LONGBOW_TEST_CASE(ccnx_internal, parcPkcs12KeyStore_GetEncodedCertificate)
{
// create a file and open it
const char *password = "******";
const char *subject = "alice";
bool result;
result = parcPkcs12KeyStore_CreateFile(filename, password, subject, 1024, 32);
assertTrue(result, "got error from parcPkcs12KeyStore_CreatePkcs12File");
PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open(filename, password, PARC_HASH_SHA256);
assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");
PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
parcPkcs12KeyStore_Release(&publicKeyStore);
PARCBuffer *certificate_der = parcKeyStore_GetDEREncodedCertificate(keyStore);
assertNotNull(certificate_der, "got null public key digest for external pkcs12");
// 557 (64-bit) and 553 (32-bit) are pre-etermined sizes of how big a DER encoded
// certificate with a 1024-bit key should be
size_t expectedMinimumLength = 545;
size_t expectedMaximumLength = 560;
size_t bb_length = parcBuffer_Remaining(certificate_der);
assertTrue(expectedMinimumLength <= bb_length && bb_length <= expectedMaximumLength,
"Digest unexpected size: got %zu expected %zu - %zu", bb_length, expectedMinimumLength, expectedMaximumLength);
parcKeyStore_Release(&keyStore);
parcBuffer_Release(&certificate_der);
}
/**
* Gets the DER encoded public key
*/
LONGBOW_TEST_CASE(openssl_commandline, parcPkcs12KeyStore_GetEncodedPublicKey)
{
PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "blueberry", PARC_HASH_SHA256);
PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
parcPkcs12KeyStore_Release(&publicKeyStore);
PARCPublicKeySigner *publicKeySigner = parcPublicKeySigner_Create(keyStore, PARCSigningAlgorithm_RSA, PARC_HASH_SHA256);
parcKeyStore_Release(&keyStore);
PARCSigner *signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
parcPublicKeySigner_Release(&publicKeySigner);
assertNotNull(signer, "Got null result from opening openssl pkcs12 file");
PARCBuffer *pubkey_der = parcKeyStore_GetDEREncodedPublicKey(parcSigner_GetKeyStore(signer));
assertNotNull(pubkey_der, "got null public key der for external pkcs12");
// read in the "truth" from the command line utilities
int fd = open("test_rsa_pub.der", O_RDONLY);
uint8_t true_der[1024];
ssize_t read_bytes = read(fd, true_der, 1024);
close(fd);
assertTrue(read_bytes == 162, "could not read %d byte digest from test_rsa_pub_sha256.bin", 162);
const uint8_t *bb_buffer = parcByteArray_Array(parcBuffer_Array(pubkey_der));
size_t bb_length = parcBuffer_Remaining(pubkey_der);
assertTrue(bb_length == read_bytes, "Incorrect digest length returned from GetCertificateDigest: %zu", bb_length);
assertTrue(memcmp(bb_buffer, true_der, read_bytes) == 0, "digests did not match");
parcSigner_Release(&signer);
parcBuffer_Release(&pubkey_der);
}
LONGBOW_TEST_CASE(ccnx_internal, parcPkcs12KeyStore_GetCertificateDigest)
{
// create a file and open it
const char *password = "******";
const char *subject = "alice";
bool result;
result = parcPkcs12KeyStore_CreateFile(filename, password, subject, 1024, 32);
assertTrue(result, "got error from parcPkcs12KeyStore_CreatePkcs12File");
PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open(filename, password, PARC_HASH_SHA256);
assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");
PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
parcPkcs12KeyStore_Release(&publicKeyStore);
PARCCryptoHash *cert_digest = parcKeyStore_GetCertificateDigest(keyStore);
assertNotNull(cert_digest, "got null public key digest for external pkcs12");
size_t bb_length = parcBuffer_Remaining(parcCryptoHash_GetDigest(cert_digest));
assertTrue(bb_length == SHA256_DIGEST_LENGTH,
"Incorrect digest length returned from GetPublicKeyDigest: %zu", bb_length);
parcKeyStore_Release(&keyStore);
parcCryptoHash_Release(&cert_digest);
}
LONGBOW_TEST_CASE(Global, parcPkcs12KeyStore_badpass)
{
// open our test p12 file created with openssl
fprintf(stderr, "The next openssl error is expected, we're using the wrong password\n");
PARCPkcs12KeyStore *keyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "orange", PARC_HASH_SHA256);
assertNull(keyStore, "Got null result from opening openssl pkcs12 file");
}
LONGBOW_TEST_CASE(Global, parcPkcs12KeyStore_Open)
{
// open our test p12 file created with openssl
parcSecurity_Init();
PARCPkcs12KeyStore *keyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "blueberry", PARC_HASH_SHA256);
assertNotNull(keyStore, "Got null result from opening openssl pkcs12 file");
parcPkcs12KeyStore_Release(&keyStore);
parcSecurity_Fini();
}
static _MockSigner *
_createSigner()
{
_MockSigner *signer = parcObject_CreateInstance(_MockSigner);
signer->hasher = parcCryptoHasher_Create(PARCCryptoHashType_SHA256);
PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "blueberry", PARCCryptoHashType_SHA256);
assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");
signer->keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
parcPkcs12KeyStore_Release(&publicKeyStore);
return signer;
}
PARCSigner *
component_Codec_GetSigner(RtaConnection *conn)
{
PARCSigner *signer = NULL;
SignerType signertype = signer_GetImplementationType(rtaConnection_GetParameters(conn));
switch (signertype) {
case SignerType_SymmetricKeySigner: {
struct symmetrickeysigner_params params;
bool success = symmetricKeySigner_GetConnectionParams(rtaConnection_GetParameters(conn), ¶ms);
assertTrue(success, "Could not retrieve symmetricKeySigner_GetConnectionParams");
PARCSymmetricKeyStore *symmetricKeyStore = parcSymmetricKeyStore_OpenFile(params.filename, params.password, PARCCryptoHashType_SHA256);
PARCSymmetricKeySigner *symmetricKeySigner = parcSymmetricKeySigner_Create(symmetricKeyStore, PARCCryptoHashType_SHA256);
parcSymmetricKeyStore_Release(&symmetricKeyStore);
signer = parcSigner_Create(symmetricKeySigner, PARCSymmetricKeySignerAsSigner);
parcSymmetricKeySigner_Release(&symmetricKeySigner);
assertNotNull(signer, "got null opening FileKeystore '%s'\n", params.filename);
break;
}
case SignerType_PublicKeySigner: {
struct publickeysigner_params params;
bool success = publicKeySigner_GetConnectionParams(rtaConnection_GetParameters(conn), ¶ms);
assertTrue(success, "Could not retrieve publicKeySigner_GetConnectionParams");
PARCPkcs12KeyStore *pkcs12KeyStore = parcPkcs12KeyStore_Open(params.filename, params.password, PARCCryptoHashType_SHA256);
PARCKeyStore *keyStore = parcKeyStore_Create(pkcs12KeyStore, PARCPkcs12KeyStoreAsKeyStore);
parcPkcs12KeyStore_Release(&pkcs12KeyStore);
PARCPublicKeySigner *publicKeySigner = parcPublicKeySigner_Create(keyStore, PARCSigningAlgorithm_RSA, PARCCryptoHashType_SHA256);
parcKeyStore_Release(&keyStore);
signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
parcPublicKeySigner_Release(&publicKeySigner);
assertNotNull(signer, "got null opening FileKeystore '%s'\n", params.filename);
break;
}
default:
assertTrue(0, "Unsupported signer type %d", signertype);
}
assertNotNull(signer, "Did not match a known signer");
return signer;
}
LONGBOW_TEST_CASE(Global, parcPkcs12KeyStore_CreateAndOpen)
{
// create a file and open it
const char *filename = "/tmp/parcPkcs12KeyStore_CreateAndOpen.p12";
const char *password = "******";
const char *subject = "alice";
bool result;
result = parcPkcs12KeyStore_CreateFile(filename, password, subject, 1024, 32);
assertTrue(result, "got error from parcPkcs12KeyStore_CreatePkcs12File");
PARCPkcs12KeyStore *keyStore = parcPkcs12KeyStore_Open(filename, password, PARC_HASH_SHA256);
assertNotNull(keyStore, "Got null result from opening openssl pkcs12 file");
parcPkcs12KeyStore_Release(&keyStore);
unlink(filename);
}
/**
* read in the openssl command-line generated pkcs12 file
*/
LONGBOW_TEST_CASE(openssl_commandline, parcPkcs12KeyStore_GetPublicKeyDigest)
{
PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "blueberry", PARC_HASH_SHA256);
PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
parcPkcs12KeyStore_Release(&publicKeyStore);
PARCPublicKeySigner *publicKeySigner = parcPublicKeySigner_Create(keyStore, PARCSigningAlgorithm_RSA, PARC_HASH_SHA256);
parcKeyStore_Release(&keyStore);
PARCSigner *signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
parcPublicKeySigner_Release(&publicKeySigner);
assertNotNull(signer, "parcPkcs12KeyStore_Open(\"test_rsa.p12\", \"blueberry\", PARC_HASH_SHA256) returned NULL");
PARCCryptoHash *pkd = parcKeyStore_GetVerifierKeyDigest(parcSigner_GetKeyStore(signer));
assertNotNull(pkd, "got null public key digest for external pkcs12");
// read in the "truth" from the command line utilities
int fd = open("test_rsa_pub_sha256.bin", O_RDONLY);
uint8_t true_digest[SHA256_DIGEST_LENGTH];
ssize_t read_bytes = read(fd, true_digest, SHA256_DIGEST_LENGTH);
close(fd);
assertTrue(read_bytes == SHA256_DIGEST_LENGTH, "could not read %d byte digest from test_rsa_pub_sha256.bin", SHA256_DIGEST_LENGTH);
PARCBuffer *digest = parcCryptoHash_GetDigest(pkd);
const uint8_t *bb_buffer = parcByteArray_Array(parcBuffer_Array(digest));
size_t bb_length = parcBuffer_Remaining(digest);
assertTrue(bb_length == SHA256_DIGEST_LENGTH,
"Incorrect digest length returned from GetPublicKeyDigest: %zu", bb_length);
assertTrue(memcmp(bb_buffer, true_digest, SHA256_DIGEST_LENGTH) == 0, "digests did not match");
parcSigner_Release(&signer);
parcCryptoHash_Release(&pkd);
}
LONGBOW_TEST_CASE(ccnx_internal, parcPkcs12KeyStore_GetEncodedPublicKey)
{
// create a file and open it
const char *password = "******";
const char *subject = "alice";
bool result;
result = parcPkcs12KeyStore_CreateFile(filename, password, subject, 1024, 32);
assertTrue(result, "got error from parcPkcs12KeyStore_CreatePkcs12File");
PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open(filename, password, PARC_HASH_SHA256);
assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");
PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
parcPkcs12KeyStore_Release(&publicKeyStore);
PARCBuffer *pubkey_der = parcKeyStore_GetDEREncodedPublicKey(keyStore);
assertNotNull(pubkey_der, "got null public key digest for external pkcs12");
size_t bb_length = parcBuffer_Remaining(pubkey_der);
assertTrue(bb_length == 162, "Incorrect digest length returned from GetPublicKeyDigest: %zu", bb_length);
parcKeyStore_Release(&keyStore);
parcBuffer_Release(&pubkey_der);
}