ASSERT_EQ(OpenSSLPKI::x509_get_serial(x509crt.obj()), expect);

}


TEST(OpenSSL_X509_get_serial, hexadecimal)

{

    OpenSSLPKI::X509 x509crt(test_cert, "Embedded Test Server Cert");

    std::string expect("15:70:01:97:88:30:94:92:04");


    ASSERT_EQ(OpenSSLPKI::x509_get_serial_hex(x509crt.obj()), expect);

}


TEST(OpenSSL_X509_get_field, basic_checks)

{

    OpenSSLPKI::X509 x509crt(test_cert, "Embedded Test Server Cert");


    ASSERT_EQ(OpenSSLPKI::x509_get_field(x509crt.obj(), NID_commonName),

              "server-1.example.net");


    ASSERT_EQ(OpenSSLPKI::x509_get_field(x509crt.obj(), NID_stateOrProvinceName),

              "CA");


    ASSERT_EQ(OpenSSLPKI::x509_get_field(x509crt.obj(), NID_localityName), "");


    ASSERT_EQ(OpenSSLPKI::x509_get_field(x509crt.obj(), NID_pkcs9_emailAddress),

              "example-server@example.net");


    ASSERT_EQ(OpenSSLPKI::x509_get_field(x509crt.obj(), NID_organizationName),

              "OpenVPN-TEST");


    ASSERT_EQ(OpenSSLPKI::x509_get_field(x509crt.obj(), NID_countryName), "US");

}


TEST(OpenSSL_X509_get_field, signature)

{

    OpenSSLPKI::X509 x509crt(test_cert, "Embedded Test Server Cert");


    ASSERT_EQ(OpenSSLPKI::x509_get_signature_algorithm(x509crt.obj()), "RSA-SHA256");

}


TEST(x509_get_fingerprint, output)

{

    OpenSSLPKI::X509 x509crt(test_cert, "Embedded Test Server Cert");

    const std::vector<uint8_t> fingerprint = {

        // clang-format off

        0x44, 0xF5, 0xA6, 0x4D, 0x4A, 0xCB, 0x65, 0xE1,

        0x8A, 0x9F, 0x55, 0x89, 0x7F, 0x77, 0xA0, 0x79,

        0xAA, 0xFB, 0xCC, 0xA1, 0x37, 0x2F, 0xD8, 0xB3,

        0x47, 0xAA, 0x9D, 0xE3, 0xD0, 0x76, 0xB1, 0x44

        // clang-format on

    };

    ASSERT_EQ(OpenSSLPKI::x509_get_fingerprint(x509crt.obj()), fingerprint);

}


} // namespace unittests

openvpn::OpenSSLPKI::X509
Definition x509.hpp:30

openvpn::OpenSSLPKI::X509::obj
::X509 * obj() const
Definition x509.hpp:82

openvpn::OpenSSLPKI::x509_get_serial_hex
static std::string x509_get_serial_hex(::X509 *cert)
Definition x509certinfo.hpp:225

openvpn::OpenSSLPKI::x509_get_field
static std::string x509_get_field(::X509 *cert, const int nid)
Definition x509certinfo.hpp:138

openvpn::OpenSSLPKI::x509_get_serial
static std::string x509_get_serial(::X509 *cert)
Definition x509certinfo.hpp:200

openvpn::OpenSSLPKI::x509_get_fingerprint
static std::vector< uint8_t > x509_get_fingerprint(const ::X509 *cert)
Definition x509certinfo.hpp:242

openvpn::OpenSSLPKI::x509_get_subject
static std::string x509_get_subject(::X509 *cert, bool new_format=false)
Definition x509certinfo.hpp:56

openvpn::OpenSSLPKI::x509_get_signature_algorithm
static std::string x509_get_signature_algorithm(const ::X509 *cert)
Definition x509certinfo.hpp:113

openvpn
Definition ovpncli.cpp:97

unittests
Definition test_comp.cpp:243

unittests::TEST
TEST(CPUTime, cpu_time_pid)
Definition test_cpu_time.cpp:110

unittests::test_cert
std::string test_cert
Definition test_mbedtls_x509certinfo.cpp:26

x509certinfo.hpp

test_common.hpp

x509.hpp