1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
-module(x509_test).
-include_lib("eunit/include/eunit.hrl").
%% remove_poison_test_() ->
%% {foreach,
%% fun() -> {ok, Pem} = file:read(File), Pem end,
%% fun(_) -> ok end,
%% fun(ChainPem) ->
%% [CleanPem = x509:detox_precert(ChainPem),
%% ?_assertEqual(CleanPem, )]
%% }.
-include("x509_test.hrl").
valid_cert_test_() ->
C0 = ?C0,
C1 = ?C1,
[
%% Root not in chain but in trust store.
?_assertMatch(true, x509:valid_chain_p([C1], [C0], 10)),
?_assertMatch(true, x509:valid_chain_p([C1], [C0], 2)),
%% Chain too long.
?_assertMatch(false, x509:valid_chain_p([C1], [C0], 1)),
%% Root in chain and in trust store.
?_assertMatch(true, x509:valid_chain_p([C1], [C0, C1], 2)),
%% Chain too long.
?_assertMatch(false, x509:valid_chain_p([C1], [C0, C1], 1)),
%% Root not in trust store.
?_assertMatch(false, x509:valid_chain_p([], [C0, C1], 10)),
%% Invalid signer.
?_assertMatch(false, x509:valid_chain_p([C0], [C0, C1], 10)),
?_assertMatch(false, x509:valid_chain_p([C0], [C1], 10)),
%% Selfsigned. Actually OK.
?_assertMatch(true, x509:valid_chain_p([C0], [C0], 10)),
?_assertMatch(true, x509:valid_chain_p([C0], [C0], 1)),
%% Max chain length 0 is not OK.
?_assertMatch(false, x509:valid_chain_p([C0], [C0], 0))
%% ?_assertMatch(true, x509:valid_chain_p(certs_from_file(certfile(cabundle)),
%% certs_from_file(certfile(0)))),
%% ?_assertEqual(false, x509:valid_chain_p(certs_from_file(certfile(cabundle)),
%% certs_from_file(certfile(1))))
].
certfile(cabundle) ->
"../certs/testcerts/acceptable_roots.pem";
certfile(0) ->
"../certs/testcerts/cert1.txt";
certfile(1) ->
"../certs/testcerts/cert2.txt".
certs_from_file(Fname) ->
{ok, Pems} = file:read_file(Fname),
public_key:pem_decode(Pems).
|
