TEST_F(CACertsTests, test_certificate_properties) {
std::string subject, common_name, issuer;
genCommonName(x_cert, subject, common_name, issuer);
EXPECT_EQ("localhost.localdomain", common_name);
OSX_OPENSSL(X509_check_ca(x_cert));
auto skid = genKIDProperty(x_cert->skid->data, x_cert->skid->length);
EXPECT_EQ("f2b99b00e0ee60d57c426ce3e64e3fdc6f6411c0", skid);
auto not_before = std::to_string(genEpoch(X509_get_notBefore(x_cert)));
EXPECT_EQ("1408475536", not_before);
auto ca = (CertificateIsCA(x_cert)) ? "1" : "0";
EXPECT_EQ("1", ca);
}
int PKI_X509_CERT_is_ca(const PKI_X509_CERT *x) {
return X509_check_ca(x->value);
}
bool CertificateIsCA(X509* cert) {
return (X509_check_ca(cert) > 0);
}
bool CertificateIsCA(X509* cert) {
int ca = X509_check_ca(cert);
return (ca > 0);
}
void check(unsigned char *cert_buffer, size_t cert_len, CertFormat format, CertType type)
{
X509_NAME *issuer;
X509_NAME *subject;
int ret;
X509 *x509;
int ca;
struct tm tm_before;
struct tm tm_after;
Clear();
x509 = LoadCert(cert_buffer, cert_len, format);
if (x509 == NULL)
{
SetError(ERR_INVALID);
return;
}
ca = X509_check_ca(x509);
if (ca > 0 && type == SubscriberCertificate)
{
SetWarning(WARN_CHECKED_AS_SUBSCRIBER);
}
else if (ca == 0 && type != SubscriberCertificate)
{
SetWarning(WARN_CHECKED_AS_CA);
}
ret = X509_get_version(x509);
if (ret != 2)
{
SetError(ERR_NOT_VERSION3);
}
//CheckASN1_integer(x509->cert_info->version);
issuer = X509_get_issuer_name(x509);
if (issuer == NULL)
{
SetError(ERR_INVALID);
return;
}
CheckDN(issuer);
CheckSerial(x509);
CheckTime(x509, &tm_before, &tm_after, type);
/* Required by CAB base 9.1.3 */
if (!IsNameObjPresent(issuer, obj_organizationName))
{
SetError(ERR_ISSUER_ORG_NAME);
}
/* Required by CAB base 9.1.4 */
if (!IsNameObjPresent(issuer, obj_countryName))
{
SetError(ERR_ISSUER_COUNTRY);
}
subject = X509_get_subject_name(x509);
if (subject == NULL)
{
SetError(ERR_INVALID);
return;
}
CheckDN(subject);
CheckDuplicateExtensions(x509);
/* Prohibited in CAB base 7.1.4.2.2d */
if (!IsNameObjPresent(subject, obj_organizationName)
&& !IsNameObjPresent(subject, obj_givenName)
&& !IsNameObjPresent(subject, obj_surname)
&& IsNameObjPresent(subject, obj_StreetAddress))
{
SetError(ERR_SUBJECT_ADDR);
}
/* Required in CAB base 7.1.4.2.2e and 7.1.4.2.2f */
if (((IsNameObjPresent(subject, obj_organizationName) && type == SubscriberCertificate) ||
IsNameObjPresent(subject, obj_givenName) ||
IsNameObjPresent(subject, obj_surname))
&& !IsNameObjPresent(subject, obj_stateOrProvinceName)
&& !IsNameObjPresent(subject, obj_localityName))
{
SetError(ERR_SUBJECT_ORG_NO_PLACE);
}
/* Prohibited in CAB base 7.1.4.2.2e or 7.1.4.2.2f */
if (!IsNameObjPresent(subject, obj_organizationName)
&& !IsNameObjPresent(subject, obj_givenName)
&& !IsNameObjPresent(subject, obj_surname)
&& (IsNameObjPresent(subject, obj_localityName)
|| IsNameObjPresent(subject, obj_stateOrProvinceName)))
{
SetError(ERR_SUBJECT_NO_ORG_PLACE);
}
/* Required by CAB base 7.1.4.2.2g */
if (!IsNameObjPresent(subject, obj_organizationName)
&& !IsNameObjPresent(subject, obj_givenName)
&& !IsNameObjPresent(subject, obj_surname)
&& IsNameObjPresent(subject, obj_postalCode))
{
SetError(ERR_SUBJECT_POSTAL);
}
/* Required by CAB base 7.1.4.2.2h */
if ((IsNameObjPresent(subject, obj_organizationName) ||
IsNameObjPresent(subject, obj_givenName) ||
IsNameObjPresent(subject, obj_surname))
&& !IsNameObjPresent(subject, obj_countryName))
{
SetError(ERR_SUBJECT_COUNTRY);
}
CheckPolicy(x509, type, subject);
CheckEKU(x509, type);
CheckSAN(x509, type);
/* Deprecated in CAB base 7.1.4.2.2a */
if (IsNameObjPresent(subject, obj_commonName))
{
if (type == SubscriberCertificate)
{
SetInfo(INF_SUBJECT_CN);
}
}
else if (type != SubscriberCertificate)
{
SetWarning(WARN_NO_CN);
}
CheckCRL(x509);
CheckAIA(x509, type);
CheckPublicKey(x509, tm_after);
X509_free(x509);
}
bool CertificateIsCA(X509* cert) {
int ca = 0;
OSX_OPENSSL(ca = X509_check_ca(cert));
return (ca > 0);
}