projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
basic x509 certificate generation
[strongswan.git] / src / charon / plugins / unit_tester / tests / test_cert.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <library.h>
17 #include <daemon.h>
18 #include <credentials/certificates/x509.h>
19
20 /*******************************************************************************
21 * X509 certificate generation and parsing
22 ******************************************************************************/
23 bool test_cert_x509()
24 {
25 private_key_t *ca_key, *peer_key;
26 public_key_t *public;
27 certificate_t *ca_cert, *peer_cert, *parsed;
28 identification_t *issuer, *subject;
29 u_int32_t serial = htonl(0);
30 chunk_t encoding;
31
32 issuer = identification_create_from_string("CN=CA, OU=Test, O=strongSwan");
33 subject = identification_create_from_string("CN=Peer, OU=Test, O=strongSwan");
34
35 ca_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
36 BUILD_KEY_SIZE, 1024, BUILD_END);
37 peer_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
38 BUILD_KEY_SIZE, 1024, BUILD_END);
39 if (!ca_key)
40 {
41 return FALSE;
42 }
43 ca_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
44 BUILD_SIGNING_KEY, ca_key,
45 BUILD_SUBJECT, issuer,
46 BUILD_SERIAL, chunk_from_thing(serial),
47 BUILD_X509_FLAG, X509_CA,
48 BUILD_END);
49 if (!ca_cert)
50 {
51 return FALSE;
52 }
53
54 encoding = ca_cert->get_encoding(ca_cert);
55 parsed = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
56 BUILD_BLOB_ASN1_DER, encoding,
57 BUILD_END);
58 chunk_free(&encoding);
59 if (!parsed)
60 {
61 return FALSE;
62 }
63 if (!parsed->issued_by(parsed, ca_cert))
64 {
65 return FALSE;
66 }
67 parsed->destroy(parsed);
68
69 serial = htonl(ntohl(serial) + 1);
70 public = peer_key->get_public_key(peer_key);
71 peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
72 BUILD_SIGNING_KEY, ca_key,
73 BUILD_SIGNING_CERT, ca_cert,
74 BUILD_PUBLIC_KEY, public,
75 BUILD_SUBJECT, subject,
76 BUILD_SERIAL, chunk_from_thing(serial),
77 BUILD_END);
78 public->destroy(public);
79 if (!peer_cert)
80 {
81 return FALSE;
82 }
83
84 encoding = peer_cert->get_encoding(peer_cert);
85 parsed = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
86 BUILD_BLOB_ASN1_DER, encoding,
87 BUILD_END);
88 chunk_free(&encoding);
89 if (!parsed)
90 {
91 return FALSE;
92 }
93 if (!parsed->issued_by(parsed, ca_cert))
94 {
95 return FALSE;
96 }
97 parsed->destroy(parsed);
98
99 ca_cert->destroy(ca_cert);
100 ca_key->destroy(ca_key);
101 peer_cert->destroy(peer_cert);
102 peer_key->destroy(peer_key);
103 issuer->destroy(issuer);
104 subject->destroy(subject);
105 return TRUE;
106 }
107
108
strongSwan - IPsec VPN