diff options
| -rw-r--r-- | tests/resource-set/Makefile | 26 | ||||
| -rw-r--r-- | tests/resource-set/resource-set-test.c | 137 |
2 files changed, 163 insertions, 0 deletions
diff --git a/tests/resource-set/Makefile b/tests/resource-set/Makefile new file mode 100644 index 00000000..fc3968dd --- /dev/null +++ b/tests/resource-set/Makefile @@ -0,0 +1,26 @@ +# $Id$ + +OPENSSL_DIR = ../../openssl/trunk + +CFLAGS = -g -I${OPENSSL_DIR}/include + +# -H -Wl,-t + +BIN = resource-set-test +OBJ = resource-set-test.o +LIB = ${OPENSSL_DIR}/libcrypto.a + +all: ${BIN} + +clean: + rm -f ${BIN} ${OBJ} + +${BIN}: ${OBJ} ${LIB} Makefile + ${CC} -g -o $@ ${OBJ} ${LIB} + +test: + @echo This test needs more work + @echo '' + ${OPENSSL_DIR}/apps/openssl req -new -x509 -config rfc3779-test.conf -key rfc3779-test.key -out rfc3779-test.cert + @echo '' + ./resource-set-test -v -a AS:17 -i IPv4:10.0.0.44 -p rfc3779-test.cert diff --git a/tests/resource-set/resource-set-test.c b/tests/resource-set/resource-set-test.c new file mode 100644 index 00000000..86049a4f --- /dev/null +++ b/tests/resource-set/resource-set-test.c @@ -0,0 +1,137 @@ +/* $Id$ */ + +#include <stdio.h> +#include <unistd.h> +#include <openssl/bio.h> +#include <openssl/pem.h> +#include <openssl/err.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/safestack.h> + +static X509 *read_cert(const char *filename, int format, int verbose) +{ + X509 *x = NULL; + BIO *b; + + if ((b = BIO_new_file(filename, "r")) == NULL) + goto done; + + switch (format) { + case 'p': + x = PEM_read_bio_X509_AUX(b, NULL, NULL, NULL); + break; + case 'd': + x = d2i_X509_bio(b, NULL); + break; + } + + if (verbose && x != NULL) { + X509_print_fp(stdout, x); + printf("\n"); + } + + if (x->rfc3779_addr == NULL) + x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, + NULL, NULL); + + if (x->rfc3779_asid == NULL) + x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, + NULL, NULL); + + done: + BIO_free(b); + return x; +} + +static void *parse_resource_set(int nid, char *text, int verbose) +{ + X509_EXTENSION *ext; + void *result; + + if ((ext = X509V3_EXT_conf_nid(NULL, NULL, nid, text)) == NULL) + return NULL; + + if (verbose) { + printf("Parsed resource set:\n"); + X509V3_EXT_print_fp(stdout, ext, 0, 3); + printf("\n"); + } + + result = X509V3_EXT_d2i(ext); + X509_EXTENSION_free(ext); + return result; +} + +#define lose(_msg_) \ + do { \ + if (_msg_) \ + fprintf(stderr, "%s: %s\n", argv[0], _msg_); \ + ret = 1; \ + goto done; \ + } while(0) + +int main(int argc, char *argv[]) +{ + STACK_OF(X509) *chain = NULL; + ASIdentifiers *asid = NULL; + IPAddrBlocks *addr = NULL; + int c, ret = 0, verbose = 0; + X509 *x; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + if ((chain = sk_X509_new_null()) == NULL) + lose("Couldn't allocate X509 stack"); + + while ((c = getopt(argc, argv, "p:d:a:i:v")) > 0) { + switch (c) { + case 'v': + verbose = 1; + break; + case 'p': + case 'd': + if ((x = read_cert(optarg, c, verbose)) == NULL) + lose("Couldn't read certificate"); + sk_X509_push(chain, x); + break; + case 'a': + if (asid != NULL) + lose("Can't specify more than one ASIdentifier"); + if ((asid = parse_resource_set(NID_sbgp_autonomousSysNum, optarg, verbose)) == NULL) + lose("Couldn't read ASIdentifier"); + break; + case 'i': + if (addr != NULL) + lose("Can't specify more than one IPAddrBlock"); + if ((addr = parse_resource_set(NID_sbgp_ipAddrBlock, optarg, verbose)) == NULL) + lose("Couldn't read IPAddrBlock"); + break; + default: + fprintf(stderr, "usage: %s" + " [-i IPAddrBlock] [-a ASIdentifier]" + " [-p PEM-certfile] [-d DER-certfile]\n", argv[0]); + ret = 1; + goto done; + } + } + + printf("Checking ASIdentifier coverage..."); + if (v3_asid_validate_resource_set(chain, asid)) + printf("covered\n"); + else + printf("NOT covered\n"); + + printf("Checking IPAddrBlock coverage..."); + if (v3_addr_validate_resource_set(chain, addr)) + printf("covered\n"); + else + printf("NOT covered\n"); + + done: + sk_X509_pop_free(chain, X509_free); + EVP_cleanup(); + ERR_free_strings(); + return ret; +} |