diff options
author | Michiel Visser <opensource@webmichiel.nl> | 2022-02-23 12:34:07 +0100 |
---|---|---|
committer | Ali Mohammad Pur <Ali.mpfard@gmail.com> | 2022-04-17 10:10:19 +0430 |
commit | 5a60bed88b0759aac31683ec7d8ec7084b473d0b (patch) | |
tree | faf4adadff3583bb7143316e7ad06542cea28db3 /Tests | |
parent | 976bb715e0e9cab92f3d21fc5fa4aa152ef819c2 (diff) | |
download | serenity-5a60bed88b0759aac31683ec7d8ec7084b473d0b.zip |
LibTLS: Fix TestTLSHandshake by correctly reading the CA certificates
Diffstat (limited to 'Tests')
-rw-r--r-- | Tests/LibTLS/TestTLSHandshake.cpp | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/Tests/LibTLS/TestTLSHandshake.cpp b/Tests/LibTLS/TestTLSHandshake.cpp index 2bc5ee1988..d23c4e9b62 100644 --- a/Tests/LibTLS/TestTLSHandshake.cpp +++ b/Tests/LibTLS/TestTLSHandshake.cpp @@ -4,6 +4,7 @@ * SPDX-License-Identifier: BSD-2-Clause */ +#include <AK/Base64.h> #include <LibCore/ConfigFile.h> #include <LibCore/EventLoop.h> #include <LibCore/File.h> @@ -46,17 +47,25 @@ Vector<Certificate> load_certificates() } auto config = Core::ConfigFile::open(ca_certs_filepath).release_value_but_fixme_should_propagate_errors(); - auto now = Core::DateTime::now(); - auto last_year = Core::DateTime::create(now.year() - 1); - auto next_year = Core::DateTime::create(now.year() + 1); for (auto& entity : config->groups()) { - Certificate cert; - cert.subject.subject = entity; - cert.issuer.subject = config->read_entry(entity, "issuer_subject", entity); - cert.subject.country = config->read_entry(entity, "country"); - cert.not_before = Crypto::ASN1::parse_generalized_time(config->read_entry(entity, "not_before", "")).value_or(last_year); - cert.not_after = Crypto::ASN1::parse_generalized_time(config->read_entry(entity, "not_after", "")).value_or(next_year); - certificates.append(move(cert)); + for (auto& subject : config->keys(entity)) { + auto certificate_base64 = config->read_entry(entity, subject); + auto certificate_data_result = decode_base64(certificate_base64); + if (certificate_data_result.is_error()) { + dbgln("Skipping CA Certificate {} {}: out of memory", entity, subject); + continue; + } + auto certificate_data = certificate_data_result.release_value(); + auto certificate_result = Certificate::parse_asn1(certificate_data.bytes()); + // If the certificate does not parse it is likely using elliptic curve keys/signatures, which are not + // supported right now. Currently, ca_certs.ini should only contain certificates with RSA keys/signatures. + if (!certificate_result.has_value()) { + dbgln("Skipping CA Certificate {} {}: unable to parse", entity, subject); + continue; + } + auto certificate = certificate_result.release_value(); + certificates.append(move(certificate)); + } } return certificates; } |