Add CSR test with Extension Request attribute

2020-12-15 15:10:44 +01:00 · 2020-12-15 15:10:44 +01:00 · 383df620bf
commit 383df620bf
parent 24b89928dc
3 changed files with 42 additions and 3 deletions
--- a/certs/csr.ext.der
+++ b/certs/csr.ext.der
--- a/certs/include.am
+++ b/certs/include.am
@ -55,7 +55,8 @@ EXTRA_DIST += \
 	     certs/client-cert-ext.pem \
 	     certs/csr.attr.der \
 	     certs/csr.dsa.pem \
-	     certs/csr.signed.der
+	     certs/csr.signed.der \
+	     certs/csr.ext.der

 EXTRA_DIST += \
 	     certs/ca-key.der \
--- a/tests/api.c
+++ b/tests/api.c
@ -38183,11 +38183,13 @@ static void test_wolfSSL_X509_CRL(void)
 static void test_wolfSSL_d2i_X509_REQ(void)
 {
 #if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
-    /* ./certs/csr.signed.der and ./certs/csr.attr.der were
+    /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
     * generated by libest
-     * ./certs/csr.attr.der contains sample attributes */
+     * ./certs/csr.attr.der contains sample attributes
+     * ./certs/csr.ext.der contains sample extensions */
    const char* csrFile = "./certs/csr.signed.der";
    const char* csrPopFile = "./certs/csr.attr.der";
+    const char* csrExtFile = "./certs/csr.ext.der";
    /* ./certs/csr.dsa.pem is generated using
     * openssl req -newkey dsa:certs/dsaparams.pem \
     *     -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
@ -38249,6 +38251,42 @@ static void test_wolfSSL_d2i_X509_REQ(void)
        AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
 #endif

+        X509_free(req);
+        BIO_free(bio);
+        EVP_PKEY_free(pub_key);
+    }
+    {
+#ifdef OPENSSL_ALL
+        X509_ATTRIBUTE* attr;
+        ASN1_TYPE *at;
+#endif
+        AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
+        /* This CSR contains an Extension Request attribute so
+         * we test extension parsing in a CSR attribute here. */
+        AssertNotNull(d2i_X509_REQ_bio(bio, &req));
+
+        /*
+         * Extract the public key from the CSR
+         */
+        AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
+
+        /*
+         * Verify the signature in the CSR
+         */
+        AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
+
+#ifdef OPENSSL_ALL
+        /*
+         * Obtain the challenge password from the CSR
+         */
+        AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
+                NID_pkcs9_challengePassword);
+        AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
+        AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
+        AssertNotNull(at->value.asn1_string);
+        AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
+#endif
+
        X509_free(req);
        BIO_free(bio);
        EVP_PKEY_free(pub_key);