PageRenderTime 160ms CodeModel.GetById 43ms app.highlight 107ms RepoModel.GetById 1ms app.codeStats 0ms

/indra/newview/tests/llsechandler_basic_test.cpp

https://bitbucket.org/lindenlab/viewer-beta/
C++ | 1068 lines | 781 code | 169 blank | 118 comment | 21 complexity | 9e6d3c09757ab300c166be65a3aa509b MD5 | raw file
   1/** 
   2 * @file llsechandler_basic_test.cpp
   3 * @author Roxie
   4 * @date 2009-02-10
   5 * @brief Test the 'basic' sec handler functions
   6 *
   7 * $LicenseInfo:firstyear=2005&license=viewerlgpl$
   8 * Second Life Viewer Source Code
   9 * Copyright (C) 2010, Linden Research, Inc.
  10 * 
  11 * This library is free software; you can redistribute it and/or
  12 * modify it under the terms of the GNU Lesser General Public
  13 * License as published by the Free Software Foundation;
  14 * version 2.1 of the License only.
  15 * 
  16 * This library is distributed in the hope that it will be useful,
  17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  19 * Lesser General Public License for more details.
  20 * 
  21 * You should have received a copy of the GNU Lesser General Public
  22 * License along with this library; if not, write to the Free Software
  23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  24 * 
  25 * Linden Research, Inc., 945 Battery Street, San Francisco, CA  94111  USA
  26 * $/LicenseInfo$
  27 */
  28#include "../llviewerprecompiledheaders.h"
  29#include "../test/lltut.h"
  30#include "../llsecapi.h"
  31#include "../llsechandler_basic.h"
  32#include "../../llxml/llcontrol.h"
  33#include "../llviewernetwork.h"
  34#include "lluuid.h"
  35#include "llxorcipher.h"
  36#include "apr_base64.h"
  37#include <vector>
  38#include <ios>
  39#include <llsdserialize.h>
  40#include <openssl/pem.h>
  41#include <openssl/err.h>
  42#include <openssl/evp.h>
  43#include "llxorcipher.h"
  44#include <openssl/ossl_typ.h>
  45#include <openssl/x509.h>
  46#include <openssl/x509v3.h>
  47#include <openssl/pem.h>
  48#include <openssl/asn1.h>
  49#include <openssl/rand.h>
  50#include <openssl/err.h>
  51#include "../llmachineid.h"
  52
  53#define ensure_throws(str, exc_type, cert, func, ...) \
  54try \
  55{ \
  56func(__VA_ARGS__); \
  57fail("throws, " str); \
  58} \
  59catch(exc_type& except) \
  60{ \
  61ensure("Exception cert is incorrect for " str, except.getCert() == cert); \
  62}
  63
  64extern bool _cert_hostname_wildcard_match(const std::string& hostname, const std::string& wildcard_string);
  65
  66//----------------------------------------------------------------------------               
  67// Mock objects for the dependencies of the code we're testing                               
  68
  69std::string gFirstName;
  70std::string gLastName;
  71LLControlGroup::LLControlGroup(const std::string& name)
  72: LLInstanceTracker<LLControlGroup, std::string>(name) {}
  73LLControlGroup::~LLControlGroup() {}
  74BOOL LLControlGroup::declareString(const std::string& name,
  75                                   const std::string& initial_val,
  76                                   const std::string& comment,
  77                                   BOOL persist) {return TRUE;}
  78void LLControlGroup::setString(const std::string& name, const std::string& val){}
  79std::string LLControlGroup::getString(const std::string& name)
  80{
  81
  82	if (name == "FirstName")
  83		return gFirstName;
  84	else if (name == "LastName")
  85		return gLastName;
  86	return "";
  87}
  88
  89// Stub for --no-verify-ssl-cert
  90BOOL LLControlGroup::getBOOL(const std::string& name) { return FALSE; }
  91
  92LLSD LLCredential::getLoginParams()
  93{
  94	LLSD result = LLSD::emptyMap();
  95	
  96	// legacy credential
  97	result["passwd"] = "$1$testpasssd";
  98	result["first"] = "myfirst";
  99	result["last"] ="mylast";
 100	return result;
 101}
 102
 103void LLCredential::identifierType(std::string &idType)
 104{
 105}
 106
 107void LLCredential::authenticatorType(std::string &idType)
 108{
 109}
 110
 111
 112LLControlGroup gSavedSettings("test");
 113unsigned char gMACAddress[MAC_ADDRESS_BYTES] = {77,21,46,31,89,2};
 114
 115
 116S32 LLMachineID::getUniqueID(unsigned char *unique_id, size_t len)
 117{
 118	memcpy(unique_id, gMACAddress, len);
 119	return 1;
 120}
 121S32 LLMachineID::init() { return 1; }
 122	
 123
 124// -------------------------------------------------------------------------------------------
 125// TUT
 126// -------------------------------------------------------------------------------------------
 127namespace tut
 128{
 129	// Test wrapper declaration : wrapping nothing for the moment
 130	struct sechandler_basic_test
 131	{
 132		std::string mPemTestCert, mPemRootCert, mPemIntermediateCert, mPemChildCert, mSha1RSATestCert, mSha1RSATestCA;
 133		std::string mDerFormat;
 134		X509 *mX509TestCert, *mX509RootCert, *mX509IntermediateCert, *mX509ChildCert;
 135
 136		sechandler_basic_test()
 137		{
 138            LLMachineID::init();
 139			OpenSSL_add_all_algorithms();
 140			OpenSSL_add_all_ciphers();
 141			OpenSSL_add_all_digests();	
 142			ERR_load_crypto_strings();
 143			gFirstName = "";
 144			gLastName = "";
 145			LLFile::remove("test_password.dat");
 146			LLFile::remove("sechandler_settings.tmp");			
 147			mPemTestCert = "-----BEGIN CERTIFICATE-----\n"
 148				"MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx\n"
 149				"EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h\n"
 150				"bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJy\n"
 151				"YXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UEAxMoQXV0b3JpZGFkZSBDZXJ0aWZp\n"
 152				"Y2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4MDBaFw0xMTExMzAy\n"
 153				"MzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9MDsG\n"
 154				"A1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3Jt\n"
 155				"YWNhbyAtIElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYD\n"
 156				"VQQDEyhBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIB\n"
 157				"IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVA\n"
 158				"isamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma/3pUpgcfNAj0vYm5gsyj\n"
 159				"Qo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt4CyNrY50\n"
 160				"QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYt\n"
 161				"bRhFboUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbUR\n"
 162				"yEeNvZneVRKAAU6ouwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwID\n"
 163				"AQABo4HSMIHPME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0\n"
 164				"cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYwPQYDVR0f\n"
 165				"BDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0xDUmFj\n"
 166				"cmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB\n"
 167				"/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1\n"
 168				"U/hgIh6OcgLAfiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGl\n"
 169				"YjJe+9zd+izPRbBqXPVQA34EXcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75Fos\n"
 170				"SzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQfS//JYeIc7Fue2JNLd00UOSMMaiK/\n"
 171				"t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr1ME7a55lFEnSeT0u\n"
 172				"mlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5nmPb\n"
 173				"K+9A46sd33oqK8n8\n"
 174				"-----END CERTIFICATE-----\n";
 175
 176			mPemRootCert = "-----BEGIN CERTIFICATE-----\n"
 177			"MIIB0TCCATqgAwIBAgIJANaTqrzEvHaRMA0GCSqGSIb3DQEBBAUAMBsxGTAXBgNV\n"
 178			"BAMTEFJveGllcyB0ZXN0IHJvb3QwHhcNMDkwNDE1MjEwNzQ3WhcNMTAwNDE1MjEw\n"
 179			"NzQ3WjAbMRkwFwYDVQQDExBSb3hpZXMgdGVzdCByb290MIGfMA0GCSqGSIb3DQEB\n"
 180			"AQUAA4GNADCBiQKBgQCpo5nDW6RNz9IHUVZd7Tw2XAQiBniDF4xH0N1w7sUYTiFq\n"
 181			"21mABsnOPJD3ra+MtOsXPHcaljm661JjTD8L40v5sfEbqDUPcOw76ClrPqnuAeyT\n"
 182			"38qk8DHku/mT8YdprevGZdVcUXQg3vosVzOL93HOOHK+u61mEEoM9W5xoNVEdQID\n"
 183			"AQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQF\n"
 184			"AAOBgQAzn0aW/+zWPmcTbvxonyiYYUr9b4SOB/quhAkT8KT4ir1dcZAXRR59+kEn\n"
 185			"HSTu1FAodV0gvESqyobftF5hZ1XMxdJqGu//xP+YCwlv244G/0pp7KLI8ihNO2+N\n"
 186			"lPBUJgbo++ZkhiE1jotZi9Ay0Oedh3s/AfbMZPyfpJ23ll6+BA==\n"
 187			"-----END CERTIFICATE-----\n";
 188			
 189			
 190			
 191			mPemIntermediateCert = "-----BEGIN CERTIFICATE-----\n"
 192			"MIIBzzCCATigAwIBAgIBATANBgkqhkiG9w0BAQQFADAbMRkwFwYDVQQDExBSb3hp\n"
 193			"ZXMgdGVzdCByb290MB4XDTA5MDQxNTIxMzE1NloXDTEwMDQxNTIxMzE1NlowITEf\n"
 194			"MB0GA1UEAxMWUm94aWVzIGludGVybWVkaWF0ZSBDQTCBnzANBgkqhkiG9w0BAQEF\n"
 195			"AAOBjQAwgYkCgYEA15MM0W1R37rx/24Q2Qkb5bSiQZxTUcQAhJ2pA8mwUucXuCVt\n"
 196			"6ayI2TuN32nkjmsCgUkiT/bdXWp0OJo7/MXRIFeUNMCRxrpeFnxuigYEqbIXAdN6\n"
 197			"qu/vdG2X4PRv/v9Ijrju4cBEiKIldIgOurWEIfXEsVSFP2XmFQHesF04qDcCAwEA\n"
 198			"AaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEEBQAD\n"
 199			"gYEAYljikYgak3W1jSo0vYthNHUy3lBVAKzDhpM96lY5OuXFslpCRX42zNL8X3kN\n"
 200			"U/4IaJUVtZqx8WsUXl1eXHzBCaXCftapV4Ir6cENLIsXCdXs8paFYzN5nPJA5GYU\n"
 201			"zWgkSEl1MEhNIc+bJW34vwi29EjrAShAhsIZ84Mt/lvD3Pc=\n"
 202			"-----END CERTIFICATE-----\n";
 203			
 204			mPemChildCert = "-----BEGIN CERTIFICATE-----\n"
 205			"MIIB5DCCAU0CBEnm9eUwDQYJKoZIhvcNAQEEBQAwITEfMB0GA1UEAxMWUm94aWVz\n"
 206			"IGludGVybWVkaWF0ZSBDQTAeFw0wOTA0MTYwMDAzNDlaFw0xMDA0MTYwMDAzNDla\n"
 207			"MCAxHjAcBgNVBAMTFWVuaWFjNjMubGluZGVubGFiLmNvbTCBnzANBgkqhkiG9w0B\n"
 208			"AQEFAAOBjQAwgYkCgYEAp9I5rofEzbjNht+9QejfnsIlEPqSxskoWKCG255TesWR\n"
 209			"RTmw9wafHQQkJk/VIsaU4RMBYHkknGbHX2dGvMHmKZoWUPSQ/8FZz09o0Qx3TNUZ\n"
 210			"l7KlGOD2d1c7ZxXDPqlLC6QW8DrE1/8zfwJ5cbYBXc8e7OKdSZeRrnwHyw4Q8r8C\n"
 211			"AwEAAaMvMC0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwCQYDVR0TBAIwADALBgNVHQ8E\n"
 212			"BAMCBaAwDQYJKoZIhvcNAQEEBQADgYEAIG0M5tqYlXyMiGKPZfXy/R3M3ZZOapDk\n"
 213			"W0dsXJYXAc35ftwtn0VYu9CNnZCcli17/d+AKhkK8a/oGPazqudjFF6WLJLTXaY9\n"
 214			"NmhkJcOPADXkbyQPUPXzLe4YRrkEQeGhzMb4rKDQ1TKAcXfs0Y068pTpsixNSxja\n"
 215			"NhAUUcve5Is=\n"
 216			"-----END CERTIFICATE-----\n";
 217			
 218			mDerFormat = "MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIxEzARBgNVBAoT"
 219"CklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25hbCBkZSBUZWNub2xvZ2lhIGRh"
 220"IEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJyYXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UE"
 221"AxMoQXV0b3JpZGFkZSBDZXJ0aWZpY2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4"
 222"MDBaFw0xMTExMzAyMzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9"
 223"MDsGA1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3JtYWNhbyAt"
 224"IElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYDVQQDEyhBdXRvcmlkYWRl"
 225"IENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB"
 226"CgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVAisamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma"
 227"/3pUpgcfNAj0vYm5gsyjQo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt"
 228"4CyNrY50QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYtbRhF"
 229"boUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbURyEeNvZneVRKAAU6o"
 230"uwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwIDAQABo4HSMIHPME4GA1UdIARHMEUw"
 231"QwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQ"
 232"Q2FjcmFpei5wZGYwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292"
 233"LmJyL0xDUmFjcmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB"
 234"/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1U/hgIh6OcgLA"
 235"fiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGlYjJe+9zd+izPRbBqXPVQA34E"
 236"Xcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75FosSzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQf"
 237"S//JYeIc7Fue2JNLd00UOSMMaiK/t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr"
 238"1ME7a55lFEnSeT0umlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5"
 239"nmPbK+9A46sd33oqK8n8";
 240			
 241			mSha1RSATestCert = "-----BEGIN CERTIFICATE-----\n"
 242			"MIIDFDCCAn2gAwIBAgIDDqqYMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"
 243			"MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"
 244			"aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTAwMTA1MDAzNjMwWhcNMTEwMTA3MjAyMTE0\n"
 245			"WjCBnjEpMCcGA1UEBRMgQmNmc0RBRkl1U0YwdFpWVm5vOFJKbjVUbW9hNGR2Wkgx\n"
 246			"CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4g\n"
 247			"RnJhbmNpc2NvMR0wGwYDVQQKExRMaW5kZW4gUmVzZWFyY2ggSW5jLjEYMBYGA1UE\n"
 248			"AxQPKi5saW5kZW5sYWIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2\n"
 249			"14Jdko8v6GB33hHbW+lNQyloFQtc2h4ykjf+fYPJ27dw6tQO2if7N3k/5XDkwC1N\n"
 250			"krGgE9vt3iecCPgasue6k67Zyfj9HbEP2D+j38eROudrsxLaRFDQx50BvZ5YMNl3\n"
 251			"4zQCj8/gCMsuq8cvaP9/rbJTUpgYWFGLsm8yAYOgWwIDAQABo4GuMIGrMA4GA1Ud\n"
 252			"DwEB/wQEAwIE8DAdBgNVHQ4EFgQUIBK/JB9AyqquSEbkzt2Zux6v9sYwOgYDVR0f\n"
 253			"BDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVj\n"
 254			"YS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0lBBYw\n"
 255			"FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAKKR84+hvLuB\n"
 256			"pop9VG7HQPIyEKtZq3Nnk+UlJGfjGY3csLWSFmxU727r5DzdEP1W1PwF3rxuoKcZ\n"
 257			"4nJJpKdzoGVujgBMP2U/J0PJvU7D8U3Zqu7nrXAjOHj7iVnvJ3EKJ1bvwXaisgPN\n"
 258			"wt21kKfGnA4OlhJtJ6VQvUkcF12I3pTP\n"
 259			"-----END CERTIFICATE-----\n";
 260			
 261			mSha1RSATestCA = "-----BEGIN CERTIFICATE-----\n"
 262			"MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV\n"
 263			"UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy\n"
 264			"dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1\n"
 265			"MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx\n"
 266			"dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B\n"
 267			"AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f\n"
 268			"BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A\n"
 269			"cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC\n"
 270			"AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ\n"
 271			"MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm\n"
 272			"aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw\n"
 273			"ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj\n"
 274			"IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF\n"
 275			"MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA\n"
 276			"A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y\n"
 277			"7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh\n"
 278			"1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4\n"
 279			"-----END CERTIFICATE-----\n";
 280
 281			
 282			
 283			
 284			mX509TestCert = NULL;
 285			mX509RootCert = NULL;
 286			mX509IntermediateCert = NULL;
 287			mX509ChildCert = NULL;
 288			
 289			BIO * validation_bio = BIO_new_mem_buf((void*)mPemTestCert.c_str(), mPemTestCert.length());			
 290			PEM_read_bio_X509(validation_bio, &mX509TestCert, 0, NULL);
 291			BIO_free(validation_bio);
 292			validation_bio = BIO_new_mem_buf((void*)mPemRootCert.c_str(), mPemRootCert.length());
 293			PEM_read_bio_X509(validation_bio, &mX509RootCert, 0, NULL);
 294			BIO_free(validation_bio);
 295			validation_bio = BIO_new_mem_buf((void*)mPemIntermediateCert.c_str(), mPemIntermediateCert.length());
 296			PEM_read_bio_X509(validation_bio, &mX509IntermediateCert, 0, NULL);
 297			BIO_free(validation_bio);	
 298			validation_bio = BIO_new_mem_buf((void*)mPemChildCert.c_str(), mPemChildCert.length());
 299			PEM_read_bio_X509(validation_bio, &mX509ChildCert, 0, NULL);
 300			BIO_free(validation_bio);				
 301		}
 302		~sechandler_basic_test()
 303		{
 304			LLFile::remove("test_password.dat");
 305			LLFile::remove("sechandler_settings.tmp");
 306			LLFile::remove("mycertstore.pem");
 307			X509_free(mX509TestCert);
 308			X509_free(mX509RootCert);
 309			X509_free(mX509IntermediateCert);
 310			X509_free(mX509ChildCert);
 311		}
 312	};
 313	
 314	// Tut templating thingamagic: test group, object and test instance
 315	typedef test_group<sechandler_basic_test> sechandler_basic_test_factory;
 316	typedef sechandler_basic_test_factory::object sechandler_basic_test_object;
 317	tut::sechandler_basic_test_factory tut_test("LLSecHandler");
 318	
 319	// ---------------------------------------------------------------------------------------
 320	// Test functions 
 321	// ---------------------------------------------------------------------------------------
 322	// test cert data retrieval
 323	template<> template<>
 324	void sechandler_basic_test_object::test<1>()
 325	
 326	{
 327		char buffer[4096];
 328		LLPointer<LLCertificate> test_cert = new LLBasicCertificate(mPemTestCert);
 329		
 330		ensure_equals("Resultant pem is correct",
 331			   mPemTestCert, test_cert->getPem());
 332		std::vector<U8> binary_cert = test_cert->getBinary();
 333
 334		apr_base64_encode(buffer, (const char *)&binary_cert[0], binary_cert.size());
 335		
 336		ensure_equals("Der Format is correct", memcmp(buffer, mDerFormat.c_str(), mDerFormat.length()), 0);
 337		
 338		LLSD llsd_cert;
 339		test_cert->getLLSD(llsd_cert);
 340		std::ostringstream llsd_value;
 341		llsd_value << LLSDOStreamer<LLSDNotationFormatter>(llsd_cert) << std::endl;
 342		std::string llsd_cert_str = llsd_value.str();
 343		ensure_equals("Issuer Name/commonName", 
 344			   (std::string)llsd_cert["issuer_name"]["commonName"], "Autoridade Certificadora Raiz Brasileira");
 345		ensure_equals("Issure Name/countryName", (std::string)llsd_cert["issuer_name"]["countryName"], "BR");
 346		ensure_equals("Issuer Name/localityName", (std::string)llsd_cert["issuer_name"]["localityName"], "Brasilia");
 347		ensure_equals("Issuer Name/org name", (std::string)llsd_cert["issuer_name"]["organizationName"], "ICP-Brasil");
 348		ensure_equals("IssuerName/org unit", 
 349			   (std::string)llsd_cert["issuer_name"]["organizationalUnitName"], "Instituto Nacional de Tecnologia da Informacao - ITI");
 350		ensure_equals("IssuerName/state", (std::string)llsd_cert["issuer_name"]["stateOrProvinceName"], "DF");
 351		ensure_equals("Issuer name string", 
 352			   (std::string)llsd_cert["issuer_name_string"], "CN=Autoridade Certificadora Raiz Brasileira,ST=DF,"
 353															   "L=Brasilia,OU=Instituto Nacional de Tecnologia da Informacao - ITI,O=ICP-Brasil,C=BR");
 354		ensure_equals("subject Name/commonName", 
 355			   (std::string)llsd_cert["subject_name"]["commonName"], "Autoridade Certificadora Raiz Brasileira");
 356		ensure_equals("subject Name/countryName", (std::string)llsd_cert["subject_name"]["countryName"], "BR");
 357		ensure_equals("subject Name/localityName", (std::string)llsd_cert["subject_name"]["localityName"], "Brasilia");
 358		ensure_equals("subject Name/org name", (std::string)llsd_cert["subject_name"]["organizationName"], "ICP-Brasil");
 359		ensure_equals("subjectName/org unit", 
 360			   (std::string)llsd_cert["subject_name"]["organizationalUnitName"], "Instituto Nacional de Tecnologia da Informacao - ITI");
 361		ensure_equals("subjectName/state", (std::string)llsd_cert["subject_name"]["stateOrProvinceName"], "DF");
 362		ensure_equals("subject name string", 
 363			   (std::string)llsd_cert["subject_name_string"], "CN=Autoridade Certificadora Raiz Brasileira,ST=DF,"
 364			                                                    "L=Brasilia,OU=Instituto Nacional de Tecnologia da Informacao - ITI,O=ICP-Brasil,C=BR");
 365		
 366		ensure_equals("md5 digest", (std::string)llsd_cert["md5_digest"], "96:89:7d:61:d1:55:2b:27:e2:5a:39:b4:2a:6c:44:6f");
 367		ensure_equals("serial number", (std::string)llsd_cert["serial_number"], "04");
 368		// sha1 digest is giving a weird value, and I've no idea why...feh
 369		//ensure_equals("sha1 digest", (std::string)llsd_cert["sha1_digest"], "8e:fd:ca:bc:93:e6:1e:92:5d:4d:1d:ed:18:1a:43:20:a4:67:a1:39");
 370		ensure_equals("valid from", (std::string)llsd_cert["valid_from"], "2001-11-30T12:58:00Z");
 371		ensure_equals("valid to", (std::string)llsd_cert["valid_to"], "2011-11-30T23:59:00Z");
 372		LLSD expectedKeyUsage = LLSD::emptyArray();
 373		expectedKeyUsage.append(LLSD((std::string)"certSigning"));
 374		expectedKeyUsage.append(LLSD((std::string)"crlSigning"));
 375		ensure("key usage", valueCompareLLSD(llsd_cert["keyUsage"], expectedKeyUsage));
 376		ensure("basic constraints", (bool)llsd_cert["basicConstraints"]["CA"]);
 377		
 378		ensure("x509 is equal", !X509_cmp(mX509TestCert, test_cert->getOpenSSLX509()));
 379	}
 380
 381	
 382	// test protected data
 383	template<> template<>
 384	void sechandler_basic_test_object::test<2>()
 385
 386	{
 387		
 388		std::string protected_data = "sUSh3wj77NG9oAMyt3XIhaej3KLZhLZWFZvI6rIGmwUUOmmelrRg0NI9rkOj8ZDpTPxpwToaBT5u"
 389		"GQhakdaGLJznr9bHr4/6HIC1bouKj4n2rs4TL6j2WSjto114QdlNfLsE8cbbE+ghww58g8SeyLQO"
 390		"nyzXoz+/PBz0HD5SMFDuObccoPW24gmqYySz8YoEWhSwO0pUtEEqOjVRsAJgF5wLAtJZDeuilGsq"
 391		"4ZT9Y4wZ9Rh8nnF3fDUL6IGamHe1ClXM1jgBu10F6UMhZbnH4C3aJ2E9+LiOntU+l3iCb2MpkEpr"
 392		"82r2ZAMwIrpnirL/xoYoyz7MJQYwUuMvBPToZJrxNSsjI+S2Z+I3iEJAELMAAA==";
 393		
 394		std::vector<U8> binary_data(apr_base64_decode_len(protected_data.c_str()));
 395		apr_base64_decode_binary(&binary_data[0], protected_data.c_str());
 396
 397		LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES);
 398		cipher.decrypt(&binary_data[0], 16);
 399		unsigned char unique_id[MAC_ADDRESS_BYTES];
 400        LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
 401		LLXORCipher cipher2(unique_id, sizeof(unique_id));
 402		cipher2.encrypt(&binary_data[0], 16);
 403		std::ofstream temp_file("sechandler_settings.tmp", std::ofstream::binary);
 404		temp_file.write((const char *)&binary_data[0], binary_data.size());
 405		temp_file.close();
 406
 407		LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp",
 408																		   "test_password.dat");
 409		handler->init();																		
 410		// data retrieval for existing data
 411		LLSD data = handler->getProtectedData("test_data_type", "test_data_id");
 412
 413
 414		ensure_equals("retrieve existing data1", (std::string)data["data1"], "test_data_1");
 415		ensure_equals("retrieve existing data2", (std::string)data["data2"], "test_data_2");
 416		ensure_equals("retrieve existing data3", (std::string)data["data3"]["elem1"], "test element1");
 417		
 418		// data storage
 419		LLSD store_data = LLSD::emptyMap();
 420		store_data["store_data1"] = "test_store_data1";
 421		store_data["store_data2"] = 27;
 422		store_data["store_data3"] = LLSD::emptyMap();
 423		store_data["store_data3"]["subelem1"] = "test_subelem1";
 424		
 425		handler->setProtectedData("test_data_type", "test_data_id1", store_data);
 426		data = handler->getProtectedData("test_data_type", "test_data_id");
 427		
 428		data = handler->getProtectedData("test_data_type", "test_data_id");
 429		// verify no overwrite of existing data
 430		ensure_equals("verify no overwrite 1", (std::string)data["data1"], "test_data_1");
 431		ensure_equals("verify no overwrite 2", (std::string)data["data2"], "test_data_2");
 432		ensure_equals("verify no overwrite 3", (std::string)data["data3"]["elem1"], "test element1");
 433		
 434		// verify written data is good
 435		data = handler->getProtectedData("test_data_type", "test_data_id1");
 436		ensure_equals("verify stored data1", (std::string)data["store_data1"], "test_store_data1");
 437		ensure_equals("verify stored data2", (int)data["store_data2"], 27);
 438		ensure_equals("verify stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1");
 439		
 440		// verify overwrite works
 441		handler->setProtectedData("test_data_type", "test_data_id", store_data);	
 442		data = handler->getProtectedData("test_data_type", "test_data_id");
 443		ensure_equals("verify overwrite stored data1", (std::string)data["store_data1"], "test_store_data1");
 444		ensure_equals("verify overwrite stored data2", (int)data["store_data2"], 27);
 445		ensure_equals("verify overwrite stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1");
 446		
 447		// verify other datatype doesn't conflict
 448		store_data["store_data3"] = "test_store_data3";
 449		store_data["store_data4"] = 28;
 450		store_data["store_data5"] = LLSD::emptyMap();
 451		store_data["store_data5"]["subelem2"] = "test_subelem2";
 452		
 453		handler->setProtectedData("test_data_type1", "test_data_id", store_data);	
 454		data = handler->getProtectedData("test_data_type1", "test_data_id");
 455		ensure_equals("verify datatype stored data3", (std::string)data["store_data3"], "test_store_data3");
 456		ensure_equals("verify datatype stored data4", (int)data["store_data4"], 28);
 457		ensure_equals("verify datatype stored data5", (std::string)data["store_data5"]["subelem2"], "test_subelem2");	
 458		
 459		// test data not found
 460
 461		data = handler->getProtectedData("test_data_type1", "test_data_not_found");
 462		ensure("not found", data.isUndefined());
 463
 464		// cause a 'write' by using 'LLPointer' to delete then instantiate a handler
 465		handler = NULL;
 466		handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
 467		handler->init();
 468
 469		data = handler->getProtectedData("test_data_type1", "test_data_id");
 470		ensure_equals("verify datatype stored data3a", (std::string)data["store_data3"], "test_store_data3");
 471		ensure_equals("verify datatype stored data4a", (int)data["store_data4"], 28);
 472		ensure_equals("verify datatype stored data5a", (std::string)data["store_data5"]["subelem2"], "test_subelem2");	
 473		
 474		// rewrite the initial file to verify reloads
 475		handler = NULL;
 476		std::ofstream temp_file2("sechandler_settings.tmp", std::ofstream::binary);
 477		temp_file2.write((const char *)&binary_data[0], binary_data.size());
 478		temp_file2.close();
 479		
 480		// cause a 'write'
 481		handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
 482		handler->init();		
 483		data = handler->getProtectedData("test_data_type1", "test_data_id");
 484		ensure("not found", data.isUndefined());
 485		
 486		handler->deleteProtectedData("test_data_type", "test_data_id");
 487		ensure("Deleted data not found", handler->getProtectedData("test_data_type", "test_data_id").isUndefined());
 488		
 489		LLFile::remove("sechandler_settings.tmp");
 490		handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
 491		handler->init();		
 492		data = handler->getProtectedData("test_data_type1", "test_data_id");
 493		ensure("not found", data.isUndefined());
 494		handler = NULL;
 495		
 496		ensure(LLFile::isfile("sechandler_settings.tmp"));
 497	}
 498	
 499	// test credenitals
 500	template<> template<>
 501	void sechandler_basic_test_object::test<3>()
 502	{
 503		LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
 504		handler->init();
 505
 506		LLSD my_id = LLSD::emptyMap();
 507		LLSD my_authenticator = LLSD::emptyMap();
 508		my_id["type"] = "test_type";
 509		my_id["username"] = "testuser@lindenlab.com";
 510		my_authenticator["type"] = "test_auth";
 511		my_authenticator["creds"] = "12345";
 512
 513		// test creation of credentials		
 514		LLPointer<LLCredential> my_cred = handler->createCredential("my_grid", my_id, my_authenticator);
 515
 516		// test retrieval of credential components
 517		ensure_equals("basic credential creation: identifier", my_id, my_cred->getIdentifier());
 518		ensure_equals("basic credential creation: authenticator", my_authenticator, my_cred->getAuthenticator());
 519		ensure_equals("basic credential creation: grid", "my_grid", my_cred->getGrid());
 520		
 521		// test setting/overwriting of credential components
 522		my_id["first_name"] = "firstname";
 523		my_id.erase("username");
 524		my_authenticator.erase("creds");
 525		my_authenticator["hash"] = "6563245";
 526		
 527		my_cred->setCredentialData(my_id, my_authenticator);
 528		ensure_equals("set credential data: identifier", my_id, my_cred->getIdentifier());
 529		ensure_equals("set credential data: authenticator", my_authenticator, my_cred->getAuthenticator());
 530		ensure_equals("set credential data: grid", "my_grid", my_cred->getGrid());		
 531			
 532		// test loading of a credential, that hasn't been saved, without
 533		// any legacy saved credential data
 534		LLPointer<LLCredential> my_new_cred = handler->loadCredential("my_grid2");
 535		ensure("unknown credential load test", my_new_cred->getIdentifier().isMap());
 536		ensure("unknown credential load test", !my_new_cred->getIdentifier().has("type"));		
 537		ensure("unknown credential load test", my_new_cred->getAuthenticator().isMap());
 538		ensure("unknown credential load test", !my_new_cred->getAuthenticator().has("type"));	
 539		// test saving of a credential
 540		handler->saveCredential(my_cred, true);
 541
 542		// test loading of a known credential
 543		my_new_cred = handler->loadCredential("my_grid");
 544		ensure_equals("load a known credential: identifier", my_id, my_new_cred->getIdentifier());
 545		ensure_equals("load a known credential: authenticator",my_authenticator, my_new_cred->getAuthenticator());
 546		ensure_equals("load a known credential: grid", "my_grid", my_cred->getGrid());
 547	
 548		// test deletion of a credential
 549		handler->deleteCredential(my_new_cred);
 550
 551		ensure("delete credential: identifier", my_new_cred->getIdentifier().isUndefined());
 552		ensure("delete credentialt: authenticator", my_new_cred->getIdentifier().isUndefined());
 553		ensure_equals("delete credential: grid", "my_grid", my_cred->getGrid());		
 554		// load unknown cred
 555		
 556		my_new_cred = handler->loadCredential("my_grid");
 557		ensure("deleted credential load test", my_new_cred->getIdentifier().isMap());
 558		ensure("deleted credential load test", !my_new_cred->getIdentifier().has("type"));		
 559		ensure("deleted credential load test", my_new_cred->getAuthenticator().isMap());
 560		ensure("deleted credential load test", !my_new_cred->getAuthenticator().has("type"));
 561		
 562		// test loading of an unknown credential with legacy saved username, but without
 563		// saved password
 564		gFirstName = "myfirstname";
 565		gLastName = "mylastname";
 566		my_new_cred = handler->loadCredential("my_legacy_grid");
 567		ensure_equals("legacy credential with no password: type", 
 568					  (const std::string)my_new_cred->getIdentifier()["type"], "agent");
 569		ensure_equals("legacy credential with no password: first_name", 
 570					  (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname");
 571		ensure_equals("legacy credential with no password: last_name",
 572					  (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname");
 573		
 574		ensure("legacy credential with no password: no authenticator", my_new_cred->getAuthenticator().isUndefined());
 575		
 576		// test loading of an unknown credential with legacy saved password and username
 577
 578		std::string hashed_password = "fSQcLG03eyIWJmkzfyYaKm81dSweLmsxeSAYKGE7fSQ=";		
 579		int length = apr_base64_decode_len(hashed_password.c_str());
 580		std::vector<char> decoded_password(length);
 581		apr_base64_decode(&decoded_password[0], hashed_password.c_str());
 582		LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES);
 583		cipher.decrypt((U8*)&decoded_password[0], length);
 584		unsigned char unique_id[MAC_ADDRESS_BYTES];
 585		LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
 586		LLXORCipher cipher2(unique_id, sizeof(unique_id));
 587		cipher2.encrypt((U8*)&decoded_password[0], length);
 588		llofstream password_file("test_password.dat", std::ofstream::binary);
 589		password_file.write(&decoded_password[0], length); 
 590		password_file.close();
 591		
 592		my_new_cred = handler->loadCredential("my_legacy_grid2");		
 593		ensure_equals("legacy credential with password: type", 
 594					  (const std::string)my_new_cred->getIdentifier()["type"], "agent");
 595		ensure_equals("legacy credential with password: first_name", 
 596					  (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname");
 597		ensure_equals("legacy credential with password: last_name",
 598					  (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname");
 599		
 600		LLSD legacy_authenticator = my_new_cred->getAuthenticator();
 601		ensure_equals("legacy credential with password: type", 
 602					  (std::string)legacy_authenticator["type"], 
 603					  "hash");
 604		ensure_equals("legacy credential with password: algorithm", 
 605					  (std::string)legacy_authenticator["algorithm"], 
 606					  "md5");	
 607		ensure_equals("legacy credential with password: algorithm", 
 608					  (std::string)legacy_authenticator["secret"], 
 609					  "01234567890123456789012345678901");
 610		
 611		// test creation of credentials		
 612		my_cred = handler->createCredential("mysavedgrid", my_id, my_authenticator);
 613		// test save without saving authenticator. 		
 614		handler->saveCredential(my_cred, FALSE);
 615		my_new_cred = handler->loadCredential("mysavedgrid");	
 616		ensure_equals("saved credential without auth", 
 617					  (const std::string)my_new_cred->getIdentifier()["type"], "test_type");
 618		ensure("no authenticator values were saved", my_new_cred->getAuthenticator().isUndefined());
 619	}
 620
 621	// test cert vector
 622	template<> template<>
 623	void sechandler_basic_test_object::test<4>()
 624	{
 625		
 626		// validate create from empty vector
 627		LLPointer<LLBasicCertificateVector> test_vector = new LLBasicCertificateVector();
 628		ensure_equals("when loading with nothing, we should result in no certs in vector", test_vector->size(), 0);
 629		
 630		test_vector->add(new LLBasicCertificate(mPemTestCert));
 631		ensure_equals("one element in vector", test_vector->size(), 1);
 632		test_vector->add(new LLBasicCertificate(mPemChildCert));
 633		ensure_equals("two elements in vector after add", test_vector->size(), 2);
 634		
 635		test_vector->add(new LLBasicCertificate(mPemChildCert));
 636		ensure_equals("two elements in vector after re-add", test_vector->size(), 2);
 637		// validate order
 638		X509* test_cert = (*test_vector)[0]->getOpenSSLX509();		
 639		ensure("first cert added remains first cert", !X509_cmp(test_cert, mX509TestCert));
 640		X509_free(test_cert);
 641		
 642		test_cert = (*test_vector)[1]->getOpenSSLX509();	
 643		ensure("adding a duplicate cert", !X509_cmp(test_cert, mX509ChildCert));
 644		X509_free(test_cert);		
 645		
 646		//
 647		// validate iterator
 648		//
 649		LLBasicCertificateVector::iterator current_cert = test_vector->begin();
 650		LLBasicCertificateVector::iterator copy_current_cert = current_cert;
 651		// operator++(int)
 652		ensure("validate iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[0]);
 653		ensure("validate 2nd iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[1]);
 654		ensure("validate end iterator++", current_cert == test_vector->end());
 655		
 656		// copy 
 657		ensure("validate copy iterator element in vector is expected cert", *copy_current_cert == (*test_vector)[0]);		
 658		
 659		// operator--(int)
 660		current_cert--;
 661		ensure("validate iterator-- element in vector is expected cert", *current_cert-- == (*test_vector)[1]);		
 662		ensure("validate iterator-- element in vector is expected cert", *current_cert == (*test_vector)[0]);
 663		
 664		ensure("begin iterator is equal", current_cert == test_vector->begin());
 665		
 666		// operator++
 667		ensure("validate ++iterator element in vector is expected cert", *++current_cert == (*test_vector)[1]);				
 668		ensure("end of cert vector after ++iterator", ++current_cert == test_vector->end());
 669		// operator--
 670		ensure("validate --iterator element in vector is expected cert", *--current_cert == (*test_vector)[1]);		
 671		ensure("validate 2nd --iterator element in vector is expected cert", *--current_cert == (*test_vector)[0]);		
 672		
 673		// validate remove
 674		// validate create from empty vector
 675		test_vector = new LLBasicCertificateVector();
 676		test_vector->add(new LLBasicCertificate(mPemTestCert));
 677		test_vector->add(new LLBasicCertificate(mPemChildCert));
 678		test_vector->erase(test_vector->begin());
 679		ensure_equals("one element in store after remove", test_vector->size(), 1);
 680		test_cert = (*test_vector)[0]->getOpenSSLX509();
 681		ensure("validate cert was removed", !X509_cmp(test_cert, mX509ChildCert));
 682		X509_free(test_cert);
 683		
 684		// validate insert
 685		test_vector->insert(test_vector->begin(), new LLBasicCertificate(mPemChildCert));
 686		test_cert = (*test_vector)[0]->getOpenSSLX509();
 687		
 688		ensure("validate cert was inserted", !X509_cmp(test_cert, mX509ChildCert));
 689		X509_free(test_cert);	
 690
 691		//validate find
 692		LLSD find_info = LLSD::emptyMap();
 693		test_vector->insert(test_vector->begin(), new LLBasicCertificate(mPemRootCert));
 694		find_info["issuer_name"] = LLSD::emptyMap();
 695		find_info["issuer_name"]["commonName"] = "Roxies intermediate CA";
 696		find_info["md5_digest"] = "97:24:c7:4c:d4:ba:2d:0e:9c:a1:18:8e:3a:c6:1f:c3";
 697		current_cert = test_vector->find(find_info);
 698		ensure("found", current_cert != test_vector->end());
 699		ensure("found cert", (*current_cert).get() == (*test_vector)[1].get());
 700		find_info["sha1_digest"] = "bad value";
 701		current_cert =test_vector->find(find_info);
 702		ensure("didn't find cert", current_cert == test_vector->end());		
 703	}	
 704	
 705	// test cert store
 706	template<> template<>
 707	void sechandler_basic_test_object::test<5>()
 708	{
 709		// validate load with nothing
 710		LLFile::remove("mycertstore.pem");
 711		LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
 712		ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
 713		
 714		// validate load with empty file
 715		test_store->save();
 716		test_store = NULL;
 717		test_store = new LLBasicCertificateStore("mycertstore.pem");
 718		ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
 719		test_store=NULL;
 720		
 721		// instantiate a cert store from a file
 722		llofstream certstorefile("mycertstore.pem", std::ios::out);
 723		certstorefile << mPemChildCert << std::endl << mPemTestCert << std::endl;
 724		certstorefile.close();
 725		// validate loaded certs
 726		test_store = new LLBasicCertificateStore("mycertstore.pem");
 727		ensure_equals("two elements in store", test_store->size(), 2);
 728		
 729		// operator[]
 730		X509* test_cert = (*test_store)[0]->getOpenSSLX509();
 731
 732		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
 733		X509_free(test_cert);
 734		test_cert = (*test_store)[1]->getOpenSSLX509();
 735		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));	
 736		X509_free(test_cert);
 737
 738
 739		// validate save
 740		LLFile::remove("mycertstore.pem");
 741		test_store->save();
 742		test_store = NULL;
 743		test_store = new LLBasicCertificateStore("mycertstore.pem");
 744		ensure_equals("two elements in store after save", test_store->size(), 2);				
 745		LLCertificateStore::iterator current_cert = test_store->begin();		
 746		test_cert = (*current_cert)->getOpenSSLX509();
 747		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
 748		current_cert++;
 749		X509_free(test_cert);
 750		test_cert = (*current_cert)->getOpenSSLX509();
 751		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));	
 752		X509_free(test_cert);
 753		current_cert++;
 754		ensure("end of cert store", current_cert == test_store->end());
 755		
 756	}
 757	
 758	// cert name wildcard matching
 759	template<> template<>
 760	void sechandler_basic_test_object::test<6>()
 761	{
 762		ensure("simple name match", 
 763			   _cert_hostname_wildcard_match("foo", "foo"));
 764
 765		ensure("simple name match, with end period", 
 766			   _cert_hostname_wildcard_match("foo.", "foo."));
 767		
 768		ensure("simple name match, with begin period", 
 769			   _cert_hostname_wildcard_match(".foo", ".foo"));		
 770
 771		ensure("simple name match, with mismatched period cn", 
 772			   _cert_hostname_wildcard_match("foo.", "foo"));	
 773		
 774		ensure("simple name match, with mismatched period hostname", 
 775			   _cert_hostname_wildcard_match("foo", "foo."));	
 776		
 777		ensure("simple name match, with subdomain", 
 778			   _cert_hostname_wildcard_match("foo.bar", "foo.bar"));	
 779		
 780		ensure("stutter name match", 
 781			   _cert_hostname_wildcard_match("foobbbbfoo", "foo*bbbfoo"));			
 782		
 783		ensure("simple name match, with beginning wildcard", 
 784			   _cert_hostname_wildcard_match("foobar", "*bar"));	
 785		
 786		ensure("simple name match, with ending wildcard", 
 787			   _cert_hostname_wildcard_match("foobar", "foo*"));
 788		
 789		ensure("simple name match, with beginning null wildcard", 
 790			   _cert_hostname_wildcard_match("foobar", "*foobar"));			
 791
 792		ensure("simple name match, with ending null wildcard", 
 793			   _cert_hostname_wildcard_match("foobar", "foobar*"));
 794		
 795		ensure("simple name match, with embedded wildcard", 
 796			   _cert_hostname_wildcard_match("foobar", "f*r"));		
 797		
 798		ensure("simple name match, with embedded null wildcard", 
 799			   _cert_hostname_wildcard_match("foobar", "foo*bar"));
 800
 801		ensure("simple name match, with dual embedded wildcard", 
 802			   _cert_hostname_wildcard_match("foobar", "f*o*ar"));		
 803
 804		ensure("simple name mismatch", 
 805			   !_cert_hostname_wildcard_match("bar", "foo"));
 806		
 807		ensure("simple name mismatch, with end period", 
 808			   !_cert_hostname_wildcard_match("foobar.", "foo."));
 809		
 810		ensure("simple name mismatch, with begin period", 
 811			   !_cert_hostname_wildcard_match(".foobar", ".foo"));		
 812		
 813		ensure("simple name mismatch, with subdomain", 
 814			   !_cert_hostname_wildcard_match("foobar.bar", "foo.bar"));	
 815		
 816		ensure("simple name mismatch, with beginning wildcard", 
 817			   !_cert_hostname_wildcard_match("foobara", "*bar"));	
 818		
 819		ensure("simple name mismatch, with ending wildcard", 
 820			   !_cert_hostname_wildcard_match("oobar", "foo*"));
 821		
 822		ensure("simple name mismatch, with embedded wildcard", 
 823			   !_cert_hostname_wildcard_match("oobar", "f*r"));		
 824		
 825		ensure("simple name mismatch, with dual embedded wildcard", 
 826			   !_cert_hostname_wildcard_match("foobar", "f*d*ar"));
 827		
 828		ensure("simple wildcard", 
 829			   _cert_hostname_wildcard_match("foobar", "*"));
 830		
 831		ensure("long domain", 
 832			   _cert_hostname_wildcard_match("foo.bar.com", "foo.bar.com"));
 833		
 834		ensure("long domain with multiple wildcards", 
 835			   _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com"));	
 836
 837		ensure("end periods", 
 838			   _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com."));	
 839		
 840		ensure("match end period", 
 841			   _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com"));
 842		
 843		ensure("match end period2", 
 844			   _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com."));
 845		
 846		ensure("wildcard mismatch", 
 847			   !_cert_hostname_wildcard_match("bar.com", "*.bar.com"));	
 848		
 849		ensure("wildcard match", 
 850			   _cert_hostname_wildcard_match("foo.bar.com", "*.bar.com"));	
 851
 852		ensure("wildcard match", 
 853			   _cert_hostname_wildcard_match("foo.foo.bar.com", "*.bar.com"));	
 854		
 855		ensure("wildcard match", 
 856			   _cert_hostname_wildcard_match("foo.foo.bar.com", "*.*.com"));
 857		
 858		ensure("wildcard mismatch", 
 859			   !_cert_hostname_wildcard_match("foo.foo.bar.com", "*.foo.com"));			
 860	}
 861	
 862	// test cert chain
 863	template<> template<>
 864	void sechandler_basic_test_object::test<7>()
 865	{
 866		// validate create from empty chain
 867		LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
 868		ensure_equals("when loading with nothing, we should result in no certs in chain", test_chain->size(), 0);
 869
 870		// Single cert in the chain.
 871		X509_STORE_CTX *test_store = X509_STORE_CTX_new();
 872		test_store->cert = mX509ChildCert;		
 873		test_store->untrusted = NULL;
 874		test_chain = new LLBasicCertificateChain(test_store);
 875		X509_STORE_CTX_free(test_store);
 876		ensure_equals("two elements in store", test_chain->size(), 1);		
 877		X509* test_cert = (*test_chain)[0]->getOpenSSLX509();
 878		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
 879		X509_free(test_cert);		
 880		
 881		// cert + CA
 882		
 883		test_store = X509_STORE_CTX_new();
 884		test_store->cert = mX509ChildCert;
 885		test_store->untrusted = sk_X509_new_null();
 886		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
 887		test_chain = new LLBasicCertificateChain(test_store);
 888		X509_STORE_CTX_free(test_store);
 889		ensure_equals("two elements in store", test_chain->size(), 2);	
 890		test_cert = (*test_chain)[0]->getOpenSSLX509();
 891		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
 892		X509_free(test_cert);
 893		test_cert = (*test_chain)[1]->getOpenSSLX509();
 894		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));	
 895		X509_free(test_cert);
 896
 897		// cert + nonrelated
 898		
 899		test_store = X509_STORE_CTX_new();
 900		test_store->cert = mX509ChildCert;
 901		test_store->untrusted = sk_X509_new_null();
 902		sk_X509_push(test_store->untrusted, mX509TestCert);
 903		test_chain = new LLBasicCertificateChain(test_store);
 904		X509_STORE_CTX_free(test_store);
 905		ensure_equals("two elements in store", test_chain->size(), 1);	
 906		test_cert = (*test_chain)[0]->getOpenSSLX509();
 907		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
 908		X509_free(test_cert);
 909		
 910		// cert + CA + nonrelated
 911		test_store = X509_STORE_CTX_new();
 912		test_store->cert = mX509ChildCert;
 913		test_store->untrusted = sk_X509_new_null();
 914		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
 915		sk_X509_push(test_store->untrusted, mX509TestCert);
 916		test_chain = new LLBasicCertificateChain(test_store);
 917		X509_STORE_CTX_free(test_store);
 918		ensure_equals("two elements in store", test_chain->size(), 2);	
 919		test_cert = (*test_chain)[0]->getOpenSSLX509();
 920		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
 921		X509_free(test_cert);
 922		test_cert = (*test_chain)[1]->getOpenSSLX509();
 923		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));	
 924		X509_free(test_cert);
 925
 926		// cert + intermediate + CA 
 927		test_store = X509_STORE_CTX_new();
 928		test_store->cert = mX509ChildCert;
 929		test_store->untrusted = sk_X509_new_null();
 930		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
 931		sk_X509_push(test_store->untrusted, mX509RootCert);
 932		test_chain = new LLBasicCertificateChain(test_store);
 933		X509_STORE_CTX_free(test_store);
 934		ensure_equals("three elements in store", test_chain->size(), 3);	
 935		test_cert = (*test_chain)[0]->getOpenSSLX509();
 936		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
 937		X509_free(test_cert);
 938		test_cert = (*test_chain)[1]->getOpenSSLX509();
 939		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));	
 940		X509_free(test_cert);
 941
 942		test_cert = (*test_chain)[2]->getOpenSSLX509();
 943		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509RootCert));	
 944		X509_free(test_cert);		
 945	}
 946	// test cert validation
 947	template<> template<>
 948	void sechandler_basic_test_object::test<8>()
 949	{
 950		// start with a trusted store with our known root cert
 951		LLFile::remove("mycertstore.pem");
 952		LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
 953		test_store->add(new LLBasicCertificate(mX509RootCert));
 954		LLSD validation_params;
 955		
 956		// validate basic trust for a chain containing only the intermediate cert.  (1 deep)
 957		LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
 958
 959		test_chain->add(new LLBasicCertificate(mX509IntermediateCert));
 960
 961		test_store->validate(0, test_chain, validation_params);
 962
 963		// add the root certificate to the chain and revalidate
 964		test_chain->add(new LLBasicCertificate(mX509RootCert));	
 965		test_store->validate(0, test_chain, validation_params);
 966
 967		// add the child cert at the head of the chain, and revalidate (3 deep chain)
 968		test_chain->insert(test_chain->begin(), new LLBasicCertificate(mX509ChildCert));
 969		test_store->validate(0, test_chain, validation_params);
 970
 971		// basic failure cases
 972		test_chain = new LLBasicCertificateChain(NULL);
 973		//validate with only the child cert in chain, but child cert was previously
 974		// trusted
 975		test_chain->add(new LLBasicCertificate(mX509ChildCert));
 976		
 977		// validate without the trust flag.
 978		test_store->validate(VALIDATION_POLICY_TRUSTED, test_chain, validation_params);	
 979		
 980		// Validate with child cert but no parent, and no parent in CA store
 981		test_store = new LLBasicCertificateStore("mycertstore.pem");
 982		ensure_throws("no CA, with only a child cert", 
 983					  LLCertValidationTrustException, 
 984					  (*test_chain)[0],
 985					  test_store->validate, 
 986					  VALIDATION_POLICY_TRUSTED, 
 987					  test_chain, 
 988					  validation_params);
 989
 990
 991		// validate without the trust flag.
 992		test_store->validate(0, test_chain, validation_params);		
 993
 994		// clear out the store
 995		test_store = new LLBasicCertificateStore("mycertstore.pem");
 996		// append the intermediate cert
 997		test_chain->add(new LLBasicCertificate(mX509IntermediateCert));		
 998		ensure_throws("no CA, with child and intermediate certs", 
 999					  LLCertValidationTrustException, 
1000					  (*test_chain)[1],
1001					  test_store->validate, 
1002					  VALIDATION_POLICY_TRUSTED, 
1003					  test_chain, 
1004					  validation_params);
1005		// validate without the trust flag
1006		test_store->validate(0, test_chain, validation_params);
1007
1008		// Test time validity
1009		LLSD child_info;
1010		((*test_chain)[0])->getLLSD(child_info);
1011		validation_params = LLSD::emptyMap();
1012		validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() + 1.0);  
1013		test_store->validate(VALIDATION_POLICY_TIME, test_chain, validation_params);
1014
1015		validation_params = LLSD::emptyMap();		
1016		validation_params[CERT_VALIDATION_DATE] = child_info[CERT_VALID_FROM].asDate();
1017		
1018		validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() - 1.0);
1019 		
1020		// test not yet valid
1021		ensure_throws("Child cert not yet valid" , 
1022					  LLCertValidationExpirationException, 
1023					  (*test_chain)[0],
1024					  test_store->validate, 
1025					  VALIDATION_POLICY_TIME, 
1026					  test_chain, 
1027					  validation_params);	
1028		validation_params = LLSD::emptyMap();		
1029		validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_TO].asDate().secondsSinceEpoch() + 1.0);
1030 		
1031		// test cert expired
1032		ensure_throws("Child cert expired", 
1033					  LLCertValidationExpirationException, 
1034					  (*test_chain)[0],
1035					  test_store->validate, 
1036					  VALIDATION_POLICY_TIME, 
1037					  test_chain, 
1038					  validation_params);
1039
1040		// test SSL KU
1041		// validate basic trust for a chain containing child and intermediate.
1042		test_chain = new LLBasicCertificateChain(NULL);
1043		test_chain->add(new LLBasicCertificate(mX509ChildCert));
1044		test_chain->add(new LLBasicCertificate(mX509IntermediateCert));
1045		test_store->validate(VALIDATION_POLICY_SSL_KU, test_chain, validation_params);	
1046
1047		test_chain = new LLBasicCertificateChain(NULL);
1048		test_chain->add(new LLBasicCertificate(mX509TestCert));
1049
1050		test_store = new LLBasicCertificateStore("mycertstore.pem");		
1051		ensure_throws("Cert doesn't have ku", 
1052					  LLCertKeyUsageValidationException, 
1053					  (*test_chain)[0],
1054					  test_store->validate, 
1055					  VALIDATION_POLICY_SSL_KU, 
1056					  test_chain, 
1057					  validation_params);
1058		
1059		// test sha1RSA validation
1060		test_chain = new LLBasicCertificateChain(NULL);
1061		test_chain->add(new LLBasicCertificate(mSha1RSATestCert));	
1062		test_chain->add(new LLBasicCertificate(mSha1RSATestCA));
1063
1064		test_store->validate(0, test_chain, validation_params);	
1065	}
1066	
1067};
1068