TEST_F(CACertsTests, test_certificate_properties) {
  std::string subject, common_name, issuer;
  genCommonName(x_cert, subject, common_name, issuer);
  EXPECT_EQ("localhost.localdomain", common_name);

  OSX_OPENSSL(X509_check_ca(x_cert));
  auto skid = genKIDProperty(x_cert->skid->data, x_cert->skid->length);
  EXPECT_EQ("f2b99b00e0ee60d57c426ce3e64e3fdc6f6411c0", skid);

  auto not_before = std::to_string(genEpoch(X509_get_notBefore(x_cert)));
  EXPECT_EQ("1408475536", not_before);

  auto ca = (CertificateIsCA(x_cert)) ? "1" : "0";
  EXPECT_EQ("1", ca);
}
Beispiel #2
0
int PKI_X509_CERT_is_ca(const PKI_X509_CERT *x) {
  return X509_check_ca(x->value);
}
bool CertificateIsCA(X509* cert) {
  return (X509_check_ca(cert) > 0);
}
Beispiel #4
0
bool CertificateIsCA(X509* cert) {
  int ca = X509_check_ca(cert);
  return (ca > 0);
}
Beispiel #5
0
void check(unsigned char *cert_buffer, size_t cert_len, CertFormat format, CertType type)
{
	X509_NAME *issuer;
	X509_NAME *subject;
	int ret;
	X509 *x509;
	int ca;
	struct tm tm_before;
	struct tm tm_after;

	Clear();

	x509 = LoadCert(cert_buffer, cert_len, format);
	if (x509 == NULL)
	{
		SetError(ERR_INVALID);
		return;
	}

	ca = X509_check_ca(x509);
	if (ca > 0 && type == SubscriberCertificate)
	{
		SetWarning(WARN_CHECKED_AS_SUBSCRIBER);
	}
	else if (ca == 0 && type != SubscriberCertificate)
	{
		SetWarning(WARN_CHECKED_AS_CA);
	}

	ret = X509_get_version(x509);
	if (ret != 2)
	{
		SetError(ERR_NOT_VERSION3);
	}
	//CheckASN1_integer(x509->cert_info->version);

	issuer = X509_get_issuer_name(x509);
	if (issuer == NULL)
	{
		SetError(ERR_INVALID);
		return;
	}
	CheckDN(issuer);

	CheckSerial(x509);
	CheckTime(x509, &tm_before, &tm_after, type);

	/* Required by CAB base 9.1.3 */
	if (!IsNameObjPresent(issuer, obj_organizationName))
	{
		SetError(ERR_ISSUER_ORG_NAME);
	}

	/* Required by CAB base 9.1.4 */
	if (!IsNameObjPresent(issuer, obj_countryName))
	{
		SetError(ERR_ISSUER_COUNTRY);
	}

	subject = X509_get_subject_name(x509);
	if (subject == NULL)
	{
		SetError(ERR_INVALID);
		return;
	}
	CheckDN(subject);

	CheckDuplicateExtensions(x509);

	/* Prohibited in CAB base 7.1.4.2.2d */
	if (!IsNameObjPresent(subject, obj_organizationName)
		&& !IsNameObjPresent(subject, obj_givenName)
		&& !IsNameObjPresent(subject, obj_surname)
		&& IsNameObjPresent(subject, obj_StreetAddress))
	{
		SetError(ERR_SUBJECT_ADDR);
	}

	/* Required in CAB base 7.1.4.2.2e and 7.1.4.2.2f */
	if (((IsNameObjPresent(subject, obj_organizationName) && type == SubscriberCertificate) ||
		IsNameObjPresent(subject, obj_givenName) ||
		IsNameObjPresent(subject, obj_surname))
		&& !IsNameObjPresent(subject, obj_stateOrProvinceName)
		&& !IsNameObjPresent(subject, obj_localityName))
	{
		SetError(ERR_SUBJECT_ORG_NO_PLACE);
	}

	/* Prohibited in CAB base 7.1.4.2.2e or 7.1.4.2.2f */
	if (!IsNameObjPresent(subject, obj_organizationName)
		&& !IsNameObjPresent(subject, obj_givenName)
		&& !IsNameObjPresent(subject, obj_surname)
		&& (IsNameObjPresent(subject, obj_localityName)
			|| IsNameObjPresent(subject, obj_stateOrProvinceName)))
	{
		SetError(ERR_SUBJECT_NO_ORG_PLACE);
	}

	/* Required by CAB base 7.1.4.2.2g */
	if (!IsNameObjPresent(subject, obj_organizationName)
		&& !IsNameObjPresent(subject, obj_givenName)
		&& !IsNameObjPresent(subject, obj_surname)
		&& IsNameObjPresent(subject, obj_postalCode))
	{
		SetError(ERR_SUBJECT_POSTAL);
	}

	/* Required by CAB base 7.1.4.2.2h */
	if ((IsNameObjPresent(subject, obj_organizationName) ||
		IsNameObjPresent(subject, obj_givenName) ||
		IsNameObjPresent(subject, obj_surname))
		&& !IsNameObjPresent(subject, obj_countryName))
	{
		SetError(ERR_SUBJECT_COUNTRY);
	}

	CheckPolicy(x509, type, subject);
	CheckEKU(x509, type);
	CheckSAN(x509, type);

	/* Deprecated in CAB base 7.1.4.2.2a */
	if (IsNameObjPresent(subject, obj_commonName))
	{
		if (type == SubscriberCertificate)
		{
			SetInfo(INF_SUBJECT_CN);
		}
	}
	else if (type != SubscriberCertificate)
	{
		SetWarning(WARN_NO_CN);
	}

	CheckCRL(x509);
	CheckAIA(x509, type);
	CheckPublicKey(x509, tm_after);

	X509_free(x509);
}
Beispiel #6
0
bool CertificateIsCA(X509* cert) {
  int ca = 0;
  OSX_OPENSSL(ca = X509_check_ca(cert));
  return (ca > 0);
}