Esempio n. 1
0
/*
 * This test attempts to use a self-signed client certificate to
 * verify cert chain will reject a cert that has not been
 * signed by a valid CA.  This should fail.
 */
static void us901_test13(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('D');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);
    rv = curl_http_post_cert(US901_ENROLL_URL,
    US901_PKCS10_CT,
    US901_PKCS10_REQ,
    US901_SELFSIGN_CERT,
    US901_SELFSIGN_KEY,
    US901_CACERTS,
    NULL);

    /*
     * Since the client cert is not signed by either the local CA
     * or external CA, the TLS handshake will fail.
     * We will not receive an HTTP status message
     * from the server.
     */
    CU_ASSERT(rv == 0);
    st_stop();
}
Esempio n. 2
0
/*
 * This test attempts to use a revoked client certificate to
 * verify CRL checks are working in the TLS layer.
 * This should fail.
 */
static void us901_test12(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('R');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);
    rv = curl_http_post_cert(US901_ENROLL_URL,
    US901_PKCS10_CT,
    US901_PKCS10_REQ,
    US901_REVOKED_CERT,
    US901_REVOKED_KEY,
    US901_CACERTS,
    NULL);

    /*
     * Since the client cert has been revoked the TLS handshake
     * will fail.  The EST server should return a 401 response.
     */
    CU_ASSERT(rv == 0);
    st_stop();
}
Esempio n. 3
0
/*
 * This test attempts to use a client certificate to
 * verify the TLS client authentiaiton is working.
 * The certificate used is signed by the implicit cert
 * chain. This should succeed.
 */
static void us901_test11(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('N');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);
    rv = curl_http_post_cert(US901_ENROLL_URL,
    US901_PKCS10_CT,
    US901_PKCS10_REQ,
    US901_IMPLICIT_CERT,
    US901_IMPLICIT_KEY,
    US901_CACERTS,
    NULL);
    /*
     * Since we passed in a valid userID/password,
     * we expect the server to respond with 200
     */
    CU_ASSERT(rv == 200);
    st_stop();
    SLEEP(1);
}
Esempio n. 4
0
File: us894.c Progetto: DDvO/libest
/*
 * This test attempts to use a client certificate to
 * verify the TLS client authentication is working.  
 * The certificate used is signed by the implicit cert
 * chain. This should succeed.
 */
static void us894_test11 (void)
{
    long rv;

    LOG_FUNC_NM;
    
    rv = st_proxy_http_disable(1);
    if (rv == -1) {
        printf("Could not set HTTP authentication callback\n");
        return;
    }        
    
    sleep(1);
    rv = curl_http_post_cert(US894_ENROLL_URL, 
	US894_PKCS10_CT, 
	US894_PKCS10_REQ, 
        US894_IMPLICIT_CERT, 
	US894_IMPLICIT_KEY,
	US894_CACERTS,
	NULL);
    /* 
     * Since we passed in a valid userID/password,
     * we expect the server to respond with 200
     */
    CU_ASSERT(rv == 200);

    rv = st_proxy_http_disable(0);
    if (rv == -1) {
        printf("Could not set HTTP authentication callback\n");
        return;
    }    
}
Esempio n. 5
0
File: us894.c Progetto: DDvO/libest
/*
 * This test attempts to use a revoked client certificate to
 * verify CRL checks are working in the TLS layer.   
 * This should fail.
 */
static void us894_test12 (void)
{
    long rv;

    LOG_FUNC_NM;
    
    st_proxy_stop();
    rv = st_proxy_start(US894_TCP_PROXY_PORT, 
                        US894_PROXY_CERT,
                        US894_PROXY_KEY,
                        "estrealm",
                        US894_CACERT,
                        "US894/trustedcertsandcrl.crt",
                        "estuser",
                        "estpwd",
                        "127.0.0.1",
                        US894_TCP_SERVER_PORT,
                        0,  // disable PoP
                        0);  // ecdhe nid info
    
    
    sleep(1);
    rv = curl_http_post_cert(US894_ENROLL_URL, 
	US894_PKCS10_CT, 
	US894_PKCS10_REQ, 
        US894_REVOKED_CERT, 
	US894_REVOKED_KEY,
	US894_CACERTS,
	NULL);

    /* 
     * Since the client cert has been revoked the TLS handshake
     * will fail.  The EST server should return a 401 response.
     */
    CU_ASSERT(rv == 0);

    st_proxy_stop();
    rv = st_proxy_start(US894_TCP_PROXY_PORT, 
                        US894_PROXY_CERT,
                        US894_PROXY_KEY,
                        "estrealm",
                        US894_CACERT,
                        "CA/trustedcerts.crt",
                        "estuser",
                        "estpwd",
                        "127.0.0.1",
                        US894_TCP_SERVER_PORT,
                        0,  // disable PoP
                        0);  // ecdhe nid info    
}
Esempio n. 6
0
File: us894.c Progetto: DDvO/libest
/*
 * This test attempts to use a self-signed client certificate to
 * verify cert chain will reject a cert that has not been
 * signed by a valid CA.  This should fail.
 */
static void us894_test13 (void)
{
    long rv;

    LOG_FUNC_NM;
    
    sleep(1);
    rv = curl_http_post_cert(US894_ENROLL_URL, 
	US894_PKCS10_CT, 
	US894_PKCS10_REQ, 
        US894_SELFSIGN_CERT, 
	US894_SELFSIGN_KEY,
	US894_CACERTS,
	NULL);

    /* 
     * Since the client cert is not signed by either the local CA
     * or external CA, the TLS handshake will fail.
     * We will not receive an HTTP status message
     * from the server.
     */
    CU_ASSERT(rv == 0);
}