RUNNER_TEST(T1511_insert_data)
{
- auto certee = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto certim = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ auto certee = TestData::getTestCertificate(TestData::TEST_LEAF);
+ auto certim = TestData::getTestCertificate(TestData::TEST_IM_CA);
CKM::Alias certeeAlias("CertEE");
CKM::Alias certimAlias("CertIM");
{
int temp;
ScopedAppContext ctx(TEST_LABEL, USER_TEST+1, GROUP_APP);
- auto certee = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto certee = TestData::getTestCertificate(TestData::TEST_LEAF);
auto manager = CKM::Manager::create();
size_t current_aliases_num = count_aliases(ALIAS_CERT);
TEST_IM_CA, // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
TEST_LEAF, // TEST_LEAF, signed by TEST_IM_CA, expires 2035
- // third party
- BALTIMORE_CYBER_TRUST_ROOT, // Baltimore CyberTrust Root, (root CA), expires May 13, 2025
- MS_RSA_TLS_CA_01, // Microsoft RSA TLS CA 01, signed by Baltimore CyberTrust Root,
- // expires Oct 8, 2024
- MICROSOFT_COM, // www.microsoft.com, signed by Microsoft RSA TLS CA 01,
- // expires Jul 28, 2022
-
// ocsp available chain on third party
- MS_RSA_TLS_CA_02, // Microsoft RSA TLS CA 02, signed by Baltimore CyberTrust Root,
- // expires Oct 8 2024
- BING_COM, // www.bing.com, signed by Microsoft RSA TLS CA 02,
- // expires Mar 30 2022,
+ GLOBALSIGN_ROOT_CA, // GlobalSign Root CA, expires Jan 28 2028
+ GTS_ROOT_R1, // Google GTS Root R1, signed by GlobalSign Root CA,
+ // expires Jan 28 2028
// footer - last element in the set
NO_CERT
case certificateID::TEST_IM_CA: return RawCertificateID::TEST_IM_CA;
case certificateID::TEST_LEAF: return RawCertificateID::TEST_LEAF;
- case certificateID::THIRD_PARTY_ROOT_CA: return RawCertificateID::BALTIMORE_CYBER_TRUST_ROOT;
- case certificateID::THIRD_PARTY_IM_CA: return RawCertificateID::MS_RSA_TLS_CA_01;
- case certificateID::THIRD_PARTY_LEAF: return RawCertificateID::MICROSOFT_COM;
-
- case certificateID::OCSP_AVAILABLE_IM: return RawCertificateID::MS_RSA_TLS_CA_02;
- case certificateID::OCSP_AVAILABLE_LEAF: return RawCertificateID::BING_COM;
+ case certificateID::OCSP_ROOT_CA: return RawCertificateID::GLOBALSIGN_ROOT_CA;
+ case certificateID::OCSP_AVAILABLE_IM: return RawCertificateID::GTS_ROOT_R1;
case certificateID::NO_CERT: return RawCertificateID::NO_CERT;
default: throw std::invalid_argument("Invalid raw certificat ID!");
cm[RawCertificateID::TEST_LEAF].certPtr = createCert(raw_base64);
}
- // Baltimore CyberTrust Root, (root CA), expires May 13, 2025
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\n"
- "RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\n"
- "VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\n"
- "DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\n"
- "ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\n"
- "VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\n"
- "mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\n"
- "IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\n"
- "mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\n"
- "XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\n"
- "dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\n"
- "jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\n"
- "BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\n"
- "DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n"
- "9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\n"
- "jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\n"
- "Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\n"
- "ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\n"
- "R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n"
- "-----END CERTIFICATE-----\n");
- cm[RawCertificateID::BALTIMORE_CYBER_TRUST_ROOT].raw_base64 = raw_base64;
- cm[RawCertificateID::BALTIMORE_CYBER_TRUST_ROOT].certPtr = createCert(raw_base64);
- }
-
- // Microsoft RSA TLS CA 01, signed by Baltimore CyberTrust Root, expires Oct 8, 2024
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIFWjCCBEKgAwIBAgIQDxSWXyAgaZlP1ceseIlB4jANBgkqhkiG9w0BAQsFADBa\n"
- "MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\n"
- "clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\n"
- "MDcyMTIzMDAwMFoXDTI0MTAwODA3MDAwMFowTzELMAkGA1UEBhMCVVMxHjAcBgNV\n"
- "BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEgMB4GA1UEAxMXTWljcm9zb2Z0IFJT\n"
- "QSBUTFMgQ0EgMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqYnfP\n"
- "mmOyBoTzkDb0mfMUUavqlQo7Rgb9EUEf/lsGWMk4bgj8T0RIzTqk970eouKVuL5R\n"
- "IMW/snBjXXgMQ8ApzWRJCZbar879BV8rKpHoAW4uGJssnNABf2n17j9TiFy6BWy+\n"
- "IhVnFILyLNK+W2M3zK9gheiWa2uACKhuvgCca5Vw/OQYErEdG7LBEzFnMzTmJcli\n"
- "W1iCdXby/vI/OxbfqkKD4zJtm45DJvC9Dh+hpzqvLMiK5uo/+aXSJY+SqhoIEpz+\n"
- "rErHw+uAlKuHFtEjSeeku8eR3+Z5ND9BSqc6JtLqb0bjOHPm5dSRrgt4nnil75bj\n"
- "c9j3lWXpBb9PXP9Sp/nPCK+nTQmZwHGjUnqlO9ebAVQD47ZisFonnDAmjrZNVqEX\n"
- "F3p7laEHrFMxttYuD81BdOzxAbL9Rb/8MeFGQjE2Qx65qgVfhH+RsYuuD9dUw/3w\n"
- "ZAhq05yO6nk07AM9c+AbNtRoEcdZcLCHfMDcbkXKNs5DJncCqXAN6LhXVERCw/us\n"
- "G2MmCMLSIx9/kwt8bwhUmitOXc6fpT7SmFvRAtvxg84wUkg4Y/Gx++0j0z6StSeN\n"
- "0EJz150jaHG6WV4HUqaWTb98Tm90IgXAU4AW2GBOlzFPiU5IY9jt+eXC2Q6yC/Zp\n"
- "TL1LAcnL3Qa/OgLrHN0wiw1KFGD51WRPQ0Sh7QIDAQABo4IBJTCCASEwHQYDVR0O\n"
- "BBYEFLV2DDARzseSQk1Mx1wsyKkM6AtkMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoI\n"
- "VDaGezq1BE3wMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\n"
- "KwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0BggrBgEFBQcBAQQoMCYwJAYI\n"
- "KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA6BgNVHR8EMzAxMC+g\n"
- "LaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vT21uaXJvb3QyMDI1LmNybDAq\n"
- "BgNVHSAEIzAhMAgGBmeBDAECATAIBgZngQwBAgIwCwYJKwYBBAGCNyoBMA0GCSqG\n"
- "SIb3DQEBCwUAA4IBAQCfK76SZ1vae4qt6P+dTQUO7bYNFUHR5hXcA2D59CJWnEj5\n"
- "na7aKzyowKvQupW4yMH9fGNxtsh6iJswRqOOfZYC4/giBO/gNsBvwr8uDW7t1nYo\n"
- "DYGHPpvnpxCM2mYfQFHq576/TmeYu1RZY29C4w8xYBlkAA8mDJfRhMCmehk7cN5F\n"
- "JtyWRj2cZj/hOoI45TYDBChXpOlLZKIYiG1giY16vhCRi6zmPzEwv+tk156N6cGS\n"
- "Vm44jTQ/rs1sa0JSYjzUaYngoFdZC4OfxnIkQvUIA4TOFmPzNPEFdjcZsgbeEz4T\n"
- "cGHTBPK4R28F44qIMCtHRV55VMX53ev6P3hRddJb\n"
- "-----END CERTIFICATE-----\n"
- );
- cm[RawCertificateID::MS_RSA_TLS_CA_01].raw_base64 = raw_base64;
- cm[RawCertificateID::MS_RSA_TLS_CA_01].certPtr = createCert(raw_base64);
- }
-
- // www.microsoft.com, signed by Microsoft RSA TLS CA 01, expires Jul 28, 2022
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIII9DCCBtygAwIBAgITEgAU8ewjldVv3MTctwAAABTx7DANBgkqhkiG9w0BAQsF\n"
- "ADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u\n"
- "MSAwHgYDVQQDExdNaWNyb3NvZnQgUlNBIFRMUyBDQSAwMTAeFw0yMTA3MjgyMTIy\n"
- "MDZaFw0yMjA3MjgyMTIyMDZaMIGIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0Ex\n"
- "EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv\n"
- "bjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRowGAYDVQQDExF3d3cu\n"
- "bWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnE\n"
- "YTuMHAC05tDE3Xeql1wP18DqLF1YZ6z6vsnmS9FQg5HhjYW9d5JEpxldYfA26Rmu\n"
- "SjzBnPIV6C9TsxSasdijXzMBGBXLMRN1Lqo8t+ULT0JAsmt0TjvhGTk7qAWOxx5W\n"
- "gbEA+hZP12P1glre2E5LGORyf3/HDDHDJpoyVrJQcXTTxGGFrUaz8BxpSxnk3+p+\n"
- "/b2hPxO70jt3vqtpgS+dJa9j9CsGm5f6QZdYFCNVL3HNk4ji36dQZd3Z01jjddgn\n"
- "8eqG220HvEDL+tJY+q9/iz0fLd+rcDO/igCgpEfM3/gmz4b9xUB1MfexdFNX8zxq\n"
- "7HBedJTQOSrYbcEupCMCAwEAAaOCBI0wggSJMIIBfAYKKwYBBAHWeQIEAgSCAWwE\n"
- "ggFoAWYAdQApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAXrvCDQo\n"
- "AAAEAwBGMEQCIGsG4F9acHkVtLDESPJxtX8xga3P+ib5mF86uhDdHdQyAiAIlmPH\n"
- "81f0tFDjOT3QypOpS6W95Wv4AB7QpxQPkX5R+wB1AEHIyrHfIkZKEMahOglCh15O\n"
- "MYsbA+vrS8do8JBilgb2AAABeu8INBYAAAQDAEYwRAIgYLmw/lgwOh/iFUG+ghFb\n"
- "jH9odXbXMn9pH+6aoOwNpJoCIFOT/s390eZjaTM99x3B+7aF2iah+3NbIVRIO7eU\n"
- "gCUJAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF67wg0VQAA\n"
- "BAMARzBFAiEAvkCi3Cm3jnqCQFRVP4cinZcVZbMVsIsCdWq17Ql9W7gCIFsGi8PI\n"
- "T+LMgAOXRfRyq4o5ffWlrF3RKPjpFm1XmcvaMCcGCSsGAQQBgjcVCgQaMBgwCgYI\n"
- "KwYBBQUHAwIwCgYIKwYBBQUHAwEwPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGCNxUI\n"
- "h9qGdYPu2QGCyYUbgbWeYYX062CBXbn4EIaR0HgCAWQCASUwgYcGCCsGAQUFBwEB\n"
- "BHsweTBTBggrBgEFBQcwAoZHaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9t\n"
- "c2NvcnAvTWljcm9zb2Z0JTIwUlNBJTIwVExTJTIwQ0ElMjAwMS5jcnQwIgYIKwYB\n"
- "BQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFAkmLKnc/2OR\n"
- "QOdYZ+IIP3T26vFlMA4GA1UdDwEB/wQEAwIEsDCBmQYDVR0RBIGRMIGOghVwcml2\n"
- "YWN5Lm1pY3Jvc29mdC5jb22CEWMucy1taWNyb3NvZnQuY29tgg1taWNyb3NvZnQu\n"
- "Y29tghFpLnMtbWljcm9zb2Z0LmNvbYIYc3RhdGljdmlldy5taWNyb3NvZnQuY29t\n"
- "ghF3d3cubWljcm9zb2Z0LmNvbYITd3d3cWEubWljcm9zb2Z0LmNvbTCBsAYDVR0f\n"
- "BIGoMIGlMIGioIGfoIGchk1odHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kv\n"
- "bXNjb3JwL2NybC9NaWNyb3NvZnQlMjBSU0ElMjBUTFMlMjBDQSUyMDAxLmNybIZL\n"
- "aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29m\n"
- "dCUyMFJTQSUyMFRMUyUyMENBJTIwMDEuY3JsMFcGA1UdIARQME4wQgYJKwYBBAGC\n"
- "NyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kv\n"
- "bXNjb3JwL2NwczAIBgZngQwBAgIwHwYDVR0jBBgwFoAUtXYMMBHOx5JCTUzHXCzI\n"
- "qQzoC2QwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEB\n"
- "CwUAA4ICAQAVMIWmZCVQqfj7bJx9qruDL8/ylrr3axGTW38+QbP7a+705e8piKYA\n"
- "oSLpwDnWs00JzLLfe55xE7b3veY5q88ZAcQfB34tvewp+2rYvTcvPq641TXloQlJ\n"
- "an/90VgkCa2YsbSwWg4uldv0fjvbdZmRvm/fofrR45ySK8KK1SsNJ1Aa/3wuNCyj\n"
- "L03dT3tf2pDymMaNj3PamyjClHsdYcWop3ZBbM/PiL0pY/a0YsqIUsUkpK93yC4E\n"
- "+IkZkQDEEAeZHzoHlZv2moJSKL357z1wqS2tDTNGpX8NBvudKkUlnShJfu6MFn1m\n"
- "vXONhYfpYpJ5t0DxFwhahPS7MKmp/sz7A5fO8b/nvyvwohvHHlI502Np7LdRWE1J\n"
- "7bNmOcCK/gGVWU2VtZUyhJwGN104Aba61Jn8+mds8JagLPAwiB2Si7M1sfKHpacC\n"
- "GTeO2N8v8WaBQw/hFLnXlV6c8C8QrYLWLxlmM+6pAlm9fHVU4RESJFseMJiJ66US\n"
- "bKVIwfysnXZseCb5gbVI8v3d/qpPZSkpKfLs47spTDVKEqSBr8a2evyRJFzIZZ0v\n"
- "MW9by1fTuByXk82Uyz6/MQ4x0Z/zflGSOyozpZFli7FMFbh4+Fpg6s5RgWVVep96\n"
- "h4MER2f+ulxJ3j9wUxCa/BR6St/Ck6ZO+FL676uHMx3NMrrSVltSuA==\n"
- "-----END CERTIFICATE-----\n"
- );
- cm[RawCertificateID::MICROSOFT_COM].raw_base64 = raw_base64;
- cm[RawCertificateID::MICROSOFT_COM].certPtr = createCert(raw_base64);
- }
-
- // Microsoft RSA TLS CA 01, signed by Baltimore CyberTrust Root, expires 8 Oct 2024
- // This is the same as IM for microsoft.com currently,
- // not removing as it's not always like that.
+ // GlobalSign Root CA, expires Jan 28 2028
{
std::string raw_base64(
"-----BEGIN CERTIFICATE-----\n"
- "MIIFWjCCBEKgAwIBAgIQDxSWXyAgaZlP1ceseIlB4jANBgkqhkiG9w0BAQsFADBa\n"
- "MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\n"
- "clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\n"
- "MDcyMTIzMDAwMFoXDTI0MTAwODA3MDAwMFowTzELMAkGA1UEBhMCVVMxHjAcBgNV\n"
- "BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEgMB4GA1UEAxMXTWljcm9zb2Z0IFJT\n"
- "QSBUTFMgQ0EgMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqYnfP\n"
- "mmOyBoTzkDb0mfMUUavqlQo7Rgb9EUEf/lsGWMk4bgj8T0RIzTqk970eouKVuL5R\n"
- "IMW/snBjXXgMQ8ApzWRJCZbar879BV8rKpHoAW4uGJssnNABf2n17j9TiFy6BWy+\n"
- "IhVnFILyLNK+W2M3zK9gheiWa2uACKhuvgCca5Vw/OQYErEdG7LBEzFnMzTmJcli\n"
- "W1iCdXby/vI/OxbfqkKD4zJtm45DJvC9Dh+hpzqvLMiK5uo/+aXSJY+SqhoIEpz+\n"
- "rErHw+uAlKuHFtEjSeeku8eR3+Z5ND9BSqc6JtLqb0bjOHPm5dSRrgt4nnil75bj\n"
- "c9j3lWXpBb9PXP9Sp/nPCK+nTQmZwHGjUnqlO9ebAVQD47ZisFonnDAmjrZNVqEX\n"
- "F3p7laEHrFMxttYuD81BdOzxAbL9Rb/8MeFGQjE2Qx65qgVfhH+RsYuuD9dUw/3w\n"
- "ZAhq05yO6nk07AM9c+AbNtRoEcdZcLCHfMDcbkXKNs5DJncCqXAN6LhXVERCw/us\n"
- "G2MmCMLSIx9/kwt8bwhUmitOXc6fpT7SmFvRAtvxg84wUkg4Y/Gx++0j0z6StSeN\n"
- "0EJz150jaHG6WV4HUqaWTb98Tm90IgXAU4AW2GBOlzFPiU5IY9jt+eXC2Q6yC/Zp\n"
- "TL1LAcnL3Qa/OgLrHN0wiw1KFGD51WRPQ0Sh7QIDAQABo4IBJTCCASEwHQYDVR0O\n"
- "BBYEFLV2DDARzseSQk1Mx1wsyKkM6AtkMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoI\n"
- "VDaGezq1BE3wMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\n"
- "KwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0BggrBgEFBQcBAQQoMCYwJAYI\n"
- "KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA6BgNVHR8EMzAxMC+g\n"
- "LaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vT21uaXJvb3QyMDI1LmNybDAq\n"
- "BgNVHSAEIzAhMAgGBmeBDAECATAIBgZngQwBAgIwCwYJKwYBBAGCNyoBMA0GCSqG\n"
- "SIb3DQEBCwUAA4IBAQCfK76SZ1vae4qt6P+dTQUO7bYNFUHR5hXcA2D59CJWnEj5\n"
- "na7aKzyowKvQupW4yMH9fGNxtsh6iJswRqOOfZYC4/giBO/gNsBvwr8uDW7t1nYo\n"
- "DYGHPpvnpxCM2mYfQFHq576/TmeYu1RZY29C4w8xYBlkAA8mDJfRhMCmehk7cN5F\n"
- "JtyWRj2cZj/hOoI45TYDBChXpOlLZKIYiG1giY16vhCRi6zmPzEwv+tk156N6cGS\n"
- "Vm44jTQ/rs1sa0JSYjzUaYngoFdZC4OfxnIkQvUIA4TOFmPzNPEFdjcZsgbeEz4T\n"
- "cGHTBPK4R28F44qIMCtHRV55VMX53ev6P3hRddJb\n"
+ "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n"
+ "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n"
+ "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n"
+ "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n"
+ "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n"
+ "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n"
+ "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n"
+ "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n"
+ "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n"
+ "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n"
+ "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n"
+ "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n"
+ "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n"
+ "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n"
+ "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n"
+ "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n"
+ "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n"
+ "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
+ "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
"-----END CERTIFICATE-----\n"
);
- cm[RawCertificateID::MS_RSA_TLS_CA_02].raw_base64 = raw_base64;
- cm[RawCertificateID::MS_RSA_TLS_CA_02].certPtr = createCert(raw_base64);
+ cm[RawCertificateID::GLOBALSIGN_ROOT_CA].raw_base64 = raw_base64;
+ cm[RawCertificateID::GLOBALSIGN_ROOT_CA].certPtr = createCert(raw_base64);
}
- // www.bing.com, signed by Microsoft RSA TLS CA 01, expires Dec 10 2022
+ // Google GTS Root R1, signed by GlobalSign Root CA, expires Jan 28 2028
{
std::string raw_base64(
"-----BEGIN CERTIFICATE-----\n"
- "MIINWDCCC0CgAwIBAgITEgAtFJyg3q6Puh27sQAAAC0UnDANBgkqhkiG9w0BAQsF\n"
- "ADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u\n"
- "MSAwHgYDVQQDExdNaWNyb3NvZnQgUlNBIFRMUyBDQSAwMTAeFw0yMjA2MTAwMTE1\n"
- "NDFaFw0yMjEyMTAwMTE1NDFaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIw\n"
- "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8sdZYQ+f3lROucTlyDAVTlH2C8\n"
- "na0X+Q9IJhKA/J1HmC7WhYbreG54dJvDC5J8dlXs7VcJw4+2zHePozofwQ1MuVz7\n"
- "hzCztVoCWAsMkXNQcGzvEFUpI08xTPgkgEQQQrLWd9AoJ8kbkKV2GOQ6fbujj/Bx\n"
- "80PKC1wLYLn7QHPZiYN/ID/TdE6qaTxOfBCMG2g6b6xep5DTw7/8YwOKb3HK0Hij\n"
- "/RD0iTaxNQrq4xanBqZvjIpbOM1QaTnGLETMmmsu/HBEYpk24R1X/LvFSbNc3zHy\n"
- "f5kCfK/zA0kPkqlggmbOW9ZPzQs8CZ9SbJv5fxEpi3UzWUlc286mtGLrZNECAwEA\n"
- "AaOCCWMwgglfMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdgBGpVXrdfqRIDC1\n"
- "oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAYFLN69wAAAEAwBHMEUCIGTND7bl7y2c\n"
- "PUBTR4qse7n1J3y3QVHtwxxInN8017dvAiEAzAY98uWMgzsXToG22QuFfgZITqUP\n"
- "mUDyDR6wjLLxTYYAdQBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAA\n"
- "AYFLN7B6AAAEAwBGMEQCIGvArKHV/doC367M/K3k+QzrdJkdSzuDF0pXftPau9RP\n"
- "AiAdGw4rMcThB+ateVyBx1ePL+f6x3fZVi4utU59u+zY2wB1AEHIyrHfIkZKEMah\n"
- "OglCh15OMYsbA+vrS8do8JBilgb2AAABgUs3r/sAAAQDAEYwRAIgD2JGU3HOI1ub\n"
- "MmsaOi5wV82K04NdYLrPhbuALtgnsnkCIF2G0Rq8qsABzAlnO6zXbNP4qPXztlF9\n"
- "c1kcPGbUn07cMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUH\n"
- "AwIwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX0\n"
- "62CBXYWGjkGHwphQAgFkAgEnMIGHBggrBgEFBQcBAQR7MHkwUwYIKwYBBQUHMAKG\n"
- "R2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUy\n"
- "MFJTQSUyMFRMUyUyMENBJTIwMDEuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2Nz\n"
- "cC5tc29jc3AuY29tMB0GA1UdDgQWBBTPhtbKWKRl7m/t8mbyPQQwi99VOzAOBgNV\n"
- "HQ8BAf8EBAMCBLAwggVtBgNVHREEggVkMIIFYIIMd3d3LmJpbmcuY29tghBkaWN0\n"
- "LmJpbmcuY29tLmNughMqLnBsYXRmb3JtLmJpbmcuY29tggoqLmJpbmcuY29tgghi\n"
- "aW5nLmNvbYIWaWVvbmxpbmUubWljcm9zb2Z0LmNvbYITKi53aW5kb3dzc2VhcmNo\n"
- "LmNvbYIZY24uaWVvbmxpbmUubWljcm9zb2Z0LmNvbYIRKi5vcmlnaW4uYmluZy5j\n"
- "b22CDSoubW0uYmluZy5uZXSCDiouYXBpLmJpbmcuY29tghhlY24uZGV2LnZpcnR1\n"
- "YWxlYXJ0aC5uZXSCDSouY24uYmluZy5uZXSCDSouY24uYmluZy5jb22CEHNzbC1h\n"
- "cGkuYmluZy5jb22CEHNzbC1hcGkuYmluZy5uZXSCDiouYXBpLmJpbmcubmV0gg4q\n"
- "LmJpbmdhcGlzLmNvbYIPYmluZ3NhbmRib3guY29tghZmZWVkYmFjay5taWNyb3Nv\n"
- "ZnQuY29tghtpbnNlcnRtZWRpYS5iaW5nLm9mZmljZS5uZXSCDnIuYmF0LmJpbmcu\n"
- "Y29tghAqLnIuYmF0LmJpbmcuY29tghIqLmRpY3QuYmluZy5jb20uY26CDyouZGlj\n"
- "dC5iaW5nLmNvbYIOKi5zc2wuYmluZy5jb22CECouYXBwZXguYmluZy5jb22CFiou\n"
- "cGxhdGZvcm0uY24uYmluZy5jb22CDXdwLm0uYmluZy5jb22CDCoubS5iaW5nLmNv\n"
- "bYIPZ2xvYmFsLmJpbmcuY29tghF3aW5kb3dzc2VhcmNoLmNvbYIOc2VhcmNoLm1z\n"
- "bi5jb22CESouYmluZ3NhbmRib3guY29tghkqLmFwaS50aWxlcy5kaXR1LmxpdmUu\n"
- "Y29tgg8qLmRpdHUubGl2ZS5jb22CGCoudDAudGlsZXMuZGl0dS5saXZlLmNvbYIY\n"
- "Ki50MS50aWxlcy5kaXR1LmxpdmUuY29tghgqLnQyLnRpbGVzLmRpdHUubGl2ZS5j\n"
- "b22CGCoudDMudGlsZXMuZGl0dS5saXZlLmNvbYIVKi50aWxlcy5kaXR1LmxpdmUu\n"
- "Y29tggszZC5saXZlLmNvbYITYXBpLnNlYXJjaC5saXZlLmNvbYIUYmV0YS5zZWFy\n"
- "Y2gubGl2ZS5jb22CFWNud2ViLnNlYXJjaC5saXZlLmNvbYIMZGV2LmxpdmUuY29t\n"
- "gg1kaXR1LmxpdmUuY29tghFmYXJlY2FzdC5saXZlLmNvbYIOaW1hZ2UubGl2ZS5j\n"
- "b22CD2ltYWdlcy5saXZlLmNvbYIRbG9jYWwubGl2ZS5jb20uYXWCFGxvY2Fsc2Vh\n"
- "cmNoLmxpdmUuY29tghRsczRkLnNlYXJjaC5saXZlLmNvbYINbWFpbC5saXZlLmNv\n"
- "bYIRbWFwaW5kaWEubGl2ZS5jb22CDmxvY2FsLmxpdmUuY29tgg1tYXBzLmxpdmUu\n"
- "Y29tghBtYXBzLmxpdmUuY29tLmF1gg9taW5kaWEubGl2ZS5jb22CDW5ld3MubGl2\n"
- "ZS5jb22CHG9yaWdpbi5jbndlYi5zZWFyY2gubGl2ZS5jb22CFnByZXZpZXcubG9j\n"
- "YWwubGl2ZS5jb22CD3NlYXJjaC5saXZlLmNvbYISdGVzdC5tYXBzLmxpdmUuY29t\n"
- "gg52aWRlby5saXZlLmNvbYIPdmlkZW9zLmxpdmUuY29tghV2aXJ0dWFsZWFydGgu\n"
- "bGl2ZS5jb22CDHdhcC5saXZlLmNvbYISd2VibWFzdGVyLmxpdmUuY29tghN3ZWJt\n"
- "YXN0ZXJzLmxpdmUuY29tghV3d3cubG9jYWwubGl2ZS5jb20uYXWCFHd3dy5tYXBz\n"
- "LmxpdmUuY29tLmF1MIGwBgNVHR8EgagwgaUwgaKggZ+ggZyGTWh0dHA6Ly9tc2Ny\n"
- "bC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFJTQSUy\n"
- "MFRMUyUyMENBJTIwMDEuY3JshktodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtp\n"
- "L21zY29ycC9jcmwvTWljcm9zb2Z0JTIwUlNBJTIwVExTJTIwQ0ElMjAwMS5jcmww\n"
- "VwYDVR0gBFAwTjBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3\n"
- "dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMAgGBmeBDAECATAfBgNVHSME\n"
- "GDAWgBS1dgwwEc7HkkJNTMdcLMipDOgLZDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\n"
- "KwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggIBAB26QQoY9CP1wxr34qQBIURTkqNv\n"
- "FPnC9cIWilX/mHoF1Br1UoZMMmiCqueSeqfWRzCJvgmX3LI0mwwuHK6v1+aCLtNA\n"
- "ZTmMBDta0bHECngcv3OYsCsLq721HMx41jghii4MU6AbAa/lfp4HTYwa+3/F5S9c\n"
- "nV2iRDU5b5dAa4sVCagzAqYrZ6lqRA4ZqBtf0dbjdHAY39qeC7qFsZXm45IsDcwL\n"
- "1TvCfDaUMwT0QxVNSfqRyX1YtygcfEqhQ6Ixe9uEO8I0PrULK/Nv1/ljV7B//YpJ\n"
- "1Y/8LUKLVZf5/hUWniF1dk5ieCudGaMJrMKEb+phBpGi4/rIiLmtcu5vhXs0Surb\n"
- "+5BaCdDv6DCPbs54MzAqDbPtvq4QhdxZJqF9GSgppdkeG71jduoWGf6//myU0FL8\n"
- "mQo7e0AQRXpI73bgm22ltnv1hv5dVxCcow4dwsyO1y+wTm54slnUIbnz5Q/ersm+\n"
- "A46ArbcRRvmp86hwZlflq7Ck4c53RXAncWUW7bkAMmdYFpDBRkMh/VsCt9pV6LcZ\n"
- "CwibBdeCW4u530hJSeQ7IUkru7cqInzPgJaWA4Rd5Z8ZmKySR9LFi3E+wGL7d9bC\n"
- "ck1o2m9gskB4yaxNivRn6XAo8dF2bsHxVmqwpzbdQ2BXECzJ9WwxrThRJXZo9BOR\n"
- "WneHWxrOCzK3NWzJ\n"
+ "MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX\n"
+ "MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE\n"
+ "CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx\n"
+ "OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT\n"
+ "GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx\n"
+ "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63\n"
+ "ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS\n"
+ "iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k\n"
+ "KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ\n"
+ "DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk\n"
+ "j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5\n"
+ "cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW\n"
+ "CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499\n"
+ "iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei\n"
+ "Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap\n"
+ "sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b\n"
+ "9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP\n"
+ "BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf\n"
+ "BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw\n"
+ "JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH\n"
+ "MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al\n"
+ "oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy\n"
+ "MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF\n"
+ "AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9\n"
+ "NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9\n"
+ "WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw\n"
+ "9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy\n"
+ "+qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi\n"
+ "d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=\n"
"-----END CERTIFICATE-----\n"
);
- cm[RawCertificateID::BING_COM].raw_base64 = raw_base64;
- cm[RawCertificateID::BING_COM].certPtr = createCert(raw_base64);
+ cm[RawCertificateID::GTS_ROOT_R1].raw_base64 = raw_base64;
+ cm[RawCertificateID::GTS_ROOT_R1].certPtr = createCert(raw_base64);
}
return cm;
TEST_IM_CA,
TEST_LEAF,
- // third party
- THIRD_PARTY_ROOT_CA,
- THIRD_PARTY_IM_CA,
- THIRD_PARTY_LEAF,
-
- // ocsp available certificate chain, thirt party
+ // ocsp available certificate chain, third party
+ OCSP_ROOT_CA,
OCSP_AVAILABLE_IM,
- OCSP_AVAILABLE_LEAF,
// footer
NO_CERT
RUNNER_TEST(TA0120_save_cert_already_exists, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(TEST_LEAF), Policy());
test_negative(&ManagerAsync::saveCertificate,
CKM_API_ERROR_DB_ALIAS_EXISTS,
"alias",
- getTestCertificate(OCSP_AVAILABLE_LEAF),
+ getTestCertificate(TEST_LEAF),
Policy());
}
RUNNER_TEST(TA0150_save_cert_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(TEST_LEAF), Policy());
}
RUNNER_TEST(TA0450_remove_cert_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(TEST_LEAF), Policy());
test_positive(&ManagerAsync::removeAlias, "alias");
}
{
test_positive(&ManagerAsync::saveCertificate,
"alias",
- getTestCertificate(OCSP_AVAILABLE_LEAF),
+ getTestCertificate(TEST_LEAF),
Policy("password"));
test_negative(&ManagerAsync::getCertificate,
CKM_API_ERROR_AUTHENTICATION_FAILED,
static constexpr char PASS[] = "password";
static constexpr char ALIAS[] = "alias";
- const auto cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
+ const auto cert = getTestCertificate(TEST_LEAF);
mgr.saveCertificate(obs, ALIAS, cert, Policy(PASS));
obs->WaitForSuccess();
RUNNER_TEST(TA1050_get_cert_alias_vector_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(TEST_LEAF), Policy());
test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias1") });
- test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(OCSP_AVAILABLE_IM), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(TEST_IM_CA), Policy());
test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias1"),
aliasWithLabelFromSelf("alias2") });
// getCertificateChain
RUNNER_TEST(TA1410_get_certificate_chain_invalid_param, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
+ CertificateShPtr cert = getTestCertificate(TEST_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(TEST_IM_CA) };
test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
cert,
certv,
RUNNER_TEST(TA1420_get_certificate_chain_negative, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_LEAF) };
+ CertificateShPtr cert = getTestCertificate(TEST_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(TEST_LEAF) };
+ CertificateShPtrVector trustedv = { getTestCertificate(TEST_ROOT_CA) };
test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
+ trustedv,
true);
test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
certv,
- EMPTY_CERT_VECTOR,
+ trustedv,
true);
AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], certv[0], Policy());
+ AliasVector trusted_aliasv = { "trusted" };
+ test_positive(&ManagerAsync::saveCertificate, trusted_aliasv[0], trustedv[0], Policy());
test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
EMPTY_ALIAS_VECTOR,
- EMPTY_ALIAS_VECTOR,
+ trusted_aliasv,
true);
test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
aliasv,
- EMPTY_ALIAS_VECTOR,
+ trusted_aliasv,
true);
}
RUNNER_TEST(TA1450_get_certificate_chain_positive, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
+ CertificateShPtr cert = getTestCertificate(TEST_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(TEST_IM_CA) };
+ CertificateShPtrVector trustedv = { getTestCertificate(TEST_ROOT_CA) };
test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
3,
cert,
certv,
- EMPTY_CERT_VECTOR,
- true);
+ trustedv,
+ false);
AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(OCSP_AVAILABLE_IM), Policy());
+ AliasVector trusted_aliasv = { "trusted" };
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], certv[0], Policy());
+ test_positive(&ManagerAsync::saveCertificate, trusted_aliasv[0], trustedv[0], Policy());
test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
3,
cert,
aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
+ trusted_aliasv,
+ false);
}
RUNNER_TEST(TA1720_ocsp_check_negative, UserEnv)
{
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_LEAF), getTestCertificate(OCSP_AVAILABLE_LEAF) };
+ CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM), getTestCertificate(OCSP_AVAILABLE_IM) };
auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
RUNNER_TEST(TA1750_ocsp_check_positive, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
+ CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_IM);
+ CertificateShPtrVector certv;
auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
cert,
certv,
ckmc_cert_s* cert = NULL;
assert_positive(ckmc_cert_new,
- reinterpret_cast<unsigned char*>(const_cast<char*>(cert_raw.c_str())),
+ reinterpret_cast<unsigned char*>(cert_raw.data()),
cert_raw.size(),
CKMC_FORM_PEM,
&cert);
ChainVerifierBase();
virtual ~ChainVerifierBase();
- void addTrusted(TestData::certificateID idx);
+ virtual void addTrusted(TestData::certificateID idx);
void addUntrusted(TestData::certificateID idx);
- void enableSystem(bool enable);
+ void disableSystem();
- virtual void verifyPositive(TestData::certificateID idx, size_t expected) = 0;
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED) = 0;
+ virtual void verifyPositive(TestData::certificateID idx, size_t expected) const = 0;
+ virtual void verifyNegative(TestData::certificateID idx,
+ int error = CKMC_ERROR_VERIFICATION_FAILED) const = 0;
protected:
void addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert);
addAlias(m_untrustedAliases, ss.str().c_str());
}
-void ChainVerifierBase::enableSystem(bool enable)
+void ChainVerifierBase::disableSystem()
{
- m_system = enable;
+ m_system = false;
}
void ChainVerifierBase::addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert)
class ChainVerifierOld : public ChainVerifierBase {
public:
- virtual void verifyPositive(TestData::certificateID idx, size_t expected);
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
+ void addTrusted(TestData::certificateID) override {
+ RUNNER_FAIL_MSG("Old API does not support trusted certificates");
+ }
+ void verifyPositive(TestData::certificateID idx, size_t expected) const override;
+ void verifyNegative(TestData::certificateID idx,
+ int error = CKMC_ERROR_VERIFICATION_FAILED) const override;
};
class ChainVerifier : public ChainVerifierBase {
public:
- virtual void verifyPositive(TestData::certificateID idx, size_t expected);
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
+ void verifyPositive(TestData::certificateID idx, size_t expected) const override;
+ void verifyNegative(TestData::certificateID idx,
+ int error = CKMC_ERROR_VERIFICATION_FAILED) const override;
};
-void ChainVerifierOld::verifyPositive(TestData::certificateID idx, size_t expected)
+void ChainVerifierOld::verifyPositive(TestData::certificateID idx, size_t expected) const
{
ckmc_cert_s* cert = create_cert(idx);
ckmc_cert_free(cert);
}
-void ChainVerifier::verifyPositive(TestData::certificateID idx, size_t expected)
+void ChainVerifier::verifyPositive(TestData::certificateID idx, size_t expected) const
{
ckmc_cert_s* cert = create_cert(idx);
ckmc_cert_free(cert);
}
-void ChainVerifierOld::verifyNegative(TestData::certificateID idx, int error)
+void ChainVerifierOld::verifyNegative(TestData::certificateID idx, int error) const
{
ckmc_cert_s* cert = create_cert(idx);
ckmc_cert_free(cert);
}
-void ChainVerifier::verifyNegative(TestData::certificateID idx, int error)
+void ChainVerifier::verifyNegative(TestData::certificateID idx, int error) const
{
ckmc_cert_s* cert = create_cert(idx);
remove_user_data(APP_UID);
ChainVerifierOld cv;
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
- cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
- cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3); // including system cert
+ cv.verifyNegative(TestData::TEST_LEAF);
+
+ cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // including system cert
+
+ cv.addUntrusted(TestData::TEST_IM_CA);
+ cv.verifyNegative(TestData::TEST_LEAF);
+
+ cv.addUntrusted(TestData::TEST_ROOT_CA);
cv.verifyNegative(TestData::TEST_LEAF);
}
remove_user_data(APP_UID);
ChainVerifierOld cv;
- cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // including system cert
+ cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // including system cert
}
// check invalid arguments
{
remove_user_data(APP_UID);
- ckmc_cert_s* ca2 = create_cert(TestData::THIRD_PARTY_LEAF);
- ckmc_cert_s* ca1 = create_cert(TestData::THIRD_PARTY_IM_CA);
+ ckmc_cert_s* leaf = create_cert(TestData::TEST_LEAF);
+ ckmc_cert_s* ca = create_cert(TestData::TEST_IM_CA);
+ ckmc_cert_s* root = create_cert(TestData::TEST_ROOT_CA);
ckmc_cert_list_s* chain = NULL;
// cert
- CertListPtr untrusted_c = create_cert_list(ca1, NULL);
- ca1 = NULL;
+ CertListPtr untrusted_c = create_cert_list(ca, NULL);
+ ca = NULL;
+ CertListPtr trusted_c = create_cert_list(root, NULL);
assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
NULL_CERT,
untrusted_c.get(),
- untrusted_c.get(),
+ trusted_c.get(),
true,
&chain);
assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
- ca2,
- untrusted_c.get(),
+ leaf,
untrusted_c.get(),
+ trusted_c.get(),
true,
NULL_CHAIN);
- ckmc_cert_free(ca2);
+ ckmc_cert_free(leaf);
}
/*
* This test verifies that chain of trust won't be successfully built unless system or trusted
- * certificates are used even if real trusted root ca certs are used as untrusted.
+ * certificates are used.
*/
RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
{
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.enableSystem(false);
- cv.verifyNegative(TestData::THIRD_PARTY_ROOT_CA);
+ cv.disableSystem();
+ cv.verifyNegative(TestData::OCSP_AVAILABLE_IM);
+ cv.verifyNegative(TestData::OCSP_ROOT_CA);
- cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
+ cv.addUntrusted(TestData::OCSP_ROOT_CA);
+ cv.verifyNegative(TestData::OCSP_AVAILABLE_IM);
}
/*
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.enableSystem(false);
+ cv.disableSystem();
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.verifyPositive(TestData::TEST_IM_CA, 2);
cv.verifyNegative(TestData::TEST_LEAF);
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // including system cert
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
+ cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // including system cert
+ cv.verifyNegative(TestData::TEST_ROOT_CA);
}
/*
ChainVerifier cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.verifyPositive(TestData::TEST_IM_CA, 2); // signed by trusted cert (TEST_ROOT_CA)
- cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // signed by system cert (THIRD_PARTY_ROOT_CA)
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
-}
-
-RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
-{
- remove_user_data(APP_UID);
-
- ChainVerifier cv;
- cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
- cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3); // including system cert
+ cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // signed by system cert (OCSP_ROOT_CA)
cv.verifyNegative(TestData::TEST_LEAF);
}
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.enableSystem(false);
+ cv.disableSystem();
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addUntrusted(TestData::TEST_IM_CA);
cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
+ cv.verifyNegative(TestData::OCSP_AVAILABLE_IM);
}
/*
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.enableSystem(false);
+ cv.disableSystem();
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addTrusted(TestData::TEST_IM_CA);
cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
-}
-
-RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
-{
- remove_user_data(APP_UID);
-
- ChainVerifier cv;
- cv.enableSystem(true);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
-
- cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3);
- cv.verifyNegative(TestData::TEST_LEAF);
+ cv.verifyNegative(TestData::OCSP_AVAILABLE_IM);
}
RUNNER_TEST(TCCH_9999_deinit)
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
char* password = NULL;
ckmc_cert_s *cert2;
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
char* password = NULL;
ckmc_cert_s cert;
CKMCReadableError(temp));
}
-RUNNER_TEST(T30210_certificate_with_DSA_key_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
-
- char* password = NULL;
- ckmc_cert_s *cert2 = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- CKM::Alias alias = "test-cert-1-DSA";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-
- ckmc_cert_free(cert2);
-}
-
RUNNER_TEST(T30211_deinit_C_API)
{
int temp;
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
{
- std::string ee = TestData::getTestCertificateBase64(TestData::OCSP_AVAILABLE_LEAF);
std::string im = TestData::getTestCertificateBase64(TestData::OCSP_AVAILABLE_IM);
ckmc_cert_s c_cert;
- c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
- c_cert.cert_size = ee.size();
+ c_cert.raw_cert = reinterpret_cast<unsigned char *>(im.data());
+ c_cert.cert_size = im.size();
c_cert.data_format = CKMC_FORM_PEM;
- ckmc_cert_s c_cert1;
- c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
- c_cert1.cert_size = im.size();
- c_cert1.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_list_s untrustedcerts;
- untrustedcerts.cert = &c_cert1;
- untrustedcerts.next = NULL;
-
ckmc_cert_list_s *cert_chain_list;
- int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+ int tmp = ckmc_get_cert_chain(&c_cert, NULL, &cert_chain_list);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
ckmc_raw_buffer_s *signature;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pripolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = const_cast<char *>(key_passwd);
ckmc_raw_buffer_s *signature;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pubpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
ckmc_raw_buffer_s *signature;
ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
cert.cert_size = pub.size();
cert.data_format = CKMC_FORM_PEM;
certpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
{
int temp;
- const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
"MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
"BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
"YMYCBhubtrVaLmc=\n"
"-----END PUBLIC KEY-----";
- const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
"MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
"NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
"ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
ckmc_raw_buffer_s *signature = NULL;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pripolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(priv.data());
prikey.key_size = priv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = NULL;
ckmc_raw_buffer_s *signature;
ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
cert.cert_size = pub.size();
cert.data_format = CKMC_FORM_PEM;
certpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
- unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned char *raw_key = reinterpret_cast<unsigned char *>(keyPem.data());
unsigned int key_size = keyPem.size();
ckmc_key_type_e key_type = CKMC_KEY_NONE;
char *password = const_cast< char *>("");
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
- unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned char *data = reinterpret_cast<unsigned char *>(keyPem.data());
unsigned int size = keyPem.size();
ckmc_raw_buffer_s *buff;
RUNNER_TEST(T3094_CAPI_TYPE_CERT)
{
- std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
- unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
+ unsigned char *raw_cert = reinterpret_cast<unsigned char *>(certPem.data());
unsigned int size = certPem.size();
ckmc_data_format_e form = CKMC_FORM_PEM;
{
int ret;
- std::string certStr = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
+ std::string certStr = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
const char *file_name = "/tmp/ckmc_test_cert.pem";
remove(file_name);
int temp;
auto manager = CKM::Manager::create();
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::CertificateShPtr cert2;
CKM::Alias alias = "myCert";
auto manager = CKM::Manager::create();
CKM::AliasPwdVector expected;
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
std::string currentAlias;
size_t beforeSaveAliasCount = count_aliases(ALIAS_CERT);
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::Alias alias; //alias is not initialized
int temp;
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::Alias alias = "iamsomebodyelse alias";
int temp;
RUNNER_TEST(T13129_get_chain)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::TEST_IM_CA);
+ auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
CKM::CertificateShPtrVector certVector = {cert1};
CKM::CertificateShPtrVector certChain;
+ CKM::CertificateShPtrVector trusted = {root};
int tmp;
auto manager = CKM::Manager::create();
tmp = manager->getCertificateChain(cert,
EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
+ trusted,
true,
certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
0 == certChain.size(),
"Wrong size of certificate chain.");
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, certVector, trusted, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
RUNNER_TEST(T1313_get_chain_with_alias)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::TEST_IM_CA);
+ auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
CKM::CertificateShPtrVector certChain;
- CKM::AliasVector aliasVector;
- CKM::Alias alias = "imcert";
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, EMPTY_ALIAS_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
"Error=" << CKM::APICodeToString(tmp));
0 == certChain.size(),
"Wrong size of certificate chain.");
+ CKM::AliasVector aliasVector = { "imcert" };
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
+ CKM_API_SUCCESS == (tmp = manager->saveCertificate(aliasVector[0], cert1, CKM::Policy())),
"Error=" << CKM::APICodeToString(tmp));
- aliasVector.push_back(alias);
+ CKM::AliasVector trustedAliasVector = { "rootcert" };
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->saveCertificate(trustedAliasVector[0], root, CKM::Policy())),
+ "Error=" << CKM::APICodeToString(tmp));
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, aliasVector, trustedAliasVector, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
RUNNER_TEST(T13141_ocsp_check_valid_chain)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
- CKM::CertificateShPtrVector certVector = {cert1};
+ auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+
CKM::CertificateShPtrVector certChain;
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::APICodeToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
+ 2 == certChain.size(),
"Wrong size of certificate chain.");
int status;
RUNNER_TEST(T13144_ocsp_check_root)
{
- auto root = TestData::getTestCertificate(TestData::THIRD_PARTY_ROOT_CA);
+ auto root = TestData::getTestCertificate(TestData::OCSP_ROOT_CA);
CKM::CertificateShPtrVector certVector = {root};
auto manager = CKM::Manager::create();
projects / platform / core / test / security-tests.git / commitdiff