Add negative test cases and use DER format for CSRs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index a87e0cc..fbf447c 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -94,13 +94,51 @@
$(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
test_csr_v3_keyUsage.csr: rsa_pkcs1_1024_clear.pem
- $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -out $@ -reqexts csr_ext_v3_keyUsage
+ $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage
test_csr_v3_subjectAltName.csr: rsa_pkcs1_1024_clear.pem
- $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -out $@ -reqexts csr_ext_v3_subjectAltName
+ $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName
test_csr_v3_nsCertType.csr: rsa_pkcs1_1024_clear.pem
- $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -out $@ -reqexts csr_ext_v3_nsCertType
+ $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType
test_csr_v3_all.csr: rsa_pkcs1_1024_clear.pem
- $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -out $@ -reqexts csr_ext_v3_all
+ $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all
+test_csr_v3_all_malformed_extensions_sequence_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_extension_id_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_extension_data_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_extension_data_len1.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_extension_data_len2.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/04020780300D06092A86/03020780300D06092A86/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_duplicated_extension.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_extension_type_oid.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_sequence_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_id_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_extension_request.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_len1.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_len2.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@
+test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr: test_csr_v3_all.csr
+ (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@
$(test_ca_key_file_rsa_alt):test-ca.opensslconf
$(OPENSSL) genrsa -out $@ 2048
diff --git a/tests/data_files/test_csr_v3_all.csr b/tests/data_files/test_csr_v3_all.csr
index fecca32..7e717f3 100644
--- a/tests/data_files/test_csr_v3_all.csr
+++ b/tests/data_files/test_csr_v3_all.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr
new file mode 100644
index 0000000..96a11e8
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr
new file mode 100644
index 0000000..f61c7c8
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr
new file mode 100644
index 0000000..e6db2cc
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr
new file mode 100644
index 0000000..620fa7d
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr
new file mode 100644
index 0000000..1d358e5
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr
new file mode 100644
index 0000000..f8d0689
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr
new file mode 100644
index 0000000..01eabff
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr
new file mode 100644
index 0000000..875db76
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr b/tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr
new file mode 100644
index 0000000..38273ca
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr b/tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr
new file mode 100644
index 0000000..4e2a221
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr b/tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr
new file mode 100644
index 0000000..6116118
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr b/tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr
new file mode 100644
index 0000000..a49209a
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr b/tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr
new file mode 100644
index 0000000..ccae723
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr b/tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr
new file mode 100644
index 0000000..989e404
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr b/tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr
new file mode 100644
index 0000000..a6fd2d7
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr b/tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr
new file mode 100644
index 0000000..7e717f3
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr b/tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr
new file mode 100644
index 0000000..f1090f9
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr b/tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr
new file mode 100644
index 0000000..36bc61e
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr b/tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr
new file mode 100644
index 0000000..fecb15e
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_keyUsage.csr b/tests/data_files/test_csr_v3_keyUsage.csr
index c22b392..f8be020 100644
--- a/tests/data_files/test_csr_v3_keyUsage.csr
+++ b/tests/data_files/test_csr_v3_keyUsage.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_nsCertType.csr b/tests/data_files/test_csr_v3_nsCertType.csr
index 0398743..cf9588d 100644
--- a/tests/data_files/test_csr_v3_nsCertType.csr
+++ b/tests/data_files/test_csr_v3_nsCertType.csr
Binary files differ
diff --git a/tests/data_files/test_csr_v3_subjectAltName.csr b/tests/data_files/test_csr_v3_subjectAltName.csr
index 65808c5..2ccb3bb 100644
--- a/tests/data_files/test_csr_v3_subjectAltName.csr
+++ b/tests/data_files/test_csr_v3_subjectAltName.csr
Binary files differ