summaryrefslogtreecommitdiff
path: root/trust/tests/files
Commit message (Collapse)AuthorAgeFilesLines
* trust: Parse TRUSTED CERTIFICATE openssl format even without CertAuxStef Walter2014-08-081-0/+27
| | | | | | | | openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the additional CertAux (ie: trust fields) information. It simply leaves that block out. This happens with a command like: $ openssl x509 -in my-cert.pem -out output -trustout
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-042-40/+28
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* Reorganize various componentsStef Walter2013-06-2510-0/+426
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* hash: Add the murmur2 hash and start using itStef Walter2013-03-201-2/+2
| | | | | | | | | | | Add implementation of the murmur2 hash function, and start using it for our dictionaries. Our implementation is incremental like our other hash functions. Also remove p11_oid_hash() which wasn't being used. In addition fix several tests whose success was based on the way that the dictionary hashed. This was a hidden testing bug.
* trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by defaultStef Walter2013-03-151-0/+0
| | | | | | | This is what's recommended by the spec, and allows stapled extensions to hang off a predictable CKA_ID. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* trust: Rework input path treatmentStef Walter2013-03-152-0/+0
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* pem: Fix a bug decoding some PEM filesStef Walter2013-03-151-0/+25
| | | | | When bringing over the BSD base64 code, there was a regression. In addition add some tests for the base64 stuff.
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-051-0/+0
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Implement stapled certificate extensions internallyStef Walter2013-02-051-0/+0
| | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
* Test a TRUSTED CERTIFICATE without any trust OIDsStef Walter2013-02-051-0/+23
|
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-051-0/+43
|
* Add support for parsing PEM filesStef Walter2013-02-051-0/+42
|
* Add basic trust moduleStef Walter2013-02-055-0/+1
This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.