/*
* Test1 - exercise the server side variations triggered
* by est_client_get_csrattrs()
*/
static void us895_test1 (void)
{
EST_CTX *ctx;
unsigned char *pkey = NULL;
unsigned char *cacerts = NULL;
int cacerts_len = 0;
EST_ERROR rc = EST_ERR_NONE;
EVP_PKEY * priv_key;
int csr_len;
unsigned char *csr_data = NULL;
SLEEP(1);
LOG_FUNC_NM
;
/*
* Read in the CA certificates
*/
cacerts_len = read_binary_file(SERVER_UT_CACERT, &cacerts);
CU_ASSERT(cacerts_len > 0);
/*
* Read in the private key file
*/
priv_key = read_private_key(SERVER_UT_PUBKEY);
if (priv_key == NULL) {
printf("\nError while reading private key file %s\n", SERVER_UT_PUBKEY);
return;
}
ctx = est_client_init(
cacerts,
cacerts_len,
EST_CERT_FORMAT_PEM,
proxy_manual_cert_verify);
CU_ASSERT(ctx != NULL);
rc = est_client_set_auth(ctx, "", "", NULL, priv_key);
CU_ASSERT(rc == EST_ERR_NONE);
est_client_set_server(ctx, US895_SERVER_IP, US895_PROXY_PORT, NULL);
/* clear callback */
if (est_set_csr_cb(ectx, NULL)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* clear csrattrs */
rc = est_server_init_csrattrs(ectx, NULL, 0);
CU_ASSERT(rc == EST_ERR_NONE);
/* should get 204 with no data */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
CU_ASSERT(csr_data == NULL);
/* Real base64 string - should pass */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_POP, strlen(TEST_ATTR_POP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_POP));
CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *) csr_data, csr_len) == 0);
if (est_set_csr_cb(ectx, &handle_short_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* callback should supersede init csrattrs */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
if (est_set_csr_cb(ectx, &handle_corrupt_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* callback should supersede init csrattrs */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
if (est_set_csr_cb(ectx, &handle_long_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* callback should supersede init csrattrs */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
if (est_set_csr_cb(ectx, &handle_correct_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* callback should supersede init csrattrs */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR1));
CU_ASSERT(strncmp(TEST_ATTR1, (const char *) csr_data, csr_len) == 0);
/* clear csrattrs */
rc = est_server_init_csrattrs(ectx, NULL, 0);
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR1));
CU_ASSERT(strncmp(TEST_ATTR1, (const char *) csr_data, csr_len) == 0);
/* clear callback */
if (est_set_csr_cb(ectx, NULL)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* Setting the smallest base64 size */
rc = est_server_init_csrattrs(ectx, TEST_ATTR2, strlen(TEST_ATTR2));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR2));
CU_ASSERT(strncmp(TEST_ATTR2, (const char *) csr_data, csr_len) == 0);
rc = est_server_init_csrattrs(ectx, TEST_ATTR3, strlen(TEST_ATTR3));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR3));
CU_ASSERT(strncmp(TEST_ATTR3, (const char *) csr_data, csr_len) == 0);
/* clear csrattrs */
rc = est_server_init_csrattrs(ectx, NULL, 0);
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
rc = est_server_init_csrattrs(
ectx,
TEST_1024_NOPOP,
strlen(TEST_1024_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_1024_NOPOP));
CU_ASSERT(strncmp(TEST_1024_NOPOP, (const char *) csr_data, csr_len) == 0);
/* Enable PoP and test responses with PoP added */
st_enable_pop();
rc = est_server_init_csrattrs(ectx, TEST_ATTR_POP, strlen(TEST_ATTR_POP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_data != NULL);
CU_ASSERT(csr_len = 20);
CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *) csr_data, csr_len) == 0);
rc = est_server_init_csrattrs(
ectx,
TEST_1024_NOPOP,
strlen(TEST_1024_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_1024_POP));
CU_ASSERT(strncmp(TEST_1024_POP, (const char *) csr_data, csr_len) == 0);
/* Setting the size 122 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR4_122, strlen(TEST_ATTR4_122));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR4_122POP));
CU_ASSERT(
strncmp(TEST_ATTR4_122POP, (const char *) csr_data, csr_len) == 0);
/* Setting the size 117 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR5_117, strlen(TEST_ATTR5_117));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR5_117POP));
CU_ASSERT(
strncmp(TEST_ATTR5_117POP, (const char *) csr_data, csr_len) == 0);
/* Real base64 string needs PoP added - should pass */
rc = est_server_init_csrattrs(
ectx,
TEST_ATTR_NOPOP,
strlen(TEST_ATTR_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOPPOP));
CU_ASSERT(
strncmp(TEST_ATTR_NOPOPPOP, (const char *) csr_data, csr_len) == 0);
/* Not a real base64 string - should fail */
rc = est_server_init_csrattrs(ectx, "US900 test1", 11);
CU_ASSERT(rc != EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_POP));
CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *) csr_data, csr_len) == 0);
/* Setting the smallest size */
rc = est_server_init_csrattrs(ectx, TEST_ATTR2, strlen(TEST_ATTR2));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR2_POP));
CU_ASSERT(strncmp(TEST_ATTR2_POP, (const char *) csr_data, csr_len) == 0);
/* Setting the size 116 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR6_116, strlen(TEST_ATTR6_116));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 244 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_244, strlen(TEST_ATTR_244));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 245 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_245, strlen(TEST_ATTR_245));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 250 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_250, strlen(TEST_ATTR_250));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_250POP));
CU_ASSERT(strncmp(TEST_ATTR_250POP, (const char *) csr_data, csr_len) == 0);
if (est_set_csr_cb(ectx, &handle_correct_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR1));
CU_ASSERT(strncmp(TEST_ATTR1, (const char *) csr_data, csr_len) == 0);
if (est_set_csr_cb(ectx, &handle_nopop_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOPPOP));
CU_ASSERT(
strncmp(TEST_ATTR_NOPOPPOP, (const char *) csr_data, csr_len) == 0);
if (est_set_csr_cb(ectx, &handle_empty_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR2_POP));
CU_ASSERT(strncmp(TEST_ATTR2_POP, (const char *) csr_data, csr_len) == 0);
/* disable PoP */
st_disable_pop();
/* clear callback */
if (est_set_csr_cb(ectx, NULL)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* Real base64 string PoP should not be added - should pass */
rc = est_server_init_csrattrs(
ectx,
TEST_ATTR_NOPOP,
strlen(TEST_ATTR_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOP));
CU_ASSERT(strncmp(TEST_ATTR_NOPOP, (const char *) csr_data, csr_len) == 0);
/* All ASN.1 types supported by CiscoSSL */
rc = est_server_init_csrattrs(ectx, TEST_ALL_ATTR, strlen(TEST_ALL_ATTR));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ALL_ATTR));
CU_ASSERT(strncmp(TEST_ALL_ATTR, (const char *) csr_data, csr_len) == 0);
if (ctx) {
est_destroy(ctx);
}
if (cacerts) {
free(cacerts);
}
if (pkey) {
free(pkey);
}
}
/*
* Test2 - exercise the server side variations triggered
* by est_client_get_csrattrs()
*/
static void us900_test2 (void)
{
EST_CTX *ctx;
unsigned char *pkey = NULL;
unsigned char *cacerts = NULL;
int cacerts_len = 0;
EST_ERROR rc = EST_ERR_NONE;
unsigned char *retrieved_cacerts = NULL;
int retrieved_cacerts_len = 0;
EVP_PKEY *priv_key;
int csr_len;
unsigned char *csr_data = NULL;
sleep(1);
LOG_FUNC_NM;
/*
* Read in the CA certificates
*/
cacerts_len = read_binary_file(CLIENT_UT_CACERT, &cacerts);
CU_ASSERT(cacerts_len > 0);
/*
* Read in the private key file
*/
priv_key = read_private_key(CLIENT_UT_PUBKEY);
if (priv_key == NULL) {
printf("\nError while reading private key file %s\n", CLIENT_UT_PUBKEY);
return;
}
ctx = est_client_init(cacerts, cacerts_len, EST_CERT_FORMAT_PEM,
client_manual_cert_verify);
CU_ASSERT(ctx != NULL);
rc = est_client_set_auth(ctx, "", "", NULL, priv_key);
CU_ASSERT(rc == EST_ERR_NONE);
est_client_set_server(ctx, US900_SERVER_IP, US900_SERVER_PORT);
/*
* issue the get ca certs request
*/
rc = est_client_get_cacerts(ctx, &retrieved_cacerts_len);
/*
* should be successful, and should have obtained a valid buffer
* containing the CA certs
*/
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(retrieved_cacerts_len > 0);
retrieved_cacerts = malloc(retrieved_cacerts_len);
rc = est_client_copy_cacerts(ctx, retrieved_cacerts);
/*
* output the retrieved ca certs and compare to what they should be
*/
if (retrieved_cacerts) {
printf("\nRetrieved CA Certs buffer:\n %.*s\n", retrieved_cacerts_len, retrieved_cacerts);
printf("Retrieved CA certs buffer length: %d\n", retrieved_cacerts_len);
}
free(retrieved_cacerts);
/* clear callback */
if (est_set_csr_cb(ectx, NULL)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* clear csrattrs */
rc = est_server_init_csrattrs(ectx, NULL, 0);
CU_ASSERT(rc == EST_ERR_NONE);
/* should get 204 with no data */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
CU_ASSERT(csr_data == NULL);
/* Real base64 string - should pass */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_POP, strlen(TEST_ATTR_POP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_POP));
CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *)csr_data, csr_len) == 0);
if (est_set_csr_cb(ectx, &handle_corrupt_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* callback should supersede init csrattrs */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
if (est_set_csr_cb(ectx, &handle_short_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* callback should supersede init csrattrs */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
if (est_set_csr_cb(ectx, &handle_long_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* callback should supersede init csrattrs */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
if (est_set_csr_cb(ectx, &handle_correct_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* callback should supersede init csrattrs */
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR1));
CU_ASSERT(strncmp(TEST_ATTR1, (const char *)csr_data, csr_len) == 0);
/* clear csrattrs */
rc = est_server_init_csrattrs(ectx, NULL, 0);
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR1));
CU_ASSERT(strncmp(TEST_ATTR1, (const char *)csr_data, csr_len) == 0);
/* clear callback */
if (est_set_csr_cb(ectx, NULL)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* Setting the smallest size */
rc = est_server_init_csrattrs(ectx, TEST_ATTR2, strlen(TEST_ATTR2));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR2));
CU_ASSERT(strncmp(TEST_ATTR2, (const char *)csr_data, csr_len) == 0);
rc = est_server_init_csrattrs(ectx, TEST_ATTR3, strlen(TEST_ATTR3));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR3));
CU_ASSERT(strncmp(TEST_ATTR3, (const char *)csr_data, csr_len) == 0);
/* clear csrattrs */
rc = est_server_init_csrattrs(ectx, NULL, 0);
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
rc = est_server_init_csrattrs(ectx, TEST_1024_NOPOP, strlen(TEST_1024_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_1024_NOPOP));
CU_ASSERT(strncmp(TEST_1024_NOPOP, (const char *)csr_data, csr_len) == 0);
/* Enable PoP and test responses with PoP added */
st_enable_pop();
rc = est_server_init_csrattrs(ectx, TEST_ATTR_POP, strlen(TEST_ATTR_POP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_data != NULL);
CU_ASSERT(csr_len = 20);
CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *)csr_data, csr_len) == 0);
rc = est_server_init_csrattrs(ectx, TEST_1024_NOPOP, strlen(TEST_1024_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_1024_POP));
CU_ASSERT(strncmp(TEST_1024_POP, (const char *)csr_data, csr_len) == 0);
/* Setting the size 122 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR4_122, strlen(TEST_ATTR4_122));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR4_122POP));
CU_ASSERT(strncmp(TEST_ATTR4_122POP, (const char *)csr_data, csr_len) == 0);
/* Setting the size 117 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR5_117, strlen(TEST_ATTR5_117));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR5_117POP));
CU_ASSERT(strncmp(TEST_ATTR5_117POP, (const char *)csr_data, csr_len) == 0);
/* Real base64 string needs PoP added - should pass */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_NOPOP, strlen(TEST_ATTR_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOPPOP));
CU_ASSERT(strncmp(TEST_ATTR_NOPOPPOP, (const char *)csr_data, csr_len) == 0);
/* Not a real base64 string - should fail */
rc = est_server_init_csrattrs(ectx, "US900 test1", 11);
CU_ASSERT(rc != EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_POP));
CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *)csr_data, csr_len) == 0);
/* Setting the smallest size */
rc = est_server_init_csrattrs(ectx, TEST_ATTR2, strlen(TEST_ATTR2));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR2_POP));
CU_ASSERT(strncmp(TEST_ATTR2_POP, (const char *)csr_data, csr_len) == 0);
/* Setting the size 116 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR6_116, strlen(TEST_ATTR6_116));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 244 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_244, strlen(TEST_ATTR_244));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 245 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_245, strlen(TEST_ATTR_245));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 250 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_250, strlen(TEST_ATTR_250));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_250POP));
CU_ASSERT(strncmp(TEST_ATTR_250POP, (const char *)csr_data, csr_len) == 0);
if (est_set_csr_cb(ectx, &handle_correct_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR1));
CU_ASSERT(strncmp(TEST_ATTR1, (const char *)csr_data, csr_len) == 0);
if (est_set_csr_cb(ectx, &handle_nopop_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOPPOP));
CU_ASSERT(strncmp(TEST_ATTR_NOPOPPOP, (const char *)csr_data, csr_len) == 0);
if (est_set_csr_cb(ectx, &handle_empty_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR2_POP));
CU_ASSERT(strncmp(TEST_ATTR2_POP, (const char *)csr_data, csr_len) == 0);
/* disable PoP */
st_disable_pop();
/* clear callback */
if (est_set_csr_cb(ectx, NULL)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
/* Real base64 string PoP should not be added - should pass */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_NOPOP, strlen(TEST_ATTR_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOP));
CU_ASSERT(strncmp(TEST_ATTR_NOPOP, (const char *)csr_data, csr_len) == 0);
/* All ASN.1 types supported by OpenSSL */
rc = est_server_init_csrattrs(ectx, TEST_ALL_ATTR, strlen(TEST_ALL_ATTR));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(csr_len == strlen(TEST_ALL_ATTR));
CU_ASSERT(strncmp(TEST_ALL_ATTR, (const char *)csr_data, csr_len) == 0);
rc = est_server_init_csrattrs(ectx, TEST_1025_NOPOP, strlen(TEST_1025_NOPOP));
CU_ASSERT(rc != EST_ERR_NONE);
rc = est_server_init_csrattrs(ectx, TEST_LONG_ATTR, strlen(TEST_LONG_ATTR));
CU_ASSERT(rc != EST_ERR_NONE);
if (ctx) {
est_destroy(ctx);
}
if (cacerts) {
free(cacerts);
}
if (pkey) {
free(pkey);
}
}
/*
* Test2 - exercise the response variations triggered
* by est_client_get_csrattrs()
*/
static void us896_test2(void) {
EST_CTX *ctx;
unsigned char *pkey = NULL;
unsigned char *cacerts = NULL;
int cacerts_len = 0;
EST_ERROR rc = EST_ERR_NONE;
unsigned char *retrieved_cacerts = NULL;
int retrieved_cacerts_len = 0;
EVP_PKEY *priv_key;
SLEEP(1);
LOG_FUNC_NM
;
/*
* Read in the CA certificates
*/
cacerts_len = read_binary_file(CLIENT_UT_CACERT, &cacerts);
CU_ASSERT(cacerts_len > 0);
/*
* Read in the private key file
*/
priv_key = read_private_key(CLIENT_UT_PUBKEY);
if (priv_key == NULL) {
printf("\nError while reading private key file %s\n", CLIENT_UT_PUBKEY);
return;
}
ctx = est_client_init(cacerts, cacerts_len, EST_CERT_FORMAT_PEM,
client_manual_cert_verify);
CU_ASSERT(ctx != NULL);
rc = est_client_set_auth(ctx, "", "", NULL, priv_key);
CU_ASSERT(rc == EST_ERR_NONE);
est_client_set_server(ctx, US896_SERVER_IP, US896_SERVER_PORT, NULL);
/*
* issue the get ca certs request
*/
rc = est_client_get_cacerts(ctx, &retrieved_cacerts_len);
/*
* should be successful, and should have obtained a valid buffer
* containing the CA certs
*/
CU_ASSERT(rc == EST_ERR_NONE);
CU_ASSERT(retrieved_cacerts_len > 0);
retrieved_cacerts = malloc(retrieved_cacerts_len);
rc = est_client_copy_cacerts(ctx, retrieved_cacerts);
/*
* output the retrieved ca certs and compare to what they should be
*/
if (retrieved_cacerts) {
printf("\nRetrieved CA Certs buffer:\n %s\n", retrieved_cacerts);
printf("Retrieved CA certs buffer length: %d\n", retrieved_cacerts_len);
}
free(retrieved_cacerts);
/*
* All of these are negative tests and require that code in the
* EST server is modified such that it will allow bad/corrupted
* attributes to be initialized so they can be sent to the client.
*/
#ifdef NEGATIVE_UNIT_TEST
unsigned char *csr_data;
int csr_len;
/* clear callback */
if (est_set_csr_cb(ectx, NULL)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
rc = est_server_init_csrattrs(ectx, TEST_CORRUPT_ATTR1, strlen(TEST_CORRUPT_ATTR1));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc != EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
CU_ASSERT(csr_data == NULL);
rc = est_server_init_csrattrs(ectx, TEST_CORRUPT_ATTR2, strlen(TEST_CORRUPT_ATTR2));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc != EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
CU_ASSERT(csr_data == NULL);
rc = est_server_init_csrattrs(ectx, TEST_SHORT_ATTR, strlen(TEST_SHORT_ATTR));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc != EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
CU_ASSERT(csr_data == NULL);
rc = est_server_init_csrattrs(ectx, TEST_LONG_ATTR, strlen(TEST_LONG_ATTR));
CU_ASSERT(rc == EST_ERR_NONE);
rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len);
CU_ASSERT(rc != EST_ERR_NONE);
CU_ASSERT(csr_len == 0);
CU_ASSERT(csr_data == NULL);
#endif
if (ctx) {
est_destroy(ctx);
}
if (cacerts) {
free(cacerts);
}
if (pkey) {
free(pkey);
}
}
/*
* Test1 - exercise the est_server_init_csrattrs() API.
*/
static void us900_test1 (void)
{
int rc;
LOG_FUNC_NM;
/* NULL ctx - should fail */
rc = est_server_init_csrattrs(NULL, "US900 test1", 10);
CU_ASSERT(rc != EST_ERR_NONE);
/* NULL string - should pass */
rc = est_server_init_csrattrs(ectx, NULL, 10);
CU_ASSERT(rc == EST_ERR_NONE);
/* Zero length - should fail */
rc = est_server_init_csrattrs(ectx, "US900 test1", 0);
CU_ASSERT(rc != EST_ERR_NONE);
/* Length too long - should fail */
rc = est_server_init_csrattrs(ectx, "US900 test1", MAX_CSRATTRS+1);
CU_ASSERT(rc != EST_ERR_NONE);
/* Not a real base64 string - should fail */
rc = est_server_init_csrattrs(ectx, "US900 test1", 11);
CU_ASSERT(rc != EST_ERR_NONE);
/* Real base64 string - should pass */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_POP, strlen(TEST_ATTR_POP));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the smallest base64 size */
rc = est_server_init_csrattrs(ectx, TEST_ATTR2, strlen(TEST_ATTR2));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting an illegally small base64 size */
rc = est_server_init_csrattrs(ectx, TEST_ATTR7, strlen(TEST_ATTR7));
CU_ASSERT(rc != EST_ERR_NONE);
/* Setting the size 122 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR4_122, strlen(TEST_ATTR4_122));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 117 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR5_117, strlen(TEST_ATTR5_117));
CU_ASSERT(rc == EST_ERR_NONE);
/* enable PoP */
st_enable_pop();
/* Real base64 string needs PoP added - should pass */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_NOPOP, strlen(TEST_ATTR_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
/* Not a real base64 string - should fail */
rc = est_server_init_csrattrs(ectx, "US900 test1", 11);
CU_ASSERT(rc != EST_ERR_NONE);
/* Setting the smallest size */
rc = est_server_init_csrattrs(ectx, TEST_ATTR2, strlen(TEST_ATTR2));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 122 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR4_122, strlen(TEST_ATTR4_122));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 117 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR5_117, strlen(TEST_ATTR5_117));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 116 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR6_116, strlen(TEST_ATTR6_116));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 244 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_244, strlen(TEST_ATTR_244));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 245 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_245, strlen(TEST_ATTR_245));
CU_ASSERT(rc == EST_ERR_NONE);
/* Setting the size 250 */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_250, strlen(TEST_ATTR_250));
CU_ASSERT(rc == EST_ERR_NONE);
/* All ASN.1 types supported by OpenSSL */
rc = est_server_init_csrattrs(ectx, TEST_ALL_ATTR, strlen(TEST_ALL_ATTR));
CU_ASSERT(rc == EST_ERR_NONE);
/* disable PoP */
st_disable_pop();
/* All ASN.1 types supported by OpenSSL */
rc = est_server_init_csrattrs(ectx, TEST_ALL_ATTR, strlen(TEST_ALL_ATTR));
CU_ASSERT(rc == EST_ERR_NONE);
/* Real base64 string PoP should not be added - should pass */
rc = est_server_init_csrattrs(ectx, TEST_ATTR_NOPOP, strlen(TEST_ATTR_NOPOP));
CU_ASSERT(rc == EST_ERR_NONE);
}
