hs-tls/core/Tests/Certificate.hs

{-# LANGUAGE BangPatterns #-}
module Certificate
    ( arbitraryX509
    , arbitraryX509WithKey
    , simpleCertificate
    , simpleX509
    ) where

import Test.QuickCheck
import Data.X509
import Data.Time.Calendar (fromGregorian)
import Data.Time.Clock (secondsToDiffTime, UTCTime(..))
import qualified Data.ByteString as B

import PubKey

testExtensionEncode critical ext = ExtensionRaw (extOID ext) critical (extEncode ext)

arbitraryDN = return $ DistinguishedName []

arbitraryTime = do
    year   <- choose (1951, 2050)
    month  <- choose (1, 12)
    day    <- choose (1, 30)
    hour   <- choose (0, 23)
    minute <- choose (0, 59)
    second <- choose (0, 59)
    --z      <- arbitrary
    return $ UTCTime (fromGregorian year month day) (secondsToDiffTime (hour * 3600 + minute * 60 + second))

maxSerial = 16777216

arbitraryCertificate pubKey = do
    serial    <- choose (0,maxSerial)
    issuerdn  <- arbitraryDN
    subjectdn <- arbitraryDN
    time1     <- arbitraryTime
    time2     <- arbitraryTime
    let sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)
    return $ Certificate
            { certVersion      = 3
            , certSerial       = serial
            , certSignatureAlg = sigalg
            , certIssuerDN     = issuerdn
            , certSubjectDN    = subjectdn
            , certValidity     = (time1, time2)
            , certPubKey       = pubKey
            , certExtensions   = Extensions $ Just
                [ testExtensionEncode True $ ExtKeyUsage [KeyUsage_digitalSignature,KeyUsage_keyEncipherment,KeyUsage_keyCertSign]
                ]
            }

simpleCertificate pubKey =
    Certificate
        { certVersion = 3
        , certSerial = 0
        , certSignatureAlg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)
        , certIssuerDN     = simpleDN
        , certSubjectDN    = simpleDN
        , certValidity     = (time1, time2)
        , certPubKey       = pubKey
        , certExtensions   = Extensions $ Just
                [ testExtensionEncode True $ ExtKeyUsage [KeyUsage_digitalSignature,KeyUsage_keyEncipherment]
                ]
        }
  where time1 = UTCTime (fromGregorian 1999 1 1) 0
        time2 = UTCTime (fromGregorian 2901 1 1) 0
        simpleDN = DistinguishedName []

simpleX509 pubKey = do
    let cert = simpleCertificate pubKey
        sig  = replicate 40 1
        sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)
        (signedExact, ()) = objectToSignedExact (\_ -> (B.pack sig,sigalg,())) cert
     in signedExact

arbitraryX509WithKey (pubKey, _) = do
    cert <- arbitraryCertificate pubKey
    sig  <- resize 40 $ listOf1 arbitrary
    let sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)
    let (signedExact, ()) = objectToSignedExact (\(!(_)) -> (B.pack sig,sigalg,())) cert
    return signedExact

arbitraryX509 = do
    let (pubKey, privKey) = getGlobalRSAPair
    arbitraryX509WithKey (PubKeyRSA pubKey, PrivKeyRSA privKey)
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`{-# LANGUAGE BangPatterns #-}`
create a test-suite that use tls as a library instead of using directly. use the secret Network.TLS.Internal module, and as a result, compile tls modules once now instead of twice each. 2012-12-05 07:57:13 +00:00			`module Certificate`
re-indent 2013-07-21 06:00:35 +00:00			`( arbitraryX509`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`, arbitraryX509WithKey`
add simple benchmark 2013-07-21 07:57:56 +00:00			`, simpleCertificate`
			`, simpleX509`
re-indent 2013-07-21 06:00:35 +00:00			`) where`
add a module to generate certificates 2010-12-06 08:07:05 +00:00
			`import Test.QuickCheck`
update for x509 2013-05-19 07:05:46 +00:00			`import Data.X509`
re-introduce certificate marshalling tests now that we can generate keys. 2011-11-11 22:53:17 +00:00			`import Data.Time.Calendar (fromGregorian)`
update for x509 2013-05-19 07:05:46 +00:00			`import Data.Time.Clock (secondsToDiffTime, UTCTime(..))`
			`import qualified Data.ByteString as B`
re-introduce certificate marshalling tests now that we can generate keys. 2011-11-11 22:53:17 +00:00
create a test-suite that use tls as a library instead of using directly. use the secret Network.TLS.Internal module, and as a result, compile tls modules once now instead of twice each. 2012-12-05 07:57:13 +00:00			`import PubKey`
add a module to generate certificates 2010-12-06 08:07:05 +00:00
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`testExtensionEncode critical ext = ExtensionRaw (extOID ext) critical (extEncode ext)`

update for x509 2013-05-19 07:05:46 +00:00			`arbitraryDN = return $ DistinguishedName []`
add a module to generate certificates 2010-12-06 08:07:05 +00:00
			`arbitraryTime = do`
re-indent 2013-07-21 06:00:35 +00:00			`year <- choose (1951, 2050)`
			`month <- choose (1, 12)`
			`day <- choose (1, 30)`
			`hour <- choose (0, 23)`
			`minute <- choose (0, 59)`
			`second <- choose (0, 59)`
			`--z <- arbitrary`
			`return $ UTCTime (fromGregorian year month day) (secondsToDiffTime (hour * 3600 + minute * 60 + second))`
add a module to generate certificates 2010-12-06 08:07:05 +00:00
remove last two warnings 2012-03-12 08:47:43 +00:00			`maxSerial = 16777216`

update for x509 2013-05-19 07:05:46 +00:00			`arbitraryCertificate pubKey = do`
			`serial <- choose (0,maxSerial)`
			`issuerdn <- arbitraryDN`
			`subjectdn <- arbitraryDN`
			`time1 <- arbitraryTime`
			`time2 <- arbitraryTime`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`let sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)`
update for x509 2013-05-19 07:05:46 +00:00			`return $ Certificate`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`{ certVersion = 3`
update for x509 2013-05-19 07:05:46 +00:00			`, certSerial = serial`
			`, certSignatureAlg = sigalg`
			`, certIssuerDN = issuerdn`
			`, certSubjectDN = subjectdn`
			`, certValidity = (time1, time2)`
			`, certPubKey = pubKey`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`, certExtensions = Extensions $ Just`
			`[ testExtensionEncode True $ ExtKeyUsage [KeyUsage_digitalSignature,KeyUsage_keyEncipherment,KeyUsage_keyCertSign]`
			`]`
update for x509 2013-05-19 07:05:46 +00:00			`}`

add simple benchmark 2013-07-21 07:57:56 +00:00			`simpleCertificate pubKey =`
			`Certificate`
			`{ certVersion = 3`
			`, certSerial = 0`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`, certSignatureAlg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)`
add simple benchmark 2013-07-21 07:57:56 +00:00			`, certIssuerDN = simpleDN`
			`, certSubjectDN = simpleDN`
			`, certValidity = (time1, time2)`
			`, certPubKey = pubKey`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`, certExtensions = Extensions $ Just`
			`[ testExtensionEncode True $ ExtKeyUsage [KeyUsage_digitalSignature,KeyUsage_keyEncipherment]`
			`]`
add simple benchmark 2013-07-21 07:57:56 +00:00			`}`
			`where time1 = UTCTime (fromGregorian 1999 1 1) 0`
			`time2 = UTCTime (fromGregorian 2901 1 1) 0`
			`simpleDN = DistinguishedName []`

			`simpleX509 pubKey = do`
			`let cert = simpleCertificate pubKey`
			`sig = replicate 40 1`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)`
add simple benchmark 2013-07-21 07:57:56 +00:00			`(signedExact, ()) = objectToSignedExact (\_ -> (B.pack sig,sigalg,())) cert`
			`in signedExact`

add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`arbitraryX509WithKey (pubKey, _) = do`
			`cert <- arbitraryCertificate pubKey`
re-indent 2013-07-21 06:00:35 +00:00			`sig <- resize 40 $ listOf1 arbitrary`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`let sigalg = SignatureALG HashSHA1 (pubkeyToAlg pubKey)`
			`let (signedExact, ()) = objectToSignedExact (\(!(_)) -> (B.pack sig,sigalg,())) cert`
re-indent 2013-07-21 06:00:35 +00:00			`return signedExact`
re-introduce certificate marshalling tests now that we can generate keys. 2011-11-11 22:53:17 +00:00
			`arbitraryX509 = do`
add tests related to DHE DSS 2013-12-28 15:25:54 +00:00			`let (pubKey, privKey) = getGlobalRSAPair`
			`arbitraryX509WithKey (PubKeyRSA pubKey, PrivKeyRSA privKey)`