2012-12-05 07:57:13 +00:00
|
|
|
module Certificate
|
2013-07-21 06:00:35 +00:00
|
|
|
( arbitraryX509
|
|
|
|
, arbitraryX509WithPublicKey
|
2013-07-21 07:57:56 +00:00
|
|
|
, simpleCertificate
|
|
|
|
, simpleX509
|
2013-07-21 06:00:35 +00:00
|
|
|
) where
|
2010-12-06 08:07:05 +00:00
|
|
|
|
|
|
|
import Test.QuickCheck
|
2013-05-19 07:05:46 +00:00
|
|
|
import Data.X509
|
2011-11-11 22:53:17 +00:00
|
|
|
import Data.Time.Calendar (fromGregorian)
|
2013-05-19 07:05:46 +00:00
|
|
|
import Data.Time.Clock (secondsToDiffTime, UTCTime(..))
|
|
|
|
import qualified Data.ByteString as B
|
2011-11-11 22:53:17 +00:00
|
|
|
|
2012-12-05 07:57:13 +00:00
|
|
|
import PubKey
|
2010-12-06 08:07:05 +00:00
|
|
|
|
2013-05-19 07:05:46 +00:00
|
|
|
arbitraryDN = return $ DistinguishedName []
|
2010-12-06 08:07:05 +00:00
|
|
|
|
|
|
|
arbitraryTime = do
|
2013-07-21 06:00:35 +00:00
|
|
|
year <- choose (1951, 2050)
|
|
|
|
month <- choose (1, 12)
|
|
|
|
day <- choose (1, 30)
|
|
|
|
hour <- choose (0, 23)
|
|
|
|
minute <- choose (0, 59)
|
|
|
|
second <- choose (0, 59)
|
|
|
|
--z <- arbitrary
|
|
|
|
return $ UTCTime (fromGregorian year month day) (secondsToDiffTime (hour * 3600 + minute * 60 + second))
|
2010-12-06 08:07:05 +00:00
|
|
|
|
2012-03-12 08:47:43 +00:00
|
|
|
maxSerial = 16777216
|
|
|
|
|
2013-05-19 07:05:46 +00:00
|
|
|
arbitraryCertificate pubKey = do
|
|
|
|
version <- choose (1,3)
|
|
|
|
serial <- choose (0,maxSerial)
|
|
|
|
issuerdn <- arbitraryDN
|
|
|
|
subjectdn <- arbitraryDN
|
|
|
|
time1 <- arbitraryTime
|
|
|
|
time2 <- arbitraryTime
|
|
|
|
let sigalg = SignatureALG HashMD5 PubKeyALG_RSA
|
|
|
|
return $ Certificate
|
|
|
|
{ certVersion = version
|
|
|
|
, certSerial = serial
|
|
|
|
, certSignatureAlg = sigalg
|
|
|
|
, certIssuerDN = issuerdn
|
|
|
|
, certSubjectDN = subjectdn
|
|
|
|
, certValidity = (time1, time2)
|
|
|
|
, certPubKey = pubKey
|
|
|
|
, certExtensions = Extensions Nothing
|
|
|
|
}
|
|
|
|
|
2013-07-21 07:57:56 +00:00
|
|
|
simpleCertificate pubKey =
|
|
|
|
Certificate
|
|
|
|
{ certVersion = 3
|
|
|
|
, certSerial = 0
|
|
|
|
, certSignatureAlg = SignatureALG HashSHA1 PubKeyALG_RSA
|
|
|
|
, certIssuerDN = simpleDN
|
|
|
|
, certSubjectDN = simpleDN
|
|
|
|
, certValidity = (time1, time2)
|
|
|
|
, certPubKey = pubKey
|
|
|
|
, certExtensions = Extensions Nothing
|
|
|
|
}
|
|
|
|
where time1 = UTCTime (fromGregorian 1999 1 1) 0
|
|
|
|
time2 = UTCTime (fromGregorian 2901 1 1) 0
|
|
|
|
simpleDN = DistinguishedName []
|
|
|
|
|
|
|
|
simpleX509 pubKey = do
|
|
|
|
let cert = simpleCertificate pubKey
|
|
|
|
sig = replicate 40 1
|
|
|
|
sigalg = SignatureALG HashMD5 PubKeyALG_RSA
|
|
|
|
(signedExact, ()) = objectToSignedExact (\_ -> (B.pack sig,sigalg,())) cert
|
|
|
|
in signedExact
|
|
|
|
|
2013-05-19 07:05:46 +00:00
|
|
|
{-
|
2011-02-20 17:42:05 +00:00
|
|
|
arbitraryX509Cert pubKey = do
|
2012-03-28 07:06:13 +00:00
|
|
|
version <- choose (1,3)
|
|
|
|
serial <- choose (0,maxSerial)
|
|
|
|
issuerdn <- arbitraryDN
|
|
|
|
subjectdn <- arbitraryDN
|
|
|
|
time1 <- arbitraryTime
|
|
|
|
time2 <- arbitraryTime
|
|
|
|
let sigalg = X509.SignatureALG X509.HashMD5 X509.PubKeyALG_RSA
|
|
|
|
return $ Cert.Certificate
|
|
|
|
{ X509.certVersion = version
|
|
|
|
, X509.certSerial = serial
|
|
|
|
, X509.certSignatureAlg = sigalg
|
|
|
|
, X509.certIssuerDN = issuerdn
|
|
|
|
, X509.certSubjectDN = subjectdn
|
|
|
|
, X509.certValidity = (time1, time2)
|
|
|
|
, X509.certPubKey = pubKey
|
|
|
|
, X509.certExtensions = Nothing
|
|
|
|
}
|
2013-05-19 07:05:46 +00:00
|
|
|
-}
|
2011-02-20 08:35:14 +00:00
|
|
|
|
2011-11-11 22:53:17 +00:00
|
|
|
arbitraryX509WithPublicKey pubKey = do
|
2013-07-21 06:00:35 +00:00
|
|
|
cert <- arbitraryCertificate (PubKeyRSA pubKey)
|
|
|
|
sig <- resize 40 $ listOf1 arbitrary
|
|
|
|
let sigalg = SignatureALG HashMD5 PubKeyALG_RSA
|
|
|
|
let (signedExact, ()) = objectToSignedExact (\_ -> (B.pack sig,sigalg,())) cert
|
|
|
|
return signedExact
|
2011-11-11 22:53:17 +00:00
|
|
|
|
|
|
|
arbitraryX509 = do
|
2013-07-21 06:00:35 +00:00
|
|
|
let pubKey = fst $ getGlobalRSAPair
|
|
|
|
arbitraryX509WithPublicKey pubKey
|