diff options
| author | Ansariel <ansariel.hiller@phoenixviewer.com> | 2024-05-22 19:04:52 +0200 |
|---|---|---|
| committer | Ansariel <ansariel.hiller@phoenixviewer.com> | 2024-05-22 19:04:52 +0200 |
| commit | 1b67dd855c41f5a0cda7ec2a68d98071986ca703 (patch) | |
| tree | ab243607f74f78200787bba5b9b88f07ef1b966f /indra/newview/tests/llsechandler_basic_test.cpp | |
| parent | 6d6eabca44d08d5b97bfe3e941d2b9687c2246ea (diff) | |
| parent | e1623bb276f83a43ce7a197e388720c05bdefe61 (diff) | |
Merge remote-tracking branch 'origin/main' into DRTVWR-600-maint-A
# Conflicts:
# autobuild.xml
# indra/cmake/CMakeLists.txt
# indra/cmake/GoogleMock.cmake
# indra/llaudio/llaudioengine_fmodstudio.cpp
# indra/llaudio/llaudioengine_fmodstudio.h
# indra/llaudio/lllistener_fmodstudio.cpp
# indra/llaudio/lllistener_fmodstudio.h
# indra/llaudio/llstreamingaudio_fmodstudio.cpp
# indra/llaudio/llstreamingaudio_fmodstudio.h
# indra/llcharacter/llmultigesture.cpp
# indra/llcharacter/llmultigesture.h
# indra/llimage/llimage.cpp
# indra/llimage/llimagepng.cpp
# indra/llimage/llimageworker.cpp
# indra/llimage/tests/llimageworker_test.cpp
# indra/llmessage/tests/llmockhttpclient.h
# indra/llprimitive/llgltfmaterial.h
# indra/llrender/llfontfreetype.cpp
# indra/llui/llcombobox.cpp
# indra/llui/llfolderview.cpp
# indra/llui/llfolderviewmodel.h
# indra/llui/lllineeditor.cpp
# indra/llui/lllineeditor.h
# indra/llui/lltextbase.cpp
# indra/llui/lltextbase.h
# indra/llui/lltexteditor.cpp
# indra/llui/lltextvalidate.cpp
# indra/llui/lltextvalidate.h
# indra/llui/lluictrl.h
# indra/llui/llview.cpp
# indra/llwindow/llwindowmacosx.cpp
# indra/newview/app_settings/settings.xml
# indra/newview/llappearancemgr.cpp
# indra/newview/llappearancemgr.h
# indra/newview/llavatarpropertiesprocessor.cpp
# indra/newview/llavatarpropertiesprocessor.h
# indra/newview/llbreadcrumbview.cpp
# indra/newview/llbreadcrumbview.h
# indra/newview/llbreastmotion.cpp
# indra/newview/llbreastmotion.h
# indra/newview/llconversationmodel.h
# indra/newview/lldensityctrl.cpp
# indra/newview/lldensityctrl.h
# indra/newview/llface.inl
# indra/newview/llfloatereditsky.cpp
# indra/newview/llfloatereditwater.cpp
# indra/newview/llfloateremojipicker.h
# indra/newview/llfloaterimsessiontab.cpp
# indra/newview/llfloaterprofiletexture.cpp
# indra/newview/llfloaterprofiletexture.h
# indra/newview/llgesturemgr.cpp
# indra/newview/llgesturemgr.h
# indra/newview/llimpanel.cpp
# indra/newview/llimpanel.h
# indra/newview/llinventorybridge.cpp
# indra/newview/llinventorybridge.h
# indra/newview/llinventoryclipboard.cpp
# indra/newview/llinventoryclipboard.h
# indra/newview/llinventoryfunctions.cpp
# indra/newview/llinventoryfunctions.h
# indra/newview/llinventorygallery.cpp
# indra/newview/lllistbrowser.cpp
# indra/newview/lllistbrowser.h
# indra/newview/llpanelobjectinventory.cpp
# indra/newview/llpanelprofile.cpp
# indra/newview/llpanelprofile.h
# indra/newview/llpreviewgesture.cpp
# indra/newview/llsavedsettingsglue.cpp
# indra/newview/llsavedsettingsglue.h
# indra/newview/lltooldraganddrop.cpp
# indra/newview/llurllineeditorctrl.cpp
# indra/newview/llvectorperfoptions.cpp
# indra/newview/llvectorperfoptions.h
# indra/newview/llviewerparceloverlay.cpp
# indra/newview/llviewertexlayer.cpp
# indra/newview/llviewertexturelist.cpp
# indra/newview/macmain.h
# indra/test/test.cpp
Diffstat (limited to 'indra/newview/tests/llsechandler_basic_test.cpp')
| -rw-r--r-- | indra/newview/tests/llsechandler_basic_test.cpp | 2836 |
1 files changed, 1418 insertions, 1418 deletions
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp index c04d8cdc35..b1eccddff8 100644 --- a/indra/newview/tests/llsechandler_basic_test.cpp +++ b/indra/newview/tests/llsechandler_basic_test.cpp @@ -1,1418 +1,1418 @@ -/** - * @file llsechandler_basic_test.cpp - * @author Roxie - * @date 2009-02-10 - * @brief Test the 'basic' sec handler functions - * - * $LicenseInfo:firstyear=2005&license=viewerlgpl$ - * Second Life Viewer Source Code - * Copyright (C) 2010, Linden Research, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; - * version 2.1 of the License only. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA - * $/LicenseInfo$ - */ -#include "../llviewerprecompiledheaders.h" -#include "../test/lltut.h" -#include "../llsecapi.h" -#include "../llsechandler_basic.h" -#include "../../llxml/llcontrol.h" -#include "../llviewernetwork.h" -#include "lluuid.h" -#include "lldate.h" -#include "llxorcipher.h" -#include "apr_base64.h" -#include <vector> -#include <ios> -#include <llsdserialize.h> -#include <openssl/pem.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include "llxorcipher.h" -#include <openssl/ossl_typ.h> -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/pem.h> -#include <openssl/asn1.h> -#include <openssl/rand.h> -#include <openssl/err.h> -#include "../llmachineid.h" - -#define ensure_throws(str, exc_type, cert, func, ...) \ -try \ -{ \ -func(__VA_ARGS__); \ -fail("throws, " str); \ -} \ -catch(exc_type& except) \ -{ \ -LLSD cert_data; \ -cert->getLLSD(cert_data); \ -ensure("Exception cert is incorrect for " str, valueCompareLLSD(except.getCertData(), cert_data)); \ -} - -extern bool _cert_hostname_wildcard_match(const std::string& hostname, const std::string& wildcard_string); - -//---------------------------------------------------------------------------- -// Mock objects for the dependencies of the code we're testing - -std::string gFirstName; -std::string gLastName; -LLControlGroup::LLControlGroup(const std::string& name) -: LLInstanceTracker<LLControlGroup, std::string>(name) {} -LLControlGroup::~LLControlGroup() {} -LLControlVariable* LLControlGroup::declareString(const std::string& name, - const std::string& initial_val, - const std::string& comment, - LLControlVariable::ePersist persist) {return NULL;} -void LLControlGroup::setString(std::string_view name, const std::string& val){} -std::string LLControlGroup::getString(std::string_view name) -{ - - if (name == "FirstName") - return gFirstName; - else if (name == "LastName") - return gLastName; - return ""; -} - -// Stub for --no-verify-ssl-cert -bool LLControlGroup::getBOOL(std::string_view name) { return false; } - -LLSD LLCredential::getLoginParams() -{ - LLSD result = LLSD::emptyMap(); - - // legacy credential - result["passwd"] = "$1$testpasssd"; - result["first"] = "myfirst"; - result["last"] ="mylast"; - return result; -} - -void LLCredential::identifierType(std::string &idType) -{ -} - -void LLCredential::authenticatorType(std::string &idType) -{ -} - - -LLControlGroup gSavedSettings("test"); -unsigned char gMACAddress[MAC_ADDRESS_BYTES] = {77,21,46,31,89,2}; - - -S32 LLMachineID::getUniqueID(unsigned char *unique_id, size_t len) -{ - memcpy(unique_id, gMACAddress, len); - return 1; -} -S32 LLMachineID::getLegacyID(unsigned char *unique_id, size_t len) -{ - return 0; -} -S32 LLMachineID::init() { return 1; } - - -LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg) - : LLException(msg), - mCertData(cert_data) -{ - LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL; -} - - -// ------------------------------------------------------------------------------------------- -// TUT -// ------------------------------------------------------------------------------------------- -namespace tut -{ - const std::string mPemTestCert( - "Certificate:\n" - " Data:\n" - " Version: 3 (0x2)\n" - " Serial Number:\n" - " 04:00:00:00:00:01:15:4b:5a:c3:94\n" - " Signature Algorithm: sha1WithRSAEncryption\n" - " Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA\n" - " Validity\n" - " Not Before: Sep 1 12:00:00 1998 GMT\n" - " Not After : Jan 28 12:00:00 2028 GMT\n" - " Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA\n" - " Subject Public Key Info:\n" - " Public Key Algorithm: rsaEncryption\n" - " Public-Key: (2048 bit)\n" - " Modulus:\n" - " 00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:\n" - " 83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:\n" - " 63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:\n" - " 8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:\n" - " 70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:\n" - " 15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:\n" - " 6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:\n" - " 89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:\n" - " 54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:\n" - " 92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:\n" - " 75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:\n" - " c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:\n" - " bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:\n" - " ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:\n" - " 63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:\n" - " 48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:\n" - " 07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:\n" - " 90:cf\n" - " Exponent: 65537 (0x10001)\n" - " X509v3 extensions:\n" - " X509v3 Key Usage: critical\n" - " Certificate Sign, CRL Sign\n" - " X509v3 Basic Constraints: critical\n" - " CA:TRUE\n" - " X509v3 Subject Key Identifier: \n" - " 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B\n" - " Signature Algorithm: sha1WithRSAEncryption\n" - " d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28:32:b5:\n" - " 7c:fc:6c:9c:2c:2b:bd:09:9e:53:bf:6b:5e:aa:11:48:b6:e5:\n" - " 08:a3:b3:ca:3d:61:4d:d3:46:09:b3:3e:c3:a0:e3:63:55:1b:\n" - " f2:ba:ef:ad:39:e1:43:b9:38:a3:e6:2f:8a:26:3b:ef:a0:50:\n" - " 56:f9:c6:0a:fd:38:cd:c4:0b:70:51:94:97:98:04:df:c3:5f:\n" - " 94:d5:15:c9:14:41:9c:c4:5d:75:64:15:0d:ff:55:30:ec:86:\n" - " 8f:ff:0d:ef:2c:b9:63:46:f6:aa:fc:df:bc:69:fd:2e:12:48:\n" - " 64:9a:e0:95:f0:a6:ef:29:8f:01:b1:15:b5:0c:1d:a5:fe:69:\n" - " 2c:69:24:78:1e:b3:a7:1c:71:62:ee:ca:c8:97:ac:17:5d:8a:\n" - " c2:f8:47:86:6e:2a:c4:56:31:95:d0:67:89:85:2b:f9:6c:a6:\n" - " 5d:46:9d:0c:aa:82:e4:99:51:dd:70:b7:db:56:3d:61:e4:6a:\n" - " e1:5c:d6:f6:fe:3d:de:41:cc:07:ae:63:52:bf:53:53:f4:2b:\n" - " e9:c7:fd:b6:f7:82:5f:85:d2:41:18:db:81:b3:04:1c:c5:1f:\n" - " a4:80:6f:15:20:c9:de:0c:88:0a:1d:d6:66:55:e2:fc:48:c9:\n" - " 29:26:69:e0\n" - "-----BEGIN CERTIFICATE-----\n" - "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n" - "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n" - "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n" - "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n" - "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n" - "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n" - "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n" - "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n" - "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n" - "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n" - "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n" - "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n" - "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n" - "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n" - "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n" - "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n" - "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n" - "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n" - "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n" - "-----END CERTIFICATE-----\n" - ); - - /* - * The following certificates were generated using the instructions at - * https://jamielinux.com/docs/openssl-certificate-authority/sign-server-and-client-certificates.html - * with the exception that the server certificate has a longer expiration time, and the full text - * expansion was included in the certificates. - */ - const std::string mPemRootCert( - "Certificate:\n" - " Data:\n" - " Version: 3 (0x2)\n" - " Serial Number:\n" - " 82:2f:8f:eb:8d:06:24:b0\n" - " Signature Algorithm: sha256WithRSAEncryption\n" - " Issuer: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n" - " Validity\n" - " Not Before: May 22 22:19:45 2018 GMT\n" - " Not After : May 17 22:19:45 2038 GMT\n" - " Subject: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n" - " Subject Public Key Info:\n" - " Public Key Algorithm: rsaEncryption\n" - " Public-Key: (4096 bit)\n" - " Modulus:\n" - " 00:bd:e0:79:dd:3b:a6:ac:87:d0:39:f0:58:c7:a4:\n" - " 42:42:f6:5f:93:b0:36:04:b5:e2:d5:f7:2a:c0:6c:\n" - " a0:13:d2:1e:02:81:57:02:50:4c:57:b7:ef:27:9e:\n" - " f6:f1:f1:30:30:72:1e:57:34:e5:3f:82:3c:21:c4:\n" - " 66:d2:73:63:6c:91:e6:dd:49:9e:9c:b1:34:6a:81:\n" - " 45:a1:6e:c4:50:28:f2:d8:e3:fe:80:2f:83:aa:28:\n" - " 91:b4:8c:57:c9:f1:16:d9:0c:87:3c:25:80:a0:81:\n" - " 8d:71:f2:96:e2:16:f1:97:c4:b0:d8:53:bb:13:6c:\n" - " 73:54:2f:29:94:85:cf:86:6e:75:71:ad:39:e3:fc:\n" - " 39:12:53:93:1c:ce:39:e0:33:da:49:b7:3d:af:b0:\n" - " 37:ce:77:09:03:27:32:70:c0:9c:7f:9c:89:ce:90:\n" - " 45:b0:7d:94:8b:ff:13:27:ba:88:7f:ae:c4:aa:73:\n" - " d5:47:b8:87:69:89:80:0c:c1:22:18:78:c2:0d:47:\n" - " d9:10:ff:80:79:0d:46:71:ec:d9:ba:c9:f3:77:fd:\n" - " 92:6d:1f:0f:d9:54:18:6d:f6:72:24:5c:5c:3d:43:\n" - " 49:35:3e:1c:28:de:7e:44:dc:29:c3:9f:62:04:46:\n" - " aa:c4:e6:69:6a:15:f8:e3:74:1c:14:e9:f4:97:7c:\n" - " 30:6c:d4:28:fc:2a:0e:1d:6d:39:2e:1d:f9:17:43:\n" - " 35:5d:23:e7:ba:e3:a8:e9:97:6b:3c:3e:23:ef:d8:\n" - " bc:fb:7a:57:37:39:93:59:03:fc:78:ca:b1:31:ef:\n" - " 26:19:ed:56:e1:63:c3:ad:99:80:5b:47:b5:03:35:\n" - " 5f:fe:6a:a6:21:63:ec:50:fb:4e:c9:f9:ae:a5:66:\n" - " d0:55:33:8d:e6:c5:50:5a:c6:8f:5c:34:45:a7:72:\n" - " da:50:f6:66:4c:19:f5:d1:e4:fb:11:8b:a1:b5:4e:\n" - " 09:43:81:3d:39:28:86:3b:fe:07:28:97:02:b5:3a:\n" - " 07:5f:4a:20:80:1a:7d:a4:8c:f7:6c:f6:c5:9b:f6:\n" - " 61:e5:c7:b0:c3:d5:58:38:7b:bb:47:1e:34:d6:16:\n" - " 55:c5:d2:6c:b0:93:77:b1:90:69:06:b1:53:cb:1b:\n" - " 84:71:cf:b8:87:1b:1e:44:35:b4:2b:bb:04:59:58:\n" - " 0b:e8:93:d8:ae:21:9b:b1:1c:89:30:ae:11:80:77:\n" - " cc:16:f3:d6:35:ed:a1:b3:70:b3:4f:cd:a1:56:99:\n" - " ee:0e:c0:00:a4:09:70:c3:5b:0b:be:a1:07:18:dd:\n" - " c6:f4:6d:8b:58:bc:f9:bb:4b:01:2c:f6:cc:2c:9b:\n" - " 87:0e:b1:4f:9c:10:be:fc:45:e2:a4:ec:7e:fc:ff:\n" - " 45:b8:53\n" - " Exponent: 65537 (0x10001)\n" - " X509v3 extensions:\n" - " X509v3 Subject Key Identifier: \n" - " 8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n" - " X509v3 Authority Key Identifier: \n" - " keyid:8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n" - "\n" - " X509v3 Basic Constraints: critical\n" - " CA:TRUE\n" - " X509v3 Key Usage: critical\n" - " Digital Signature, Certificate Sign, CRL Sign\n" - " Signature Algorithm: sha256WithRSAEncryption\n" - " b3:cb:33:eb:0e:02:64:f4:55:9a:3d:03:9a:cf:6a:4c:18:43:\n" - " f7:42:cb:65:dc:61:52:e5:9f:2f:42:97:3c:93:16:22:d4:af:\n" - " ae:b2:0f:c3:9b:ef:e0:cc:ee:b6:b1:69:a3:d8:da:26:c3:ad:\n" - " 3b:c5:64:dc:9f:d4:c2:53:4b:91:6d:c4:92:09:0b:ac:f0:99:\n" - " be:6f:b9:3c:03:4a:6d:9f:01:5d:ec:5a:9a:f3:a7:e5:3b:2c:\n" - " 99:57:7d:7e:25:15:68:20:12:30:96:16:86:f5:db:74:90:60:\n" - " fe:8b:df:99:f6:f7:62:49:9f:bc:8d:45:23:0a:c8:73:b8:79:\n" - " 80:3c:b9:e5:72:85:4b:b3:81:66:74:a2:72:92:4c:44:fd:7b:\n" - " 46:2e:21:a2:a9:81:a2:f3:26:4d:e3:89:7d:78:b0:c6:6f:b5:\n" - " 87:cb:ee:25:ed:27:1f:75:13:fa:6d:e9:37:73:ad:07:bb:af:\n" - " d3:6c:87:ea:02:01:70:bd:53:aa:ce:39:2c:d4:66:39:33:aa:\n" - " d1:9c:ee:67:e3:a9:45:d2:7b:2e:54:09:af:70:5f:3f:5a:67:\n" - " 2e:6c:72:ef:e0:9d:92:28:4a:df:ba:0b:b7:23:ca:5b:04:11:\n" - " 45:d1:51:e9:ea:c9:ec:54:fa:34:46:ae:fc:dc:6c:f8:1e:2c:\n" - " 9e:f4:71:51:8d:b5:a1:26:9a:13:30:be:1e:41:25:59:58:05:\n" - " 2c:64:c8:f9:5e:38:ae:dc:93:b0:8a:d6:38:74:02:cb:ce:ce:\n" - " 95:31:76:f6:7c:bf:a4:a1:8e:27:fd:ca:74:82:d1:e1:4d:b6:\n" - " 48:51:fa:c5:17:59:22:a3:84:be:82:c8:83:ec:61:a0:f4:ee:\n" - " 2c:e3:a3:ea:e5:51:c9:d3:4f:db:85:bd:ba:7a:52:14:b6:03:\n" - " ed:43:17:d8:d7:1c:22:5e:c9:56:d9:d6:81:96:11:e3:5e:01:\n" - " 40:91:30:09:da:a3:5f:d3:27:60:e5:9d:6c:da:d0:f0:39:01:\n" - " 23:4a:a6:15:7a:4a:82:eb:ec:72:4a:1d:36:dc:6f:83:c4:85:\n" - " 84:b5:8d:cd:09:e5:12:63:f3:21:56:c8:64:6b:db:b8:cf:d4:\n" - " df:ca:a8:24:8e:df:8d:63:a5:96:84:bf:ff:8b:7e:46:7a:f0:\n" - " c7:73:7c:70:8a:f5:17:d0:ac:c8:89:1e:d7:89:42:0f:4d:66:\n" - " c4:d8:bb:36:a8:ae:ca:e1:cf:e2:88:f6:cf:b0:44:4a:5f:81:\n" - " 50:4b:d6:28:81:cd:6c:f0:ec:e6:09:08:f2:59:91:a2:69:ac:\n" - " c7:81:fa:ab:61:3e:db:6f:f6:7f:db:1a:9e:b9:5d:cc:cc:33:\n" - " fa:95:c6:f7:8d:4b:30:f3\n" - "-----BEGIN CERTIFICATE-----\n" - "MIIGXDCCBESgAwIBAgIJAIIvj+uNBiSwMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD\n" - "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j\n" - "aXNjbzETMBEGA1UECgwKTGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25kIExpZmUg\n" - "RW5naW5lZXJpbmcxITAfBgNVBAMMGEludGVncmF0aW9uIFRlc3QgUm9vdCBDQTEk\n" - "MCIGCSqGSIb3DQEJARYVbm9yZXBseUBsaW5kZW5sYWIuY29tMB4XDTE4MDUyMjIy\n" - "MTk0NVoXDTM4MDUxNzIyMTk0NVowgboxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD\n" - "YWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApMaW5k\n" - "ZW4gTGFiMSAwHgYDVQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVlcmluZzEhMB8GA1UE\n" - "AwwYSW50ZWdyYXRpb24gVGVzdCBSb290IENBMSQwIgYJKoZIhvcNAQkBFhVub3Jl\n" - "cGx5QGxpbmRlbmxhYi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n" - "AQC94HndO6ash9A58FjHpEJC9l+TsDYEteLV9yrAbKAT0h4CgVcCUExXt+8nnvbx\n" - "8TAwch5XNOU/gjwhxGbSc2NskebdSZ6csTRqgUWhbsRQKPLY4/6AL4OqKJG0jFfJ\n" - "8RbZDIc8JYCggY1x8pbiFvGXxLDYU7sTbHNULymUhc+GbnVxrTnj/DkSU5Mczjng\n" - "M9pJtz2vsDfOdwkDJzJwwJx/nInOkEWwfZSL/xMnuoh/rsSqc9VHuIdpiYAMwSIY\n" - "eMINR9kQ/4B5DUZx7Nm6yfN3/ZJtHw/ZVBht9nIkXFw9Q0k1Phwo3n5E3CnDn2IE\n" - "RqrE5mlqFfjjdBwU6fSXfDBs1Cj8Kg4dbTkuHfkXQzVdI+e646jpl2s8PiPv2Lz7\n" - "elc3OZNZA/x4yrEx7yYZ7VbhY8OtmYBbR7UDNV/+aqYhY+xQ+07J+a6lZtBVM43m\n" - "xVBaxo9cNEWnctpQ9mZMGfXR5PsRi6G1TglDgT05KIY7/gcolwK1OgdfSiCAGn2k\n" - "jPds9sWb9mHlx7DD1Vg4e7tHHjTWFlXF0mywk3exkGkGsVPLG4Rxz7iHGx5ENbQr\n" - "uwRZWAvok9iuIZuxHIkwrhGAd8wW89Y17aGzcLNPzaFWme4OwACkCXDDWwu+oQcY\n" - "3cb0bYtYvPm7SwEs9swsm4cOsU+cEL78ReKk7H78/0W4UwIDAQABo2MwYTAdBgNV\n" - "HQ4EFgQUiiLGnC4R80AMzoIMIln/+H/QuRMwHwYDVR0jBBgwFoAUiiLGnC4R80AM\n" - "zoIMIln/+H/QuRMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJ\n" - "KoZIhvcNAQELBQADggIBALPLM+sOAmT0VZo9A5rPakwYQ/dCy2XcYVLlny9ClzyT\n" - "FiLUr66yD8Ob7+DM7raxaaPY2ibDrTvFZNyf1MJTS5FtxJIJC6zwmb5vuTwDSm2f\n" - "AV3sWprzp+U7LJlXfX4lFWggEjCWFob123SQYP6L35n292JJn7yNRSMKyHO4eYA8\n" - "ueVyhUuzgWZ0onKSTET9e0YuIaKpgaLzJk3jiX14sMZvtYfL7iXtJx91E/pt6Tdz\n" - "rQe7r9Nsh+oCAXC9U6rOOSzUZjkzqtGc7mfjqUXSey5UCa9wXz9aZy5scu/gnZIo\n" - "St+6C7cjylsEEUXRUenqyexU+jRGrvzcbPgeLJ70cVGNtaEmmhMwvh5BJVlYBSxk\n" - "yPleOK7ck7CK1jh0AsvOzpUxdvZ8v6Shjif9ynSC0eFNtkhR+sUXWSKjhL6CyIPs\n" - "YaD07izjo+rlUcnTT9uFvbp6UhS2A+1DF9jXHCJeyVbZ1oGWEeNeAUCRMAnao1/T\n" - "J2DlnWza0PA5ASNKphV6SoLr7HJKHTbcb4PEhYS1jc0J5RJj8yFWyGRr27jP1N/K\n" - "qCSO341jpZaEv/+LfkZ68MdzfHCK9RfQrMiJHteJQg9NZsTYuzaorsrhz+KI9s+w\n" - "REpfgVBL1iiBzWzw7OYJCPJZkaJprMeB+qthPttv9n/bGp65XczMM/qVxveNSzDz\n" - "-----END CERTIFICATE-----\n" - ); - - const std::string mPemIntermediateCert( - "Certificate:\n" - " Data:\n" - " Version: 3 (0x2)\n" - " Serial Number: 4096 (0x1000)\n" - " Signature Algorithm: sha256WithRSAEncryption\n" - " Issuer: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n" - " Validity\n" - " Not Before: May 22 22:39:08 2018 GMT\n" - " Not After : May 19 22:39:08 2028 GMT\n" - " Subject: C=US, ST=California, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Intermediate CA/emailAddress=noreply@lindenlab.com\n" - " Subject Public Key Info:\n" - " Public Key Algorithm: rsaEncryption\n" - " Public-Key: (4096 bit)\n" - " Modulus:\n" - " 00:ce:a3:70:e2:c4:fb:4b:97:90:a1:30:bb:c1:1b:\n" - " 13:b9:aa:7e:46:17:a3:26:8d:69:3f:5e:73:95:e8:\n" - " 6a:b1:0a:b4:8f:50:65:e3:c6:5c:39:24:34:df:0b:\n" - " b7:cc:ce:62:0c:36:5a:12:2c:fe:35:4c:e9:1c:ac:\n" - " 80:5e:24:99:d7:aa:bd:be:48:c0:62:64:77:36:88:\n" - " 66:ce:f4:a8:dd:d2:76:24:62:90:55:41:fc:1d:13:\n" - " 4e:a7:4e:57:bc:a8:a4:59:4b:2c:5a:1c:d8:cc:16:\n" - " de:e8:88:30:c9:95:df:2f:a6:14:28:0f:eb:34:46:\n" - " 12:58:ba:da:0e:e6:de:9c:15:f6:f4:e3:9f:74:aa:\n" - " 70:89:79:8b:e9:5a:7b:18:54:15:94:3a:23:0a:65:\n" - " 78:05:d9:33:90:2a:ce:15:18:0d:52:fc:5c:31:65:\n" - " 20:d0:12:37:8c:11:80:ba:d4:b0:82:73:00:4b:49:\n" - " be:cb:d6:bc:e7:cd:61:f3:00:98:99:74:5a:37:81:\n" - " 49:96:7e:14:01:1b:86:d2:d0:06:94:40:63:63:46:\n" - " 11:fc:33:5c:bd:3a:5e:d4:e5:44:47:64:50:bd:a6:\n" - " 97:55:70:64:9b:26:cc:de:20:82:90:6a:83:41:9c:\n" - " 6f:71:47:14:be:cb:68:7c:85:be:ef:2e:76:12:19:\n" - " d3:c9:87:32:b4:ac:60:20:16:28:2d:af:bc:e8:01:\n" - " c6:7f:fb:d8:11:d5:f4:b7:14:bd:27:08:5b:72:be:\n" - " 09:e0:91:c8:9c:7b:b4:b3:12:ef:32:36:be:b1:b9:\n" - " a2:b7:e3:69:47:30:76:ba:9c:9b:19:99:4d:53:dd:\n" - " 5c:e8:2c:f1:b2:64:69:cf:15:bd:f8:bb:58:95:73:\n" - " 58:38:95:b4:7a:cf:84:29:a6:c2:db:f0:bd:ef:97:\n" - " 26:d4:99:ac:d7:c7:be:b0:0d:11:f4:26:86:2d:77:\n" - " 42:52:25:d7:56:c7:e3:97:b1:36:5c:97:71:d0:9b:\n" - " f5:b5:50:8d:f9:ff:fb:10:77:3c:b5:53:6d:a1:43:\n" - " 35:a9:03:32:05:ab:d7:f5:d1:19:bd:5f:92:a3:00:\n" - " 2a:79:37:a4:76:4f:e9:32:0d:e4:86:bb:ea:c3:1a:\n" - " c5:33:e8:16:d4:a5:d8:e0:e8:bb:c2:f0:22:15:e2:\n" - " d9:8c:ae:ac:7d:2b:bf:eb:a3:4c:3b:29:1d:94:ac:\n" - " a3:bb:6d:ba:6d:03:91:03:cf:46:12:c4:66:21:c5:\n" - " c6:67:d8:11:19:79:01:0e:6e:84:1c:76:6f:11:3d:\n" - " eb:94:89:c5:6a:26:1f:cd:e0:11:8b:51:ee:99:35:\n" - " 69:e5:7f:0b:77:2a:94:e4:4b:64:b9:83:04:30:05:\n" - " e4:a2:e3\n" - " Exponent: 65537 (0x10001)\n" - " X509v3 extensions:\n" - " X509v3 Subject Key Identifier: \n" - " 83:21:DE:EC:C0:79:03:6D:1E:83:F3:E5:97:29:D5:5A:C0:96:40:FA\n" - " X509v3 Authority Key Identifier: \n" - " keyid:8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n" - "\n" - " X509v3 Basic Constraints: critical\n" - " CA:TRUE, pathlen:0\n" - " X509v3 Key Usage: critical\n" - " Digital Signature, Certificate Sign, CRL Sign\n" - " Signature Algorithm: sha256WithRSAEncryption\n" - " a3:6c:85:9a:2e:4e:7e:5d:83:63:0f:f5:4f:a9:7d:ec:0e:6f:\n" - " ae:d7:ba:df:64:e0:46:0e:3d:da:18:15:2c:f3:73:ca:81:b1:\n" - " 10:d9:53:14:21:7d:72:5c:94:88:a5:9d:ad:ab:45:42:c6:64:\n" - " a9:d9:2e:4e:29:47:2c:b1:95:07:b7:62:48:68:1f:68:13:1c:\n" - " d2:a0:fb:5e:38:24:4a:82:0a:87:c9:93:20:43:7e:e9:f9:79:\n" - " ef:03:a2:bd:9e:24:6b:0a:01:5e:4a:36:c5:7d:7a:fe:d6:aa:\n" - " 2f:c2:8c:38:8a:99:3c:b0:6a:e5:60:be:56:d6:eb:60:03:55:\n" - " 24:42:a0:1a:fa:91:24:a3:53:15:75:5d:c8:eb:7c:1e:68:5a:\n" - " 7e:13:34:e3:85:37:1c:76:3f:77:67:1b:ed:1b:52:17:fc:4a:\n" - " a3:e2:74:84:80:2c:69:fc:dd:7d:26:97:c4:2a:69:7d:9c:dc:\n" - " 61:97:70:29:a7:3f:2b:5b:2b:22:51:fd:fe:6a:5d:f9:e7:14:\n" - " 48:b7:2d:c8:33:58:fc:f2:5f:27:f7:26:16:be:be:b5:aa:a2:\n" - " 64:53:3c:69:e8:b5:61:eb:ab:91:a5:b4:09:9b:f6:98:b8:5c:\n" - " 5b:24:2f:93:f5:2b:9c:8c:58:fb:26:3f:67:53:d7:42:64:e8:\n" - " 79:77:73:41:4e:e3:02:39:0b:b6:68:97:8b:84:e8:1d:83:a8:\n" - " 15:f1:06:46:47:80:42:5e:14:e2:61:8a:76:84:d5:d4:71:7f:\n" - " 4e:ff:d9:74:87:ff:32:c5:87:20:0a:d4:59:40:3e:d8:17:ef:\n" - " da:65:e9:0a:51:fe:1e:c3:46:91:d2:ee:e4:23:57:97:87:d4:\n" - " a6:a5:eb:ef:81:6a:d8:8c:d6:1f:8e:b1:18:4c:6b:89:32:55:\n" - " 53:68:26:9e:bb:03:be:2c:e9:8b:ff:97:9c:1c:ac:28:c3:9f:\n" - " 0b:b7:93:23:24:31:63:e4:19:13:f2:bb:08:71:b7:c5:c5:c4:\n" - " 10:ff:dc:fc:33:54:a4:5e:ec:a3:fe:0a:80:ca:9c:bc:95:6f:\n" - " 5f:39:91:3b:61:69:16:94:0f:57:4b:fc:4b:b1:be:72:98:5d:\n" - " 10:f9:08:a7:d6:e0:e8:3d:5d:54:7d:fa:4b:6a:dd:98:41:ed:\n" - " 84:a1:39:67:5c:6c:7f:0c:b0:e1:98:c1:14:ed:fe:1e:e8:05:\n" - " 8d:7f:6a:24:cb:1b:05:42:0d:7f:13:ba:ca:b5:91:db:a5:f0:\n" - " 40:2b:70:7a:2a:a5:5d:ed:56:0c:f0:c2:72:ee:63:dd:cb:5d:\n" - " 76:f6:08:e6:e6:30:ef:3a:b2:16:34:41:a4:e1:30:14:bc:c7:\n" - " f9:23:3a:1a:70:df:b8:cc\n" - "-----BEGIN CERTIFICATE-----\n" - "MIIGSDCCBDCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVT\n" - "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMw\n" - "EQYDVQQKDApMaW5kZW4gTGFiMSAwHgYDVQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVl\n" - "cmluZzEhMB8GA1UEAwwYSW50ZWdyYXRpb24gVGVzdCBSb290IENBMSQwIgYJKoZI\n" - "hvcNAQkBFhVub3JlcGx5QGxpbmRlbmxhYi5jb20wHhcNMTgwNTIyMjIzOTA4WhcN\n" - "MjgwNTE5MjIzOTA4WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju\n" - "aWExEzARBgNVBAoMCkxpbmRlbiBMYWIxIDAeBgNVBAsMF1NlY29uZCBMaWZlIEVu\n" - "Z2luZWVyaW5nMSkwJwYDVQQDDCBJbnRlZ3JhdGlvbiBUZXN0IEludGVybWVkaWF0\n" - "ZSBDQTEkMCIGCSqGSIb3DQEJARYVbm9yZXBseUBsaW5kZW5sYWIuY29tMIICIjAN\n" - "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzqNw4sT7S5eQoTC7wRsTuap+Rhej\n" - "Jo1pP15zlehqsQq0j1Bl48ZcOSQ03wu3zM5iDDZaEiz+NUzpHKyAXiSZ16q9vkjA\n" - "YmR3NohmzvSo3dJ2JGKQVUH8HRNOp05XvKikWUssWhzYzBbe6IgwyZXfL6YUKA/r\n" - "NEYSWLraDubenBX29OOfdKpwiXmL6Vp7GFQVlDojCmV4BdkzkCrOFRgNUvxcMWUg\n" - "0BI3jBGAutSwgnMAS0m+y9a8581h8wCYmXRaN4FJln4UARuG0tAGlEBjY0YR/DNc\n" - "vTpe1OVER2RQvaaXVXBkmybM3iCCkGqDQZxvcUcUvstofIW+7y52EhnTyYcytKxg\n" - "IBYoLa+86AHGf/vYEdX0txS9Jwhbcr4J4JHInHu0sxLvMja+sbmit+NpRzB2upyb\n" - "GZlNU91c6CzxsmRpzxW9+LtYlXNYOJW0es+EKabC2/C975cm1Jms18e+sA0R9CaG\n" - "LXdCUiXXVsfjl7E2XJdx0Jv1tVCN+f/7EHc8tVNtoUM1qQMyBavX9dEZvV+SowAq\n" - "eTekdk/pMg3khrvqwxrFM+gW1KXY4Oi7wvAiFeLZjK6sfSu/66NMOykdlKyju226\n" - "bQORA89GEsRmIcXGZ9gRGXkBDm6EHHZvET3rlInFaiYfzeARi1HumTVp5X8LdyqU\n" - "5EtkuYMEMAXkouMCAwEAAaNmMGQwHQYDVR0OBBYEFIMh3uzAeQNtHoPz5Zcp1VrA\n" - "lkD6MB8GA1UdIwQYMBaAFIoixpwuEfNADM6CDCJZ//h/0LkTMBIGA1UdEwEB/wQI\n" - "MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCjbIWa\n" - "Lk5+XYNjD/VPqX3sDm+u17rfZOBGDj3aGBUs83PKgbEQ2VMUIX1yXJSIpZ2tq0VC\n" - "xmSp2S5OKUcssZUHt2JIaB9oExzSoPteOCRKggqHyZMgQ37p+XnvA6K9niRrCgFe\n" - "SjbFfXr+1qovwow4ipk8sGrlYL5W1utgA1UkQqAa+pEko1MVdV3I63weaFp+EzTj\n" - "hTccdj93ZxvtG1IX/Eqj4nSEgCxp/N19JpfEKml9nNxhl3Appz8rWysiUf3+al35\n" - "5xRIty3IM1j88l8n9yYWvr61qqJkUzxp6LVh66uRpbQJm/aYuFxbJC+T9SucjFj7\n" - "Jj9nU9dCZOh5d3NBTuMCOQu2aJeLhOgdg6gV8QZGR4BCXhTiYYp2hNXUcX9O/9l0\n" - "h/8yxYcgCtRZQD7YF+/aZekKUf4ew0aR0u7kI1eXh9SmpevvgWrYjNYfjrEYTGuJ\n" - "MlVTaCaeuwO+LOmL/5ecHKwow58Lt5MjJDFj5BkT8rsIcbfFxcQQ/9z8M1SkXuyj\n" - "/gqAypy8lW9fOZE7YWkWlA9XS/xLsb5ymF0Q+Qin1uDoPV1UffpLat2YQe2EoTln\n" - "XGx/DLDhmMEU7f4e6AWNf2okyxsFQg1/E7rKtZHbpfBAK3B6KqVd7VYM8MJy7mPd\n" - "y1129gjm5jDvOrIWNEGk4TAUvMf5IzoacN+4zA==\n" - "-----END CERTIFICATE-----\n" - ); - - const std::string mPemChildCert( - "Certificate:\n" - " Data:\n" - " Version: 3 (0x2)\n" - " Serial Number: 4096 (0x1000)\n" - " Signature Algorithm: sha256WithRSAEncryption\n" - " Issuer: C=US, ST=California, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Intermediate CA/emailAddress=noreply@lindenlab.com\n" - " Validity\n" - " Not Before: May 22 22:58:15 2018 GMT\n" - " Not After : Jul 19 22:58:15 2024 GMT\n" - " Subject: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Server Cert/emailAddress=noreply@lindenlab.com\n" - " Subject Public Key Info:\n" - " Public Key Algorithm: rsaEncryption\n" - " Public-Key: (2048 bit)\n" - " Modulus:\n" - " 00:bf:a1:1c:76:82:4a:10:1d:25:0e:02:e2:7a:64:\n" - " 54:c7:94:c5:c0:98:d5:35:f3:cb:cb:30:ba:31:9c:\n" - " bd:4c:2f:4a:4e:24:03:4b:87:5c:c1:5c:fe:d9:89:\n" - " 3b:cb:01:bc:eb:a5:b7:78:dc:b3:58:e5:78:a7:15:\n" - " 34:50:30:aa:16:3a:b2:94:17:6d:1e:7f:b2:70:1e:\n" - " 96:41:bb:1d:e3:22:80:fa:dc:00:6a:fb:34:3e:67:\n" - " e7:c2:21:2f:1b:d3:af:04:49:91:eb:bb:60:e0:26:\n" - " 52:75:28:8a:08:5b:91:56:4e:51:50:40:51:70:af:\n" - " cb:80:66:c8:59:e9:e2:48:a8:62:d0:26:67:80:0a:\n" - " 12:16:d1:f6:15:9e:1f:f5:92:37:f3:c9:2f:03:9e:\n" - " 22:f6:60:5a:76:45:8c:01:2c:99:54:72:19:db:b7:\n" - " 72:e6:5a:69:f3:e9:31:65:5d:0f:c7:5c:9c:17:29:\n" - " 71:14:7f:db:47:c9:1e:65:a2:41:b0:2f:14:17:ec:\n" - " 4b:25:f2:43:8f:b4:a3:8d:37:1a:07:34:b3:29:bb:\n" - " 8a:44:8e:84:08:a2:1b:76:7a:cb:c2:39:2f:6e:e3:\n" - " fc:d6:91:b5:1f:ce:58:91:57:70:35:6e:25:a9:48:\n" - " 0e:07:cf:4e:dd:16:42:65:cf:8a:42:b3:27:e6:fe:\n" - " 6a:e3\n" - " Exponent: 65537 (0x10001)\n" - " X509v3 extensions:\n" - " X509v3 Basic Constraints: \n" - " CA:FALSE\n" - " Netscape Cert Type: \n" - " SSL Server\n" - " Netscape Comment: \n" - " OpenSSL Generated Server Certificate\n" - " X509v3 Subject Key Identifier: \n" - " BB:59:9F:DE:6B:51:A7:6C:B3:6D:5B:8B:42:F7:B1:65:77:17:A4:E4\n" - " X509v3 Authority Key Identifier: \n" - " keyid:83:21:DE:EC:C0:79:03:6D:1E:83:F3:E5:97:29:D5:5A:C0:96:40:FA\n" - " DirName:/C=US/ST=California/L=San Francisco/O=Linden Lab/OU=Second Life Engineering/CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n" - " serial:10:00\n" - "\n" - " X509v3 Key Usage: critical\n" - " Digital Signature, Key Encipherment\n" - " X509v3 Extended Key Usage: \n" - " TLS Web Server Authentication\n" - " Signature Algorithm: sha256WithRSAEncryption\n" - " 18:a6:58:55:9b:d4:af:7d:8a:27:d3:28:3a:4c:4b:42:4e:f0:\n" - " 30:d6:d9:95:11:48:12:0a:96:40:d9:2b:21:39:c5:d4:8d:e5:\n" - " 10:bc:68:78:69:0b:9f:15:4a:0b:f1:ab:99:45:0c:20:5f:27:\n" - " df:e7:14:2d:4a:30:f2:c2:8d:37:73:36:1a:27:55:5a:08:5f:\n" - " 71:a1:5e:05:83:b2:59:fe:02:5e:d7:4a:30:15:23:58:04:cf:\n" - " 48:cc:b0:71:88:9c:6b:57:f0:04:0a:d3:a0:64:6b:ee:f3:5f:\n" - " ea:ac:e1:2b:b9:7f:79:b8:db:ce:72:48:72:db:c8:5c:38:72:\n" - " 31:55:d0:ff:6b:bd:73:23:a7:30:18:5d:ed:47:18:0a:67:8e:\n" - " 53:32:0e:99:9b:96:72:45:7f:c6:00:2c:5d:1a:97:53:75:3a:\n" - " 0b:49:3d:3a:00:37:14:67:0c:28:97:34:87:aa:c5:32:e4:ae:\n" - " 34:83:12:4a:10:f7:0e:74:d4:5f:73:bd:ef:0c:b7:d8:0a:7d:\n" - " 8e:8d:5a:48:bd:f4:8e:7b:f9:4a:15:3b:61:c9:5e:40:59:6e:\n" - " c7:a8:a4:02:28:72:c5:54:8c:77:f4:55:a7:86:c0:38:a0:68:\n" - " 19:da:0f:72:5a:a9:7e:69:9f:9c:3a:d6:66:aa:e1:f4:fd:f9:\n" - " b8:4b:6c:71:9e:f0:38:02:c7:6a:9e:dc:e6:fb:ef:23:59:4f:\n" - " 5c:84:0a:df:ea:86:1f:fd:0e:5c:fa:c4:e5:50:1c:10:cf:89:\n" - " 4e:08:0e:4c:4b:61:1a:49:12:f7:e9:4b:17:71:43:7b:6d:b6:\n" - " b5:9f:d4:3b:c7:88:53:48:63:b6:00:80:8f:49:0a:c5:7e:58:\n" - " ac:78:d8:b9:06:b0:bc:86:e2:2e:48:5b:c3:24:fa:aa:72:d8:\n" - " ec:f6:c7:91:9f:0f:c8:b5:fd:2b:b2:a7:bc:2f:40:20:2b:47:\n" - " e0:d1:1d:94:52:6f:6b:be:12:b6:8c:dc:11:db:71:e6:19:ef:\n" - " a8:71:8b:ad:d3:32:c0:1c:a4:3f:b3:0f:af:e5:50:e1:ff:41:\n" - " a4:b7:6f:57:71:af:fd:16:4c:e8:24:b3:99:1b:cf:12:8f:43:\n" - " 05:80:ba:18:19:0a:a5:ec:49:81:41:4c:7e:28:b2:21:f2:59:\n" - " 6e:4a:ed:de:f9:fa:99:85:60:1f:e6:c2:42:5c:08:00:3c:84:\n" - " 06:a9:24:d4:cf:7b:6e:1b:59:1d:f4:70:16:03:a1:e0:0b:00:\n" - " 95:5c:39:03:fc:9d:1c:8e:f7:59:0c:61:47:f6:7f:07:22:48:\n" - " 83:40:ac:e1:98:5f:c7:be:05:d5:29:2b:bf:0d:03:0e:e9:5e:\n" - " 2b:dd:09:18:fe:5e:30:61\n" - "-----BEGIN CERTIFICATE-----\n" - "MIIGbjCCBFagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgaoxCzAJBgNVBAYTAlVT\n" - "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQKDApMaW5kZW4gTGFiMSAwHgYD\n" - "VQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVlcmluZzEpMCcGA1UEAwwgSW50ZWdyYXRp\n" - "b24gVGVzdCBJbnRlcm1lZGlhdGUgQ0ExJDAiBgkqhkiG9w0BCQEWFW5vcmVwbHlA\n" - "bGluZGVubGFiLmNvbTAeFw0xODA1MjIyMjU4MTVaFw0yNDA3MTkyMjU4MTVaMIG+\n" - "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n" - "IEZyYW5jaXNjbzETMBEGA1UECgwKTGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25k\n" - "IExpZmUgRW5naW5lZXJpbmcxJTAjBgNVBAMMHEludGVncmF0aW9uIFRlc3QgU2Vy\n" - "dmVyIENlcnQxJDAiBgkqhkiG9w0BCQEWFW5vcmVwbHlAbGluZGVubGFiLmNvbTCC\n" - "ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+hHHaCShAdJQ4C4npkVMeU\n" - "xcCY1TXzy8swujGcvUwvSk4kA0uHXMFc/tmJO8sBvOult3jcs1jleKcVNFAwqhY6\n" - "spQXbR5/snAelkG7HeMigPrcAGr7ND5n58IhLxvTrwRJkeu7YOAmUnUoighbkVZO\n" - "UVBAUXCvy4BmyFnp4kioYtAmZ4AKEhbR9hWeH/WSN/PJLwOeIvZgWnZFjAEsmVRy\n" - "Gdu3cuZaafPpMWVdD8dcnBcpcRR/20fJHmWiQbAvFBfsSyXyQ4+0o403Ggc0sym7\n" - "ikSOhAiiG3Z6y8I5L27j/NaRtR/OWJFXcDVuJalIDgfPTt0WQmXPikKzJ+b+auMC\n" - "AwEAAaOCAYYwggGCMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG\n" - "SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw\n" - "HQYDVR0OBBYEFLtZn95rUadss21bi0L3sWV3F6TkMIHoBgNVHSMEgeAwgd2AFIMh\n" - "3uzAeQNtHoPz5Zcp1VrAlkD6oYHApIG9MIG6MQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwK\n" - "TGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25kIExpZmUgRW5naW5lZXJpbmcxITAf\n" - "BgNVBAMMGEludGVncmF0aW9uIFRlc3QgUm9vdCBDQTEkMCIGCSqGSIb3DQEJARYV\n" - "bm9yZXBseUBsaW5kZW5sYWIuY29tggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l\n" - "BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBABimWFWb1K99iifTKDpM\n" - "S0JO8DDW2ZURSBIKlkDZKyE5xdSN5RC8aHhpC58VSgvxq5lFDCBfJ9/nFC1KMPLC\n" - "jTdzNhonVVoIX3GhXgWDsln+Al7XSjAVI1gEz0jMsHGInGtX8AQK06Bka+7zX+qs\n" - "4Su5f3m4285ySHLbyFw4cjFV0P9rvXMjpzAYXe1HGApnjlMyDpmblnJFf8YALF0a\n" - "l1N1OgtJPToANxRnDCiXNIeqxTLkrjSDEkoQ9w501F9zve8Mt9gKfY6NWki99I57\n" - "+UoVO2HJXkBZbseopAIocsVUjHf0VaeGwDigaBnaD3JaqX5pn5w61maq4fT9+bhL\n" - "bHGe8DgCx2qe3Ob77yNZT1yECt/qhh/9Dlz6xOVQHBDPiU4IDkxLYRpJEvfpSxdx\n" - "Q3tttrWf1DvHiFNIY7YAgI9JCsV+WKx42LkGsLyG4i5IW8Mk+qpy2Oz2x5GfD8i1\n" - "/Suyp7wvQCArR+DRHZRSb2u+EraM3BHbceYZ76hxi63TMsAcpD+zD6/lUOH/QaS3\n" - "b1dxr/0WTOgks5kbzxKPQwWAuhgZCqXsSYFBTH4osiHyWW5K7d75+pmFYB/mwkJc\n" - "CAA8hAapJNTPe24bWR30cBYDoeALAJVcOQP8nRyO91kMYUf2fwciSINArOGYX8e+\n" - "BdUpK78NAw7pXivdCRj+XjBh\n" - "-----END CERTIFICATE-----\n" - ); - - // Test wrapper declaration : wrapping nothing for the moment - struct sechandler_basic_test - { - X509 *mX509TestCert, *mX509RootCert, *mX509IntermediateCert, *mX509ChildCert; - LLSD mValidationDate; - - sechandler_basic_test() - { - LLMachineID::init(); - OpenSSL_add_all_algorithms(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); - ERR_load_crypto_strings(); - gFirstName = ""; - gLastName = ""; - mValidationDate[CERT_VALIDATION_DATE] = LLDate("2017-04-11T00:00:00.00Z"); - LLFile::remove("test_password.dat"); - LLFile::remove("sechandler_settings.tmp"); - - mX509TestCert = NULL; - mX509RootCert = NULL; - mX509IntermediateCert = NULL; - mX509ChildCert = NULL; - - // Read each of the 4 Pem certs and store in mX509*Cert pointers - BIO * validation_bio; - validation_bio = BIO_new_mem_buf((void*)mPemTestCert.c_str(), mPemTestCert.length()); - PEM_read_bio_X509(validation_bio, &mX509TestCert, 0, NULL); - BIO_free(validation_bio); - - validation_bio = BIO_new_mem_buf((void*)mPemRootCert.c_str(), mPemRootCert.length()); - PEM_read_bio_X509(validation_bio, &mX509RootCert, 0, NULL); - BIO_free(validation_bio); - - validation_bio = BIO_new_mem_buf((void*)mPemIntermediateCert.c_str(), mPemIntermediateCert.length()); - PEM_read_bio_X509(validation_bio, &mX509IntermediateCert, 0, NULL); - BIO_free(validation_bio); - - validation_bio = BIO_new_mem_buf((void*)mPemChildCert.c_str(), mPemChildCert.length()); - PEM_read_bio_X509(validation_bio, &mX509ChildCert, 0, NULL); - BIO_free(validation_bio); - } - ~sechandler_basic_test() - { - LLFile::remove("test_password.dat"); - LLFile::remove("sechandler_settings.tmp"); - LLFile::remove("mycertstore.pem"); - X509_free(mX509TestCert); - X509_free(mX509RootCert); - X509_free(mX509IntermediateCert); - X509_free(mX509ChildCert); - } - }; - - // Tut templating thingamagic: test group, object and test instance - typedef test_group<sechandler_basic_test> sechandler_basic_test_factory; - typedef sechandler_basic_test_factory::object sechandler_basic_test_object; - tut::sechandler_basic_test_factory tut_test("LLSecHandler"); - - // --------------------------------------------------------------------------------------- - // Test functions - // --------------------------------------------------------------------------------------- - // test cert data retrieval - template<> template<> - void sechandler_basic_test_object::test<1>() - { - try - { - LLPointer<LLBasicCertificate> test_cert(new LLBasicCertificate(mPemTestCert, &mValidationDate)); - LL_INFOS() << "ok" << LL_ENDL; - } - catch (LLCertException& cert_exception) - { - LL_INFOS() << "cert ex: " << cert_exception.getCertData() << LL_ENDL; - fail("cert exception"); - } - catch (...) - { - LOG_UNHANDLED_EXCEPTION("test 1"); - fail("other exception"); - } - } - - template<> template<> - void sechandler_basic_test_object::test<2>() - { - LLPointer<LLCertificate> test_cert(new LLBasicCertificate(mPemChildCert, &mValidationDate)); - - LLSD llsd_cert; - test_cert->getLLSD(llsd_cert); - //std::ostringstream llsd_value; - //llsd_value << LLSDOStreamer<LLSDNotationFormatter>(llsd_cert) << std::endl; - LL_DEBUGS() << "test 1 cert " << llsd_cert << LL_ENDL; - - ensure_equals("Issuer Name/commonName", (std::string)llsd_cert["issuer_name"]["commonName"], "Integration Test Intermediate CA"); - ensure_equals("Issuer Name/countryName", (std::string)llsd_cert["issuer_name"]["countryName"], "US"); - ensure_equals("Issuer Name/state", (std::string)llsd_cert["issuer_name"]["stateOrProvinceName"], "California"); - ensure_equals("Issuer Name/org name", (std::string)llsd_cert["issuer_name"]["organizationName"], "Linden Lab"); - ensure_equals("Issuer Name/org unit", (std::string)llsd_cert["issuer_name"]["organizationalUnitName"], "Second Life Engineering"); - ensure_equals("Issuer name string", (std::string)llsd_cert["issuer_name_string"], - "emailAddress=noreply@lindenlab.com,CN=Integration Test Intermediate CA,OU=Second Life Engineering,O=Linden Lab,ST=California,C=US"); - ensure_equals("subject Name/commonName", (std::string)llsd_cert["subject_name"]["commonName"], - "Integration Test Server Cert"); - ensure_equals("subject Name/countryName", (std::string)llsd_cert["subject_name"]["countryName"], "US"); - ensure_equals("subject Name/state", (std::string)llsd_cert["subject_name"]["stateOrProvinceName"], "California"); - ensure_equals("subject Name/localityName", (std::string)llsd_cert["subject_name"]["localityName"], "San Francisco"); - ensure_equals("subject Name/org name", (std::string)llsd_cert["subject_name"]["organizationName"], "Linden Lab"); - ensure_equals("subjectName/org unit", - (std::string)llsd_cert["subject_name"]["organizationalUnitName"], "Second Life Engineering"); - - ensure_equals("subject name string", - (std::string)llsd_cert["subject_name_string"], - "emailAddress=noreply@lindenlab.com,CN=Integration Test Server Cert,OU=Second Life Engineering,O=Linden Lab,L=San Francisco,ST=California,C=US"); - ensure_equals("serial number", (std::string)llsd_cert["serial_number"], "1000"); - ensure_equals("valid from", (std::string)llsd_cert["valid_from"], "2018-05-22T22:58:15Z"); - ensure_equals("valid to", (std::string)llsd_cert["valid_to"], "2024-07-19T22:58:15Z"); - LLSD expectedKeyUsage = LLSD::emptyArray(); - expectedKeyUsage.append(LLSD((std::string)"digitalSignature")); - expectedKeyUsage.append(LLSD((std::string)"keyEncipherment")); - ensure("key usage", valueCompareLLSD(llsd_cert["keyUsage"], expectedKeyUsage)); - ensure_equals("basic constraints", llsd_cert["basicConstraints"]["CA"].asInteger(), 0); - - ensure("x509 is equal", !X509_cmp(mX509ChildCert, test_cert->getOpenSSLX509())); - } - - - // test protected data - template<> template<> - void sechandler_basic_test_object::test<3>() - { - std::string protected_data = "sUSh3wj77NG9oAMyt3XIhaej3KLZhLZWFZvI6rIGmwUUOmmelrRg0NI9rkOj8ZDpTPxpwToaBT5u" - "GQhakdaGLJznr9bHr4/6HIC1bouKj4n2rs4TL6j2WSjto114QdlNfLsE8cbbE+ghww58g8SeyLQO" - "nyzXoz+/PBz0HD5SMFDuObccoPW24gmqYySz8YoEWhSwO0pUtEEqOjVRsAJgF5wLAtJZDeuilGsq" - "4ZT9Y4wZ9Rh8nnF3fDUL6IGamHe1ClXM1jgBu10F6UMhZbnH4C3aJ2E9+LiOntU+l3iCb2MpkEpr" - "82r2ZAMwIrpnirL/xoYoyz7MJQYwUuMvBPToZJrxNSsjI+S2Z+I3iEJAELMAAA=="; - - std::vector<U8> binary_data(apr_base64_decode_len(protected_data.c_str())); - apr_base64_decode_binary(&binary_data[0], protected_data.c_str()); - - LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES); - cipher.decrypt(&binary_data[0], 16); - unsigned char unique_id[MAC_ADDRESS_BYTES]; - LLMachineID::getUniqueID(unique_id, sizeof(unique_id)); - LLXORCipher cipher2(unique_id, sizeof(unique_id)); - cipher2.encrypt(&binary_data[0], 16); - std::ofstream temp_file("sechandler_settings.tmp", std::ofstream::binary); - temp_file.write((const char *)&binary_data[0], binary_data.size()); - temp_file.close(); - - LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", - "test_password.dat"); - handler->init(); - // data retrieval for existing data - LLSD data = handler->getProtectedData("test_data_type", "test_data_id"); - - - ensure_equals("retrieve existing data1", (std::string)data["data1"], "test_data_1"); - ensure_equals("retrieve existing data2", (std::string)data["data2"], "test_data_2"); - ensure_equals("retrieve existing data3", (std::string)data["data3"]["elem1"], "test element1"); - - // data storage - LLSD store_data = LLSD::emptyMap(); - store_data["store_data1"] = "test_store_data1"; - store_data["store_data2"] = 27; - store_data["store_data3"] = LLSD::emptyMap(); - store_data["store_data3"]["subelem1"] = "test_subelem1"; - - handler->setProtectedData("test_data_type", "test_data_id1", store_data); - data = handler->getProtectedData("test_data_type", "test_data_id"); - - data = handler->getProtectedData("test_data_type", "test_data_id"); - // verify no overwrite of existing data - ensure_equals("verify no overwrite 1", (std::string)data["data1"], "test_data_1"); - ensure_equals("verify no overwrite 2", (std::string)data["data2"], "test_data_2"); - ensure_equals("verify no overwrite 3", (std::string)data["data3"]["elem1"], "test element1"); - - // verify written data is good - data = handler->getProtectedData("test_data_type", "test_data_id1"); - ensure_equals("verify stored data1", (std::string)data["store_data1"], "test_store_data1"); - ensure_equals("verify stored data2", (int)data["store_data2"], 27); - ensure_equals("verify stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1"); - - // verify overwrite works - handler->setProtectedData("test_data_type", "test_data_id", store_data); - data = handler->getProtectedData("test_data_type", "test_data_id"); - ensure_equals("verify overwrite stored data1", (std::string)data["store_data1"], "test_store_data1"); - ensure_equals("verify overwrite stored data2", (int)data["store_data2"], 27); - ensure_equals("verify overwrite stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1"); - - // verify other datatype doesn't conflict - store_data["store_data3"] = "test_store_data3"; - store_data["store_data4"] = 28; - store_data["store_data5"] = LLSD::emptyMap(); - store_data["store_data5"]["subelem2"] = "test_subelem2"; - - handler->setProtectedData("test_data_type1", "test_data_id", store_data); - data = handler->getProtectedData("test_data_type1", "test_data_id"); - ensure_equals("verify datatype stored data3", (std::string)data["store_data3"], "test_store_data3"); - ensure_equals("verify datatype stored data4", (int)data["store_data4"], 28); - ensure_equals("verify datatype stored data5", (std::string)data["store_data5"]["subelem2"], "test_subelem2"); - - // test data not found - - data = handler->getProtectedData("test_data_type1", "test_data_not_found"); - ensure("not found", data.isUndefined()); - - // cause a 'write' by using 'LLPointer' to delete then instantiate a handler - handler = NULL; - handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); - handler->init(); - - data = handler->getProtectedData("test_data_type1", "test_data_id"); - ensure_equals("verify datatype stored data3a", (std::string)data["store_data3"], "test_store_data3"); - ensure_equals("verify datatype stored data4a", (int)data["store_data4"], 28); - ensure_equals("verify datatype stored data5a", (std::string)data["store_data5"]["subelem2"], "test_subelem2"); - - // rewrite the initial file to verify reloads - handler = NULL; - std::ofstream temp_file2("sechandler_settings.tmp", std::ofstream::binary); - temp_file2.write((const char *)&binary_data[0], binary_data.size()); - temp_file2.close(); - - // cause a 'write' - handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); - handler->init(); - data = handler->getProtectedData("test_data_type1", "test_data_id"); - ensure("not found", data.isUndefined()); - - handler->deleteProtectedData("test_data_type", "test_data_id"); - ensure("Deleted data not found", handler->getProtectedData("test_data_type", "test_data_id").isUndefined()); - - LLFile::remove("sechandler_settings.tmp"); - handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); - handler->init(); - data = handler->getProtectedData("test_data_type1", "test_data_id"); - ensure("not found", data.isUndefined()); - handler = NULL; - - ensure(LLFile::isfile("sechandler_settings.tmp")); - } - - // test credenitals - template<> template<> - void sechandler_basic_test_object::test<4>() - { - LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat"); - handler->init(); - - LLSD my_id = LLSD::emptyMap(); - LLSD my_authenticator = LLSD::emptyMap(); - my_id["type"] = "test_type"; - my_id["username"] = "testuser@lindenlab.com"; - my_authenticator["type"] = "test_auth"; - my_authenticator["creds"] = "12345"; - - // test creation of credentials - LLPointer<LLCredential> my_cred = handler->createCredential("my_grid", my_id, my_authenticator); - - // test retrieval of credential components - ensure_equals("basic credential creation: identifier", my_id, my_cred->getIdentifier()); - ensure_equals("basic credential creation: authenticator", my_authenticator, my_cred->getAuthenticator()); - ensure_equals("basic credential creation: grid", "my_grid", my_cred->getGrid()); - - // test setting/overwriting of credential components - my_id["first_name"] = "firstname"; - my_id.erase("username"); - my_authenticator.erase("creds"); - my_authenticator["hash"] = "6563245"; - - my_cred->setCredentialData(my_id, my_authenticator); - ensure_equals("set credential data: identifier", my_id, my_cred->getIdentifier()); - ensure_equals("set credential data: authenticator", my_authenticator, my_cred->getAuthenticator()); - ensure_equals("set credential data: grid", "my_grid", my_cred->getGrid()); - - // test loading of a credential, that hasn't been saved, without - // any legacy saved credential data - LLPointer<LLCredential> my_new_cred = handler->loadCredential("my_grid2"); - ensure("unknown credential load test", my_new_cred->getIdentifier().isMap()); - ensure("unknown credential load test", !my_new_cred->getIdentifier().has("type")); - ensure("unknown credential load test", my_new_cred->getAuthenticator().isMap()); - ensure("unknown credential load test", !my_new_cred->getAuthenticator().has("type")); - // test saving of a credential - handler->saveCredential(my_cred, true); - - // test loading of a known credential - my_new_cred = handler->loadCredential("my_grid"); - ensure_equals("load a known credential: identifier", my_id, my_new_cred->getIdentifier()); - ensure_equals("load a known credential: authenticator",my_authenticator, my_new_cred->getAuthenticator()); - ensure_equals("load a known credential: grid", "my_grid", my_cred->getGrid()); - - // test deletion of a credential - handler->deleteCredential(my_new_cred); - - ensure("delete credential: identifier", my_new_cred->getIdentifier().isUndefined()); - ensure("delete credentialt: authenticator", my_new_cred->getIdentifier().isUndefined()); - ensure_equals("delete credential: grid", "my_grid", my_cred->getGrid()); - // load unknown cred - - my_new_cred = handler->loadCredential("my_grid"); - ensure("deleted credential load test", my_new_cred->getIdentifier().isMap()); - ensure("deleted credential load test", !my_new_cred->getIdentifier().has("type")); - ensure("deleted credential load test", my_new_cred->getAuthenticator().isMap()); - ensure("deleted credential load test", !my_new_cred->getAuthenticator().has("type")); - - // test loading of an unknown credential with legacy saved username, but without - // saved password - gFirstName = "myfirstname"; - gLastName = "mylastname"; - my_new_cred = handler->loadCredential("my_legacy_grid"); - ensure_equals("legacy credential with no password: type", - (const std::string)my_new_cred->getIdentifier()["type"], "agent"); - ensure_equals("legacy credential with no password: first_name", - (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname"); - ensure_equals("legacy credential with no password: last_name", - (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname"); - - ensure("legacy credential with no password: no authenticator", my_new_cred->getAuthenticator().isUndefined()); - - // test loading of an unknown credential with legacy saved password and username - - std::string hashed_password = "fSQcLG03eyIWJmkzfyYaKm81dSweLmsxeSAYKGE7fSQ="; - int length = apr_base64_decode_len(hashed_password.c_str()); - std::vector<char> decoded_password(length); - apr_base64_decode(&decoded_password[0], hashed_password.c_str()); - LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES); - cipher.decrypt((U8*)&decoded_password[0], length); - unsigned char unique_id[MAC_ADDRESS_BYTES]; - LLMachineID::getUniqueID(unique_id, sizeof(unique_id)); - LLXORCipher cipher2(unique_id, sizeof(unique_id)); - cipher2.encrypt((U8*)&decoded_password[0], length); - llofstream password_file("test_password.dat", std::ofstream::binary); - password_file.write(&decoded_password[0], length); - password_file.close(); - - my_new_cred = handler->loadCredential("my_legacy_grid2"); - ensure_equals("legacy credential with password: type", - (const std::string)my_new_cred->getIdentifier()["type"], "agent"); - ensure_equals("legacy credential with password: first_name", - (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname"); - ensure_equals("legacy credential with password: last_name", - (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname"); - - LLSD legacy_authenticator = my_new_cred->getAuthenticator(); - ensure_equals("legacy credential with password: type", - (std::string)legacy_authenticator["type"], - "hash"); - ensure_equals("legacy credential with password: algorithm", - (std::string)legacy_authenticator["algorithm"], - "md5"); - ensure_equals("legacy credential with password: algorithm", - (std::string)legacy_authenticator["secret"], - "01234567890123456789012345678901"); - - // test creation of credentials - my_cred = handler->createCredential("mysavedgrid", my_id, my_authenticator); - // test save without saving authenticator. - handler->saveCredential(my_cred, false); - my_new_cred = handler->loadCredential("mysavedgrid"); - ensure_equals("saved credential without auth", - (const std::string)my_new_cred->getIdentifier()["type"], "test_type"); - ensure("no authenticator values were saved", my_new_cred->getAuthenticator().isUndefined()); - } - - // test cert vector - template<> template<> - void sechandler_basic_test_object::test<5>() - { - // validate create from empty vector - LLPointer<LLBasicCertificateVector> test_vector = new LLBasicCertificateVector(); - ensure_equals("when loading with nothing, we should result in no certs in vector", test_vector->size(), 0); - - test_vector->add(new LLBasicCertificate(mPemTestCert, &mValidationDate)); - ensure_equals("one element in vector", test_vector->size(), 1); - test_vector->add(new LLBasicCertificate(mPemChildCert, &mValidationDate)); - ensure_equals("two elements in vector after add", test_vector->size(), 2); - - // add duplicate; should be a no-op (and log at DEBUG level) - test_vector->add(new LLBasicCertificate(mPemChildCert, &mValidationDate)); - ensure_equals("two elements in vector after re-add", test_vector->size(), 2); - - // validate order - X509* test_cert = (*test_vector)[0]->getOpenSSLX509(); - ensure("first cert added remains first cert", !X509_cmp(test_cert, mX509TestCert)); - X509_free(test_cert); - - test_cert = (*test_vector)[1]->getOpenSSLX509(); - ensure("second cert is second cert", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - - // - // validate iterator - // - LLBasicCertificateVector::iterator current_cert = test_vector->begin(); - LLBasicCertificateVector::iterator copy_current_cert = current_cert; - // operator++(int) - ensure("validate iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[0]); - ensure("validate 2nd iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[1]); - ensure("validate end iterator++", current_cert == test_vector->end()); - - // copy - ensure("validate copy iterator element in vector is expected cert", *copy_current_cert == (*test_vector)[0]); - - // operator--(int) - current_cert--; - ensure("validate iterator-- element in vector is expected cert", *current_cert-- == (*test_vector)[1]); - ensure("validate iterator-- element in vector is expected cert", *current_cert == (*test_vector)[0]); - - ensure("begin iterator is equal", current_cert == test_vector->begin()); - - // operator++ - ensure("validate ++iterator element in vector is expected cert", *++current_cert == (*test_vector)[1]); - ensure("end of cert vector after ++iterator", ++current_cert == test_vector->end()); - // operator-- - ensure("validate --iterator element in vector is expected cert", *--current_cert == (*test_vector)[1]); - ensure("validate 2nd --iterator element in vector is expected cert", *--current_cert == (*test_vector)[0]); - - test_vector->erase(test_vector->begin()); - ensure_equals("one element in store after remove", test_vector->size(), 1); - test_cert = (*test_vector)[0]->getOpenSSLX509(); - ensure("Child cert remains", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - - // validate insert - test_vector->insert(test_vector->begin(), new LLBasicCertificate(mPemIntermediateCert, &mValidationDate)); - test_cert = (*test_vector)[0]->getOpenSSLX509(); - ensure_equals("two elements in store after insert", test_vector->size(), 2); - ensure("validate intermediate cert was inserted at first position", !X509_cmp(test_cert, mX509IntermediateCert)); - X509_free(test_cert); - test_cert = (*test_vector)[1]->getOpenSSLX509(); - ensure("validate child cert still there", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - - //validate find - LLSD find_info = LLSD::emptyMap(); - find_info["subjectKeyIdentifier"] = "bb:59:9f:de:6b:51:a7:6c:b3:6d:5b:8b:42:f7:b1:65:77:17:a4:e4"; - LLBasicCertificateVector::iterator found_cert = test_vector->find(find_info); - ensure("found some cert", found_cert != test_vector->end()); - X509* found_x509 = (*found_cert).get()->getOpenSSLX509(); - ensure("child cert was found", !X509_cmp(found_x509, mX509ChildCert)); - X509_free(found_x509); - - find_info["subjectKeyIdentifier"] = "00:00:00:00"; // bogus - current_cert =test_vector->find(find_info); - ensure("didn't find cert", current_cert == test_vector->end()); - } - - // test cert store - template<> template<> - void sechandler_basic_test_object::test<6>() - { - // validate load with nothing - LLFile::remove("mycertstore.pem"); - LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem"); - ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0); - - // validate load with empty file - test_store->save(); - test_store = NULL; - test_store = new LLBasicCertificateStore("mycertstore.pem"); - ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0); - test_store=NULL; - - // instantiate a cert store from a file - llofstream certstorefile("mycertstore.pem", std::ios::out); - certstorefile << mPemChildCert << std::endl << mPemTestCert << std::endl; - certstorefile.close(); - // validate loaded certs - test_store = new LLBasicCertificateStore("mycertstore.pem"); - ensure_equals("two elements in store", test_store->size(), 2); - - // operator[] - X509* test_cert = (*test_store)[0]->getOpenSSLX509(); - - ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - test_cert = (*test_store)[1]->getOpenSSLX509(); - ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert)); - X509_free(test_cert); - - - // validate save - LLFile::remove("mycertstore.pem"); - test_store->save(); - test_store = NULL; - test_store = new LLBasicCertificateStore("mycertstore.pem"); - ensure_equals("two elements in store after save", test_store->size(), 2); - LLCertificateStore::iterator current_cert = test_store->begin(); - test_cert = (*current_cert)->getOpenSSLX509(); - ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert)); - current_cert++; - X509_free(test_cert); - test_cert = (*current_cert)->getOpenSSLX509(); - ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert)); - X509_free(test_cert); - current_cert++; - ensure("end of cert store", current_cert == test_store->end()); - - } - - // cert name wildcard matching - template<> template<> - void sechandler_basic_test_object::test<7>() - { - ensure("simple name match", - _cert_hostname_wildcard_match("foo", "foo")); - - ensure("simple name match, with end period", - _cert_hostname_wildcard_match("foo.", "foo.")); - - ensure("simple name match, with begin period", - _cert_hostname_wildcard_match(".foo", ".foo")); - - ensure("simple name match, with mismatched period cn", - _cert_hostname_wildcard_match("foo.", "foo")); - - ensure("simple name match, with mismatched period hostname", - _cert_hostname_wildcard_match("foo", "foo.")); - - ensure("simple name match, with subdomain", - _cert_hostname_wildcard_match("foo.bar", "foo.bar")); - - ensure("stutter name match", - _cert_hostname_wildcard_match("foobbbbfoo", "foo*bbbfoo")); - - ensure("simple name match, with beginning wildcard", - _cert_hostname_wildcard_match("foobar", "*bar")); - - ensure("simple name match, with ending wildcard", - _cert_hostname_wildcard_match("foobar", "foo*")); - - ensure("simple name match, with beginning null wildcard", - _cert_hostname_wildcard_match("foobar", "*foobar")); - - ensure("simple name match, with ending null wildcard", - _cert_hostname_wildcard_match("foobar", "foobar*")); - - ensure("simple name match, with embedded wildcard", - _cert_hostname_wildcard_match("foobar", "f*r")); - - ensure("simple name match, with embedded null wildcard", - _cert_hostname_wildcard_match("foobar", "foo*bar")); - - ensure("simple name match, with dual embedded wildcard", - _cert_hostname_wildcard_match("foobar", "f*o*ar")); - - ensure("simple name mismatch", - !_cert_hostname_wildcard_match("bar", "foo")); - - ensure("simple name mismatch, with end period", - !_cert_hostname_wildcard_match("foobar.", "foo.")); - - ensure("simple name mismatch, with begin period", - !_cert_hostname_wildcard_match(".foobar", ".foo")); - - ensure("simple name mismatch, with subdomain", - !_cert_hostname_wildcard_match("foobar.bar", "foo.bar")); - - ensure("simple name mismatch, with beginning wildcard", - !_cert_hostname_wildcard_match("foobara", "*bar")); - - ensure("simple name mismatch, with ending wildcard", - !_cert_hostname_wildcard_match("oobar", "foo*")); - - ensure("simple name mismatch, with embedded wildcard", - !_cert_hostname_wildcard_match("oobar", "f*r")); - - ensure("simple name mismatch, with dual embedded wildcard", - !_cert_hostname_wildcard_match("foobar", "f*d*ar")); - - ensure("simple wildcard", - _cert_hostname_wildcard_match("foobar", "*")); - - ensure("long domain", - _cert_hostname_wildcard_match("foo.bar.com", "foo.bar.com")); - - ensure("long domain with multiple wildcards", - _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com")); - - ensure("end periods", - _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com.")); - - ensure("match end period", - _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com")); - - ensure("match end period2", - _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com.")); - - ensure("wildcard mismatch", - !_cert_hostname_wildcard_match("bar.com", "*.bar.com")); - - ensure("wildcard match", - _cert_hostname_wildcard_match("foo.bar.com", "*.bar.com")); - - ensure("wildcard match", - _cert_hostname_wildcard_match("foo.foo.bar.com", "*.bar.com")); - - ensure("wildcard match", - _cert_hostname_wildcard_match("foo.foo.bar.com", "*.*.com")); - - ensure("wildcard mismatch", - !_cert_hostname_wildcard_match("foo.foo.bar.com", "*.foo.com")); - } - - // test cert chain - template<> template<> - void sechandler_basic_test_object::test<8>() - { - // validate create from empty chain - LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL); - ensure_equals("when loading with nothing, we should result in no certs in chain", test_chain->size(), 0); - - // Single cert in the chain. - X509_STORE_CTX *test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, NULL); - test_chain = new LLBasicCertificateChain(test_store); - X509_STORE_CTX_free(test_store); - ensure_equals("two elements in store", test_chain->size(), 1); - X509* test_cert = (*test_chain)[0]->getOpenSSLX509(); - ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - - // cert + CA - - test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); - test_chain = new LLBasicCertificateChain(test_store); - X509_STORE_CTX_free(test_store); - ensure_equals("two elements in store", test_chain->size(), 2); - test_cert = (*test_chain)[0]->getOpenSSLX509(); - ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - test_cert = (*test_chain)[1]->getOpenSSLX509(); - ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert)); - X509_free(test_cert); - - // cert + nonrelated - - test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert); - test_chain = new LLBasicCertificateChain(test_store); - X509_STORE_CTX_free(test_store); - ensure_equals("two elements in store", test_chain->size(), 1); - test_cert = (*test_chain)[0]->getOpenSSLX509(); - ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - - // cert + CA + nonrelated - test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert); - test_chain = new LLBasicCertificateChain(test_store); - X509_STORE_CTX_free(test_store); - ensure_equals("two elements in store", test_chain->size(), 2); - test_cert = (*test_chain)[0]->getOpenSSLX509(); - ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - test_cert = (*test_chain)[1]->getOpenSSLX509(); - ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert)); - X509_free(test_cert); - - // cert + intermediate + CA - test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert); - test_chain = new LLBasicCertificateChain(test_store); - X509_STORE_CTX_free(test_store); - ensure_equals("three elements in store", test_chain->size(), 3); - test_cert = (*test_chain)[0]->getOpenSSLX509(); - ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert)); - X509_free(test_cert); - test_cert = (*test_chain)[1]->getOpenSSLX509(); - ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert)); - X509_free(test_cert); - - test_cert = (*test_chain)[2]->getOpenSSLX509(); - ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509RootCert)); - X509_free(test_cert); - } - - // test cert validation - template<> template<> - void sechandler_basic_test_object::test<9>() - { - // start with a trusted store with our known root cert - LLFile::remove("mycertstore.pem"); - LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem"); - test_store->add(new LLBasicCertificate(mX509RootCert, &mValidationDate)); - LLSD validation_params; - - // validate basic trust for a chain containing only the intermediate cert. (1 deep) - LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL); - - test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate)); - - test_store->validate(0, test_chain, validation_params); - - // add the root certificate to the chain and revalidate - test_chain->add(new LLBasicCertificate(mX509RootCert, &mValidationDate)); - test_store->validate(0, test_chain, validation_params); - - // add the child cert at the head of the chain, and revalidate (3 deep chain) - test_chain->insert(test_chain->begin(), new LLBasicCertificate(mX509ChildCert, &mValidationDate)); - test_store->validate(0, test_chain, validation_params); - - // basic failure cases - test_chain = new LLBasicCertificateChain(NULL); - //validate with only the child cert in chain, but child cert was previously - // trusted - test_chain->add(new LLBasicCertificate(mX509ChildCert, &mValidationDate)); - - // validate without the trust flag. - test_store->validate(VALIDATION_POLICY_TRUSTED, test_chain, validation_params); - - // Validate with child cert but no parent, and no parent in CA store - test_store = new LLBasicCertificateStore("mycertstore.pem"); - ensure_throws("no CA, with only a child cert", - LLCertValidationTrustException, - (*test_chain)[0], - test_store->validate, - VALIDATION_POLICY_TRUSTED, - test_chain, - validation_params); - - - // validate without the trust flag. - test_store->validate(0, test_chain, validation_params); - - // clear out the store - test_store = new LLBasicCertificateStore("mycertstore.pem"); - // append the intermediate cert - test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate)); - ensure_throws("no CA, with child and intermediate certs", - LLCertValidationTrustException, - (*test_chain)[1], - test_store->validate, - VALIDATION_POLICY_TRUSTED | VALIDATION_POLICY_TRUSTED, - test_chain, - validation_params); - // validate without the trust flag - test_store->validate(0, test_chain, validation_params); - - // Test time validity - LLSD child_info; - ((*test_chain)[0])->getLLSD(child_info); - validation_params = LLSD::emptyMap(); - validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() + 1.0); - test_store->validate(VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED, - test_chain, validation_params); - - validation_params = LLSD::emptyMap(); - validation_params[CERT_VALIDATION_DATE] = child_info[CERT_VALID_FROM].asDate(); - - validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() - 1.0); - - // test not yet valid - ensure_throws("Child cert not yet valid" , - LLCertValidationExpirationException, - (*test_chain)[0], - test_store->validate, - VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED, - test_chain, - validation_params); - validation_params = LLSD::emptyMap(); - validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_TO].asDate().secondsSinceEpoch() + 1.0); - - // test cert expired - ensure_throws("Child cert expired", - LLCertValidationExpirationException, - (*test_chain)[0], - test_store->validate, - VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED, - test_chain, - validation_params); - - // test SSL KU - // validate basic trust for a chain containing child and intermediate. - test_chain = new LLBasicCertificateChain(NULL); - test_chain->add(new LLBasicCertificate(mX509ChildCert, &mValidationDate)); - test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate)); - test_store->validate(VALIDATION_POLICY_SSL_KU | VALIDATION_POLICY_TRUSTED, - test_chain, validation_params); - - test_chain = new LLBasicCertificateChain(NULL); - test_chain->add(new LLBasicCertificate(mX509TestCert, &mValidationDate)); - - test_store = new LLBasicCertificateStore("mycertstore.pem"); - ensure_throws("Cert doesn't have ku", - LLCertKeyUsageValidationException, - (*test_chain)[0], - test_store->validate, - VALIDATION_POLICY_SSL_KU | VALIDATION_POLICY_TRUSTED, - test_chain, - validation_params); - - test_store->validate(0, test_chain, validation_params); - } - -}; - +/**
+ * @file llsechandler_basic_test.cpp
+ * @author Roxie
+ * @date 2009-02-10
+ * @brief Test the 'basic' sec handler functions
+ *
+ * $LicenseInfo:firstyear=2005&license=viewerlgpl$
+ * Second Life Viewer Source Code
+ * Copyright (C) 2010, Linden Research, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License only.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA
+ * $/LicenseInfo$
+ */
+#include "../llviewerprecompiledheaders.h"
+#include "../test/lltut.h"
+#include "../llsecapi.h"
+#include "../llsechandler_basic.h"
+#include "../../llxml/llcontrol.h"
+#include "../llviewernetwork.h"
+#include "lluuid.h"
+#include "lldate.h"
+#include "llxorcipher.h"
+#include "apr_base64.h"
+#include <vector>
+#include <ios>
+#include <llsdserialize.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include "llxorcipher.h"
+#include <openssl/ossl_typ.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/asn1.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include "../llmachineid.h"
+
+#define ensure_throws(str, exc_type, cert, func, ...) \
+try \
+{ \
+func(__VA_ARGS__); \
+fail("throws, " str); \
+} \
+catch(exc_type& except) \
+{ \
+LLSD cert_data; \
+cert->getLLSD(cert_data); \
+ensure("Exception cert is incorrect for " str, valueCompareLLSD(except.getCertData(), cert_data)); \
+}
+
+extern bool _cert_hostname_wildcard_match(const std::string& hostname, const std::string& wildcard_string);
+
+//----------------------------------------------------------------------------
+// Mock objects for the dependencies of the code we're testing
+
+std::string gFirstName;
+std::string gLastName;
+LLControlGroup::LLControlGroup(const std::string& name)
+: LLInstanceTracker<LLControlGroup, std::string>(name) {}
+LLControlGroup::~LLControlGroup() {}
+LLControlVariable* LLControlGroup::declareString(const std::string& name,
+ const std::string& initial_val,
+ const std::string& comment,
+ LLControlVariable::ePersist persist) {return NULL;}
+void LLControlGroup::setString(std::string_view name, const std::string& val){}
+std::string LLControlGroup::getString(std::string_view name)
+{
+
+ if (name == "FirstName")
+ return gFirstName;
+ else if (name == "LastName")
+ return gLastName;
+ return "";
+}
+
+// Stub for --no-verify-ssl-cert
+bool LLControlGroup::getBOOL(std::string_view name) { return false; }
+
+LLSD LLCredential::getLoginParams()
+{
+ LLSD result = LLSD::emptyMap();
+
+ // legacy credential
+ result["passwd"] = "$1$testpasssd";
+ result["first"] = "myfirst";
+ result["last"] ="mylast";
+ return result;
+}
+
+void LLCredential::identifierType(std::string &idType)
+{
+}
+
+void LLCredential::authenticatorType(std::string &idType)
+{
+}
+
+
+LLControlGroup gSavedSettings("test");
+unsigned char gMACAddress[MAC_ADDRESS_BYTES] = {77,21,46,31,89,2};
+
+
+S32 LLMachineID::getUniqueID(unsigned char *unique_id, size_t len)
+{
+ memcpy(unique_id, gMACAddress, len);
+ return 1;
+}
+S32 LLMachineID::getLegacyID(unsigned char *unique_id, size_t len)
+{
+ return 0;
+}
+S32 LLMachineID::init() { return 1; }
+
+
+LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg)
+ : LLException(msg),
+ mCertData(cert_data)
+{
+ LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
+}
+
+
+// -------------------------------------------------------------------------------------------
+// TUT
+// -------------------------------------------------------------------------------------------
+namespace tut
+{
+ const std::string mPemTestCert(
+ "Certificate:\n"
+ " Data:\n"
+ " Version: 3 (0x2)\n"
+ " Serial Number:\n"
+ " 04:00:00:00:00:01:15:4b:5a:c3:94\n"
+ " Signature Algorithm: sha1WithRSAEncryption\n"
+ " Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA\n"
+ " Validity\n"
+ " Not Before: Sep 1 12:00:00 1998 GMT\n"
+ " Not After : Jan 28 12:00:00 2028 GMT\n"
+ " Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA\n"
+ " Subject Public Key Info:\n"
+ " Public Key Algorithm: rsaEncryption\n"
+ " Public-Key: (2048 bit)\n"
+ " Modulus:\n"
+ " 00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:\n"
+ " 83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:\n"
+ " 63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:\n"
+ " 8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:\n"
+ " 70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:\n"
+ " 15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:\n"
+ " 6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:\n"
+ " 89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:\n"
+ " 54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:\n"
+ " 92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:\n"
+ " 75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:\n"
+ " c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:\n"
+ " bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:\n"
+ " ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:\n"
+ " 63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:\n"
+ " 48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:\n"
+ " 07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:\n"
+ " 90:cf\n"
+ " Exponent: 65537 (0x10001)\n"
+ " X509v3 extensions:\n"
+ " X509v3 Key Usage: critical\n"
+ " Certificate Sign, CRL Sign\n"
+ " X509v3 Basic Constraints: critical\n"
+ " CA:TRUE\n"
+ " X509v3 Subject Key Identifier: \n"
+ " 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B\n"
+ " Signature Algorithm: sha1WithRSAEncryption\n"
+ " d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28:32:b5:\n"
+ " 7c:fc:6c:9c:2c:2b:bd:09:9e:53:bf:6b:5e:aa:11:48:b6:e5:\n"
+ " 08:a3:b3:ca:3d:61:4d:d3:46:09:b3:3e:c3:a0:e3:63:55:1b:\n"
+ " f2:ba:ef:ad:39:e1:43:b9:38:a3:e6:2f:8a:26:3b:ef:a0:50:\n"
+ " 56:f9:c6:0a:fd:38:cd:c4:0b:70:51:94:97:98:04:df:c3:5f:\n"
+ " 94:d5:15:c9:14:41:9c:c4:5d:75:64:15:0d:ff:55:30:ec:86:\n"
+ " 8f:ff:0d:ef:2c:b9:63:46:f6:aa:fc:df:bc:69:fd:2e:12:48:\n"
+ " 64:9a:e0:95:f0:a6:ef:29:8f:01:b1:15:b5:0c:1d:a5:fe:69:\n"
+ " 2c:69:24:78:1e:b3:a7:1c:71:62:ee:ca:c8:97:ac:17:5d:8a:\n"
+ " c2:f8:47:86:6e:2a:c4:56:31:95:d0:67:89:85:2b:f9:6c:a6:\n"
+ " 5d:46:9d:0c:aa:82:e4:99:51:dd:70:b7:db:56:3d:61:e4:6a:\n"
+ " e1:5c:d6:f6:fe:3d:de:41:cc:07:ae:63:52:bf:53:53:f4:2b:\n"
+ " e9:c7:fd:b6:f7:82:5f:85:d2:41:18:db:81:b3:04:1c:c5:1f:\n"
+ " a4:80:6f:15:20:c9:de:0c:88:0a:1d:d6:66:55:e2:fc:48:c9:\n"
+ " 29:26:69:e0\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n"
+ "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n"
+ "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n"
+ "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n"
+ "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n"
+ "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n"
+ "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n"
+ "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n"
+ "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n"
+ "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n"
+ "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n"
+ "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n"
+ "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n"
+ "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n"
+ "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n"
+ "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n"
+ "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n"
+ "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
+ "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
+ "-----END CERTIFICATE-----\n"
+ );
+
+ /*
+ * The following certificates were generated using the instructions at
+ * https://jamielinux.com/docs/openssl-certificate-authority/sign-server-and-client-certificates.html
+ * with the exception that the server certificate has a longer expiration time, and the full text
+ * expansion was included in the certificates.
+ */
+ const std::string mPemRootCert(
+ "Certificate:\n"
+ " Data:\n"
+ " Version: 3 (0x2)\n"
+ " Serial Number:\n"
+ " 82:2f:8f:eb:8d:06:24:b0\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " Issuer: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
+ " Validity\n"
+ " Not Before: May 22 22:19:45 2018 GMT\n"
+ " Not After : May 17 22:19:45 2038 GMT\n"
+ " Subject: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
+ " Subject Public Key Info:\n"
+ " Public Key Algorithm: rsaEncryption\n"
+ " Public-Key: (4096 bit)\n"
+ " Modulus:\n"
+ " 00:bd:e0:79:dd:3b:a6:ac:87:d0:39:f0:58:c7:a4:\n"
+ " 42:42:f6:5f:93:b0:36:04:b5:e2:d5:f7:2a:c0:6c:\n"
+ " a0:13:d2:1e:02:81:57:02:50:4c:57:b7:ef:27:9e:\n"
+ " f6:f1:f1:30:30:72:1e:57:34:e5:3f:82:3c:21:c4:\n"
+ " 66:d2:73:63:6c:91:e6:dd:49:9e:9c:b1:34:6a:81:\n"
+ " 45:a1:6e:c4:50:28:f2:d8:e3:fe:80:2f:83:aa:28:\n"
+ " 91:b4:8c:57:c9:f1:16:d9:0c:87:3c:25:80:a0:81:\n"
+ " 8d:71:f2:96:e2:16:f1:97:c4:b0:d8:53:bb:13:6c:\n"
+ " 73:54:2f:29:94:85:cf:86:6e:75:71:ad:39:e3:fc:\n"
+ " 39:12:53:93:1c:ce:39:e0:33:da:49:b7:3d:af:b0:\n"
+ " 37:ce:77:09:03:27:32:70:c0:9c:7f:9c:89:ce:90:\n"
+ " 45:b0:7d:94:8b:ff:13:27:ba:88:7f:ae:c4:aa:73:\n"
+ " d5:47:b8:87:69:89:80:0c:c1:22:18:78:c2:0d:47:\n"
+ " d9:10:ff:80:79:0d:46:71:ec:d9:ba:c9:f3:77:fd:\n"
+ " 92:6d:1f:0f:d9:54:18:6d:f6:72:24:5c:5c:3d:43:\n"
+ " 49:35:3e:1c:28:de:7e:44:dc:29:c3:9f:62:04:46:\n"
+ " aa:c4:e6:69:6a:15:f8:e3:74:1c:14:e9:f4:97:7c:\n"
+ " 30:6c:d4:28:fc:2a:0e:1d:6d:39:2e:1d:f9:17:43:\n"
+ " 35:5d:23:e7:ba:e3:a8:e9:97:6b:3c:3e:23:ef:d8:\n"
+ " bc:fb:7a:57:37:39:93:59:03:fc:78:ca:b1:31:ef:\n"
+ " 26:19:ed:56:e1:63:c3:ad:99:80:5b:47:b5:03:35:\n"
+ " 5f:fe:6a:a6:21:63:ec:50:fb:4e:c9:f9:ae:a5:66:\n"
+ " d0:55:33:8d:e6:c5:50:5a:c6:8f:5c:34:45:a7:72:\n"
+ " da:50:f6:66:4c:19:f5:d1:e4:fb:11:8b:a1:b5:4e:\n"
+ " 09:43:81:3d:39:28:86:3b:fe:07:28:97:02:b5:3a:\n"
+ " 07:5f:4a:20:80:1a:7d:a4:8c:f7:6c:f6:c5:9b:f6:\n"
+ " 61:e5:c7:b0:c3:d5:58:38:7b:bb:47:1e:34:d6:16:\n"
+ " 55:c5:d2:6c:b0:93:77:b1:90:69:06:b1:53:cb:1b:\n"
+ " 84:71:cf:b8:87:1b:1e:44:35:b4:2b:bb:04:59:58:\n"
+ " 0b:e8:93:d8:ae:21:9b:b1:1c:89:30:ae:11:80:77:\n"
+ " cc:16:f3:d6:35:ed:a1:b3:70:b3:4f:cd:a1:56:99:\n"
+ " ee:0e:c0:00:a4:09:70:c3:5b:0b:be:a1:07:18:dd:\n"
+ " c6:f4:6d:8b:58:bc:f9:bb:4b:01:2c:f6:cc:2c:9b:\n"
+ " 87:0e:b1:4f:9c:10:be:fc:45:e2:a4:ec:7e:fc:ff:\n"
+ " 45:b8:53\n"
+ " Exponent: 65537 (0x10001)\n"
+ " X509v3 extensions:\n"
+ " X509v3 Subject Key Identifier: \n"
+ " 8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
+ " X509v3 Authority Key Identifier: \n"
+ " keyid:8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
+ "\n"
+ " X509v3 Basic Constraints: critical\n"
+ " CA:TRUE\n"
+ " X509v3 Key Usage: critical\n"
+ " Digital Signature, Certificate Sign, CRL Sign\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " b3:cb:33:eb:0e:02:64:f4:55:9a:3d:03:9a:cf:6a:4c:18:43:\n"
+ " f7:42:cb:65:dc:61:52:e5:9f:2f:42:97:3c:93:16:22:d4:af:\n"
+ " ae:b2:0f:c3:9b:ef:e0:cc:ee:b6:b1:69:a3:d8:da:26:c3:ad:\n"
+ " 3b:c5:64:dc:9f:d4:c2:53:4b:91:6d:c4:92:09:0b:ac:f0:99:\n"
+ " be:6f:b9:3c:03:4a:6d:9f:01:5d:ec:5a:9a:f3:a7:e5:3b:2c:\n"
+ " 99:57:7d:7e:25:15:68:20:12:30:96:16:86:f5:db:74:90:60:\n"
+ " fe:8b:df:99:f6:f7:62:49:9f:bc:8d:45:23:0a:c8:73:b8:79:\n"
+ " 80:3c:b9:e5:72:85:4b:b3:81:66:74:a2:72:92:4c:44:fd:7b:\n"
+ " 46:2e:21:a2:a9:81:a2:f3:26:4d:e3:89:7d:78:b0:c6:6f:b5:\n"
+ " 87:cb:ee:25:ed:27:1f:75:13:fa:6d:e9:37:73:ad:07:bb:af:\n"
+ " d3:6c:87:ea:02:01:70:bd:53:aa:ce:39:2c:d4:66:39:33:aa:\n"
+ " d1:9c:ee:67:e3:a9:45:d2:7b:2e:54:09:af:70:5f:3f:5a:67:\n"
+ " 2e:6c:72:ef:e0:9d:92:28:4a:df:ba:0b:b7:23:ca:5b:04:11:\n"
+ " 45:d1:51:e9:ea:c9:ec:54:fa:34:46:ae:fc:dc:6c:f8:1e:2c:\n"
+ " 9e:f4:71:51:8d:b5:a1:26:9a:13:30:be:1e:41:25:59:58:05:\n"
+ " 2c:64:c8:f9:5e:38:ae:dc:93:b0:8a:d6:38:74:02:cb:ce:ce:\n"
+ " 95:31:76:f6:7c:bf:a4:a1:8e:27:fd:ca:74:82:d1:e1:4d:b6:\n"
+ " 48:51:fa:c5:17:59:22:a3:84:be:82:c8:83:ec:61:a0:f4:ee:\n"
+ " 2c:e3:a3:ea:e5:51:c9:d3:4f:db:85:bd:ba:7a:52:14:b6:03:\n"
+ " ed:43:17:d8:d7:1c:22:5e:c9:56:d9:d6:81:96:11:e3:5e:01:\n"
+ " 40:91:30:09:da:a3:5f:d3:27:60:e5:9d:6c:da:d0:f0:39:01:\n"
+ " 23:4a:a6:15:7a:4a:82:eb:ec:72:4a:1d:36:dc:6f:83:c4:85:\n"
+ " 84:b5:8d:cd:09:e5:12:63:f3:21:56:c8:64:6b:db:b8:cf:d4:\n"
+ " df:ca:a8:24:8e:df:8d:63:a5:96:84:bf:ff:8b:7e:46:7a:f0:\n"
+ " c7:73:7c:70:8a:f5:17:d0:ac:c8:89:1e:d7:89:42:0f:4d:66:\n"
+ " c4:d8:bb:36:a8:ae:ca:e1:cf:e2:88:f6:cf:b0:44:4a:5f:81:\n"
+ " 50:4b:d6:28:81:cd:6c:f0:ec:e6:09:08:f2:59:91:a2:69:ac:\n"
+ " c7:81:fa:ab:61:3e:db:6f:f6:7f:db:1a:9e:b9:5d:cc:cc:33:\n"
+ " fa:95:c6:f7:8d:4b:30:f3\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXDCCBESgAwIBAgIJAIIvj+uNBiSwMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD\n"
+ "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j\n"
+ "aXNjbzETMBEGA1UECgwKTGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25kIExpZmUg\n"
+ "RW5naW5lZXJpbmcxITAfBgNVBAMMGEludGVncmF0aW9uIFRlc3QgUm9vdCBDQTEk\n"
+ "MCIGCSqGSIb3DQEJARYVbm9yZXBseUBsaW5kZW5sYWIuY29tMB4XDTE4MDUyMjIy\n"
+ "MTk0NVoXDTM4MDUxNzIyMTk0NVowgboxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD\n"
+ "YWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApMaW5k\n"
+ "ZW4gTGFiMSAwHgYDVQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVlcmluZzEhMB8GA1UE\n"
+ "AwwYSW50ZWdyYXRpb24gVGVzdCBSb290IENBMSQwIgYJKoZIhvcNAQkBFhVub3Jl\n"
+ "cGx5QGxpbmRlbmxhYi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n"
+ "AQC94HndO6ash9A58FjHpEJC9l+TsDYEteLV9yrAbKAT0h4CgVcCUExXt+8nnvbx\n"
+ "8TAwch5XNOU/gjwhxGbSc2NskebdSZ6csTRqgUWhbsRQKPLY4/6AL4OqKJG0jFfJ\n"
+ "8RbZDIc8JYCggY1x8pbiFvGXxLDYU7sTbHNULymUhc+GbnVxrTnj/DkSU5Mczjng\n"
+ "M9pJtz2vsDfOdwkDJzJwwJx/nInOkEWwfZSL/xMnuoh/rsSqc9VHuIdpiYAMwSIY\n"
+ "eMINR9kQ/4B5DUZx7Nm6yfN3/ZJtHw/ZVBht9nIkXFw9Q0k1Phwo3n5E3CnDn2IE\n"
+ "RqrE5mlqFfjjdBwU6fSXfDBs1Cj8Kg4dbTkuHfkXQzVdI+e646jpl2s8PiPv2Lz7\n"
+ "elc3OZNZA/x4yrEx7yYZ7VbhY8OtmYBbR7UDNV/+aqYhY+xQ+07J+a6lZtBVM43m\n"
+ "xVBaxo9cNEWnctpQ9mZMGfXR5PsRi6G1TglDgT05KIY7/gcolwK1OgdfSiCAGn2k\n"
+ "jPds9sWb9mHlx7DD1Vg4e7tHHjTWFlXF0mywk3exkGkGsVPLG4Rxz7iHGx5ENbQr\n"
+ "uwRZWAvok9iuIZuxHIkwrhGAd8wW89Y17aGzcLNPzaFWme4OwACkCXDDWwu+oQcY\n"
+ "3cb0bYtYvPm7SwEs9swsm4cOsU+cEL78ReKk7H78/0W4UwIDAQABo2MwYTAdBgNV\n"
+ "HQ4EFgQUiiLGnC4R80AMzoIMIln/+H/QuRMwHwYDVR0jBBgwFoAUiiLGnC4R80AM\n"
+ "zoIMIln/+H/QuRMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJ\n"
+ "KoZIhvcNAQELBQADggIBALPLM+sOAmT0VZo9A5rPakwYQ/dCy2XcYVLlny9ClzyT\n"
+ "FiLUr66yD8Ob7+DM7raxaaPY2ibDrTvFZNyf1MJTS5FtxJIJC6zwmb5vuTwDSm2f\n"
+ "AV3sWprzp+U7LJlXfX4lFWggEjCWFob123SQYP6L35n292JJn7yNRSMKyHO4eYA8\n"
+ "ueVyhUuzgWZ0onKSTET9e0YuIaKpgaLzJk3jiX14sMZvtYfL7iXtJx91E/pt6Tdz\n"
+ "rQe7r9Nsh+oCAXC9U6rOOSzUZjkzqtGc7mfjqUXSey5UCa9wXz9aZy5scu/gnZIo\n"
+ "St+6C7cjylsEEUXRUenqyexU+jRGrvzcbPgeLJ70cVGNtaEmmhMwvh5BJVlYBSxk\n"
+ "yPleOK7ck7CK1jh0AsvOzpUxdvZ8v6Shjif9ynSC0eFNtkhR+sUXWSKjhL6CyIPs\n"
+ "YaD07izjo+rlUcnTT9uFvbp6UhS2A+1DF9jXHCJeyVbZ1oGWEeNeAUCRMAnao1/T\n"
+ "J2DlnWza0PA5ASNKphV6SoLr7HJKHTbcb4PEhYS1jc0J5RJj8yFWyGRr27jP1N/K\n"
+ "qCSO341jpZaEv/+LfkZ68MdzfHCK9RfQrMiJHteJQg9NZsTYuzaorsrhz+KI9s+w\n"
+ "REpfgVBL1iiBzWzw7OYJCPJZkaJprMeB+qthPttv9n/bGp65XczMM/qVxveNSzDz\n"
+ "-----END CERTIFICATE-----\n"
+ );
+
+ const std::string mPemIntermediateCert(
+ "Certificate:\n"
+ " Data:\n"
+ " Version: 3 (0x2)\n"
+ " Serial Number: 4096 (0x1000)\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " Issuer: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
+ " Validity\n"
+ " Not Before: May 22 22:39:08 2018 GMT\n"
+ " Not After : May 19 22:39:08 2028 GMT\n"
+ " Subject: C=US, ST=California, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Intermediate CA/emailAddress=noreply@lindenlab.com\n"
+ " Subject Public Key Info:\n"
+ " Public Key Algorithm: rsaEncryption\n"
+ " Public-Key: (4096 bit)\n"
+ " Modulus:\n"
+ " 00:ce:a3:70:e2:c4:fb:4b:97:90:a1:30:bb:c1:1b:\n"
+ " 13:b9:aa:7e:46:17:a3:26:8d:69:3f:5e:73:95:e8:\n"
+ " 6a:b1:0a:b4:8f:50:65:e3:c6:5c:39:24:34:df:0b:\n"
+ " b7:cc:ce:62:0c:36:5a:12:2c:fe:35:4c:e9:1c:ac:\n"
+ " 80:5e:24:99:d7:aa:bd:be:48:c0:62:64:77:36:88:\n"
+ " 66:ce:f4:a8:dd:d2:76:24:62:90:55:41:fc:1d:13:\n"
+ " 4e:a7:4e:57:bc:a8:a4:59:4b:2c:5a:1c:d8:cc:16:\n"
+ " de:e8:88:30:c9:95:df:2f:a6:14:28:0f:eb:34:46:\n"
+ " 12:58:ba:da:0e:e6:de:9c:15:f6:f4:e3:9f:74:aa:\n"
+ " 70:89:79:8b:e9:5a:7b:18:54:15:94:3a:23:0a:65:\n"
+ " 78:05:d9:33:90:2a:ce:15:18:0d:52:fc:5c:31:65:\n"
+ " 20:d0:12:37:8c:11:80:ba:d4:b0:82:73:00:4b:49:\n"
+ " be:cb:d6:bc:e7:cd:61:f3:00:98:99:74:5a:37:81:\n"
+ " 49:96:7e:14:01:1b:86:d2:d0:06:94:40:63:63:46:\n"
+ " 11:fc:33:5c:bd:3a:5e:d4:e5:44:47:64:50:bd:a6:\n"
+ " 97:55:70:64:9b:26:cc:de:20:82:90:6a:83:41:9c:\n"
+ " 6f:71:47:14:be:cb:68:7c:85:be:ef:2e:76:12:19:\n"
+ " d3:c9:87:32:b4:ac:60:20:16:28:2d:af:bc:e8:01:\n"
+ " c6:7f:fb:d8:11:d5:f4:b7:14:bd:27:08:5b:72:be:\n"
+ " 09:e0:91:c8:9c:7b:b4:b3:12:ef:32:36:be:b1:b9:\n"
+ " a2:b7:e3:69:47:30:76:ba:9c:9b:19:99:4d:53:dd:\n"
+ " 5c:e8:2c:f1:b2:64:69:cf:15:bd:f8:bb:58:95:73:\n"
+ " 58:38:95:b4:7a:cf:84:29:a6:c2:db:f0:bd:ef:97:\n"
+ " 26:d4:99:ac:d7:c7:be:b0:0d:11:f4:26:86:2d:77:\n"
+ " 42:52:25:d7:56:c7:e3:97:b1:36:5c:97:71:d0:9b:\n"
+ " f5:b5:50:8d:f9:ff:fb:10:77:3c:b5:53:6d:a1:43:\n"
+ " 35:a9:03:32:05:ab:d7:f5:d1:19:bd:5f:92:a3:00:\n"
+ " 2a:79:37:a4:76:4f:e9:32:0d:e4:86:bb:ea:c3:1a:\n"
+ " c5:33:e8:16:d4:a5:d8:e0:e8:bb:c2:f0:22:15:e2:\n"
+ " d9:8c:ae:ac:7d:2b:bf:eb:a3:4c:3b:29:1d:94:ac:\n"
+ " a3:bb:6d:ba:6d:03:91:03:cf:46:12:c4:66:21:c5:\n"
+ " c6:67:d8:11:19:79:01:0e:6e:84:1c:76:6f:11:3d:\n"
+ " eb:94:89:c5:6a:26:1f:cd:e0:11:8b:51:ee:99:35:\n"
+ " 69:e5:7f:0b:77:2a:94:e4:4b:64:b9:83:04:30:05:\n"
+ " e4:a2:e3\n"
+ " Exponent: 65537 (0x10001)\n"
+ " X509v3 extensions:\n"
+ " X509v3 Subject Key Identifier: \n"
+ " 83:21:DE:EC:C0:79:03:6D:1E:83:F3:E5:97:29:D5:5A:C0:96:40:FA\n"
+ " X509v3 Authority Key Identifier: \n"
+ " keyid:8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
+ "\n"
+ " X509v3 Basic Constraints: critical\n"
+ " CA:TRUE, pathlen:0\n"
+ " X509v3 Key Usage: critical\n"
+ " Digital Signature, Certificate Sign, CRL Sign\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " a3:6c:85:9a:2e:4e:7e:5d:83:63:0f:f5:4f:a9:7d:ec:0e:6f:\n"
+ " ae:d7:ba:df:64:e0:46:0e:3d:da:18:15:2c:f3:73:ca:81:b1:\n"
+ " 10:d9:53:14:21:7d:72:5c:94:88:a5:9d:ad:ab:45:42:c6:64:\n"
+ " a9:d9:2e:4e:29:47:2c:b1:95:07:b7:62:48:68:1f:68:13:1c:\n"
+ " d2:a0:fb:5e:38:24:4a:82:0a:87:c9:93:20:43:7e:e9:f9:79:\n"
+ " ef:03:a2:bd:9e:24:6b:0a:01:5e:4a:36:c5:7d:7a:fe:d6:aa:\n"
+ " 2f:c2:8c:38:8a:99:3c:b0:6a:e5:60:be:56:d6:eb:60:03:55:\n"
+ " 24:42:a0:1a:fa:91:24:a3:53:15:75:5d:c8:eb:7c:1e:68:5a:\n"
+ " 7e:13:34:e3:85:37:1c:76:3f:77:67:1b:ed:1b:52:17:fc:4a:\n"
+ " a3:e2:74:84:80:2c:69:fc:dd:7d:26:97:c4:2a:69:7d:9c:dc:\n"
+ " 61:97:70:29:a7:3f:2b:5b:2b:22:51:fd:fe:6a:5d:f9:e7:14:\n"
+ " 48:b7:2d:c8:33:58:fc:f2:5f:27:f7:26:16:be:be:b5:aa:a2:\n"
+ " 64:53:3c:69:e8:b5:61:eb:ab:91:a5:b4:09:9b:f6:98:b8:5c:\n"
+ " 5b:24:2f:93:f5:2b:9c:8c:58:fb:26:3f:67:53:d7:42:64:e8:\n"
+ " 79:77:73:41:4e:e3:02:39:0b:b6:68:97:8b:84:e8:1d:83:a8:\n"
+ " 15:f1:06:46:47:80:42:5e:14:e2:61:8a:76:84:d5:d4:71:7f:\n"
+ " 4e:ff:d9:74:87:ff:32:c5:87:20:0a:d4:59:40:3e:d8:17:ef:\n"
+ " da:65:e9:0a:51:fe:1e:c3:46:91:d2:ee:e4:23:57:97:87:d4:\n"
+ " a6:a5:eb:ef:81:6a:d8:8c:d6:1f:8e:b1:18:4c:6b:89:32:55:\n"
+ " 53:68:26:9e:bb:03:be:2c:e9:8b:ff:97:9c:1c:ac:28:c3:9f:\n"
+ " 0b:b7:93:23:24:31:63:e4:19:13:f2:bb:08:71:b7:c5:c5:c4:\n"
+ " 10:ff:dc:fc:33:54:a4:5e:ec:a3:fe:0a:80:ca:9c:bc:95:6f:\n"
+ " 5f:39:91:3b:61:69:16:94:0f:57:4b:fc:4b:b1:be:72:98:5d:\n"
+ " 10:f9:08:a7:d6:e0:e8:3d:5d:54:7d:fa:4b:6a:dd:98:41:ed:\n"
+ " 84:a1:39:67:5c:6c:7f:0c:b0:e1:98:c1:14:ed:fe:1e:e8:05:\n"
+ " 8d:7f:6a:24:cb:1b:05:42:0d:7f:13:ba:ca:b5:91:db:a5:f0:\n"
+ " 40:2b:70:7a:2a:a5:5d:ed:56:0c:f0:c2:72:ee:63:dd:cb:5d:\n"
+ " 76:f6:08:e6:e6:30:ef:3a:b2:16:34:41:a4:e1:30:14:bc:c7:\n"
+ " f9:23:3a:1a:70:df:b8:cc\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGSDCCBDCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVT\n"
+ "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMw\n"
+ "EQYDVQQKDApMaW5kZW4gTGFiMSAwHgYDVQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVl\n"
+ "cmluZzEhMB8GA1UEAwwYSW50ZWdyYXRpb24gVGVzdCBSb290IENBMSQwIgYJKoZI\n"
+ "hvcNAQkBFhVub3JlcGx5QGxpbmRlbmxhYi5jb20wHhcNMTgwNTIyMjIzOTA4WhcN\n"
+ "MjgwNTE5MjIzOTA4WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju\n"
+ "aWExEzARBgNVBAoMCkxpbmRlbiBMYWIxIDAeBgNVBAsMF1NlY29uZCBMaWZlIEVu\n"
+ "Z2luZWVyaW5nMSkwJwYDVQQDDCBJbnRlZ3JhdGlvbiBUZXN0IEludGVybWVkaWF0\n"
+ "ZSBDQTEkMCIGCSqGSIb3DQEJARYVbm9yZXBseUBsaW5kZW5sYWIuY29tMIICIjAN\n"
+ "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzqNw4sT7S5eQoTC7wRsTuap+Rhej\n"
+ "Jo1pP15zlehqsQq0j1Bl48ZcOSQ03wu3zM5iDDZaEiz+NUzpHKyAXiSZ16q9vkjA\n"
+ "YmR3NohmzvSo3dJ2JGKQVUH8HRNOp05XvKikWUssWhzYzBbe6IgwyZXfL6YUKA/r\n"
+ "NEYSWLraDubenBX29OOfdKpwiXmL6Vp7GFQVlDojCmV4BdkzkCrOFRgNUvxcMWUg\n"
+ "0BI3jBGAutSwgnMAS0m+y9a8581h8wCYmXRaN4FJln4UARuG0tAGlEBjY0YR/DNc\n"
+ "vTpe1OVER2RQvaaXVXBkmybM3iCCkGqDQZxvcUcUvstofIW+7y52EhnTyYcytKxg\n"
+ "IBYoLa+86AHGf/vYEdX0txS9Jwhbcr4J4JHInHu0sxLvMja+sbmit+NpRzB2upyb\n"
+ "GZlNU91c6CzxsmRpzxW9+LtYlXNYOJW0es+EKabC2/C975cm1Jms18e+sA0R9CaG\n"
+ "LXdCUiXXVsfjl7E2XJdx0Jv1tVCN+f/7EHc8tVNtoUM1qQMyBavX9dEZvV+SowAq\n"
+ "eTekdk/pMg3khrvqwxrFM+gW1KXY4Oi7wvAiFeLZjK6sfSu/66NMOykdlKyju226\n"
+ "bQORA89GEsRmIcXGZ9gRGXkBDm6EHHZvET3rlInFaiYfzeARi1HumTVp5X8LdyqU\n"
+ "5EtkuYMEMAXkouMCAwEAAaNmMGQwHQYDVR0OBBYEFIMh3uzAeQNtHoPz5Zcp1VrA\n"
+ "lkD6MB8GA1UdIwQYMBaAFIoixpwuEfNADM6CDCJZ//h/0LkTMBIGA1UdEwEB/wQI\n"
+ "MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCjbIWa\n"
+ "Lk5+XYNjD/VPqX3sDm+u17rfZOBGDj3aGBUs83PKgbEQ2VMUIX1yXJSIpZ2tq0VC\n"
+ "xmSp2S5OKUcssZUHt2JIaB9oExzSoPteOCRKggqHyZMgQ37p+XnvA6K9niRrCgFe\n"
+ "SjbFfXr+1qovwow4ipk8sGrlYL5W1utgA1UkQqAa+pEko1MVdV3I63weaFp+EzTj\n"
+ "hTccdj93ZxvtG1IX/Eqj4nSEgCxp/N19JpfEKml9nNxhl3Appz8rWysiUf3+al35\n"
+ "5xRIty3IM1j88l8n9yYWvr61qqJkUzxp6LVh66uRpbQJm/aYuFxbJC+T9SucjFj7\n"
+ "Jj9nU9dCZOh5d3NBTuMCOQu2aJeLhOgdg6gV8QZGR4BCXhTiYYp2hNXUcX9O/9l0\n"
+ "h/8yxYcgCtRZQD7YF+/aZekKUf4ew0aR0u7kI1eXh9SmpevvgWrYjNYfjrEYTGuJ\n"
+ "MlVTaCaeuwO+LOmL/5ecHKwow58Lt5MjJDFj5BkT8rsIcbfFxcQQ/9z8M1SkXuyj\n"
+ "/gqAypy8lW9fOZE7YWkWlA9XS/xLsb5ymF0Q+Qin1uDoPV1UffpLat2YQe2EoTln\n"
+ "XGx/DLDhmMEU7f4e6AWNf2okyxsFQg1/E7rKtZHbpfBAK3B6KqVd7VYM8MJy7mPd\n"
+ "y1129gjm5jDvOrIWNEGk4TAUvMf5IzoacN+4zA==\n"
+ "-----END CERTIFICATE-----\n"
+ );
+
+ const std::string mPemChildCert(
+ "Certificate:\n"
+ " Data:\n"
+ " Version: 3 (0x2)\n"
+ " Serial Number: 4096 (0x1000)\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " Issuer: C=US, ST=California, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Intermediate CA/emailAddress=noreply@lindenlab.com\n"
+ " Validity\n"
+ " Not Before: May 22 22:58:15 2018 GMT\n"
+ " Not After : Jul 19 22:58:15 2024 GMT\n"
+ " Subject: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Server Cert/emailAddress=noreply@lindenlab.com\n"
+ " Subject Public Key Info:\n"
+ " Public Key Algorithm: rsaEncryption\n"
+ " Public-Key: (2048 bit)\n"
+ " Modulus:\n"
+ " 00:bf:a1:1c:76:82:4a:10:1d:25:0e:02:e2:7a:64:\n"
+ " 54:c7:94:c5:c0:98:d5:35:f3:cb:cb:30:ba:31:9c:\n"
+ " bd:4c:2f:4a:4e:24:03:4b:87:5c:c1:5c:fe:d9:89:\n"
+ " 3b:cb:01:bc:eb:a5:b7:78:dc:b3:58:e5:78:a7:15:\n"
+ " 34:50:30:aa:16:3a:b2:94:17:6d:1e:7f:b2:70:1e:\n"
+ " 96:41:bb:1d:e3:22:80:fa:dc:00:6a:fb:34:3e:67:\n"
+ " e7:c2:21:2f:1b:d3:af:04:49:91:eb:bb:60:e0:26:\n"
+ " 52:75:28:8a:08:5b:91:56:4e:51:50:40:51:70:af:\n"
+ " cb:80:66:c8:59:e9:e2:48:a8:62:d0:26:67:80:0a:\n"
+ " 12:16:d1:f6:15:9e:1f:f5:92:37:f3:c9:2f:03:9e:\n"
+ " 22:f6:60:5a:76:45:8c:01:2c:99:54:72:19:db:b7:\n"
+ " 72:e6:5a:69:f3:e9:31:65:5d:0f:c7:5c:9c:17:29:\n"
+ " 71:14:7f:db:47:c9:1e:65:a2:41:b0:2f:14:17:ec:\n"
+ " 4b:25:f2:43:8f:b4:a3:8d:37:1a:07:34:b3:29:bb:\n"
+ " 8a:44:8e:84:08:a2:1b:76:7a:cb:c2:39:2f:6e:e3:\n"
+ " fc:d6:91:b5:1f:ce:58:91:57:70:35:6e:25:a9:48:\n"
+ " 0e:07:cf:4e:dd:16:42:65:cf:8a:42:b3:27:e6:fe:\n"
+ " 6a:e3\n"
+ " Exponent: 65537 (0x10001)\n"
+ " X509v3 extensions:\n"
+ " X509v3 Basic Constraints: \n"
+ " CA:FALSE\n"
+ " Netscape Cert Type: \n"
+ " SSL Server\n"
+ " Netscape Comment: \n"
+ " OpenSSL Generated Server Certificate\n"
+ " X509v3 Subject Key Identifier: \n"
+ " BB:59:9F:DE:6B:51:A7:6C:B3:6D:5B:8B:42:F7:B1:65:77:17:A4:E4\n"
+ " X509v3 Authority Key Identifier: \n"
+ " keyid:83:21:DE:EC:C0:79:03:6D:1E:83:F3:E5:97:29:D5:5A:C0:96:40:FA\n"
+ " DirName:/C=US/ST=California/L=San Francisco/O=Linden Lab/OU=Second Life Engineering/CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
+ " serial:10:00\n"
+ "\n"
+ " X509v3 Key Usage: critical\n"
+ " Digital Signature, Key Encipherment\n"
+ " X509v3 Extended Key Usage: \n"
+ " TLS Web Server Authentication\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " 18:a6:58:55:9b:d4:af:7d:8a:27:d3:28:3a:4c:4b:42:4e:f0:\n"
+ " 30:d6:d9:95:11:48:12:0a:96:40:d9:2b:21:39:c5:d4:8d:e5:\n"
+ " 10:bc:68:78:69:0b:9f:15:4a:0b:f1:ab:99:45:0c:20:5f:27:\n"
+ " df:e7:14:2d:4a:30:f2:c2:8d:37:73:36:1a:27:55:5a:08:5f:\n"
+ " 71:a1:5e:05:83:b2:59:fe:02:5e:d7:4a:30:15:23:58:04:cf:\n"
+ " 48:cc:b0:71:88:9c:6b:57:f0:04:0a:d3:a0:64:6b:ee:f3:5f:\n"
+ " ea:ac:e1:2b:b9:7f:79:b8:db:ce:72:48:72:db:c8:5c:38:72:\n"
+ " 31:55:d0:ff:6b:bd:73:23:a7:30:18:5d:ed:47:18:0a:67:8e:\n"
+ " 53:32:0e:99:9b:96:72:45:7f:c6:00:2c:5d:1a:97:53:75:3a:\n"
+ " 0b:49:3d:3a:00:37:14:67:0c:28:97:34:87:aa:c5:32:e4:ae:\n"
+ " 34:83:12:4a:10:f7:0e:74:d4:5f:73:bd:ef:0c:b7:d8:0a:7d:\n"
+ " 8e:8d:5a:48:bd:f4:8e:7b:f9:4a:15:3b:61:c9:5e:40:59:6e:\n"
+ " c7:a8:a4:02:28:72:c5:54:8c:77:f4:55:a7:86:c0:38:a0:68:\n"
+ " 19:da:0f:72:5a:a9:7e:69:9f:9c:3a:d6:66:aa:e1:f4:fd:f9:\n"
+ " b8:4b:6c:71:9e:f0:38:02:c7:6a:9e:dc:e6:fb:ef:23:59:4f:\n"
+ " 5c:84:0a:df:ea:86:1f:fd:0e:5c:fa:c4:e5:50:1c:10:cf:89:\n"
+ " 4e:08:0e:4c:4b:61:1a:49:12:f7:e9:4b:17:71:43:7b:6d:b6:\n"
+ " b5:9f:d4:3b:c7:88:53:48:63:b6:00:80:8f:49:0a:c5:7e:58:\n"
+ " ac:78:d8:b9:06:b0:bc:86:e2:2e:48:5b:c3:24:fa:aa:72:d8:\n"
+ " ec:f6:c7:91:9f:0f:c8:b5:fd:2b:b2:a7:bc:2f:40:20:2b:47:\n"
+ " e0:d1:1d:94:52:6f:6b:be:12:b6:8c:dc:11:db:71:e6:19:ef:\n"
+ " a8:71:8b:ad:d3:32:c0:1c:a4:3f:b3:0f:af:e5:50:e1:ff:41:\n"
+ " a4:b7:6f:57:71:af:fd:16:4c:e8:24:b3:99:1b:cf:12:8f:43:\n"
+ " 05:80:ba:18:19:0a:a5:ec:49:81:41:4c:7e:28:b2:21:f2:59:\n"
+ " 6e:4a:ed:de:f9:fa:99:85:60:1f:e6:c2:42:5c:08:00:3c:84:\n"
+ " 06:a9:24:d4:cf:7b:6e:1b:59:1d:f4:70:16:03:a1:e0:0b:00:\n"
+ " 95:5c:39:03:fc:9d:1c:8e:f7:59:0c:61:47:f6:7f:07:22:48:\n"
+ " 83:40:ac:e1:98:5f:c7:be:05:d5:29:2b:bf:0d:03:0e:e9:5e:\n"
+ " 2b:dd:09:18:fe:5e:30:61\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGbjCCBFagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgaoxCzAJBgNVBAYTAlVT\n"
+ "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQKDApMaW5kZW4gTGFiMSAwHgYD\n"
+ "VQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVlcmluZzEpMCcGA1UEAwwgSW50ZWdyYXRp\n"
+ "b24gVGVzdCBJbnRlcm1lZGlhdGUgQ0ExJDAiBgkqhkiG9w0BCQEWFW5vcmVwbHlA\n"
+ "bGluZGVubGFiLmNvbTAeFw0xODA1MjIyMjU4MTVaFw0yNDA3MTkyMjU4MTVaMIG+\n"
+ "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n"
+ "IEZyYW5jaXNjbzETMBEGA1UECgwKTGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25k\n"
+ "IExpZmUgRW5naW5lZXJpbmcxJTAjBgNVBAMMHEludGVncmF0aW9uIFRlc3QgU2Vy\n"
+ "dmVyIENlcnQxJDAiBgkqhkiG9w0BCQEWFW5vcmVwbHlAbGluZGVubGFiLmNvbTCC\n"
+ "ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+hHHaCShAdJQ4C4npkVMeU\n"
+ "xcCY1TXzy8swujGcvUwvSk4kA0uHXMFc/tmJO8sBvOult3jcs1jleKcVNFAwqhY6\n"
+ "spQXbR5/snAelkG7HeMigPrcAGr7ND5n58IhLxvTrwRJkeu7YOAmUnUoighbkVZO\n"
+ "UVBAUXCvy4BmyFnp4kioYtAmZ4AKEhbR9hWeH/WSN/PJLwOeIvZgWnZFjAEsmVRy\n"
+ "Gdu3cuZaafPpMWVdD8dcnBcpcRR/20fJHmWiQbAvFBfsSyXyQ4+0o403Ggc0sym7\n"
+ "ikSOhAiiG3Z6y8I5L27j/NaRtR/OWJFXcDVuJalIDgfPTt0WQmXPikKzJ+b+auMC\n"
+ "AwEAAaOCAYYwggGCMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG\n"
+ "SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw\n"
+ "HQYDVR0OBBYEFLtZn95rUadss21bi0L3sWV3F6TkMIHoBgNVHSMEgeAwgd2AFIMh\n"
+ "3uzAeQNtHoPz5Zcp1VrAlkD6oYHApIG9MIG6MQswCQYDVQQGEwJVUzETMBEGA1UE\n"
+ "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwK\n"
+ "TGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25kIExpZmUgRW5naW5lZXJpbmcxITAf\n"
+ "BgNVBAMMGEludGVncmF0aW9uIFRlc3QgUm9vdCBDQTEkMCIGCSqGSIb3DQEJARYV\n"
+ "bm9yZXBseUBsaW5kZW5sYWIuY29tggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l\n"
+ "BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBABimWFWb1K99iifTKDpM\n"
+ "S0JO8DDW2ZURSBIKlkDZKyE5xdSN5RC8aHhpC58VSgvxq5lFDCBfJ9/nFC1KMPLC\n"
+ "jTdzNhonVVoIX3GhXgWDsln+Al7XSjAVI1gEz0jMsHGInGtX8AQK06Bka+7zX+qs\n"
+ "4Su5f3m4285ySHLbyFw4cjFV0P9rvXMjpzAYXe1HGApnjlMyDpmblnJFf8YALF0a\n"
+ "l1N1OgtJPToANxRnDCiXNIeqxTLkrjSDEkoQ9w501F9zve8Mt9gKfY6NWki99I57\n"
+ "+UoVO2HJXkBZbseopAIocsVUjHf0VaeGwDigaBnaD3JaqX5pn5w61maq4fT9+bhL\n"
+ "bHGe8DgCx2qe3Ob77yNZT1yECt/qhh/9Dlz6xOVQHBDPiU4IDkxLYRpJEvfpSxdx\n"
+ "Q3tttrWf1DvHiFNIY7YAgI9JCsV+WKx42LkGsLyG4i5IW8Mk+qpy2Oz2x5GfD8i1\n"
+ "/Suyp7wvQCArR+DRHZRSb2u+EraM3BHbceYZ76hxi63TMsAcpD+zD6/lUOH/QaS3\n"
+ "b1dxr/0WTOgks5kbzxKPQwWAuhgZCqXsSYFBTH4osiHyWW5K7d75+pmFYB/mwkJc\n"
+ "CAA8hAapJNTPe24bWR30cBYDoeALAJVcOQP8nRyO91kMYUf2fwciSINArOGYX8e+\n"
+ "BdUpK78NAw7pXivdCRj+XjBh\n"
+ "-----END CERTIFICATE-----\n"
+ );
+
+ // Test wrapper declaration : wrapping nothing for the moment
+ struct sechandler_basic_test
+ {
+ X509 *mX509TestCert, *mX509RootCert, *mX509IntermediateCert, *mX509ChildCert;
+ LLSD mValidationDate;
+
+ sechandler_basic_test()
+ {
+ LLMachineID::init();
+ OpenSSL_add_all_algorithms();
+ OpenSSL_add_all_ciphers();
+ OpenSSL_add_all_digests();
+ ERR_load_crypto_strings();
+ gFirstName = "";
+ gLastName = "";
+ mValidationDate[CERT_VALIDATION_DATE] = LLDate("2017-04-11T00:00:00.00Z");
+ LLFile::remove("test_password.dat");
+ LLFile::remove("sechandler_settings.tmp");
+
+ mX509TestCert = NULL;
+ mX509RootCert = NULL;
+ mX509IntermediateCert = NULL;
+ mX509ChildCert = NULL;
+
+ // Read each of the 4 Pem certs and store in mX509*Cert pointers
+ BIO * validation_bio;
+ validation_bio = BIO_new_mem_buf((void*)mPemTestCert.c_str(), mPemTestCert.length());
+ PEM_read_bio_X509(validation_bio, &mX509TestCert, 0, NULL);
+ BIO_free(validation_bio);
+
+ validation_bio = BIO_new_mem_buf((void*)mPemRootCert.c_str(), mPemRootCert.length());
+ PEM_read_bio_X509(validation_bio, &mX509RootCert, 0, NULL);
+ BIO_free(validation_bio);
+
+ validation_bio = BIO_new_mem_buf((void*)mPemIntermediateCert.c_str(), mPemIntermediateCert.length());
+ PEM_read_bio_X509(validation_bio, &mX509IntermediateCert, 0, NULL);
+ BIO_free(validation_bio);
+
+ validation_bio = BIO_new_mem_buf((void*)mPemChildCert.c_str(), mPemChildCert.length());
+ PEM_read_bio_X509(validation_bio, &mX509ChildCert, 0, NULL);
+ BIO_free(validation_bio);
+ }
+ ~sechandler_basic_test()
+ {
+ LLFile::remove("test_password.dat");
+ LLFile::remove("sechandler_settings.tmp");
+ LLFile::remove("mycertstore.pem");
+ X509_free(mX509TestCert);
+ X509_free(mX509RootCert);
+ X509_free(mX509IntermediateCert);
+ X509_free(mX509ChildCert);
+ }
+ };
+
+ // Tut templating thingamagic: test group, object and test instance
+ typedef test_group<sechandler_basic_test> sechandler_basic_test_factory;
+ typedef sechandler_basic_test_factory::object sechandler_basic_test_object;
+ tut::sechandler_basic_test_factory tut_test("LLSecHandler");
+
+ // ---------------------------------------------------------------------------------------
+ // Test functions
+ // ---------------------------------------------------------------------------------------
+ // test cert data retrieval
+ template<> template<>
+ void sechandler_basic_test_object::test<1>()
+ {
+ try
+ {
+ LLPointer<LLBasicCertificate> test_cert(new LLBasicCertificate(mPemTestCert, &mValidationDate));
+ LL_INFOS() << "ok" << LL_ENDL;
+ }
+ catch (LLCertException& cert_exception)
+ {
+ LL_INFOS() << "cert ex: " << cert_exception.getCertData() << LL_ENDL;
+ fail("cert exception");
+ }
+ catch (...)
+ {
+ LOG_UNHANDLED_EXCEPTION("test 1");
+ fail("other exception");
+ }
+ }
+
+ template<> template<>
+ void sechandler_basic_test_object::test<2>()
+ {
+ LLPointer<LLCertificate> test_cert(new LLBasicCertificate(mPemChildCert, &mValidationDate));
+
+ LLSD llsd_cert;
+ test_cert->getLLSD(llsd_cert);
+ //std::ostringstream llsd_value;
+ //llsd_value << LLSDOStreamer<LLSDNotationFormatter>(llsd_cert) << std::endl;
+ LL_DEBUGS() << "test 1 cert " << llsd_cert << LL_ENDL;
+
+ ensure_equals("Issuer Name/commonName", (std::string)llsd_cert["issuer_name"]["commonName"], "Integration Test Intermediate CA");
+ ensure_equals("Issuer Name/countryName", (std::string)llsd_cert["issuer_name"]["countryName"], "US");
+ ensure_equals("Issuer Name/state", (std::string)llsd_cert["issuer_name"]["stateOrProvinceName"], "California");
+ ensure_equals("Issuer Name/org name", (std::string)llsd_cert["issuer_name"]["organizationName"], "Linden Lab");
+ ensure_equals("Issuer Name/org unit", (std::string)llsd_cert["issuer_name"]["organizationalUnitName"], "Second Life Engineering");
+ ensure_equals("Issuer name string", (std::string)llsd_cert["issuer_name_string"],
+ "emailAddress=noreply@lindenlab.com,CN=Integration Test Intermediate CA,OU=Second Life Engineering,O=Linden Lab,ST=California,C=US");
+ ensure_equals("subject Name/commonName", (std::string)llsd_cert["subject_name"]["commonName"],
+ "Integration Test Server Cert");
+ ensure_equals("subject Name/countryName", (std::string)llsd_cert["subject_name"]["countryName"], "US");
+ ensure_equals("subject Name/state", (std::string)llsd_cert["subject_name"]["stateOrProvinceName"], "California");
+ ensure_equals("subject Name/localityName", (std::string)llsd_cert["subject_name"]["localityName"], "San Francisco");
+ ensure_equals("subject Name/org name", (std::string)llsd_cert["subject_name"]["organizationName"], "Linden Lab");
+ ensure_equals("subjectName/org unit",
+ (std::string)llsd_cert["subject_name"]["organizationalUnitName"], "Second Life Engineering");
+
+ ensure_equals("subject name string",
+ (std::string)llsd_cert["subject_name_string"],
+ "emailAddress=noreply@lindenlab.com,CN=Integration Test Server Cert,OU=Second Life Engineering,O=Linden Lab,L=San Francisco,ST=California,C=US");
+ ensure_equals("serial number", (std::string)llsd_cert["serial_number"], "1000");
+ ensure_equals("valid from", (std::string)llsd_cert["valid_from"], "2018-05-22T22:58:15Z");
+ ensure_equals("valid to", (std::string)llsd_cert["valid_to"], "2024-07-19T22:58:15Z");
+ LLSD expectedKeyUsage = LLSD::emptyArray();
+ expectedKeyUsage.append(LLSD((std::string)"digitalSignature"));
+ expectedKeyUsage.append(LLSD((std::string)"keyEncipherment"));
+ ensure("key usage", valueCompareLLSD(llsd_cert["keyUsage"], expectedKeyUsage));
+ ensure_equals("basic constraints", llsd_cert["basicConstraints"]["CA"].asInteger(), 0);
+
+ ensure("x509 is equal", !X509_cmp(mX509ChildCert, test_cert->getOpenSSLX509()));
+ }
+
+
+ // test protected data
+ template<> template<>
+ void sechandler_basic_test_object::test<3>()
+ {
+ std::string protected_data = "sUSh3wj77NG9oAMyt3XIhaej3KLZhLZWFZvI6rIGmwUUOmmelrRg0NI9rkOj8ZDpTPxpwToaBT5u"
+ "GQhakdaGLJznr9bHr4/6HIC1bouKj4n2rs4TL6j2WSjto114QdlNfLsE8cbbE+ghww58g8SeyLQO"
+ "nyzXoz+/PBz0HD5SMFDuObccoPW24gmqYySz8YoEWhSwO0pUtEEqOjVRsAJgF5wLAtJZDeuilGsq"
+ "4ZT9Y4wZ9Rh8nnF3fDUL6IGamHe1ClXM1jgBu10F6UMhZbnH4C3aJ2E9+LiOntU+l3iCb2MpkEpr"
+ "82r2ZAMwIrpnirL/xoYoyz7MJQYwUuMvBPToZJrxNSsjI+S2Z+I3iEJAELMAAA==";
+
+ std::vector<U8> binary_data(apr_base64_decode_len(protected_data.c_str()));
+ apr_base64_decode_binary(&binary_data[0], protected_data.c_str());
+
+ LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES);
+ cipher.decrypt(&binary_data[0], 16);
+ unsigned char unique_id[MAC_ADDRESS_BYTES];
+ LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
+ LLXORCipher cipher2(unique_id, sizeof(unique_id));
+ cipher2.encrypt(&binary_data[0], 16);
+ std::ofstream temp_file("sechandler_settings.tmp", std::ofstream::binary);
+ temp_file.write((const char *)&binary_data[0], binary_data.size());
+ temp_file.close();
+
+ LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp",
+ "test_password.dat");
+ handler->init();
+ // data retrieval for existing data
+ LLSD data = handler->getProtectedData("test_data_type", "test_data_id");
+
+
+ ensure_equals("retrieve existing data1", (std::string)data["data1"], "test_data_1");
+ ensure_equals("retrieve existing data2", (std::string)data["data2"], "test_data_2");
+ ensure_equals("retrieve existing data3", (std::string)data["data3"]["elem1"], "test element1");
+
+ // data storage
+ LLSD store_data = LLSD::emptyMap();
+ store_data["store_data1"] = "test_store_data1";
+ store_data["store_data2"] = 27;
+ store_data["store_data3"] = LLSD::emptyMap();
+ store_data["store_data3"]["subelem1"] = "test_subelem1";
+
+ handler->setProtectedData("test_data_type", "test_data_id1", store_data);
+ data = handler->getProtectedData("test_data_type", "test_data_id");
+
+ data = handler->getProtectedData("test_data_type", "test_data_id");
+ // verify no overwrite of existing data
+ ensure_equals("verify no overwrite 1", (std::string)data["data1"], "test_data_1");
+ ensure_equals("verify no overwrite 2", (std::string)data["data2"], "test_data_2");
+ ensure_equals("verify no overwrite 3", (std::string)data["data3"]["elem1"], "test element1");
+
+ // verify written data is good
+ data = handler->getProtectedData("test_data_type", "test_data_id1");
+ ensure_equals("verify stored data1", (std::string)data["store_data1"], "test_store_data1");
+ ensure_equals("verify stored data2", (int)data["store_data2"], 27);
+ ensure_equals("verify stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1");
+
+ // verify overwrite works
+ handler->setProtectedData("test_data_type", "test_data_id", store_data);
+ data = handler->getProtectedData("test_data_type", "test_data_id");
+ ensure_equals("verify overwrite stored data1", (std::string)data["store_data1"], "test_store_data1");
+ ensure_equals("verify overwrite stored data2", (int)data["store_data2"], 27);
+ ensure_equals("verify overwrite stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1");
+
+ // verify other datatype doesn't conflict
+ store_data["store_data3"] = "test_store_data3";
+ store_data["store_data4"] = 28;
+ store_data["store_data5"] = LLSD::emptyMap();
+ store_data["store_data5"]["subelem2"] = "test_subelem2";
+
+ handler->setProtectedData("test_data_type1", "test_data_id", store_data);
+ data = handler->getProtectedData("test_data_type1", "test_data_id");
+ ensure_equals("verify datatype stored data3", (std::string)data["store_data3"], "test_store_data3");
+ ensure_equals("verify datatype stored data4", (int)data["store_data4"], 28);
+ ensure_equals("verify datatype stored data5", (std::string)data["store_data5"]["subelem2"], "test_subelem2");
+
+ // test data not found
+
+ data = handler->getProtectedData("test_data_type1", "test_data_not_found");
+ ensure("not found", data.isUndefined());
+
+ // cause a 'write' by using 'LLPointer' to delete then instantiate a handler
+ handler = NULL;
+ handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler->init();
+
+ data = handler->getProtectedData("test_data_type1", "test_data_id");
+ ensure_equals("verify datatype stored data3a", (std::string)data["store_data3"], "test_store_data3");
+ ensure_equals("verify datatype stored data4a", (int)data["store_data4"], 28);
+ ensure_equals("verify datatype stored data5a", (std::string)data["store_data5"]["subelem2"], "test_subelem2");
+
+ // rewrite the initial file to verify reloads
+ handler = NULL;
+ std::ofstream temp_file2("sechandler_settings.tmp", std::ofstream::binary);
+ temp_file2.write((const char *)&binary_data[0], binary_data.size());
+ temp_file2.close();
+
+ // cause a 'write'
+ handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler->init();
+ data = handler->getProtectedData("test_data_type1", "test_data_id");
+ ensure("not found", data.isUndefined());
+
+ handler->deleteProtectedData("test_data_type", "test_data_id");
+ ensure("Deleted data not found", handler->getProtectedData("test_data_type", "test_data_id").isUndefined());
+
+ LLFile::remove("sechandler_settings.tmp");
+ handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler->init();
+ data = handler->getProtectedData("test_data_type1", "test_data_id");
+ ensure("not found", data.isUndefined());
+ handler = NULL;
+
+ ensure(LLFile::isfile("sechandler_settings.tmp"));
+ }
+
+ // test credenitals
+ template<> template<>
+ void sechandler_basic_test_object::test<4>()
+ {
+ LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler->init();
+
+ LLSD my_id = LLSD::emptyMap();
+ LLSD my_authenticator = LLSD::emptyMap();
+ my_id["type"] = "test_type";
+ my_id["username"] = "testuser@lindenlab.com";
+ my_authenticator["type"] = "test_auth";
+ my_authenticator["creds"] = "12345";
+
+ // test creation of credentials
+ LLPointer<LLCredential> my_cred = handler->createCredential("my_grid", my_id, my_authenticator);
+
+ // test retrieval of credential components
+ ensure_equals("basic credential creation: identifier", my_id, my_cred->getIdentifier());
+ ensure_equals("basic credential creation: authenticator", my_authenticator, my_cred->getAuthenticator());
+ ensure_equals("basic credential creation: grid", "my_grid", my_cred->getGrid());
+
+ // test setting/overwriting of credential components
+ my_id["first_name"] = "firstname";
+ my_id.erase("username");
+ my_authenticator.erase("creds");
+ my_authenticator["hash"] = "6563245";
+
+ my_cred->setCredentialData(my_id, my_authenticator);
+ ensure_equals("set credential data: identifier", my_id, my_cred->getIdentifier());
+ ensure_equals("set credential data: authenticator", my_authenticator, my_cred->getAuthenticator());
+ ensure_equals("set credential data: grid", "my_grid", my_cred->getGrid());
+
+ // test loading of a credential, that hasn't been saved, without
+ // any legacy saved credential data
+ LLPointer<LLCredential> my_new_cred = handler->loadCredential("my_grid2");
+ ensure("unknown credential load test", my_new_cred->getIdentifier().isMap());
+ ensure("unknown credential load test", !my_new_cred->getIdentifier().has("type"));
+ ensure("unknown credential load test", my_new_cred->getAuthenticator().isMap());
+ ensure("unknown credential load test", !my_new_cred->getAuthenticator().has("type"));
+ // test saving of a credential
+ handler->saveCredential(my_cred, true);
+
+ // test loading of a known credential
+ my_new_cred = handler->loadCredential("my_grid");
+ ensure_equals("load a known credential: identifier", my_id, my_new_cred->getIdentifier());
+ ensure_equals("load a known credential: authenticator",my_authenticator, my_new_cred->getAuthenticator());
+ ensure_equals("load a known credential: grid", "my_grid", my_cred->getGrid());
+
+ // test deletion of a credential
+ handler->deleteCredential(my_new_cred);
+
+ ensure("delete credential: identifier", my_new_cred->getIdentifier().isUndefined());
+ ensure("delete credentialt: authenticator", my_new_cred->getIdentifier().isUndefined());
+ ensure_equals("delete credential: grid", "my_grid", my_cred->getGrid());
+ // load unknown cred
+
+ my_new_cred = handler->loadCredential("my_grid");
+ ensure("deleted credential load test", my_new_cred->getIdentifier().isMap());
+ ensure("deleted credential load test", !my_new_cred->getIdentifier().has("type"));
+ ensure("deleted credential load test", my_new_cred->getAuthenticator().isMap());
+ ensure("deleted credential load test", !my_new_cred->getAuthenticator().has("type"));
+
+ // test loading of an unknown credential with legacy saved username, but without
+ // saved password
+ gFirstName = "myfirstname";
+ gLastName = "mylastname";
+ my_new_cred = handler->loadCredential("my_legacy_grid");
+ ensure_equals("legacy credential with no password: type",
+ (const std::string)my_new_cred->getIdentifier()["type"], "agent");
+ ensure_equals("legacy credential with no password: first_name",
+ (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname");
+ ensure_equals("legacy credential with no password: last_name",
+ (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname");
+
+ ensure("legacy credential with no password: no authenticator", my_new_cred->getAuthenticator().isUndefined());
+
+ // test loading of an unknown credential with legacy saved password and username
+
+ std::string hashed_password = "fSQcLG03eyIWJmkzfyYaKm81dSweLmsxeSAYKGE7fSQ=";
+ int length = apr_base64_decode_len(hashed_password.c_str());
+ std::vector<char> decoded_password(length);
+ apr_base64_decode(&decoded_password[0], hashed_password.c_str());
+ LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES);
+ cipher.decrypt((U8*)&decoded_password[0], length);
+ unsigned char unique_id[MAC_ADDRESS_BYTES];
+ LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
+ LLXORCipher cipher2(unique_id, sizeof(unique_id));
+ cipher2.encrypt((U8*)&decoded_password[0], length);
+ llofstream password_file("test_password.dat", std::ofstream::binary);
+ password_file.write(&decoded_password[0], length);
+ password_file.close();
+
+ my_new_cred = handler->loadCredential("my_legacy_grid2");
+ ensure_equals("legacy credential with password: type",
+ (const std::string)my_new_cred->getIdentifier()["type"], "agent");
+ ensure_equals("legacy credential with password: first_name",
+ (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname");
+ ensure_equals("legacy credential with password: last_name",
+ (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname");
+
+ LLSD legacy_authenticator = my_new_cred->getAuthenticator();
+ ensure_equals("legacy credential with password: type",
+ (std::string)legacy_authenticator["type"],
+ "hash");
+ ensure_equals("legacy credential with password: algorithm",
+ (std::string)legacy_authenticator["algorithm"],
+ "md5");
+ ensure_equals("legacy credential with password: algorithm",
+ (std::string)legacy_authenticator["secret"],
+ "01234567890123456789012345678901");
+
+ // test creation of credentials
+ my_cred = handler->createCredential("mysavedgrid", my_id, my_authenticator);
+ // test save without saving authenticator.
+ handler->saveCredential(my_cred, false);
+ my_new_cred = handler->loadCredential("mysavedgrid");
+ ensure_equals("saved credential without auth",
+ (const std::string)my_new_cred->getIdentifier()["type"], "test_type");
+ ensure("no authenticator values were saved", my_new_cred->getAuthenticator().isUndefined());
+ }
+
+ // test cert vector
+ template<> template<>
+ void sechandler_basic_test_object::test<5>()
+ {
+ // validate create from empty vector
+ LLPointer<LLBasicCertificateVector> test_vector = new LLBasicCertificateVector();
+ ensure_equals("when loading with nothing, we should result in no certs in vector", test_vector->size(), 0);
+
+ test_vector->add(new LLBasicCertificate(mPemTestCert, &mValidationDate));
+ ensure_equals("one element in vector", test_vector->size(), 1);
+ test_vector->add(new LLBasicCertificate(mPemChildCert, &mValidationDate));
+ ensure_equals("two elements in vector after add", test_vector->size(), 2);
+
+ // add duplicate; should be a no-op (and log at DEBUG level)
+ test_vector->add(new LLBasicCertificate(mPemChildCert, &mValidationDate));
+ ensure_equals("two elements in vector after re-add", test_vector->size(), 2);
+
+ // validate order
+ X509* test_cert = (*test_vector)[0]->getOpenSSLX509();
+ ensure("first cert added remains first cert", !X509_cmp(test_cert, mX509TestCert));
+ X509_free(test_cert);
+
+ test_cert = (*test_vector)[1]->getOpenSSLX509();
+ ensure("second cert is second cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ //
+ // validate iterator
+ //
+ LLBasicCertificateVector::iterator current_cert = test_vector->begin();
+ LLBasicCertificateVector::iterator copy_current_cert = current_cert;
+ // operator++(int)
+ ensure("validate iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[0]);
+ ensure("validate 2nd iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[1]);
+ ensure("validate end iterator++", current_cert == test_vector->end());
+
+ // copy
+ ensure("validate copy iterator element in vector is expected cert", *copy_current_cert == (*test_vector)[0]);
+
+ // operator--(int)
+ current_cert--;
+ ensure("validate iterator-- element in vector is expected cert", *current_cert-- == (*test_vector)[1]);
+ ensure("validate iterator-- element in vector is expected cert", *current_cert == (*test_vector)[0]);
+
+ ensure("begin iterator is equal", current_cert == test_vector->begin());
+
+ // operator++
+ ensure("validate ++iterator element in vector is expected cert", *++current_cert == (*test_vector)[1]);
+ ensure("end of cert vector after ++iterator", ++current_cert == test_vector->end());
+ // operator--
+ ensure("validate --iterator element in vector is expected cert", *--current_cert == (*test_vector)[1]);
+ ensure("validate 2nd --iterator element in vector is expected cert", *--current_cert == (*test_vector)[0]);
+
+ test_vector->erase(test_vector->begin());
+ ensure_equals("one element in store after remove", test_vector->size(), 1);
+ test_cert = (*test_vector)[0]->getOpenSSLX509();
+ ensure("Child cert remains", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ // validate insert
+ test_vector->insert(test_vector->begin(), new LLBasicCertificate(mPemIntermediateCert, &mValidationDate));
+ test_cert = (*test_vector)[0]->getOpenSSLX509();
+ ensure_equals("two elements in store after insert", test_vector->size(), 2);
+ ensure("validate intermediate cert was inserted at first position", !X509_cmp(test_cert, mX509IntermediateCert));
+ X509_free(test_cert);
+ test_cert = (*test_vector)[1]->getOpenSSLX509();
+ ensure("validate child cert still there", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ //validate find
+ LLSD find_info = LLSD::emptyMap();
+ find_info["subjectKeyIdentifier"] = "bb:59:9f:de:6b:51:a7:6c:b3:6d:5b:8b:42:f7:b1:65:77:17:a4:e4";
+ LLBasicCertificateVector::iterator found_cert = test_vector->find(find_info);
+ ensure("found some cert", found_cert != test_vector->end());
+ X509* found_x509 = (*found_cert).get()->getOpenSSLX509();
+ ensure("child cert was found", !X509_cmp(found_x509, mX509ChildCert));
+ X509_free(found_x509);
+
+ find_info["subjectKeyIdentifier"] = "00:00:00:00"; // bogus
+ current_cert =test_vector->find(find_info);
+ ensure("didn't find cert", current_cert == test_vector->end());
+ }
+
+ // test cert store
+ template<> template<>
+ void sechandler_basic_test_object::test<6>()
+ {
+ // validate load with nothing
+ LLFile::remove("mycertstore.pem");
+ LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
+
+ // validate load with empty file
+ test_store->save();
+ test_store = NULL;
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
+ test_store=NULL;
+
+ // instantiate a cert store from a file
+ llofstream certstorefile("mycertstore.pem", std::ios::out);
+ certstorefile << mPemChildCert << std::endl << mPemTestCert << std::endl;
+ certstorefile.close();
+ // validate loaded certs
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_equals("two elements in store", test_store->size(), 2);
+
+ // operator[]
+ X509* test_cert = (*test_store)[0]->getOpenSSLX509();
+
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+ test_cert = (*test_store)[1]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));
+ X509_free(test_cert);
+
+
+ // validate save
+ LLFile::remove("mycertstore.pem");
+ test_store->save();
+ test_store = NULL;
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_equals("two elements in store after save", test_store->size(), 2);
+ LLCertificateStore::iterator current_cert = test_store->begin();
+ test_cert = (*current_cert)->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ current_cert++;
+ X509_free(test_cert);
+ test_cert = (*current_cert)->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));
+ X509_free(test_cert);
+ current_cert++;
+ ensure("end of cert store", current_cert == test_store->end());
+
+ }
+
+ // cert name wildcard matching
+ template<> template<>
+ void sechandler_basic_test_object::test<7>()
+ {
+ ensure("simple name match",
+ _cert_hostname_wildcard_match("foo", "foo"));
+
+ ensure("simple name match, with end period",
+ _cert_hostname_wildcard_match("foo.", "foo."));
+
+ ensure("simple name match, with begin period",
+ _cert_hostname_wildcard_match(".foo", ".foo"));
+
+ ensure("simple name match, with mismatched period cn",
+ _cert_hostname_wildcard_match("foo.", "foo"));
+
+ ensure("simple name match, with mismatched period hostname",
+ _cert_hostname_wildcard_match("foo", "foo."));
+
+ ensure("simple name match, with subdomain",
+ _cert_hostname_wildcard_match("foo.bar", "foo.bar"));
+
+ ensure("stutter name match",
+ _cert_hostname_wildcard_match("foobbbbfoo", "foo*bbbfoo"));
+
+ ensure("simple name match, with beginning wildcard",
+ _cert_hostname_wildcard_match("foobar", "*bar"));
+
+ ensure("simple name match, with ending wildcard",
+ _cert_hostname_wildcard_match("foobar", "foo*"));
+
+ ensure("simple name match, with beginning null wildcard",
+ _cert_hostname_wildcard_match("foobar", "*foobar"));
+
+ ensure("simple name match, with ending null wildcard",
+ _cert_hostname_wildcard_match("foobar", "foobar*"));
+
+ ensure("simple name match, with embedded wildcard",
+ _cert_hostname_wildcard_match("foobar", "f*r"));
+
+ ensure("simple name match, with embedded null wildcard",
+ _cert_hostname_wildcard_match("foobar", "foo*bar"));
+
+ ensure("simple name match, with dual embedded wildcard",
+ _cert_hostname_wildcard_match("foobar", "f*o*ar"));
+
+ ensure("simple name mismatch",
+ !_cert_hostname_wildcard_match("bar", "foo"));
+
+ ensure("simple name mismatch, with end period",
+ !_cert_hostname_wildcard_match("foobar.", "foo."));
+
+ ensure("simple name mismatch, with begin period",
+ !_cert_hostname_wildcard_match(".foobar", ".foo"));
+
+ ensure("simple name mismatch, with subdomain",
+ !_cert_hostname_wildcard_match("foobar.bar", "foo.bar"));
+
+ ensure("simple name mismatch, with beginning wildcard",
+ !_cert_hostname_wildcard_match("foobara", "*bar"));
+
+ ensure("simple name mismatch, with ending wildcard",
+ !_cert_hostname_wildcard_match("oobar", "foo*"));
+
+ ensure("simple name mismatch, with embedded wildcard",
+ !_cert_hostname_wildcard_match("oobar", "f*r"));
+
+ ensure("simple name mismatch, with dual embedded wildcard",
+ !_cert_hostname_wildcard_match("foobar", "f*d*ar"));
+
+ ensure("simple wildcard",
+ _cert_hostname_wildcard_match("foobar", "*"));
+
+ ensure("long domain",
+ _cert_hostname_wildcard_match("foo.bar.com", "foo.bar.com"));
+
+ ensure("long domain with multiple wildcards",
+ _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com"));
+
+ ensure("end periods",
+ _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com."));
+
+ ensure("match end period",
+ _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com"));
+
+ ensure("match end period2",
+ _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com."));
+
+ ensure("wildcard mismatch",
+ !_cert_hostname_wildcard_match("bar.com", "*.bar.com"));
+
+ ensure("wildcard match",
+ _cert_hostname_wildcard_match("foo.bar.com", "*.bar.com"));
+
+ ensure("wildcard match",
+ _cert_hostname_wildcard_match("foo.foo.bar.com", "*.bar.com"));
+
+ ensure("wildcard match",
+ _cert_hostname_wildcard_match("foo.foo.bar.com", "*.*.com"));
+
+ ensure("wildcard mismatch",
+ !_cert_hostname_wildcard_match("foo.foo.bar.com", "*.foo.com"));
+ }
+
+ // test cert chain
+ template<> template<>
+ void sechandler_basic_test_object::test<8>()
+ {
+ // validate create from empty chain
+ LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
+ ensure_equals("when loading with nothing, we should result in no certs in chain", test_chain->size(), 0);
+
+ // Single cert in the chain.
+ X509_STORE_CTX *test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, NULL);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("two elements in store", test_chain->size(), 1);
+ X509* test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ // cert + CA
+
+ test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("two elements in store", test_chain->size(), 2);
+ test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+ test_cert = (*test_chain)[1]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
+ X509_free(test_cert);
+
+ // cert + nonrelated
+
+ test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("two elements in store", test_chain->size(), 1);
+ test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ // cert + CA + nonrelated
+ test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("two elements in store", test_chain->size(), 2);
+ test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+ test_cert = (*test_chain)[1]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
+ X509_free(test_cert);
+
+ // cert + intermediate + CA
+ test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("three elements in store", test_chain->size(), 3);
+ test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+ test_cert = (*test_chain)[1]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
+ X509_free(test_cert);
+
+ test_cert = (*test_chain)[2]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509RootCert));
+ X509_free(test_cert);
+ }
+
+ // test cert validation
+ template<> template<>
+ void sechandler_basic_test_object::test<9>()
+ {
+ // start with a trusted store with our known root cert
+ LLFile::remove("mycertstore.pem");
+ LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
+ test_store->add(new LLBasicCertificate(mX509RootCert, &mValidationDate));
+ LLSD validation_params;
+
+ // validate basic trust for a chain containing only the intermediate cert. (1 deep)
+ LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
+
+ test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
+
+ test_store->validate(0, test_chain, validation_params);
+
+ // add the root certificate to the chain and revalidate
+ test_chain->add(new LLBasicCertificate(mX509RootCert, &mValidationDate));
+ test_store->validate(0, test_chain, validation_params);
+
+ // add the child cert at the head of the chain, and revalidate (3 deep chain)
+ test_chain->insert(test_chain->begin(), new LLBasicCertificate(mX509ChildCert, &mValidationDate));
+ test_store->validate(0, test_chain, validation_params);
+
+ // basic failure cases
+ test_chain = new LLBasicCertificateChain(NULL);
+ //validate with only the child cert in chain, but child cert was previously
+ // trusted
+ test_chain->add(new LLBasicCertificate(mX509ChildCert, &mValidationDate));
+
+ // validate without the trust flag.
+ test_store->validate(VALIDATION_POLICY_TRUSTED, test_chain, validation_params);
+
+ // Validate with child cert but no parent, and no parent in CA store
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_throws("no CA, with only a child cert",
+ LLCertValidationTrustException,
+ (*test_chain)[0],
+ test_store->validate,
+ VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+
+
+ // validate without the trust flag.
+ test_store->validate(0, test_chain, validation_params);
+
+ // clear out the store
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ // append the intermediate cert
+ test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
+ ensure_throws("no CA, with child and intermediate certs",
+ LLCertValidationTrustException,
+ (*test_chain)[1],
+ test_store->validate,
+ VALIDATION_POLICY_TRUSTED | VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+ // validate without the trust flag
+ test_store->validate(0, test_chain, validation_params);
+
+ // Test time validity
+ LLSD child_info;
+ ((*test_chain)[0])->getLLSD(child_info);
+ validation_params = LLSD::emptyMap();
+ validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() + 1.0);
+ test_store->validate(VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
+ test_chain, validation_params);
+
+ validation_params = LLSD::emptyMap();
+ validation_params[CERT_VALIDATION_DATE] = child_info[CERT_VALID_FROM].asDate();
+
+ validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() - 1.0);
+
+ // test not yet valid
+ ensure_throws("Child cert not yet valid" ,
+ LLCertValidationExpirationException,
+ (*test_chain)[0],
+ test_store->validate,
+ VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+ validation_params = LLSD::emptyMap();
+ validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_TO].asDate().secondsSinceEpoch() + 1.0);
+
+ // test cert expired
+ ensure_throws("Child cert expired",
+ LLCertValidationExpirationException,
+ (*test_chain)[0],
+ test_store->validate,
+ VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+
+ // test SSL KU
+ // validate basic trust for a chain containing child and intermediate.
+ test_chain = new LLBasicCertificateChain(NULL);
+ test_chain->add(new LLBasicCertificate(mX509ChildCert, &mValidationDate));
+ test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
+ test_store->validate(VALIDATION_POLICY_SSL_KU | VALIDATION_POLICY_TRUSTED,
+ test_chain, validation_params);
+
+ test_chain = new LLBasicCertificateChain(NULL);
+ test_chain->add(new LLBasicCertificate(mX509TestCert, &mValidationDate));
+
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_throws("Cert doesn't have ku",
+ LLCertKeyUsageValidationException,
+ (*test_chain)[0],
+ test_store->validate,
+ VALIDATION_POLICY_SSL_KU | VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+
+ test_store->validate(0, test_chain, validation_params);
+ }
+
+};
+
|