Implement cert chain validation.validate_certchain

NOTE0: Presence of and constraints on names are not being validated. NOTE1: Validation not invoked at submission yet.
author: Linus Nordberg <linus@nordberg.se> 2014-10-15 16:03:25 +0200
committer: Linus Nordberg <linus@nordberg.se> 2014-10-15 16:03:25 +0200
commit: 7f40204f43f12009774bff37b5248145eb033c4e (patch)
tree: f01a62dfda76eb03d46e8669ce4c79559db4d070 /src/x509_test.erl
parent: f3f35b9a4140830e97b5382bc22fc2e78be7124b (diff)
1 files changed, 53 insertions, 0 deletions
diff --git a/src/x509_test.erl b/src/x509_test.erl
new file mode 100644
index 0000000..c06bc8b
--- /dev/null
+++ b/src/x509_test.erl
@@ -0,0 +1,53 @@
+-module(x509_test).
+
+-include_lib("eunit/include/eunit.hrl").
+
+%% remove_poison_test_() ->
+%%     {foreach,
+%%      fun() -> {ok, Pem} = file:read(File), Pem end,
+%%      fun(_) -> ok end,
+%%      fun(ChainPem) ->
+%%              [CleanPem = x509:detox_precert(ChainPem),
+%%               ?_assertEqual(CleanPem, )]
+%%                  }.
+
+-include("x509_test.hrl").
+valid_cert_test_() ->
+    C0 = ?C0,
+    C1 = ?C1,
+    [
+     %% Root not in chain but in trust store.
+     ?_assertMatch(true, x509:valid_chain_p([C1], [C0], 10)),
+     ?_assertMatch(true, x509:valid_chain_p([C1], [C0], 2)),
+     %% Chain too long.
+     ?_assertMatch(false, x509:valid_chain_p([C1], [C0], 1)),
+     %% Root in chain and in trust store.
+     ?_assertMatch(true, x509:valid_chain_p([C1], [C0, C1], 2)),
+     %% Chain too long.
+     ?_assertMatch(false, x509:valid_chain_p([C1], [C0, C1], 1)),
+     %% Root not in trust store.
+     ?_assertMatch(false, x509:valid_chain_p([], [C0, C1], 10)),
+     %% Invalid signer.
+     ?_assertMatch(false, x509:valid_chain_p([C0], [C0, C1], 10)),
+     ?_assertMatch(false, x509:valid_chain_p([C0], [C1], 10)),
+     %% Selfsigned. Actually OK.
+     ?_assertMatch(true, x509:valid_chain_p([C0], [C0], 10)),
+     ?_assertMatch(true, x509:valid_chain_p([C0], [C0], 1)),
+     %% Max chain length 0 is not OK.
+     ?_assertMatch(false, x509:valid_chain_p([C0], [C0], 0))
+     %% ?_assertMatch(true, x509:valid_chain_p(certs_from_file(certfile(cabundle)),
+     %%                                        certs_from_file(certfile(0)))),
+     %% ?_assertEqual(false, x509:valid_chain_p(certs_from_file(certfile(cabundle)),
+     %%                                         certs_from_file(certfile(1))))
+    ].
+
+certfile(cabundle) ->
+    "../certs/testcerts/acceptable_roots.pem";
+certfile(0) ->
+    "../certs/testcerts/cert1.txt";
+certfile(1) ->
+    "../certs/testcerts/cert2.txt".
+
+certs_from_file(Fname) ->
+    {ok, Pems}  = file:read_file(Fname),
+    public_key:pem_decode(Pems).
author	Linus Nordberg <linus@nordberg.se>	2014-10-15 16:03:25 +0200
committer	Linus Nordberg <linus@nordberg.se>	2014-10-15 16:03:25 +0200
commit	7f40204f43f12009774bff37b5248145eb033c4e (patch)
tree	f01a62dfda76eb03d46e8669ce4c79559db4d070 /src/x509_test.erl
parent	f3f35b9a4140830e97b5382bc22fc2e78be7124b (diff)