2013-12-28 15:25:54 +00:00
|
|
|
{-# LANGUAGE BangPatterns #-}
|
2012-12-05 07:57:13 +00:00
|
|
|
module Certificate
|
2013-07-21 06:00:35 +00:00
|
|
|
( arbitraryX509
|
2013-12-28 15:25:54 +00:00
|
|
|
, arbitraryX509WithKey
|
2013-07-21 07:57:56 +00:00
|
|
|
, simpleCertificate
|
|
|
|
, simpleX509
|
2013-07-21 06:00:35 +00:00
|
|
|
) where
|
2010-12-06 08:07:05 +00:00
|
|
|
|
|
|
|
import Test.QuickCheck
|
2013-05-19 07:05:46 +00:00
|
|
|
import Data.X509
|
2011-11-11 22:53:17 +00:00
|
|
|
import Data.Time.Calendar (fromGregorian)
|
2013-05-19 07:05:46 +00:00
|
|
|
import Data.Time.Clock (secondsToDiffTime, UTCTime(..))
|
|
|
|
import qualified Data.ByteString as B
|
2011-11-11 22:53:17 +00:00
|
|
|
|
2012-12-05 07:57:13 +00:00
|
|
|
import PubKey
|
2010-12-06 08:07:05 +00:00
|
|
|
|
2013-12-28 15:25:54 +00:00
|
|
|
testExtensionEncode critical ext = ExtensionRaw (extOID ext) critical (extEncode ext)
|
|
|
|
|
2013-05-19 07:05:46 +00:00
|
|
|
arbitraryDN = return $ DistinguishedName []
|
2010-12-06 08:07:05 +00:00
|
|
|
|
|
|
|
arbitraryTime = do
|
2013-07-21 06:00:35 +00:00
|
|
|
year <- choose (1951, 2050)
|
|
|
|
month <- choose (1, 12)
|
|
|
|
day <- choose (1, 30)
|
|
|
|
hour <- choose (0, 23)
|
|
|
|
minute <- choose (0, 59)
|
|
|
|
second <- choose (0, 59)
|
|
|
|
--z <- arbitrary
|
|
|
|
return $ UTCTime (fromGregorian year month day) (secondsToDiffTime (hour * 3600 + minute * 60 + second))
|
2010-12-06 08:07:05 +00:00
|
|
|
|
2012-03-12 08:47:43 +00:00
|
|
|
maxSerial = 16777216
|
|
|
|
|
2013-05-19 07:05:46 +00:00
|
|
|
arbitraryCertificate pubKey = do
|
|
|
|
serial <- choose (0,maxSerial)
|
|
|
|
issuerdn <- arbitraryDN
|
|
|
|
subjectdn <- arbitraryDN
|
|
|
|
time1 <- arbitraryTime
|
|
|
|
time2 <- arbitraryTime
|
2013-12-28 15:25:54 +00:00
|
|
|
let sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)
|
2013-05-19 07:05:46 +00:00
|
|
|
return $ Certificate
|
2013-12-28 15:25:54 +00:00
|
|
|
{ certVersion = 3
|
2013-05-19 07:05:46 +00:00
|
|
|
, certSerial = serial
|
|
|
|
, certSignatureAlg = sigalg
|
|
|
|
, certIssuerDN = issuerdn
|
|
|
|
, certSubjectDN = subjectdn
|
|
|
|
, certValidity = (time1, time2)
|
|
|
|
, certPubKey = pubKey
|
2013-12-28 15:25:54 +00:00
|
|
|
, certExtensions = Extensions $ Just
|
|
|
|
[ testExtensionEncode True $ ExtKeyUsage [KeyUsage_digitalSignature,KeyUsage_keyEncipherment,KeyUsage_keyCertSign]
|
|
|
|
]
|
2013-05-19 07:05:46 +00:00
|
|
|
}
|
|
|
|
|
2013-07-21 07:57:56 +00:00
|
|
|
simpleCertificate pubKey =
|
|
|
|
Certificate
|
|
|
|
{ certVersion = 3
|
|
|
|
, certSerial = 0
|
2013-12-28 15:25:54 +00:00
|
|
|
, certSignatureAlg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)
|
2013-07-21 07:57:56 +00:00
|
|
|
, certIssuerDN = simpleDN
|
|
|
|
, certSubjectDN = simpleDN
|
|
|
|
, certValidity = (time1, time2)
|
|
|
|
, certPubKey = pubKey
|
2013-12-28 15:25:54 +00:00
|
|
|
, certExtensions = Extensions $ Just
|
|
|
|
[ testExtensionEncode True $ ExtKeyUsage [KeyUsage_digitalSignature,KeyUsage_keyEncipherment]
|
|
|
|
]
|
2013-07-21 07:57:56 +00:00
|
|
|
}
|
|
|
|
where time1 = UTCTime (fromGregorian 1999 1 1) 0
|
|
|
|
time2 = UTCTime (fromGregorian 2901 1 1) 0
|
|
|
|
simpleDN = DistinguishedName []
|
|
|
|
|
|
|
|
simpleX509 pubKey = do
|
|
|
|
let cert = simpleCertificate pubKey
|
|
|
|
sig = replicate 40 1
|
2013-12-28 15:25:54 +00:00
|
|
|
sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)
|
2013-07-21 07:57:56 +00:00
|
|
|
(signedExact, ()) = objectToSignedExact (\_ -> (B.pack sig,sigalg,())) cert
|
|
|
|
in signedExact
|
|
|
|
|
2013-12-28 15:25:54 +00:00
|
|
|
arbitraryX509WithKey (pubKey, _) = do
|
|
|
|
cert <- arbitraryCertificate pubKey
|
2013-07-21 06:00:35 +00:00
|
|
|
sig <- resize 40 $ listOf1 arbitrary
|
2013-12-28 15:25:54 +00:00
|
|
|
let sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)
|
|
|
|
let (signedExact, ()) = objectToSignedExact (\(!(_)) -> (B.pack sig,sigalg,())) cert
|
2013-07-21 06:00:35 +00:00
|
|
|
return signedExact
|
2011-11-11 22:53:17 +00:00
|
|
|
|
|
|
|
arbitraryX509 = do
|
2013-12-28 15:25:54 +00:00
|
|
|
let (pubKey, privKey) = getGlobalRSAPair
|
|
|
|
arbitraryX509WithKey (PubKeyRSA pubKey, PrivKeyRSA privKey)
|