From 658ccc3e85487f9f24ff3b5926e60d6cce7f42e0 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Wed, 7 Apr 2010 11:08:04 -0700 Subject: Re-insert backed out SLE checkin so we can fix it --- indra/newview/llsecapi.cpp | 161 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 indra/newview/llsecapi.cpp (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp new file mode 100644 index 0000000000..ba343f5387 --- /dev/null +++ b/indra/newview/llsecapi.cpp @@ -0,0 +1,161 @@ +/** + * @file llsecapi.cpp + * @brief Security API for services such as certificate handling + * secure local storage, etc. + * + * $LicenseInfo:firstyear=2009&license=viewergpl$ + * + * Copyright (c) 2009, Linden Research, Inc. + * + * Second Life Viewer Source Code + * The source code in this file ("Source Code") is provided by Linden Lab + * to you under the terms of the GNU General Public License, version 2.0 + * ("GPL"), unless you have obtained a separate licensing agreement + * ("Other License"), formally executed by you and Linden Lab. Terms of + * the GPL can be found in doc/GPL-license.txt in this distribution, or + * online at http://secondlife.com/developers/opensource/gplv2 + * + * There are special exceptions to the terms and conditions of the GPL as + * it is applied to this Source Code. View the full text of the exception + * in the file doc/FLOSS-exception.txt in this software distribution, or + * online at http://secondlife.com/developers/opensource/flossexception + * + * By copying, modifying or distributing this software, you acknowledge + * that you have read and understood your obligations described above, + * and agree to abide by those obligations. + * + * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO + * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, + * COMPLETENESS OR PERFORMANCE. + * $/LicenseInfo$ + */ + + +#include "llviewerprecompiledheaders.h" +#include "llsecapi.h" +#include "llsechandler_basic.h" +#include +#include +#include "llhttpclient.h" + + + +std::map > gHandlerMap; +LLPointer gSecAPIHandler; + +void initializeSecHandler() +{ + OpenSSL_add_all_algorithms(); + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); + gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler(); + + + // Currently, we only have the Basic handler, so we can point the main sechandler + // pointer to the basic handler. Later, we'll create a wrapper handler that + // selects the appropriate sechandler as needed, for instance choosing the + // mac keyring handler, with fallback to the basic sechandler + gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER]; + + // initialize all SecAPIHandlers + LLProtectedDataException ex = LLProtectedDataException(""); + std::map >::const_iterator itr; + for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr) + { + LLPointer handler = (*itr).second; + try + { + handler->init(); + } + catch (LLProtectedDataException e) + { + ex = e; + } + } + if (ex.getMessage().length() > 0 ) // an exception was thrown. + { + throw ex; + } + +} +// start using a given security api handler. If the string is empty +// the default is used +LLPointer getSecHandler(const std::string& handler_type) +{ + if (gHandlerMap.find(handler_type) != gHandlerMap.end()) + { + return gHandlerMap[handler_type]; + } + else + { + return LLPointer(NULL); + } +} +// register a handler +void registerSecHandler(const std::string& handler_type, + LLPointer& handler) +{ + gHandlerMap[handler_type] = handler; +} + +std::ostream& operator <<(std::ostream& s, const LLCredential& cred) +{ + return s << (std::string)cred; +} + + +// secapiSSLCertVerifyCallback +// basic callback called when a cert verification is requested. +// calls SECAPI to validate the context +// not initialized in the above initialization function, due to unit tests +// see llappviewer + +int secapiSSLCertVerifyCallback(X509_STORE_CTX *ctx, void *param) +{ + LLURLRequest *req = (LLURLRequest *)param; + LLPointer store = gSecAPIHandler->getCertificateStore(""); + LLPointer chain = gSecAPIHandler->getCertificateChain(ctx); + LLSD validation_params = LLSD::emptyMap(); + LLURI uri(req->getURL()); + validation_params[CERT_HOSTNAME] = uri.hostName(); + try + { + chain->validate(VALIDATION_POLICY_SSL, store, validation_params); + } + catch (LLCertValidationTrustException& cert_exception) + { + LL_WARNS("AppInit") << "Cert not trusted: " << cert_exception.getMessage() << LL_ENDL; + return 0; + } + catch (LLCertException& cert_exception) + { + LL_WARNS("AppInit") << "cert error " << cert_exception.getMessage() << LL_ENDL; + return 0; + } + catch (...) + { + LL_WARNS("AppInit") << "cert error " << LL_ENDL; + return 0; + } + return 1; +} + +LLSD LLCredential::getLoginParams() +{ + LLSD result = LLSD::emptyMap(); + if (mIdentifier["type"].asString() == "agent") + { + // legacy credential + result["passwd"] = "$1$" + mAuthenticator["secret"].asString(); + result["first"] = mIdentifier["first_name"]; + result["last"] = mIdentifier["last_name"]; + + } + else if (mIdentifier["type"].asString() == "account") + { + result["username"] = mIdentifier["account_name"]; + result["passwd"] = mAuthenticator["secret"]; + + } + return result; +} -- cgit v1.3 From 5e727964dbd6d5e55dd3a0921e8e1f0f77a99747 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Thu, 22 Apr 2010 15:09:34 -0700 Subject: DEV-49332 - cryptic error message when typing in single username when logging into maingrid. Needs to be changed when IE is checked in, of course. Now we check the expected credential formats for a given grid against the format that is typed in, and throw an error if it's invalid. --- indra/newview/llpanellogin.cpp | 42 ++++++++++++++--- indra/newview/llpanellogin.h | 2 +- indra/newview/llsecapi.cpp | 52 +++++++++++++++++----- indra/newview/llsecapi.h | 6 +++ indra/newview/llstartup.cpp | 2 +- indra/newview/llviewernetwork.cpp | 18 ++++++-- indra/newview/llviewernetwork.h | 6 +-- .../newview/skins/default/xui/en/notifications.xml | 8 ++++ indra/newview/tests/lllogininstance_test.cpp | 7 +++ indra/newview/tests/llviewernetwork_test.cpp | 10 ++--- 10 files changed, 122 insertions(+), 31 deletions(-) (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llpanellogin.cpp b/indra/newview/llpanellogin.cpp index 22fb70de73..63fe7bfa91 100644 --- a/indra/newview/llpanellogin.cpp +++ b/indra/newview/llpanellogin.cpp @@ -571,7 +571,7 @@ void LLPanelLogin::setFields(LLPointer credential, // static void LLPanelLogin::getFields(LLPointer& credential, - BOOL remember) + BOOL& remember) { if (!sInstance) { @@ -603,14 +603,14 @@ void LLPanelLogin::getFields(LLPointer& credential, { LL_INFOS2("Credentials", "Authentication") << "account: " << username << LL_ENDL; // single username, so this is a 'clear' identifier - identifier["type"] = "account"; + identifier["type"] = CRED_IDENTIFIER_TYPE_ACCOUNT; identifier["account_name"] = username; if (LLPanelLogin::sInstance->mPasswordModified) { authenticator = LLSD::emptyMap(); // password is plaintext - authenticator["type"] = "clear"; + authenticator["type"] = CRED_AUTHENTICATOR_TYPE_CLEAR; authenticator["secret"] = password; } } @@ -618,14 +618,14 @@ void LLPanelLogin::getFields(LLPointer& credential, { LL_INFOS2("Credentials", "Authentication") << "agent: " << username << LL_ENDL; // traditional firstname / lastname - identifier["type"] = "agent"; + identifier["type"] = CRED_IDENTIFIER_TYPE_AGENT; identifier["first_name"] = username.substr(0, separator_index); identifier["last_name"] = username.substr(separator_index+1, username.npos); if (LLPanelLogin::sInstance->mPasswordModified) { authenticator = LLSD::emptyMap(); - authenticator["type"] = "hash"; + authenticator["type"] = CRED_AUTHENTICATOR_TYPE_HASH; authenticator["algorithm"] = "md5"; LLMD5 pass((const U8 *)password.c_str()); char md5pass[33]; /* Flawfinder: ignore */ @@ -978,14 +978,42 @@ void LLPanelLogin::onClickConnect(void *) } updateStartSLURL(); std::string username = sInstance->childGetText("username_edit"); + + if(username.empty()) { + // user must type in something into the username field LLNotificationsUtil::add("MustHaveAccountToLogIn"); } else { - // has both first and last name typed - sInstance->mCallback(0, sInstance->mCallbackData); + LLPointer cred; + BOOL remember; + getFields(cred, remember); + std::string identifier_type; + cred->identifierType(identifier_type); + LLSD allowed_credential_types; + LLGridManager::getInstance()->getLoginIdentifierTypes(allowed_credential_types); + + // check the typed in credential type against the credential types expected by the server. + for(LLSD::array_iterator i = allowed_credential_types.beginArray(); + i != allowed_credential_types.endArray(); + i++) + { + + if(i->asString() == identifier_type) + { + // yay correct credential type + sInstance->mCallback(0, sInstance->mCallbackData); + return; + } + } + + // Right now, maingrid is the only thing that is picky about + // credential format, as it doesn't yet allow account (single username) + // format creds. - Rox. James, we wanna fix the message when we change + // this. + LLNotificationsUtil::add("InvalidCredentialFormat"); } } } diff --git a/indra/newview/llpanellogin.h b/indra/newview/llpanellogin.h index bca051691b..aa6884ea97 100644 --- a/indra/newview/llpanellogin.h +++ b/indra/newview/llpanellogin.h @@ -69,7 +69,7 @@ public: static void setFields(LLPointer credential, BOOL remember); - static void getFields(LLPointer& credential, BOOL remember); + static void getFields(LLPointer& credential, BOOL& remember); static BOOL isGridComboDirty(); static BOOL areCredentialFieldsDirty(); diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index ba343f5387..b3e96298d2 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -143,19 +143,51 @@ int secapiSSLCertVerifyCallback(X509_STORE_CTX *ctx, void *param) LLSD LLCredential::getLoginParams() { LLSD result = LLSD::emptyMap(); - if (mIdentifier["type"].asString() == "agent") + try { - // legacy credential - result["passwd"] = "$1$" + mAuthenticator["secret"].asString(); - result["first"] = mIdentifier["first_name"]; - result["last"] = mIdentifier["last_name"]; - + if (mIdentifier["type"].asString() == "agent") + { + // legacy credential + result["passwd"] = "$1$" + mAuthenticator["secret"].asString(); + result["first"] = mIdentifier["first_name"]; + result["last"] = mIdentifier["last_name"]; + + } + else if (mIdentifier["type"].asString() == "account") + { + result["username"] = mIdentifier["account_name"]; + result["passwd"] = mAuthenticator["secret"]; + + } } - else if (mIdentifier["type"].asString() == "account") + catch (...) { - result["username"] = mIdentifier["account_name"]; - result["passwd"] = mAuthenticator["secret"]; - + // we could have corrupt data, so simply return a null login param if so + LL_WARNS("AppInit") << "Invalid credential" << LL_ENDL; } return result; } + +void LLCredential::identifierType(std::string &idType) +{ + if(mIdentifier.has("type")) + { + idType = mIdentifier["type"].asString(); + } + else { + idType = std::string(); + + } +} + +void LLCredential::authenticatorType(std::string &idType) +{ + if(mAuthenticator.has("type")) + { + idType = mAuthenticator["type"].asString(); + } + else { + idType = std::string(); + + } +} \ No newline at end of file diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index 5211dc2699..59a1e1eff0 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -286,6 +286,10 @@ bool operator!=(const LLCertificateVector::iterator& _lhs, const LLCertificateVe } +#define CRED_IDENTIFIER_TYPE_ACCOUNT "account" +#define CRED_IDENTIFIER_TYPE_AGENT "agent" +#define CRED_AUTHENTICATOR_TYPE_CLEAR "clear" +#define CRED_AUTHENTICATOR_TYPE_HASH "hash" // // LLCredential - interface for credentials providing the following functionality: // * persistance of credential information based on grid (for saving username/password) @@ -312,7 +316,9 @@ public: mAuthenticator = authenticator; } virtual LLSD getIdentifier() { return mIdentifier; } + virtual void identifierType(std::string& idType); virtual LLSD getAuthenticator() { return mAuthenticator; } + virtual void authenticatorType(std::string& authType); virtual LLSD getLoginParams(); virtual std::string getGrid() { return mGrid; } diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp index eee92ac413..8e2097762a 100644 --- a/indra/newview/llstartup.cpp +++ b/indra/newview/llstartup.cpp @@ -799,7 +799,7 @@ bool idle_startup() gViewerWindow->moveProgressViewToFront(); //reset the values that could have come in from a slurl - // DEV-42215: Make sure they're not empty -- gFirstname and gLastname + // DEV-42215: Make sure they're not empty -- gUserCredential // might already have been set from gSavedSettings, and it's too bad // to overwrite valid values with empty strings. diff --git a/indra/newview/llviewernetwork.cpp b/indra/newview/llviewernetwork.cpp index 2673ba4e17..a160572f7a 100644 --- a/indra/newview/llviewernetwork.cpp +++ b/indra/newview/llviewernetwork.cpp @@ -35,6 +35,7 @@ #include "llviewernetwork.h" #include "llviewercontrol.h" #include "llsdserialize.h" +#include "llsecapi.h" #include "llweb.h" @@ -92,7 +93,7 @@ void LLGridManager::initialize(const std::string& grid_file) - addSystemGrid("Secondlife.com (Agni)", + addSystemGrid("Agni", MAINGRID, "https://login.agni.lindenlab.com/cgi-bin/login.cgi", "https://secondlife.com/helpers/", @@ -361,7 +362,17 @@ void LLGridManager::addGrid(LLSD& grid_data) if (!grid_data.has(GRID_HELPER_URI_VALUE)) { grid_data[GRID_HELPER_URI_VALUE] = std::string("https://") + grid + "/helpers/"; - } + } + + if (!grid_data.has(GRID_LOGIN_IDENTIFIER_TYPES)) + { + // non system grids and grids that haven't already been configured with values + // get both types of credentials. + grid_data[GRID_LOGIN_IDENTIFIER_TYPES] = LLSD::emptyArray(); + grid_data[GRID_LOGIN_IDENTIFIER_TYPES].append(CRED_IDENTIFIER_TYPE_AGENT); + grid_data[GRID_LOGIN_IDENTIFIER_TYPES].append(CRED_IDENTIFIER_TYPE_ACCOUNT); + } + LL_INFOS("GridManager") << "ADDING: " << grid << LL_ENDL; mGridList[grid] = grid_data; } @@ -384,7 +395,8 @@ void LLGridManager::addSystemGrid(const std::string& label, grid[GRID_LOGIN_URI_VALUE].append(login); grid[GRID_LOGIN_PAGE_VALUE] = login_page; grid[GRID_IS_SYSTEM_GRID_VALUE] = TRUE; - grid[GRID_LOGIN_CREDENTIAL_PAGE_TYPE_VALUE] = GRID_LOGIN_CREDENTIAL_PAGE_TYPE_AGENT; + grid[GRID_LOGIN_IDENTIFIER_TYPES] = LLSD::emptyArray(); + grid[GRID_LOGIN_IDENTIFIER_TYPES].append(CRED_IDENTIFIER_TYPE_AGENT); grid[GRID_APP_SLURL_BASE] = SYSTEM_GRID_APP_SLURL_BASE; if (login_id.empty()) diff --git a/indra/newview/llviewernetwork.h b/indra/newview/llviewernetwork.h index 46f21bf20f..0271e7a7a5 100644 --- a/indra/newview/llviewernetwork.h +++ b/indra/newview/llviewernetwork.h @@ -43,11 +43,8 @@ extern const char* DEFAULT_LOGIN_PAGE; #define GRID_LOGIN_PAGE_VALUE "login_page" #define GRID_IS_SYSTEM_GRID_VALUE "system_grid" #define GRID_IS_FAVORITE_VALUE "favorite" -#define GRID_LOGIN_CREDENTIAL_PAGE_TYPE_VALUE "credential_type" -#define GRID_LOGIN_CREDENTIAL_PAGE_TYPE_AGENT "agent" -#define GRID_LOGIN_CREDENTIAL_PAGE_TYPE_ACCOUNT "account" #define MAINGRID "util.agni.lindenlab.com" - +#define GRID_LOGIN_IDENTIFIER_TYPES "login_identifier_types" // defines slurl formats associated with various grids. // we need to continue to support existing forms, as slurls // are shared between viewers that may not understand newer @@ -119,6 +116,7 @@ public: std::string getLoginPage() {return mGridList[mGrid][GRID_LOGIN_PAGE_VALUE];} std::string getGridLoginID() { return mGridList[mGrid][GRID_ID_VALUE]; } std::string getLoginPage(const std::string& grid) { return mGridList[grid][GRID_LOGIN_PAGE_VALUE]; } + void getLoginIdentifierTypes(LLSD& idTypes) { idTypes = mGridList[mGrid][GRID_LOGIN_IDENTIFIER_TYPES]; } // build a slurl for the given region within the selected grid std::string getSLURLBase(const std::string& grid); diff --git a/indra/newview/skins/default/xui/en/notifications.xml b/indra/newview/skins/default/xui/en/notifications.xml index e06f36c823..a0a1113b4d 100644 --- a/indra/newview/skins/default/xui/en/notifications.xml +++ b/indra/newview/skins/default/xui/en/notifications.xml @@ -733,6 +733,14 @@ You need an account to enter [SECOND_LIFE]. Would you like to create one now? yestext="Create a new account"/> + +You need to enter both the First and Last name of your avatar into the Username field, then login again. + + + known_grids = manager->getKnownGrids(); ensure_equals("Known grids is a string-string map of size 18", known_grids.size(), 18); ensure_equals("Agni has the right name and label", - known_grids[std::string("util.agni.lindenlab.com")], std::string("Secondlife.com (Agni)")); + known_grids[std::string("util.agni.lindenlab.com")], std::string("Agni")); ensure_equals("None exists", known_grids[""], "None"); LLSD grid = LLGridManager::getInstance()->getGridInfo("util.agni.lindenlab.com"); @@ -153,7 +153,7 @@ namespace tut ensure_equals("name is correct for agni", grid[GRID_VALUE].asString(), std::string("util.agni.lindenlab.com")); ensure_equals("label is correct for agni", - grid[GRID_LABEL_VALUE].asString(), std::string("Secondlife.com (Agni)")); + grid[GRID_LABEL_VALUE].asString(), std::string("Agni")); ensure("Login URI is an array", grid[GRID_LOGIN_URI_VALUE].isArray()); ensure_equals("Agni login uri is correct", @@ -186,14 +186,14 @@ namespace tut ensure_equals("adding a grid via a grid file increases known grid size", known_grids.size(), 19); ensure_equals("Agni is still there after we've added a grid via a grid file", - known_grids["util.agni.lindenlab.com"], std::string("Secondlife.com (Agni)")); + known_grids["util.agni.lindenlab.com"], std::string("Agni")); // assure Agni doesn't get overwritten LLSD grid = LLGridManager::getInstance()->getGridInfo("util.agni.lindenlab.com"); ensure_equals("Agni grid label was not modified by grid file", - grid[GRID_LABEL_VALUE].asString(), std::string("Secondlife.com (Agni)")); + grid[GRID_LABEL_VALUE].asString(), std::string("Agni")); ensure_equals("Agni name wasn't modified by grid file", grid[GRID_VALUE].asString(), std::string("util.agni.lindenlab.com")); @@ -320,7 +320,7 @@ namespace tut LLGridManager::getInstance()->initialize("grid_test.xml"); LLGridManager::getInstance()->addGrid(grid); LLGridManager::getInstance()->setGridChoice("util.agni.lindenlab.com"); - ensure_equals("getGridLabel", LLGridManager::getInstance()->getGridLabel(), std::string("Secondlife.com (Agni)")); + ensure_equals("getGridLabel", LLGridManager::getInstance()->getGridLabel(), std::string("Agni")); ensure_equals("getGrid", LLGridManager::getInstance()->getGrid(), std::string("util.agni.lindenlab.com")); ensure_equals("getHelperURI", LLGridManager::getInstance()->getHelperURI(), -- cgit v1.3 From e15f2b9197206d5714f62d1981ffbf984dead5f4 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Thu, 22 Apr 2010 16:35:55 -0700 Subject: fix eol --- indra/newview/llsecapi.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index b3e96298d2..066ac40793 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -190,4 +190,4 @@ void LLCredential::authenticatorType(std::string &idType) idType = std::string(); } -} \ No newline at end of file +} -- cgit v1.3 From 2173bb5f6a58e6f5e1123e89b695e337a3203aae Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Thu, 29 Apr 2010 02:07:12 -0700 Subject: Add test for sha1WithRSAEncryption signed certs. Also removed redundant openssl initialization --- indra/newview/llsecapi.cpp | 5 +- indra/newview/tests/llsechandler_basic_test.cpp | 63 ++++++++++++++++++++++++- 2 files changed, 64 insertions(+), 4 deletions(-) (limited to 'indra/newview/llsecapi.cpp') diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index 066ac40793..89b799f297 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -35,6 +35,7 @@ #include "llsecapi.h" #include "llsechandler_basic.h" #include +#include #include #include "llhttpclient.h" @@ -45,9 +46,9 @@ LLPointer gSecAPIHandler; void initializeSecHandler() { + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); + gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler(); diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp index ba448d4b5b..fd680b24f0 100644 --- a/indra/newview/tests/llsechandler_basic_test.cpp +++ b/indra/newview/tests/llsechandler_basic_test.cpp @@ -47,6 +47,14 @@ #include #include #include "llxorcipher.h" +#include +#include +#include +#include +#include +#include +#include + #define ensure_throws(str, exc_type, cert, func, ...) \ try \ @@ -115,7 +123,7 @@ namespace tut // Test wrapper declaration : wrapping nothing for the moment struct sechandler_basic_test { - std::string mPemTestCert, mPemRootCert, mPemIntermediateCert, mPemChildCert; + std::string mPemTestCert, mPemRootCert, mPemIntermediateCert, mPemChildCert, mSha1RSATestCert, mSha1RSATestCA; std::string mDerFormat; X509 *mX509TestCert, *mX509RootCert, *mX509IntermediateCert, *mX509ChildCert; @@ -223,6 +231,49 @@ namespace tut "1ME7a55lFEnSeT0umlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5" "nmPbK+9A46sd33oqK8n8"; + mSha1RSATestCert = "-----BEGIN CERTIFICATE-----\n" + "MIIDFDCCAn2gAwIBAgIDDqqYMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n" + "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n" + "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTAwMTA1MDAzNjMwWhcNMTEwMTA3MjAyMTE0\n" + "WjCBnjEpMCcGA1UEBRMgQmNmc0RBRkl1U0YwdFpWVm5vOFJKbjVUbW9hNGR2Wkgx\n" + "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4g\n" + "RnJhbmNpc2NvMR0wGwYDVQQKExRMaW5kZW4gUmVzZWFyY2ggSW5jLjEYMBYGA1UE\n" + "AxQPKi5saW5kZW5sYWIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2\n" + "14Jdko8v6GB33hHbW+lNQyloFQtc2h4ykjf+fYPJ27dw6tQO2if7N3k/5XDkwC1N\n" + "krGgE9vt3iecCPgasue6k67Zyfj9HbEP2D+j38eROudrsxLaRFDQx50BvZ5YMNl3\n" + "4zQCj8/gCMsuq8cvaP9/rbJTUpgYWFGLsm8yAYOgWwIDAQABo4GuMIGrMA4GA1Ud\n" + "DwEB/wQEAwIE8DAdBgNVHQ4EFgQUIBK/JB9AyqquSEbkzt2Zux6v9sYwOgYDVR0f\n" + "BDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVj\n" + "YS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0lBBYw\n" + "FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAKKR84+hvLuB\n" + "pop9VG7HQPIyEKtZq3Nnk+UlJGfjGY3csLWSFmxU727r5DzdEP1W1PwF3rxuoKcZ\n" + "4nJJpKdzoGVujgBMP2U/J0PJvU7D8U3Zqu7nrXAjOHj7iVnvJ3EKJ1bvwXaisgPN\n" + "wt21kKfGnA4OlhJtJ6VQvUkcF12I3pTP\n" + "-----END CERTIFICATE-----\n"; + + mSha1RSATestCA = "-----BEGIN CERTIFICATE-----\n" + "MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV\n" + "UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy\n" + "dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1\n" + "MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx\n" + "dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B\n" + "AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f\n" + "BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A\n" + "cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC\n" + "AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ\n" + "MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm\n" + "aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw\n" + "ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj\n" + "IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF\n" + "MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA\n" + "A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y\n" + "7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh\n" + "1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4\n" + "-----END CERTIFICATE-----\n"; + + + + mX509TestCert = NULL; mX509RootCert = NULL; mX509IntermediateCert = NULL; @@ -951,7 +1002,7 @@ namespace tut validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() - 1.0); // test not yet valid - ensure_throws("Child cert not yet valid", + ensure_throws("Child cert not yet valid" , LLCertValidationExpirationException, (*test_chain)[0], test_chain->validate, @@ -987,6 +1038,14 @@ namespace tut VALIDATION_POLICY_SSL_KU, test_store, validation_params); + + // test sha1RSA validation + test_chain = new LLBasicCertificateChain(NULL); + test_chain->add(new LLBasicCertificate(mSha1RSATestCert)); + test_chain->add(new LLBasicCertificate(mSha1RSATestCA)); + + test_chain->validate(0, test_store, validation_params); } + }; -- cgit v1.3