Test a TRUSTED CERTIFICATE without any trust OIDs

4 files changed, 40 insertions, 0 deletions

diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am
index f8ec1c2..a1a7017 100644
--- a/build/certs/Makefile.am
+++ b/build/certs/Makefile.am
@@ -14,6 +14,8 @@ prepare-certs:
 		-setalias "Custom Label"
 	cp -v cacert-ca.der $(TRUST)/certificates
 	cp -v cacert-ca.der $(TRUST)/files
+	openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/files/distrusted.pem \
+		-addreject clientAuth -setalias "Red Hat Is the CA"
 	cp -v self-server.der $(TRUST)/files
 	cp -v self-signed-with-eku.der $(TRUST)/certificates
 	cp -v self-signed-with-ku.der $(TRUST)/certificates
diff --git a/build/certs/redhat-newca.der b/build/certs/redhat-newca.der
new file mode 100644
index 0000000..affae24
--- /dev/null
+++ b/build/certs/redhat-newca.der
diff --git a/trust/tests/files/distrusted.pem b/trust/tests/files/distrusted.pem
new file mode 100644
index 0000000..8de6ff0
--- /dev/null
+++ b/trust/tests/files/distrusted.pem
@@ -0,0 +1,23 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
+VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
+dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
+HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
+VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
+dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN
+QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n
+i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L
+WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0
+6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg
+MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV
+BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT
+MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p
+bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
+A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p
+mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41
+voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH
+AwIMEVJlZCBIYXQgSXMgdGhlIENB
+-----END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index d402fe8..132d551 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -183,6 +183,20 @@ test_parse_openssl_trusted (CuTest *cu)
 }
 
 static void
+test_parse_distrusted (CuTest *cu)
+{
+	int ret;
+
+	setup (cu);
+
+	ret = p11_parse_file (test.parser, SRCDIR "/files/distrusted.pem",
+	                      0, on_parse_object, cu);
+	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+
+	teardown (cu);
+}
+
+static void
 test_parse_anchor (CuTest *cu)
 {
 	CK_ATTRIBUTE *attrs;
@@ -372,6 +386,7 @@ main (void)
 	SUITE_ADD_TEST (suite, test_parse_der_certificate);
 	SUITE_ADD_TEST (suite, test_parse_pem_certificate);
 	SUITE_ADD_TEST (suite, test_parse_openssl_trusted);
+	SUITE_ADD_TEST (suite, test_parse_distrusted);
 	SUITE_ADD_TEST (suite, test_parse_anchor);
 	SUITE_ADD_TEST (suite, test_parse_no_sink);
 	SUITE_ADD_TEST (suite, test_parse_invalid_file);