openssl/tests/resource-set-test.c


1
2
3
4
5
6
7
8
9
pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String./* $Id$ */

#include <stdio.h>
#include <unistd.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/safestack.h>

static X509 *read_cert(const char *filename, int format, int verbose)
{
  X509 *x = NULL;
  BIO *b;

  if ((b = BIO_new_file(filename, "r")) == NULL)
    goto done;

  switch (format) {
  case 'p':
    x = PEM_read_bio_X509_AUX(b, NULL, NULL, NULL);
    break;
  case 'd':
    x = d2i_X509_bio(b, NULL);
    break;
  }

  if (verbose && x != NULL) {
    X509_print_fp(stdout, x);
    printf("\n");
  }

#if 0

  if (x->rfc3779_addr == NULL)
    x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock,
				       NULL, NULL);

  if (x->rfc3779_asid == NULL)
    x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
				       NULL, NULL);

#else

  /*
   * We run this for the side-effect of calling x509v3_cache_extensions()
   */
  X509_check_ca(x);

#endif

 done:
  BIO_free(b);
  return x;
}

static void *parse_resource_set(int nid, char *text, int verbose)
{
  X509_EXTENSION *ext;
  void *result;

  if ((ext = X509V3_EXT_conf_nid(NULL, NULL, nid, text)) == NULL)
    return NULL;

  if (verbose) {
    printf("Parsed resource set:\n");
    X509V3_EXT_print_fp(stdout, ext, 0, 3);
    printf("\n");
  }

  result = X509V3_EXT_d2i(ext);
  X509_EXTENSION_free(ext);
  return result;
}

#define lose(_msg_)					\
  do {							\
    if (_msg_)						\
      fprintf(stderr, "%s: %s\n", argv[0], _msg_);	\
    ret = 1;						\
    goto done;						\
  } while(0)

int main(int argc, char *argv[])
{
  STACK_OF(X509) *chain = NULL;
  ASIdentifiers *asid = NULL;
  IPAddrBlocks *addr = NULL;
  int c, ret = 0, verbose = 0;
  X509 *x;

  OpenSSL_add_all_algorithms();
  ERR_load_crypto_strings();

  if ((chain = sk_X509_new_null()) == NULL)
    lose("Couldn't allocate X509 stack");

  while ((c = getopt(argc, argv, "p:d:a:i:v")) > 0) {
    switch (c) {
    case 'v':
      verbose = 1;
      break;
    case 'p':
    case 'd':
      if ((x = read_cert(optarg, c, verbose)) == NULL)
	lose("Couldn't read certificate");
      sk_X509_push(chain, x);
      break;
    case 'a':
      if (asid != NULL)
	lose("Can't specify more than one ASIdentifier");
      if ((asid = parse_resource_set(NID_sbgp_autonomousSysNum, optarg, verbose)) == NULL)
	lose("Couldn't read ASIdentifier");
      break;
    case 'i':
      if (addr != NULL)
	lose("Can't specify more than one IPAddrBlock");
      if ((addr = parse_resource_set(NID_sbgp_ipAddrBlock, optarg, verbose)) == NULL)
	lose("Couldn't read IPAddrBlock");
      break;
    default:
      fprintf(stderr, "usage: %s"
	      " [-i IPAddrBlock] [-a ASIdentifier]"
	      " [-p PEM-certfile] [-d DER-certfile]\n", argv[0]);
      ret = 1;
      goto done;
    }
  }

  printf("Checking ASIdentifier coverage...");
  if (v3_asid_validate_resource_set(chain, asid, 0))
    printf("covered\n");
  else
    printf("NOT covered\n");
  
  printf("Checking IPAddrBlock coverage...");
  if (v3_addr_validate_resource_set(chain, addr, 0))
    printf("covered\n");
  else
    printf("NOT covered\n");

 done:
  sk_X509_pop_free(chain, X509_free);
  EVP_cleanup();
  ERR_free_strings();
  return ret;
}