summaryrefslogtreecommitdiff
path: root/indra/newview/tests/llsechandler_basic_test.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'indra/newview/tests/llsechandler_basic_test.cpp')
-rw-r--r--indra/newview/tests/llsechandler_basic_test.cpp2836
1 files changed, 1418 insertions, 1418 deletions
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp
index b1eccddff8..4f32299b0d 100644
--- a/indra/newview/tests/llsechandler_basic_test.cpp
+++ b/indra/newview/tests/llsechandler_basic_test.cpp
@@ -1,1418 +1,1418 @@
-/**
- * @file llsechandler_basic_test.cpp
- * @author Roxie
- * @date 2009-02-10
- * @brief Test the 'basic' sec handler functions
- *
- * $LicenseInfo:firstyear=2005&license=viewerlgpl$
- * Second Life Viewer Source Code
- * Copyright (C) 2010, Linden Research, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation;
- * version 2.1 of the License only.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA
- * $/LicenseInfo$
- */
-#include "../llviewerprecompiledheaders.h"
-#include "../test/lltut.h"
-#include "../llsecapi.h"
-#include "../llsechandler_basic.h"
-#include "../../llxml/llcontrol.h"
-#include "../llviewernetwork.h"
-#include "lluuid.h"
-#include "lldate.h"
-#include "llxorcipher.h"
-#include "apr_base64.h"
-#include <vector>
-#include <ios>
-#include <llsdserialize.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include "llxorcipher.h"
-#include <openssl/ossl_typ.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-#include <openssl/asn1.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include "../llmachineid.h"
-
-#define ensure_throws(str, exc_type, cert, func, ...) \
-try \
-{ \
-func(__VA_ARGS__); \
-fail("throws, " str); \
-} \
-catch(exc_type& except) \
-{ \
-LLSD cert_data; \
-cert->getLLSD(cert_data); \
-ensure("Exception cert is incorrect for " str, valueCompareLLSD(except.getCertData(), cert_data)); \
-}
-
-extern bool _cert_hostname_wildcard_match(const std::string& hostname, const std::string& wildcard_string);
-
-//----------------------------------------------------------------------------
-// Mock objects for the dependencies of the code we're testing
-
-std::string gFirstName;
-std::string gLastName;
-LLControlGroup::LLControlGroup(const std::string& name)
-: LLInstanceTracker<LLControlGroup, std::string>(name) {}
-LLControlGroup::~LLControlGroup() {}
-LLControlVariable* LLControlGroup::declareString(const std::string& name,
- const std::string& initial_val,
- const std::string& comment,
- LLControlVariable::ePersist persist) {return NULL;}
-void LLControlGroup::setString(std::string_view name, const std::string& val){}
-std::string LLControlGroup::getString(std::string_view name)
-{
-
- if (name == "FirstName")
- return gFirstName;
- else if (name == "LastName")
- return gLastName;
- return "";
-}
-
-// Stub for --no-verify-ssl-cert
-bool LLControlGroup::getBOOL(std::string_view name) { return false; }
-
-LLSD LLCredential::getLoginParams()
-{
- LLSD result = LLSD::emptyMap();
-
- // legacy credential
- result["passwd"] = "$1$testpasssd";
- result["first"] = "myfirst";
- result["last"] ="mylast";
- return result;
-}
-
-void LLCredential::identifierType(std::string &idType)
-{
-}
-
-void LLCredential::authenticatorType(std::string &idType)
-{
-}
-
-
-LLControlGroup gSavedSettings("test");
-unsigned char gMACAddress[MAC_ADDRESS_BYTES] = {77,21,46,31,89,2};
-
-
-S32 LLMachineID::getUniqueID(unsigned char *unique_id, size_t len)
-{
- memcpy(unique_id, gMACAddress, len);
- return 1;
-}
-S32 LLMachineID::getLegacyID(unsigned char *unique_id, size_t len)
-{
- return 0;
-}
-S32 LLMachineID::init() { return 1; }
-
-
-LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg)
- : LLException(msg),
- mCertData(cert_data)
-{
- LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
-}
-
-
-// -------------------------------------------------------------------------------------------
-// TUT
-// -------------------------------------------------------------------------------------------
-namespace tut
-{
- const std::string mPemTestCert(
- "Certificate:\n"
- " Data:\n"
- " Version: 3 (0x2)\n"
- " Serial Number:\n"
- " 04:00:00:00:00:01:15:4b:5a:c3:94\n"
- " Signature Algorithm: sha1WithRSAEncryption\n"
- " Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA\n"
- " Validity\n"
- " Not Before: Sep 1 12:00:00 1998 GMT\n"
- " Not After : Jan 28 12:00:00 2028 GMT\n"
- " Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA\n"
- " Subject Public Key Info:\n"
- " Public Key Algorithm: rsaEncryption\n"
- " Public-Key: (2048 bit)\n"
- " Modulus:\n"
- " 00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:\n"
- " 83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:\n"
- " 63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:\n"
- " 8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:\n"
- " 70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:\n"
- " 15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:\n"
- " 6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:\n"
- " 89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:\n"
- " 54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:\n"
- " 92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:\n"
- " 75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:\n"
- " c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:\n"
- " bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:\n"
- " ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:\n"
- " 63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:\n"
- " 48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:\n"
- " 07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:\n"
- " 90:cf\n"
- " Exponent: 65537 (0x10001)\n"
- " X509v3 extensions:\n"
- " X509v3 Key Usage: critical\n"
- " Certificate Sign, CRL Sign\n"
- " X509v3 Basic Constraints: critical\n"
- " CA:TRUE\n"
- " X509v3 Subject Key Identifier: \n"
- " 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B\n"
- " Signature Algorithm: sha1WithRSAEncryption\n"
- " d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28:32:b5:\n"
- " 7c:fc:6c:9c:2c:2b:bd:09:9e:53:bf:6b:5e:aa:11:48:b6:e5:\n"
- " 08:a3:b3:ca:3d:61:4d:d3:46:09:b3:3e:c3:a0:e3:63:55:1b:\n"
- " f2:ba:ef:ad:39:e1:43:b9:38:a3:e6:2f:8a:26:3b:ef:a0:50:\n"
- " 56:f9:c6:0a:fd:38:cd:c4:0b:70:51:94:97:98:04:df:c3:5f:\n"
- " 94:d5:15:c9:14:41:9c:c4:5d:75:64:15:0d:ff:55:30:ec:86:\n"
- " 8f:ff:0d:ef:2c:b9:63:46:f6:aa:fc:df:bc:69:fd:2e:12:48:\n"
- " 64:9a:e0:95:f0:a6:ef:29:8f:01:b1:15:b5:0c:1d:a5:fe:69:\n"
- " 2c:69:24:78:1e:b3:a7:1c:71:62:ee:ca:c8:97:ac:17:5d:8a:\n"
- " c2:f8:47:86:6e:2a:c4:56:31:95:d0:67:89:85:2b:f9:6c:a6:\n"
- " 5d:46:9d:0c:aa:82:e4:99:51:dd:70:b7:db:56:3d:61:e4:6a:\n"
- " e1:5c:d6:f6:fe:3d:de:41:cc:07:ae:63:52:bf:53:53:f4:2b:\n"
- " e9:c7:fd:b6:f7:82:5f:85:d2:41:18:db:81:b3:04:1c:c5:1f:\n"
- " a4:80:6f:15:20:c9:de:0c:88:0a:1d:d6:66:55:e2:fc:48:c9:\n"
- " 29:26:69:e0\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n"
- "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n"
- "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n"
- "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n"
- "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n"
- "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n"
- "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n"
- "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n"
- "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n"
- "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n"
- "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n"
- "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n"
- "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n"
- "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n"
- "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n"
- "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n"
- "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n"
- "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
- "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
- "-----END CERTIFICATE-----\n"
- );
-
- /*
- * The following certificates were generated using the instructions at
- * https://jamielinux.com/docs/openssl-certificate-authority/sign-server-and-client-certificates.html
- * with the exception that the server certificate has a longer expiration time, and the full text
- * expansion was included in the certificates.
- */
- const std::string mPemRootCert(
- "Certificate:\n"
- " Data:\n"
- " Version: 3 (0x2)\n"
- " Serial Number:\n"
- " 82:2f:8f:eb:8d:06:24:b0\n"
- " Signature Algorithm: sha256WithRSAEncryption\n"
- " Issuer: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
- " Validity\n"
- " Not Before: May 22 22:19:45 2018 GMT\n"
- " Not After : May 17 22:19:45 2038 GMT\n"
- " Subject: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
- " Subject Public Key Info:\n"
- " Public Key Algorithm: rsaEncryption\n"
- " Public-Key: (4096 bit)\n"
- " Modulus:\n"
- " 00:bd:e0:79:dd:3b:a6:ac:87:d0:39:f0:58:c7:a4:\n"
- " 42:42:f6:5f:93:b0:36:04:b5:e2:d5:f7:2a:c0:6c:\n"
- " a0:13:d2:1e:02:81:57:02:50:4c:57:b7:ef:27:9e:\n"
- " f6:f1:f1:30:30:72:1e:57:34:e5:3f:82:3c:21:c4:\n"
- " 66:d2:73:63:6c:91:e6:dd:49:9e:9c:b1:34:6a:81:\n"
- " 45:a1:6e:c4:50:28:f2:d8:e3:fe:80:2f:83:aa:28:\n"
- " 91:b4:8c:57:c9:f1:16:d9:0c:87:3c:25:80:a0:81:\n"
- " 8d:71:f2:96:e2:16:f1:97:c4:b0:d8:53:bb:13:6c:\n"
- " 73:54:2f:29:94:85:cf:86:6e:75:71:ad:39:e3:fc:\n"
- " 39:12:53:93:1c:ce:39:e0:33:da:49:b7:3d:af:b0:\n"
- " 37:ce:77:09:03:27:32:70:c0:9c:7f:9c:89:ce:90:\n"
- " 45:b0:7d:94:8b:ff:13:27:ba:88:7f:ae:c4:aa:73:\n"
- " d5:47:b8:87:69:89:80:0c:c1:22:18:78:c2:0d:47:\n"
- " d9:10:ff:80:79:0d:46:71:ec:d9:ba:c9:f3:77:fd:\n"
- " 92:6d:1f:0f:d9:54:18:6d:f6:72:24:5c:5c:3d:43:\n"
- " 49:35:3e:1c:28:de:7e:44:dc:29:c3:9f:62:04:46:\n"
- " aa:c4:e6:69:6a:15:f8:e3:74:1c:14:e9:f4:97:7c:\n"
- " 30:6c:d4:28:fc:2a:0e:1d:6d:39:2e:1d:f9:17:43:\n"
- " 35:5d:23:e7:ba:e3:a8:e9:97:6b:3c:3e:23:ef:d8:\n"
- " bc:fb:7a:57:37:39:93:59:03:fc:78:ca:b1:31:ef:\n"
- " 26:19:ed:56:e1:63:c3:ad:99:80:5b:47:b5:03:35:\n"
- " 5f:fe:6a:a6:21:63:ec:50:fb:4e:c9:f9:ae:a5:66:\n"
- " d0:55:33:8d:e6:c5:50:5a:c6:8f:5c:34:45:a7:72:\n"
- " da:50:f6:66:4c:19:f5:d1:e4:fb:11:8b:a1:b5:4e:\n"
- " 09:43:81:3d:39:28:86:3b:fe:07:28:97:02:b5:3a:\n"
- " 07:5f:4a:20:80:1a:7d:a4:8c:f7:6c:f6:c5:9b:f6:\n"
- " 61:e5:c7:b0:c3:d5:58:38:7b:bb:47:1e:34:d6:16:\n"
- " 55:c5:d2:6c:b0:93:77:b1:90:69:06:b1:53:cb:1b:\n"
- " 84:71:cf:b8:87:1b:1e:44:35:b4:2b:bb:04:59:58:\n"
- " 0b:e8:93:d8:ae:21:9b:b1:1c:89:30:ae:11:80:77:\n"
- " cc:16:f3:d6:35:ed:a1:b3:70:b3:4f:cd:a1:56:99:\n"
- " ee:0e:c0:00:a4:09:70:c3:5b:0b:be:a1:07:18:dd:\n"
- " c6:f4:6d:8b:58:bc:f9:bb:4b:01:2c:f6:cc:2c:9b:\n"
- " 87:0e:b1:4f:9c:10:be:fc:45:e2:a4:ec:7e:fc:ff:\n"
- " 45:b8:53\n"
- " Exponent: 65537 (0x10001)\n"
- " X509v3 extensions:\n"
- " X509v3 Subject Key Identifier: \n"
- " 8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
- " X509v3 Authority Key Identifier: \n"
- " keyid:8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
- "\n"
- " X509v3 Basic Constraints: critical\n"
- " CA:TRUE\n"
- " X509v3 Key Usage: critical\n"
- " Digital Signature, Certificate Sign, CRL Sign\n"
- " Signature Algorithm: sha256WithRSAEncryption\n"
- " b3:cb:33:eb:0e:02:64:f4:55:9a:3d:03:9a:cf:6a:4c:18:43:\n"
- " f7:42:cb:65:dc:61:52:e5:9f:2f:42:97:3c:93:16:22:d4:af:\n"
- " ae:b2:0f:c3:9b:ef:e0:cc:ee:b6:b1:69:a3:d8:da:26:c3:ad:\n"
- " 3b:c5:64:dc:9f:d4:c2:53:4b:91:6d:c4:92:09:0b:ac:f0:99:\n"
- " be:6f:b9:3c:03:4a:6d:9f:01:5d:ec:5a:9a:f3:a7:e5:3b:2c:\n"
- " 99:57:7d:7e:25:15:68:20:12:30:96:16:86:f5:db:74:90:60:\n"
- " fe:8b:df:99:f6:f7:62:49:9f:bc:8d:45:23:0a:c8:73:b8:79:\n"
- " 80:3c:b9:e5:72:85:4b:b3:81:66:74:a2:72:92:4c:44:fd:7b:\n"
- " 46:2e:21:a2:a9:81:a2:f3:26:4d:e3:89:7d:78:b0:c6:6f:b5:\n"
- " 87:cb:ee:25:ed:27:1f:75:13:fa:6d:e9:37:73:ad:07:bb:af:\n"
- " d3:6c:87:ea:02:01:70:bd:53:aa:ce:39:2c:d4:66:39:33:aa:\n"
- " d1:9c:ee:67:e3:a9:45:d2:7b:2e:54:09:af:70:5f:3f:5a:67:\n"
- " 2e:6c:72:ef:e0:9d:92:28:4a:df:ba:0b:b7:23:ca:5b:04:11:\n"
- " 45:d1:51:e9:ea:c9:ec:54:fa:34:46:ae:fc:dc:6c:f8:1e:2c:\n"
- " 9e:f4:71:51:8d:b5:a1:26:9a:13:30:be:1e:41:25:59:58:05:\n"
- " 2c:64:c8:f9:5e:38:ae:dc:93:b0:8a:d6:38:74:02:cb:ce:ce:\n"
- " 95:31:76:f6:7c:bf:a4:a1:8e:27:fd:ca:74:82:d1:e1:4d:b6:\n"
- " 48:51:fa:c5:17:59:22:a3:84:be:82:c8:83:ec:61:a0:f4:ee:\n"
- " 2c:e3:a3:ea:e5:51:c9:d3:4f:db:85:bd:ba:7a:52:14:b6:03:\n"
- " ed:43:17:d8:d7:1c:22:5e:c9:56:d9:d6:81:96:11:e3:5e:01:\n"
- " 40:91:30:09:da:a3:5f:d3:27:60:e5:9d:6c:da:d0:f0:39:01:\n"
- " 23:4a:a6:15:7a:4a:82:eb:ec:72:4a:1d:36:dc:6f:83:c4:85:\n"
- " 84:b5:8d:cd:09:e5:12:63:f3:21:56:c8:64:6b:db:b8:cf:d4:\n"
- " df:ca:a8:24:8e:df:8d:63:a5:96:84:bf:ff:8b:7e:46:7a:f0:\n"
- " c7:73:7c:70:8a:f5:17:d0:ac:c8:89:1e:d7:89:42:0f:4d:66:\n"
- " c4:d8:bb:36:a8:ae:ca:e1:cf:e2:88:f6:cf:b0:44:4a:5f:81:\n"
- " 50:4b:d6:28:81:cd:6c:f0:ec:e6:09:08:f2:59:91:a2:69:ac:\n"
- " c7:81:fa:ab:61:3e:db:6f:f6:7f:db:1a:9e:b9:5d:cc:cc:33:\n"
- " fa:95:c6:f7:8d:4b:30:f3\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGXDCCBESgAwIBAgIJAIIvj+uNBiSwMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD\n"
- "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j\n"
- "aXNjbzETMBEGA1UECgwKTGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25kIExpZmUg\n"
- "RW5naW5lZXJpbmcxITAfBgNVBAMMGEludGVncmF0aW9uIFRlc3QgUm9vdCBDQTEk\n"
- "MCIGCSqGSIb3DQEJARYVbm9yZXBseUBsaW5kZW5sYWIuY29tMB4XDTE4MDUyMjIy\n"
- "MTk0NVoXDTM4MDUxNzIyMTk0NVowgboxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD\n"
- "YWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApMaW5k\n"
- "ZW4gTGFiMSAwHgYDVQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVlcmluZzEhMB8GA1UE\n"
- "AwwYSW50ZWdyYXRpb24gVGVzdCBSb290IENBMSQwIgYJKoZIhvcNAQkBFhVub3Jl\n"
- "cGx5QGxpbmRlbmxhYi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n"
- "AQC94HndO6ash9A58FjHpEJC9l+TsDYEteLV9yrAbKAT0h4CgVcCUExXt+8nnvbx\n"
- "8TAwch5XNOU/gjwhxGbSc2NskebdSZ6csTRqgUWhbsRQKPLY4/6AL4OqKJG0jFfJ\n"
- "8RbZDIc8JYCggY1x8pbiFvGXxLDYU7sTbHNULymUhc+GbnVxrTnj/DkSU5Mczjng\n"
- "M9pJtz2vsDfOdwkDJzJwwJx/nInOkEWwfZSL/xMnuoh/rsSqc9VHuIdpiYAMwSIY\n"
- "eMINR9kQ/4B5DUZx7Nm6yfN3/ZJtHw/ZVBht9nIkXFw9Q0k1Phwo3n5E3CnDn2IE\n"
- "RqrE5mlqFfjjdBwU6fSXfDBs1Cj8Kg4dbTkuHfkXQzVdI+e646jpl2s8PiPv2Lz7\n"
- "elc3OZNZA/x4yrEx7yYZ7VbhY8OtmYBbR7UDNV/+aqYhY+xQ+07J+a6lZtBVM43m\n"
- "xVBaxo9cNEWnctpQ9mZMGfXR5PsRi6G1TglDgT05KIY7/gcolwK1OgdfSiCAGn2k\n"
- "jPds9sWb9mHlx7DD1Vg4e7tHHjTWFlXF0mywk3exkGkGsVPLG4Rxz7iHGx5ENbQr\n"
- "uwRZWAvok9iuIZuxHIkwrhGAd8wW89Y17aGzcLNPzaFWme4OwACkCXDDWwu+oQcY\n"
- "3cb0bYtYvPm7SwEs9swsm4cOsU+cEL78ReKk7H78/0W4UwIDAQABo2MwYTAdBgNV\n"
- "HQ4EFgQUiiLGnC4R80AMzoIMIln/+H/QuRMwHwYDVR0jBBgwFoAUiiLGnC4R80AM\n"
- "zoIMIln/+H/QuRMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJ\n"
- "KoZIhvcNAQELBQADggIBALPLM+sOAmT0VZo9A5rPakwYQ/dCy2XcYVLlny9ClzyT\n"
- "FiLUr66yD8Ob7+DM7raxaaPY2ibDrTvFZNyf1MJTS5FtxJIJC6zwmb5vuTwDSm2f\n"
- "AV3sWprzp+U7LJlXfX4lFWggEjCWFob123SQYP6L35n292JJn7yNRSMKyHO4eYA8\n"
- "ueVyhUuzgWZ0onKSTET9e0YuIaKpgaLzJk3jiX14sMZvtYfL7iXtJx91E/pt6Tdz\n"
- "rQe7r9Nsh+oCAXC9U6rOOSzUZjkzqtGc7mfjqUXSey5UCa9wXz9aZy5scu/gnZIo\n"
- "St+6C7cjylsEEUXRUenqyexU+jRGrvzcbPgeLJ70cVGNtaEmmhMwvh5BJVlYBSxk\n"
- "yPleOK7ck7CK1jh0AsvOzpUxdvZ8v6Shjif9ynSC0eFNtkhR+sUXWSKjhL6CyIPs\n"
- "YaD07izjo+rlUcnTT9uFvbp6UhS2A+1DF9jXHCJeyVbZ1oGWEeNeAUCRMAnao1/T\n"
- "J2DlnWza0PA5ASNKphV6SoLr7HJKHTbcb4PEhYS1jc0J5RJj8yFWyGRr27jP1N/K\n"
- "qCSO341jpZaEv/+LfkZ68MdzfHCK9RfQrMiJHteJQg9NZsTYuzaorsrhz+KI9s+w\n"
- "REpfgVBL1iiBzWzw7OYJCPJZkaJprMeB+qthPttv9n/bGp65XczMM/qVxveNSzDz\n"
- "-----END CERTIFICATE-----\n"
- );
-
- const std::string mPemIntermediateCert(
- "Certificate:\n"
- " Data:\n"
- " Version: 3 (0x2)\n"
- " Serial Number: 4096 (0x1000)\n"
- " Signature Algorithm: sha256WithRSAEncryption\n"
- " Issuer: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
- " Validity\n"
- " Not Before: May 22 22:39:08 2018 GMT\n"
- " Not After : May 19 22:39:08 2028 GMT\n"
- " Subject: C=US, ST=California, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Intermediate CA/emailAddress=noreply@lindenlab.com\n"
- " Subject Public Key Info:\n"
- " Public Key Algorithm: rsaEncryption\n"
- " Public-Key: (4096 bit)\n"
- " Modulus:\n"
- " 00:ce:a3:70:e2:c4:fb:4b:97:90:a1:30:bb:c1:1b:\n"
- " 13:b9:aa:7e:46:17:a3:26:8d:69:3f:5e:73:95:e8:\n"
- " 6a:b1:0a:b4:8f:50:65:e3:c6:5c:39:24:34:df:0b:\n"
- " b7:cc:ce:62:0c:36:5a:12:2c:fe:35:4c:e9:1c:ac:\n"
- " 80:5e:24:99:d7:aa:bd:be:48:c0:62:64:77:36:88:\n"
- " 66:ce:f4:a8:dd:d2:76:24:62:90:55:41:fc:1d:13:\n"
- " 4e:a7:4e:57:bc:a8:a4:59:4b:2c:5a:1c:d8:cc:16:\n"
- " de:e8:88:30:c9:95:df:2f:a6:14:28:0f:eb:34:46:\n"
- " 12:58:ba:da:0e:e6:de:9c:15:f6:f4:e3:9f:74:aa:\n"
- " 70:89:79:8b:e9:5a:7b:18:54:15:94:3a:23:0a:65:\n"
- " 78:05:d9:33:90:2a:ce:15:18:0d:52:fc:5c:31:65:\n"
- " 20:d0:12:37:8c:11:80:ba:d4:b0:82:73:00:4b:49:\n"
- " be:cb:d6:bc:e7:cd:61:f3:00:98:99:74:5a:37:81:\n"
- " 49:96:7e:14:01:1b:86:d2:d0:06:94:40:63:63:46:\n"
- " 11:fc:33:5c:bd:3a:5e:d4:e5:44:47:64:50:bd:a6:\n"
- " 97:55:70:64:9b:26:cc:de:20:82:90:6a:83:41:9c:\n"
- " 6f:71:47:14:be:cb:68:7c:85:be:ef:2e:76:12:19:\n"
- " d3:c9:87:32:b4:ac:60:20:16:28:2d:af:bc:e8:01:\n"
- " c6:7f:fb:d8:11:d5:f4:b7:14:bd:27:08:5b:72:be:\n"
- " 09:e0:91:c8:9c:7b:b4:b3:12:ef:32:36:be:b1:b9:\n"
- " a2:b7:e3:69:47:30:76:ba:9c:9b:19:99:4d:53:dd:\n"
- " 5c:e8:2c:f1:b2:64:69:cf:15:bd:f8:bb:58:95:73:\n"
- " 58:38:95:b4:7a:cf:84:29:a6:c2:db:f0:bd:ef:97:\n"
- " 26:d4:99:ac:d7:c7:be:b0:0d:11:f4:26:86:2d:77:\n"
- " 42:52:25:d7:56:c7:e3:97:b1:36:5c:97:71:d0:9b:\n"
- " f5:b5:50:8d:f9:ff:fb:10:77:3c:b5:53:6d:a1:43:\n"
- " 35:a9:03:32:05:ab:d7:f5:d1:19:bd:5f:92:a3:00:\n"
- " 2a:79:37:a4:76:4f:e9:32:0d:e4:86:bb:ea:c3:1a:\n"
- " c5:33:e8:16:d4:a5:d8:e0:e8:bb:c2:f0:22:15:e2:\n"
- " d9:8c:ae:ac:7d:2b:bf:eb:a3:4c:3b:29:1d:94:ac:\n"
- " a3:bb:6d:ba:6d:03:91:03:cf:46:12:c4:66:21:c5:\n"
- " c6:67:d8:11:19:79:01:0e:6e:84:1c:76:6f:11:3d:\n"
- " eb:94:89:c5:6a:26:1f:cd:e0:11:8b:51:ee:99:35:\n"
- " 69:e5:7f:0b:77:2a:94:e4:4b:64:b9:83:04:30:05:\n"
- " e4:a2:e3\n"
- " Exponent: 65537 (0x10001)\n"
- " X509v3 extensions:\n"
- " X509v3 Subject Key Identifier: \n"
- " 83:21:DE:EC:C0:79:03:6D:1E:83:F3:E5:97:29:D5:5A:C0:96:40:FA\n"
- " X509v3 Authority Key Identifier: \n"
- " keyid:8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
- "\n"
- " X509v3 Basic Constraints: critical\n"
- " CA:TRUE, pathlen:0\n"
- " X509v3 Key Usage: critical\n"
- " Digital Signature, Certificate Sign, CRL Sign\n"
- " Signature Algorithm: sha256WithRSAEncryption\n"
- " a3:6c:85:9a:2e:4e:7e:5d:83:63:0f:f5:4f:a9:7d:ec:0e:6f:\n"
- " ae:d7:ba:df:64:e0:46:0e:3d:da:18:15:2c:f3:73:ca:81:b1:\n"
- " 10:d9:53:14:21:7d:72:5c:94:88:a5:9d:ad:ab:45:42:c6:64:\n"
- " a9:d9:2e:4e:29:47:2c:b1:95:07:b7:62:48:68:1f:68:13:1c:\n"
- " d2:a0:fb:5e:38:24:4a:82:0a:87:c9:93:20:43:7e:e9:f9:79:\n"
- " ef:03:a2:bd:9e:24:6b:0a:01:5e:4a:36:c5:7d:7a:fe:d6:aa:\n"
- " 2f:c2:8c:38:8a:99:3c:b0:6a:e5:60:be:56:d6:eb:60:03:55:\n"
- " 24:42:a0:1a:fa:91:24:a3:53:15:75:5d:c8:eb:7c:1e:68:5a:\n"
- " 7e:13:34:e3:85:37:1c:76:3f:77:67:1b:ed:1b:52:17:fc:4a:\n"
- " a3:e2:74:84:80:2c:69:fc:dd:7d:26:97:c4:2a:69:7d:9c:dc:\n"
- " 61:97:70:29:a7:3f:2b:5b:2b:22:51:fd:fe:6a:5d:f9:e7:14:\n"
- " 48:b7:2d:c8:33:58:fc:f2:5f:27:f7:26:16:be:be:b5:aa:a2:\n"
- " 64:53:3c:69:e8:b5:61:eb:ab:91:a5:b4:09:9b:f6:98:b8:5c:\n"
- " 5b:24:2f:93:f5:2b:9c:8c:58:fb:26:3f:67:53:d7:42:64:e8:\n"
- " 79:77:73:41:4e:e3:02:39:0b:b6:68:97:8b:84:e8:1d:83:a8:\n"
- " 15:f1:06:46:47:80:42:5e:14:e2:61:8a:76:84:d5:d4:71:7f:\n"
- " 4e:ff:d9:74:87:ff:32:c5:87:20:0a:d4:59:40:3e:d8:17:ef:\n"
- " da:65:e9:0a:51:fe:1e:c3:46:91:d2:ee:e4:23:57:97:87:d4:\n"
- " a6:a5:eb:ef:81:6a:d8:8c:d6:1f:8e:b1:18:4c:6b:89:32:55:\n"
- " 53:68:26:9e:bb:03:be:2c:e9:8b:ff:97:9c:1c:ac:28:c3:9f:\n"
- " 0b:b7:93:23:24:31:63:e4:19:13:f2:bb:08:71:b7:c5:c5:c4:\n"
- " 10:ff:dc:fc:33:54:a4:5e:ec:a3:fe:0a:80:ca:9c:bc:95:6f:\n"
- " 5f:39:91:3b:61:69:16:94:0f:57:4b:fc:4b:b1:be:72:98:5d:\n"
- " 10:f9:08:a7:d6:e0:e8:3d:5d:54:7d:fa:4b:6a:dd:98:41:ed:\n"
- " 84:a1:39:67:5c:6c:7f:0c:b0:e1:98:c1:14:ed:fe:1e:e8:05:\n"
- " 8d:7f:6a:24:cb:1b:05:42:0d:7f:13:ba:ca:b5:91:db:a5:f0:\n"
- " 40:2b:70:7a:2a:a5:5d:ed:56:0c:f0:c2:72:ee:63:dd:cb:5d:\n"
- " 76:f6:08:e6:e6:30:ef:3a:b2:16:34:41:a4:e1:30:14:bc:c7:\n"
- " f9:23:3a:1a:70:df:b8:cc\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGSDCCBDCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVT\n"
- "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMw\n"
- "EQYDVQQKDApMaW5kZW4gTGFiMSAwHgYDVQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVl\n"
- "cmluZzEhMB8GA1UEAwwYSW50ZWdyYXRpb24gVGVzdCBSb290IENBMSQwIgYJKoZI\n"
- "hvcNAQkBFhVub3JlcGx5QGxpbmRlbmxhYi5jb20wHhcNMTgwNTIyMjIzOTA4WhcN\n"
- "MjgwNTE5MjIzOTA4WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju\n"
- "aWExEzARBgNVBAoMCkxpbmRlbiBMYWIxIDAeBgNVBAsMF1NlY29uZCBMaWZlIEVu\n"
- "Z2luZWVyaW5nMSkwJwYDVQQDDCBJbnRlZ3JhdGlvbiBUZXN0IEludGVybWVkaWF0\n"
- "ZSBDQTEkMCIGCSqGSIb3DQEJARYVbm9yZXBseUBsaW5kZW5sYWIuY29tMIICIjAN\n"
- "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzqNw4sT7S5eQoTC7wRsTuap+Rhej\n"
- "Jo1pP15zlehqsQq0j1Bl48ZcOSQ03wu3zM5iDDZaEiz+NUzpHKyAXiSZ16q9vkjA\n"
- "YmR3NohmzvSo3dJ2JGKQVUH8HRNOp05XvKikWUssWhzYzBbe6IgwyZXfL6YUKA/r\n"
- "NEYSWLraDubenBX29OOfdKpwiXmL6Vp7GFQVlDojCmV4BdkzkCrOFRgNUvxcMWUg\n"
- "0BI3jBGAutSwgnMAS0m+y9a8581h8wCYmXRaN4FJln4UARuG0tAGlEBjY0YR/DNc\n"
- "vTpe1OVER2RQvaaXVXBkmybM3iCCkGqDQZxvcUcUvstofIW+7y52EhnTyYcytKxg\n"
- "IBYoLa+86AHGf/vYEdX0txS9Jwhbcr4J4JHInHu0sxLvMja+sbmit+NpRzB2upyb\n"
- "GZlNU91c6CzxsmRpzxW9+LtYlXNYOJW0es+EKabC2/C975cm1Jms18e+sA0R9CaG\n"
- "LXdCUiXXVsfjl7E2XJdx0Jv1tVCN+f/7EHc8tVNtoUM1qQMyBavX9dEZvV+SowAq\n"
- "eTekdk/pMg3khrvqwxrFM+gW1KXY4Oi7wvAiFeLZjK6sfSu/66NMOykdlKyju226\n"
- "bQORA89GEsRmIcXGZ9gRGXkBDm6EHHZvET3rlInFaiYfzeARi1HumTVp5X8LdyqU\n"
- "5EtkuYMEMAXkouMCAwEAAaNmMGQwHQYDVR0OBBYEFIMh3uzAeQNtHoPz5Zcp1VrA\n"
- "lkD6MB8GA1UdIwQYMBaAFIoixpwuEfNADM6CDCJZ//h/0LkTMBIGA1UdEwEB/wQI\n"
- "MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCjbIWa\n"
- "Lk5+XYNjD/VPqX3sDm+u17rfZOBGDj3aGBUs83PKgbEQ2VMUIX1yXJSIpZ2tq0VC\n"
- "xmSp2S5OKUcssZUHt2JIaB9oExzSoPteOCRKggqHyZMgQ37p+XnvA6K9niRrCgFe\n"
- "SjbFfXr+1qovwow4ipk8sGrlYL5W1utgA1UkQqAa+pEko1MVdV3I63weaFp+EzTj\n"
- "hTccdj93ZxvtG1IX/Eqj4nSEgCxp/N19JpfEKml9nNxhl3Appz8rWysiUf3+al35\n"
- "5xRIty3IM1j88l8n9yYWvr61qqJkUzxp6LVh66uRpbQJm/aYuFxbJC+T9SucjFj7\n"
- "Jj9nU9dCZOh5d3NBTuMCOQu2aJeLhOgdg6gV8QZGR4BCXhTiYYp2hNXUcX9O/9l0\n"
- "h/8yxYcgCtRZQD7YF+/aZekKUf4ew0aR0u7kI1eXh9SmpevvgWrYjNYfjrEYTGuJ\n"
- "MlVTaCaeuwO+LOmL/5ecHKwow58Lt5MjJDFj5BkT8rsIcbfFxcQQ/9z8M1SkXuyj\n"
- "/gqAypy8lW9fOZE7YWkWlA9XS/xLsb5ymF0Q+Qin1uDoPV1UffpLat2YQe2EoTln\n"
- "XGx/DLDhmMEU7f4e6AWNf2okyxsFQg1/E7rKtZHbpfBAK3B6KqVd7VYM8MJy7mPd\n"
- "y1129gjm5jDvOrIWNEGk4TAUvMf5IzoacN+4zA==\n"
- "-----END CERTIFICATE-----\n"
- );
-
- const std::string mPemChildCert(
- "Certificate:\n"
- " Data:\n"
- " Version: 3 (0x2)\n"
- " Serial Number: 4096 (0x1000)\n"
- " Signature Algorithm: sha256WithRSAEncryption\n"
- " Issuer: C=US, ST=California, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Intermediate CA/emailAddress=noreply@lindenlab.com\n"
- " Validity\n"
- " Not Before: May 22 22:58:15 2018 GMT\n"
- " Not After : Jul 19 22:58:15 2024 GMT\n"
- " Subject: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Server Cert/emailAddress=noreply@lindenlab.com\n"
- " Subject Public Key Info:\n"
- " Public Key Algorithm: rsaEncryption\n"
- " Public-Key: (2048 bit)\n"
- " Modulus:\n"
- " 00:bf:a1:1c:76:82:4a:10:1d:25:0e:02:e2:7a:64:\n"
- " 54:c7:94:c5:c0:98:d5:35:f3:cb:cb:30:ba:31:9c:\n"
- " bd:4c:2f:4a:4e:24:03:4b:87:5c:c1:5c:fe:d9:89:\n"
- " 3b:cb:01:bc:eb:a5:b7:78:dc:b3:58:e5:78:a7:15:\n"
- " 34:50:30:aa:16:3a:b2:94:17:6d:1e:7f:b2:70:1e:\n"
- " 96:41:bb:1d:e3:22:80:fa:dc:00:6a:fb:34:3e:67:\n"
- " e7:c2:21:2f:1b:d3:af:04:49:91:eb:bb:60:e0:26:\n"
- " 52:75:28:8a:08:5b:91:56:4e:51:50:40:51:70:af:\n"
- " cb:80:66:c8:59:e9:e2:48:a8:62:d0:26:67:80:0a:\n"
- " 12:16:d1:f6:15:9e:1f:f5:92:37:f3:c9:2f:03:9e:\n"
- " 22:f6:60:5a:76:45:8c:01:2c:99:54:72:19:db:b7:\n"
- " 72:e6:5a:69:f3:e9:31:65:5d:0f:c7:5c:9c:17:29:\n"
- " 71:14:7f:db:47:c9:1e:65:a2:41:b0:2f:14:17:ec:\n"
- " 4b:25:f2:43:8f:b4:a3:8d:37:1a:07:34:b3:29:bb:\n"
- " 8a:44:8e:84:08:a2:1b:76:7a:cb:c2:39:2f:6e:e3:\n"
- " fc:d6:91:b5:1f:ce:58:91:57:70:35:6e:25:a9:48:\n"
- " 0e:07:cf:4e:dd:16:42:65:cf:8a:42:b3:27:e6:fe:\n"
- " 6a:e3\n"
- " Exponent: 65537 (0x10001)\n"
- " X509v3 extensions:\n"
- " X509v3 Basic Constraints: \n"
- " CA:FALSE\n"
- " Netscape Cert Type: \n"
- " SSL Server\n"
- " Netscape Comment: \n"
- " OpenSSL Generated Server Certificate\n"
- " X509v3 Subject Key Identifier: \n"
- " BB:59:9F:DE:6B:51:A7:6C:B3:6D:5B:8B:42:F7:B1:65:77:17:A4:E4\n"
- " X509v3 Authority Key Identifier: \n"
- " keyid:83:21:DE:EC:C0:79:03:6D:1E:83:F3:E5:97:29:D5:5A:C0:96:40:FA\n"
- " DirName:/C=US/ST=California/L=San Francisco/O=Linden Lab/OU=Second Life Engineering/CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
- " serial:10:00\n"
- "\n"
- " X509v3 Key Usage: critical\n"
- " Digital Signature, Key Encipherment\n"
- " X509v3 Extended Key Usage: \n"
- " TLS Web Server Authentication\n"
- " Signature Algorithm: sha256WithRSAEncryption\n"
- " 18:a6:58:55:9b:d4:af:7d:8a:27:d3:28:3a:4c:4b:42:4e:f0:\n"
- " 30:d6:d9:95:11:48:12:0a:96:40:d9:2b:21:39:c5:d4:8d:e5:\n"
- " 10:bc:68:78:69:0b:9f:15:4a:0b:f1:ab:99:45:0c:20:5f:27:\n"
- " df:e7:14:2d:4a:30:f2:c2:8d:37:73:36:1a:27:55:5a:08:5f:\n"
- " 71:a1:5e:05:83:b2:59:fe:02:5e:d7:4a:30:15:23:58:04:cf:\n"
- " 48:cc:b0:71:88:9c:6b:57:f0:04:0a:d3:a0:64:6b:ee:f3:5f:\n"
- " ea:ac:e1:2b:b9:7f:79:b8:db:ce:72:48:72:db:c8:5c:38:72:\n"
- " 31:55:d0:ff:6b:bd:73:23:a7:30:18:5d:ed:47:18:0a:67:8e:\n"
- " 53:32:0e:99:9b:96:72:45:7f:c6:00:2c:5d:1a:97:53:75:3a:\n"
- " 0b:49:3d:3a:00:37:14:67:0c:28:97:34:87:aa:c5:32:e4:ae:\n"
- " 34:83:12:4a:10:f7:0e:74:d4:5f:73:bd:ef:0c:b7:d8:0a:7d:\n"
- " 8e:8d:5a:48:bd:f4:8e:7b:f9:4a:15:3b:61:c9:5e:40:59:6e:\n"
- " c7:a8:a4:02:28:72:c5:54:8c:77:f4:55:a7:86:c0:38:a0:68:\n"
- " 19:da:0f:72:5a:a9:7e:69:9f:9c:3a:d6:66:aa:e1:f4:fd:f9:\n"
- " b8:4b:6c:71:9e:f0:38:02:c7:6a:9e:dc:e6:fb:ef:23:59:4f:\n"
- " 5c:84:0a:df:ea:86:1f:fd:0e:5c:fa:c4:e5:50:1c:10:cf:89:\n"
- " 4e:08:0e:4c:4b:61:1a:49:12:f7:e9:4b:17:71:43:7b:6d:b6:\n"
- " b5:9f:d4:3b:c7:88:53:48:63:b6:00:80:8f:49:0a:c5:7e:58:\n"
- " ac:78:d8:b9:06:b0:bc:86:e2:2e:48:5b:c3:24:fa:aa:72:d8:\n"
- " ec:f6:c7:91:9f:0f:c8:b5:fd:2b:b2:a7:bc:2f:40:20:2b:47:\n"
- " e0:d1:1d:94:52:6f:6b:be:12:b6:8c:dc:11:db:71:e6:19:ef:\n"
- " a8:71:8b:ad:d3:32:c0:1c:a4:3f:b3:0f:af:e5:50:e1:ff:41:\n"
- " a4:b7:6f:57:71:af:fd:16:4c:e8:24:b3:99:1b:cf:12:8f:43:\n"
- " 05:80:ba:18:19:0a:a5:ec:49:81:41:4c:7e:28:b2:21:f2:59:\n"
- " 6e:4a:ed:de:f9:fa:99:85:60:1f:e6:c2:42:5c:08:00:3c:84:\n"
- " 06:a9:24:d4:cf:7b:6e:1b:59:1d:f4:70:16:03:a1:e0:0b:00:\n"
- " 95:5c:39:03:fc:9d:1c:8e:f7:59:0c:61:47:f6:7f:07:22:48:\n"
- " 83:40:ac:e1:98:5f:c7:be:05:d5:29:2b:bf:0d:03:0e:e9:5e:\n"
- " 2b:dd:09:18:fe:5e:30:61\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGbjCCBFagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgaoxCzAJBgNVBAYTAlVT\n"
- "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQKDApMaW5kZW4gTGFiMSAwHgYD\n"
- "VQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVlcmluZzEpMCcGA1UEAwwgSW50ZWdyYXRp\n"
- "b24gVGVzdCBJbnRlcm1lZGlhdGUgQ0ExJDAiBgkqhkiG9w0BCQEWFW5vcmVwbHlA\n"
- "bGluZGVubGFiLmNvbTAeFw0xODA1MjIyMjU4MTVaFw0yNDA3MTkyMjU4MTVaMIG+\n"
- "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n"
- "IEZyYW5jaXNjbzETMBEGA1UECgwKTGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25k\n"
- "IExpZmUgRW5naW5lZXJpbmcxJTAjBgNVBAMMHEludGVncmF0aW9uIFRlc3QgU2Vy\n"
- "dmVyIENlcnQxJDAiBgkqhkiG9w0BCQEWFW5vcmVwbHlAbGluZGVubGFiLmNvbTCC\n"
- "ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+hHHaCShAdJQ4C4npkVMeU\n"
- "xcCY1TXzy8swujGcvUwvSk4kA0uHXMFc/tmJO8sBvOult3jcs1jleKcVNFAwqhY6\n"
- "spQXbR5/snAelkG7HeMigPrcAGr7ND5n58IhLxvTrwRJkeu7YOAmUnUoighbkVZO\n"
- "UVBAUXCvy4BmyFnp4kioYtAmZ4AKEhbR9hWeH/WSN/PJLwOeIvZgWnZFjAEsmVRy\n"
- "Gdu3cuZaafPpMWVdD8dcnBcpcRR/20fJHmWiQbAvFBfsSyXyQ4+0o403Ggc0sym7\n"
- "ikSOhAiiG3Z6y8I5L27j/NaRtR/OWJFXcDVuJalIDgfPTt0WQmXPikKzJ+b+auMC\n"
- "AwEAAaOCAYYwggGCMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG\n"
- "SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw\n"
- "HQYDVR0OBBYEFLtZn95rUadss21bi0L3sWV3F6TkMIHoBgNVHSMEgeAwgd2AFIMh\n"
- "3uzAeQNtHoPz5Zcp1VrAlkD6oYHApIG9MIG6MQswCQYDVQQGEwJVUzETMBEGA1UE\n"
- "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwK\n"
- "TGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25kIExpZmUgRW5naW5lZXJpbmcxITAf\n"
- "BgNVBAMMGEludGVncmF0aW9uIFRlc3QgUm9vdCBDQTEkMCIGCSqGSIb3DQEJARYV\n"
- "bm9yZXBseUBsaW5kZW5sYWIuY29tggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l\n"
- "BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBABimWFWb1K99iifTKDpM\n"
- "S0JO8DDW2ZURSBIKlkDZKyE5xdSN5RC8aHhpC58VSgvxq5lFDCBfJ9/nFC1KMPLC\n"
- "jTdzNhonVVoIX3GhXgWDsln+Al7XSjAVI1gEz0jMsHGInGtX8AQK06Bka+7zX+qs\n"
- "4Su5f3m4285ySHLbyFw4cjFV0P9rvXMjpzAYXe1HGApnjlMyDpmblnJFf8YALF0a\n"
- "l1N1OgtJPToANxRnDCiXNIeqxTLkrjSDEkoQ9w501F9zve8Mt9gKfY6NWki99I57\n"
- "+UoVO2HJXkBZbseopAIocsVUjHf0VaeGwDigaBnaD3JaqX5pn5w61maq4fT9+bhL\n"
- "bHGe8DgCx2qe3Ob77yNZT1yECt/qhh/9Dlz6xOVQHBDPiU4IDkxLYRpJEvfpSxdx\n"
- "Q3tttrWf1DvHiFNIY7YAgI9JCsV+WKx42LkGsLyG4i5IW8Mk+qpy2Oz2x5GfD8i1\n"
- "/Suyp7wvQCArR+DRHZRSb2u+EraM3BHbceYZ76hxi63TMsAcpD+zD6/lUOH/QaS3\n"
- "b1dxr/0WTOgks5kbzxKPQwWAuhgZCqXsSYFBTH4osiHyWW5K7d75+pmFYB/mwkJc\n"
- "CAA8hAapJNTPe24bWR30cBYDoeALAJVcOQP8nRyO91kMYUf2fwciSINArOGYX8e+\n"
- "BdUpK78NAw7pXivdCRj+XjBh\n"
- "-----END CERTIFICATE-----\n"
- );
-
- // Test wrapper declaration : wrapping nothing for the moment
- struct sechandler_basic_test
- {
- X509 *mX509TestCert, *mX509RootCert, *mX509IntermediateCert, *mX509ChildCert;
- LLSD mValidationDate;
-
- sechandler_basic_test()
- {
- LLMachineID::init();
- OpenSSL_add_all_algorithms();
- OpenSSL_add_all_ciphers();
- OpenSSL_add_all_digests();
- ERR_load_crypto_strings();
- gFirstName = "";
- gLastName = "";
- mValidationDate[CERT_VALIDATION_DATE] = LLDate("2017-04-11T00:00:00.00Z");
- LLFile::remove("test_password.dat");
- LLFile::remove("sechandler_settings.tmp");
-
- mX509TestCert = NULL;
- mX509RootCert = NULL;
- mX509IntermediateCert = NULL;
- mX509ChildCert = NULL;
-
- // Read each of the 4 Pem certs and store in mX509*Cert pointers
- BIO * validation_bio;
- validation_bio = BIO_new_mem_buf((void*)mPemTestCert.c_str(), mPemTestCert.length());
- PEM_read_bio_X509(validation_bio, &mX509TestCert, 0, NULL);
- BIO_free(validation_bio);
-
- validation_bio = BIO_new_mem_buf((void*)mPemRootCert.c_str(), mPemRootCert.length());
- PEM_read_bio_X509(validation_bio, &mX509RootCert, 0, NULL);
- BIO_free(validation_bio);
-
- validation_bio = BIO_new_mem_buf((void*)mPemIntermediateCert.c_str(), mPemIntermediateCert.length());
- PEM_read_bio_X509(validation_bio, &mX509IntermediateCert, 0, NULL);
- BIO_free(validation_bio);
-
- validation_bio = BIO_new_mem_buf((void*)mPemChildCert.c_str(), mPemChildCert.length());
- PEM_read_bio_X509(validation_bio, &mX509ChildCert, 0, NULL);
- BIO_free(validation_bio);
- }
- ~sechandler_basic_test()
- {
- LLFile::remove("test_password.dat");
- LLFile::remove("sechandler_settings.tmp");
- LLFile::remove("mycertstore.pem");
- X509_free(mX509TestCert);
- X509_free(mX509RootCert);
- X509_free(mX509IntermediateCert);
- X509_free(mX509ChildCert);
- }
- };
-
- // Tut templating thingamagic: test group, object and test instance
- typedef test_group<sechandler_basic_test> sechandler_basic_test_factory;
- typedef sechandler_basic_test_factory::object sechandler_basic_test_object;
- tut::sechandler_basic_test_factory tut_test("LLSecHandler");
-
- // ---------------------------------------------------------------------------------------
- // Test functions
- // ---------------------------------------------------------------------------------------
- // test cert data retrieval
- template<> template<>
- void sechandler_basic_test_object::test<1>()
- {
- try
- {
- LLPointer<LLBasicCertificate> test_cert(new LLBasicCertificate(mPemTestCert, &mValidationDate));
- LL_INFOS() << "ok" << LL_ENDL;
- }
- catch (LLCertException& cert_exception)
- {
- LL_INFOS() << "cert ex: " << cert_exception.getCertData() << LL_ENDL;
- fail("cert exception");
- }
- catch (...)
- {
- LOG_UNHANDLED_EXCEPTION("test 1");
- fail("other exception");
- }
- }
-
- template<> template<>
- void sechandler_basic_test_object::test<2>()
- {
- LLPointer<LLCertificate> test_cert(new LLBasicCertificate(mPemChildCert, &mValidationDate));
-
- LLSD llsd_cert;
- test_cert->getLLSD(llsd_cert);
- //std::ostringstream llsd_value;
- //llsd_value << LLSDOStreamer<LLSDNotationFormatter>(llsd_cert) << std::endl;
- LL_DEBUGS() << "test 1 cert " << llsd_cert << LL_ENDL;
-
- ensure_equals("Issuer Name/commonName", (std::string)llsd_cert["issuer_name"]["commonName"], "Integration Test Intermediate CA");
- ensure_equals("Issuer Name/countryName", (std::string)llsd_cert["issuer_name"]["countryName"], "US");
- ensure_equals("Issuer Name/state", (std::string)llsd_cert["issuer_name"]["stateOrProvinceName"], "California");
- ensure_equals("Issuer Name/org name", (std::string)llsd_cert["issuer_name"]["organizationName"], "Linden Lab");
- ensure_equals("Issuer Name/org unit", (std::string)llsd_cert["issuer_name"]["organizationalUnitName"], "Second Life Engineering");
- ensure_equals("Issuer name string", (std::string)llsd_cert["issuer_name_string"],
- "emailAddress=noreply@lindenlab.com,CN=Integration Test Intermediate CA,OU=Second Life Engineering,O=Linden Lab,ST=California,C=US");
- ensure_equals("subject Name/commonName", (std::string)llsd_cert["subject_name"]["commonName"],
- "Integration Test Server Cert");
- ensure_equals("subject Name/countryName", (std::string)llsd_cert["subject_name"]["countryName"], "US");
- ensure_equals("subject Name/state", (std::string)llsd_cert["subject_name"]["stateOrProvinceName"], "California");
- ensure_equals("subject Name/localityName", (std::string)llsd_cert["subject_name"]["localityName"], "San Francisco");
- ensure_equals("subject Name/org name", (std::string)llsd_cert["subject_name"]["organizationName"], "Linden Lab");
- ensure_equals("subjectName/org unit",
- (std::string)llsd_cert["subject_name"]["organizationalUnitName"], "Second Life Engineering");
-
- ensure_equals("subject name string",
- (std::string)llsd_cert["subject_name_string"],
- "emailAddress=noreply@lindenlab.com,CN=Integration Test Server Cert,OU=Second Life Engineering,O=Linden Lab,L=San Francisco,ST=California,C=US");
- ensure_equals("serial number", (std::string)llsd_cert["serial_number"], "1000");
- ensure_equals("valid from", (std::string)llsd_cert["valid_from"], "2018-05-22T22:58:15Z");
- ensure_equals("valid to", (std::string)llsd_cert["valid_to"], "2024-07-19T22:58:15Z");
- LLSD expectedKeyUsage = LLSD::emptyArray();
- expectedKeyUsage.append(LLSD((std::string)"digitalSignature"));
- expectedKeyUsage.append(LLSD((std::string)"keyEncipherment"));
- ensure("key usage", valueCompareLLSD(llsd_cert["keyUsage"], expectedKeyUsage));
- ensure_equals("basic constraints", llsd_cert["basicConstraints"]["CA"].asInteger(), 0);
-
- ensure("x509 is equal", !X509_cmp(mX509ChildCert, test_cert->getOpenSSLX509()));
- }
-
-
- // test protected data
- template<> template<>
- void sechandler_basic_test_object::test<3>()
- {
- std::string protected_data = "sUSh3wj77NG9oAMyt3XIhaej3KLZhLZWFZvI6rIGmwUUOmmelrRg0NI9rkOj8ZDpTPxpwToaBT5u"
- "GQhakdaGLJznr9bHr4/6HIC1bouKj4n2rs4TL6j2WSjto114QdlNfLsE8cbbE+ghww58g8SeyLQO"
- "nyzXoz+/PBz0HD5SMFDuObccoPW24gmqYySz8YoEWhSwO0pUtEEqOjVRsAJgF5wLAtJZDeuilGsq"
- "4ZT9Y4wZ9Rh8nnF3fDUL6IGamHe1ClXM1jgBu10F6UMhZbnH4C3aJ2E9+LiOntU+l3iCb2MpkEpr"
- "82r2ZAMwIrpnirL/xoYoyz7MJQYwUuMvBPToZJrxNSsjI+S2Z+I3iEJAELMAAA==";
-
- std::vector<U8> binary_data(apr_base64_decode_len(protected_data.c_str()));
- apr_base64_decode_binary(&binary_data[0], protected_data.c_str());
-
- LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES);
- cipher.decrypt(&binary_data[0], 16);
- unsigned char unique_id[MAC_ADDRESS_BYTES];
- LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
- LLXORCipher cipher2(unique_id, sizeof(unique_id));
- cipher2.encrypt(&binary_data[0], 16);
- std::ofstream temp_file("sechandler_settings.tmp", std::ofstream::binary);
- temp_file.write((const char *)&binary_data[0], binary_data.size());
- temp_file.close();
-
- LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp",
- "test_password.dat");
- handler->init();
- // data retrieval for existing data
- LLSD data = handler->getProtectedData("test_data_type", "test_data_id");
-
-
- ensure_equals("retrieve existing data1", (std::string)data["data1"], "test_data_1");
- ensure_equals("retrieve existing data2", (std::string)data["data2"], "test_data_2");
- ensure_equals("retrieve existing data3", (std::string)data["data3"]["elem1"], "test element1");
-
- // data storage
- LLSD store_data = LLSD::emptyMap();
- store_data["store_data1"] = "test_store_data1";
- store_data["store_data2"] = 27;
- store_data["store_data3"] = LLSD::emptyMap();
- store_data["store_data3"]["subelem1"] = "test_subelem1";
-
- handler->setProtectedData("test_data_type", "test_data_id1", store_data);
- data = handler->getProtectedData("test_data_type", "test_data_id");
-
- data = handler->getProtectedData("test_data_type", "test_data_id");
- // verify no overwrite of existing data
- ensure_equals("verify no overwrite 1", (std::string)data["data1"], "test_data_1");
- ensure_equals("verify no overwrite 2", (std::string)data["data2"], "test_data_2");
- ensure_equals("verify no overwrite 3", (std::string)data["data3"]["elem1"], "test element1");
-
- // verify written data is good
- data = handler->getProtectedData("test_data_type", "test_data_id1");
- ensure_equals("verify stored data1", (std::string)data["store_data1"], "test_store_data1");
- ensure_equals("verify stored data2", (int)data["store_data2"], 27);
- ensure_equals("verify stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1");
-
- // verify overwrite works
- handler->setProtectedData("test_data_type", "test_data_id", store_data);
- data = handler->getProtectedData("test_data_type", "test_data_id");
- ensure_equals("verify overwrite stored data1", (std::string)data["store_data1"], "test_store_data1");
- ensure_equals("verify overwrite stored data2", (int)data["store_data2"], 27);
- ensure_equals("verify overwrite stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1");
-
- // verify other datatype doesn't conflict
- store_data["store_data3"] = "test_store_data3";
- store_data["store_data4"] = 28;
- store_data["store_data5"] = LLSD::emptyMap();
- store_data["store_data5"]["subelem2"] = "test_subelem2";
-
- handler->setProtectedData("test_data_type1", "test_data_id", store_data);
- data = handler->getProtectedData("test_data_type1", "test_data_id");
- ensure_equals("verify datatype stored data3", (std::string)data["store_data3"], "test_store_data3");
- ensure_equals("verify datatype stored data4", (int)data["store_data4"], 28);
- ensure_equals("verify datatype stored data5", (std::string)data["store_data5"]["subelem2"], "test_subelem2");
-
- // test data not found
-
- data = handler->getProtectedData("test_data_type1", "test_data_not_found");
- ensure("not found", data.isUndefined());
-
- // cause a 'write' by using 'LLPointer' to delete then instantiate a handler
- handler = NULL;
- handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
- handler->init();
-
- data = handler->getProtectedData("test_data_type1", "test_data_id");
- ensure_equals("verify datatype stored data3a", (std::string)data["store_data3"], "test_store_data3");
- ensure_equals("verify datatype stored data4a", (int)data["store_data4"], 28);
- ensure_equals("verify datatype stored data5a", (std::string)data["store_data5"]["subelem2"], "test_subelem2");
-
- // rewrite the initial file to verify reloads
- handler = NULL;
- std::ofstream temp_file2("sechandler_settings.tmp", std::ofstream::binary);
- temp_file2.write((const char *)&binary_data[0], binary_data.size());
- temp_file2.close();
-
- // cause a 'write'
- handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
- handler->init();
- data = handler->getProtectedData("test_data_type1", "test_data_id");
- ensure("not found", data.isUndefined());
-
- handler->deleteProtectedData("test_data_type", "test_data_id");
- ensure("Deleted data not found", handler->getProtectedData("test_data_type", "test_data_id").isUndefined());
-
- LLFile::remove("sechandler_settings.tmp");
- handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
- handler->init();
- data = handler->getProtectedData("test_data_type1", "test_data_id");
- ensure("not found", data.isUndefined());
- handler = NULL;
-
- ensure(LLFile::isfile("sechandler_settings.tmp"));
- }
-
- // test credenitals
- template<> template<>
- void sechandler_basic_test_object::test<4>()
- {
- LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
- handler->init();
-
- LLSD my_id = LLSD::emptyMap();
- LLSD my_authenticator = LLSD::emptyMap();
- my_id["type"] = "test_type";
- my_id["username"] = "testuser@lindenlab.com";
- my_authenticator["type"] = "test_auth";
- my_authenticator["creds"] = "12345";
-
- // test creation of credentials
- LLPointer<LLCredential> my_cred = handler->createCredential("my_grid", my_id, my_authenticator);
-
- // test retrieval of credential components
- ensure_equals("basic credential creation: identifier", my_id, my_cred->getIdentifier());
- ensure_equals("basic credential creation: authenticator", my_authenticator, my_cred->getAuthenticator());
- ensure_equals("basic credential creation: grid", "my_grid", my_cred->getGrid());
-
- // test setting/overwriting of credential components
- my_id["first_name"] = "firstname";
- my_id.erase("username");
- my_authenticator.erase("creds");
- my_authenticator["hash"] = "6563245";
-
- my_cred->setCredentialData(my_id, my_authenticator);
- ensure_equals("set credential data: identifier", my_id, my_cred->getIdentifier());
- ensure_equals("set credential data: authenticator", my_authenticator, my_cred->getAuthenticator());
- ensure_equals("set credential data: grid", "my_grid", my_cred->getGrid());
-
- // test loading of a credential, that hasn't been saved, without
- // any legacy saved credential data
- LLPointer<LLCredential> my_new_cred = handler->loadCredential("my_grid2");
- ensure("unknown credential load test", my_new_cred->getIdentifier().isMap());
- ensure("unknown credential load test", !my_new_cred->getIdentifier().has("type"));
- ensure("unknown credential load test", my_new_cred->getAuthenticator().isMap());
- ensure("unknown credential load test", !my_new_cred->getAuthenticator().has("type"));
- // test saving of a credential
- handler->saveCredential(my_cred, true);
-
- // test loading of a known credential
- my_new_cred = handler->loadCredential("my_grid");
- ensure_equals("load a known credential: identifier", my_id, my_new_cred->getIdentifier());
- ensure_equals("load a known credential: authenticator",my_authenticator, my_new_cred->getAuthenticator());
- ensure_equals("load a known credential: grid", "my_grid", my_cred->getGrid());
-
- // test deletion of a credential
- handler->deleteCredential(my_new_cred);
-
- ensure("delete credential: identifier", my_new_cred->getIdentifier().isUndefined());
- ensure("delete credentialt: authenticator", my_new_cred->getIdentifier().isUndefined());
- ensure_equals("delete credential: grid", "my_grid", my_cred->getGrid());
- // load unknown cred
-
- my_new_cred = handler->loadCredential("my_grid");
- ensure("deleted credential load test", my_new_cred->getIdentifier().isMap());
- ensure("deleted credential load test", !my_new_cred->getIdentifier().has("type"));
- ensure("deleted credential load test", my_new_cred->getAuthenticator().isMap());
- ensure("deleted credential load test", !my_new_cred->getAuthenticator().has("type"));
-
- // test loading of an unknown credential with legacy saved username, but without
- // saved password
- gFirstName = "myfirstname";
- gLastName = "mylastname";
- my_new_cred = handler->loadCredential("my_legacy_grid");
- ensure_equals("legacy credential with no password: type",
- (const std::string)my_new_cred->getIdentifier()["type"], "agent");
- ensure_equals("legacy credential with no password: first_name",
- (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname");
- ensure_equals("legacy credential with no password: last_name",
- (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname");
-
- ensure("legacy credential with no password: no authenticator", my_new_cred->getAuthenticator().isUndefined());
-
- // test loading of an unknown credential with legacy saved password and username
-
- std::string hashed_password = "fSQcLG03eyIWJmkzfyYaKm81dSweLmsxeSAYKGE7fSQ=";
- int length = apr_base64_decode_len(hashed_password.c_str());
- std::vector<char> decoded_password(length);
- apr_base64_decode(&decoded_password[0], hashed_password.c_str());
- LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES);
- cipher.decrypt((U8*)&decoded_password[0], length);
- unsigned char unique_id[MAC_ADDRESS_BYTES];
- LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
- LLXORCipher cipher2(unique_id, sizeof(unique_id));
- cipher2.encrypt((U8*)&decoded_password[0], length);
- llofstream password_file("test_password.dat", std::ofstream::binary);
- password_file.write(&decoded_password[0], length);
- password_file.close();
-
- my_new_cred = handler->loadCredential("my_legacy_grid2");
- ensure_equals("legacy credential with password: type",
- (const std::string)my_new_cred->getIdentifier()["type"], "agent");
- ensure_equals("legacy credential with password: first_name",
- (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname");
- ensure_equals("legacy credential with password: last_name",
- (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname");
-
- LLSD legacy_authenticator = my_new_cred->getAuthenticator();
- ensure_equals("legacy credential with password: type",
- (std::string)legacy_authenticator["type"],
- "hash");
- ensure_equals("legacy credential with password: algorithm",
- (std::string)legacy_authenticator["algorithm"],
- "md5");
- ensure_equals("legacy credential with password: algorithm",
- (std::string)legacy_authenticator["secret"],
- "01234567890123456789012345678901");
-
- // test creation of credentials
- my_cred = handler->createCredential("mysavedgrid", my_id, my_authenticator);
- // test save without saving authenticator.
- handler->saveCredential(my_cred, false);
- my_new_cred = handler->loadCredential("mysavedgrid");
- ensure_equals("saved credential without auth",
- (const std::string)my_new_cred->getIdentifier()["type"], "test_type");
- ensure("no authenticator values were saved", my_new_cred->getAuthenticator().isUndefined());
- }
-
- // test cert vector
- template<> template<>
- void sechandler_basic_test_object::test<5>()
- {
- // validate create from empty vector
- LLPointer<LLBasicCertificateVector> test_vector = new LLBasicCertificateVector();
- ensure_equals("when loading with nothing, we should result in no certs in vector", test_vector->size(), 0);
-
- test_vector->add(new LLBasicCertificate(mPemTestCert, &mValidationDate));
- ensure_equals("one element in vector", test_vector->size(), 1);
- test_vector->add(new LLBasicCertificate(mPemChildCert, &mValidationDate));
- ensure_equals("two elements in vector after add", test_vector->size(), 2);
-
- // add duplicate; should be a no-op (and log at DEBUG level)
- test_vector->add(new LLBasicCertificate(mPemChildCert, &mValidationDate));
- ensure_equals("two elements in vector after re-add", test_vector->size(), 2);
-
- // validate order
- X509* test_cert = (*test_vector)[0]->getOpenSSLX509();
- ensure("first cert added remains first cert", !X509_cmp(test_cert, mX509TestCert));
- X509_free(test_cert);
-
- test_cert = (*test_vector)[1]->getOpenSSLX509();
- ensure("second cert is second cert", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
-
- //
- // validate iterator
- //
- LLBasicCertificateVector::iterator current_cert = test_vector->begin();
- LLBasicCertificateVector::iterator copy_current_cert = current_cert;
- // operator++(int)
- ensure("validate iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[0]);
- ensure("validate 2nd iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[1]);
- ensure("validate end iterator++", current_cert == test_vector->end());
-
- // copy
- ensure("validate copy iterator element in vector is expected cert", *copy_current_cert == (*test_vector)[0]);
-
- // operator--(int)
- current_cert--;
- ensure("validate iterator-- element in vector is expected cert", *current_cert-- == (*test_vector)[1]);
- ensure("validate iterator-- element in vector is expected cert", *current_cert == (*test_vector)[0]);
-
- ensure("begin iterator is equal", current_cert == test_vector->begin());
-
- // operator++
- ensure("validate ++iterator element in vector is expected cert", *++current_cert == (*test_vector)[1]);
- ensure("end of cert vector after ++iterator", ++current_cert == test_vector->end());
- // operator--
- ensure("validate --iterator element in vector is expected cert", *--current_cert == (*test_vector)[1]);
- ensure("validate 2nd --iterator element in vector is expected cert", *--current_cert == (*test_vector)[0]);
-
- test_vector->erase(test_vector->begin());
- ensure_equals("one element in store after remove", test_vector->size(), 1);
- test_cert = (*test_vector)[0]->getOpenSSLX509();
- ensure("Child cert remains", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
-
- // validate insert
- test_vector->insert(test_vector->begin(), new LLBasicCertificate(mPemIntermediateCert, &mValidationDate));
- test_cert = (*test_vector)[0]->getOpenSSLX509();
- ensure_equals("two elements in store after insert", test_vector->size(), 2);
- ensure("validate intermediate cert was inserted at first position", !X509_cmp(test_cert, mX509IntermediateCert));
- X509_free(test_cert);
- test_cert = (*test_vector)[1]->getOpenSSLX509();
- ensure("validate child cert still there", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
-
- //validate find
- LLSD find_info = LLSD::emptyMap();
- find_info["subjectKeyIdentifier"] = "bb:59:9f:de:6b:51:a7:6c:b3:6d:5b:8b:42:f7:b1:65:77:17:a4:e4";
- LLBasicCertificateVector::iterator found_cert = test_vector->find(find_info);
- ensure("found some cert", found_cert != test_vector->end());
- X509* found_x509 = (*found_cert).get()->getOpenSSLX509();
- ensure("child cert was found", !X509_cmp(found_x509, mX509ChildCert));
- X509_free(found_x509);
-
- find_info["subjectKeyIdentifier"] = "00:00:00:00"; // bogus
- current_cert =test_vector->find(find_info);
- ensure("didn't find cert", current_cert == test_vector->end());
- }
-
- // test cert store
- template<> template<>
- void sechandler_basic_test_object::test<6>()
- {
- // validate load with nothing
- LLFile::remove("mycertstore.pem");
- LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
- ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
-
- // validate load with empty file
- test_store->save();
- test_store = NULL;
- test_store = new LLBasicCertificateStore("mycertstore.pem");
- ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
- test_store=NULL;
-
- // instantiate a cert store from a file
- llofstream certstorefile("mycertstore.pem", std::ios::out);
- certstorefile << mPemChildCert << std::endl << mPemTestCert << std::endl;
- certstorefile.close();
- // validate loaded certs
- test_store = new LLBasicCertificateStore("mycertstore.pem");
- ensure_equals("two elements in store", test_store->size(), 2);
-
- // operator[]
- X509* test_cert = (*test_store)[0]->getOpenSSLX509();
-
- ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
- test_cert = (*test_store)[1]->getOpenSSLX509();
- ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));
- X509_free(test_cert);
-
-
- // validate save
- LLFile::remove("mycertstore.pem");
- test_store->save();
- test_store = NULL;
- test_store = new LLBasicCertificateStore("mycertstore.pem");
- ensure_equals("two elements in store after save", test_store->size(), 2);
- LLCertificateStore::iterator current_cert = test_store->begin();
- test_cert = (*current_cert)->getOpenSSLX509();
- ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
- current_cert++;
- X509_free(test_cert);
- test_cert = (*current_cert)->getOpenSSLX509();
- ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));
- X509_free(test_cert);
- current_cert++;
- ensure("end of cert store", current_cert == test_store->end());
-
- }
-
- // cert name wildcard matching
- template<> template<>
- void sechandler_basic_test_object::test<7>()
- {
- ensure("simple name match",
- _cert_hostname_wildcard_match("foo", "foo"));
-
- ensure("simple name match, with end period",
- _cert_hostname_wildcard_match("foo.", "foo."));
-
- ensure("simple name match, with begin period",
- _cert_hostname_wildcard_match(".foo", ".foo"));
-
- ensure("simple name match, with mismatched period cn",
- _cert_hostname_wildcard_match("foo.", "foo"));
-
- ensure("simple name match, with mismatched period hostname",
- _cert_hostname_wildcard_match("foo", "foo."));
-
- ensure("simple name match, with subdomain",
- _cert_hostname_wildcard_match("foo.bar", "foo.bar"));
-
- ensure("stutter name match",
- _cert_hostname_wildcard_match("foobbbbfoo", "foo*bbbfoo"));
-
- ensure("simple name match, with beginning wildcard",
- _cert_hostname_wildcard_match("foobar", "*bar"));
-
- ensure("simple name match, with ending wildcard",
- _cert_hostname_wildcard_match("foobar", "foo*"));
-
- ensure("simple name match, with beginning null wildcard",
- _cert_hostname_wildcard_match("foobar", "*foobar"));
-
- ensure("simple name match, with ending null wildcard",
- _cert_hostname_wildcard_match("foobar", "foobar*"));
-
- ensure("simple name match, with embedded wildcard",
- _cert_hostname_wildcard_match("foobar", "f*r"));
-
- ensure("simple name match, with embedded null wildcard",
- _cert_hostname_wildcard_match("foobar", "foo*bar"));
-
- ensure("simple name match, with dual embedded wildcard",
- _cert_hostname_wildcard_match("foobar", "f*o*ar"));
-
- ensure("simple name mismatch",
- !_cert_hostname_wildcard_match("bar", "foo"));
-
- ensure("simple name mismatch, with end period",
- !_cert_hostname_wildcard_match("foobar.", "foo."));
-
- ensure("simple name mismatch, with begin period",
- !_cert_hostname_wildcard_match(".foobar", ".foo"));
-
- ensure("simple name mismatch, with subdomain",
- !_cert_hostname_wildcard_match("foobar.bar", "foo.bar"));
-
- ensure("simple name mismatch, with beginning wildcard",
- !_cert_hostname_wildcard_match("foobara", "*bar"));
-
- ensure("simple name mismatch, with ending wildcard",
- !_cert_hostname_wildcard_match("oobar", "foo*"));
-
- ensure("simple name mismatch, with embedded wildcard",
- !_cert_hostname_wildcard_match("oobar", "f*r"));
-
- ensure("simple name mismatch, with dual embedded wildcard",
- !_cert_hostname_wildcard_match("foobar", "f*d*ar"));
-
- ensure("simple wildcard",
- _cert_hostname_wildcard_match("foobar", "*"));
-
- ensure("long domain",
- _cert_hostname_wildcard_match("foo.bar.com", "foo.bar.com"));
-
- ensure("long domain with multiple wildcards",
- _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com"));
-
- ensure("end periods",
- _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com."));
-
- ensure("match end period",
- _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com"));
-
- ensure("match end period2",
- _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com."));
-
- ensure("wildcard mismatch",
- !_cert_hostname_wildcard_match("bar.com", "*.bar.com"));
-
- ensure("wildcard match",
- _cert_hostname_wildcard_match("foo.bar.com", "*.bar.com"));
-
- ensure("wildcard match",
- _cert_hostname_wildcard_match("foo.foo.bar.com", "*.bar.com"));
-
- ensure("wildcard match",
- _cert_hostname_wildcard_match("foo.foo.bar.com", "*.*.com"));
-
- ensure("wildcard mismatch",
- !_cert_hostname_wildcard_match("foo.foo.bar.com", "*.foo.com"));
- }
-
- // test cert chain
- template<> template<>
- void sechandler_basic_test_object::test<8>()
- {
- // validate create from empty chain
- LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
- ensure_equals("when loading with nothing, we should result in no certs in chain", test_chain->size(), 0);
-
- // Single cert in the chain.
- X509_STORE_CTX *test_store = X509_STORE_CTX_new();
- X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
- X509_STORE_CTX_set0_untrusted(test_store, NULL);
- test_chain = new LLBasicCertificateChain(test_store);
- X509_STORE_CTX_free(test_store);
- ensure_equals("two elements in store", test_chain->size(), 1);
- X509* test_cert = (*test_chain)[0]->getOpenSSLX509();
- ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
-
- // cert + CA
-
- test_store = X509_STORE_CTX_new();
- X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
- X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
- sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
- test_chain = new LLBasicCertificateChain(test_store);
- X509_STORE_CTX_free(test_store);
- ensure_equals("two elements in store", test_chain->size(), 2);
- test_cert = (*test_chain)[0]->getOpenSSLX509();
- ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
- test_cert = (*test_chain)[1]->getOpenSSLX509();
- ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
- X509_free(test_cert);
-
- // cert + nonrelated
-
- test_store = X509_STORE_CTX_new();
- X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
- X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
- sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
- test_chain = new LLBasicCertificateChain(test_store);
- X509_STORE_CTX_free(test_store);
- ensure_equals("two elements in store", test_chain->size(), 1);
- test_cert = (*test_chain)[0]->getOpenSSLX509();
- ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
-
- // cert + CA + nonrelated
- test_store = X509_STORE_CTX_new();
- X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
- X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
- sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
- sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
- test_chain = new LLBasicCertificateChain(test_store);
- X509_STORE_CTX_free(test_store);
- ensure_equals("two elements in store", test_chain->size(), 2);
- test_cert = (*test_chain)[0]->getOpenSSLX509();
- ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
- test_cert = (*test_chain)[1]->getOpenSSLX509();
- ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
- X509_free(test_cert);
-
- // cert + intermediate + CA
- test_store = X509_STORE_CTX_new();
- X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
- X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
- sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
- sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert);
- test_chain = new LLBasicCertificateChain(test_store);
- X509_STORE_CTX_free(test_store);
- ensure_equals("three elements in store", test_chain->size(), 3);
- test_cert = (*test_chain)[0]->getOpenSSLX509();
- ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
- X509_free(test_cert);
- test_cert = (*test_chain)[1]->getOpenSSLX509();
- ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
- X509_free(test_cert);
-
- test_cert = (*test_chain)[2]->getOpenSSLX509();
- ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509RootCert));
- X509_free(test_cert);
- }
-
- // test cert validation
- template<> template<>
- void sechandler_basic_test_object::test<9>()
- {
- // start with a trusted store with our known root cert
- LLFile::remove("mycertstore.pem");
- LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
- test_store->add(new LLBasicCertificate(mX509RootCert, &mValidationDate));
- LLSD validation_params;
-
- // validate basic trust for a chain containing only the intermediate cert. (1 deep)
- LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
-
- test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
-
- test_store->validate(0, test_chain, validation_params);
-
- // add the root certificate to the chain and revalidate
- test_chain->add(new LLBasicCertificate(mX509RootCert, &mValidationDate));
- test_store->validate(0, test_chain, validation_params);
-
- // add the child cert at the head of the chain, and revalidate (3 deep chain)
- test_chain->insert(test_chain->begin(), new LLBasicCertificate(mX509ChildCert, &mValidationDate));
- test_store->validate(0, test_chain, validation_params);
-
- // basic failure cases
- test_chain = new LLBasicCertificateChain(NULL);
- //validate with only the child cert in chain, but child cert was previously
- // trusted
- test_chain->add(new LLBasicCertificate(mX509ChildCert, &mValidationDate));
-
- // validate without the trust flag.
- test_store->validate(VALIDATION_POLICY_TRUSTED, test_chain, validation_params);
-
- // Validate with child cert but no parent, and no parent in CA store
- test_store = new LLBasicCertificateStore("mycertstore.pem");
- ensure_throws("no CA, with only a child cert",
- LLCertValidationTrustException,
- (*test_chain)[0],
- test_store->validate,
- VALIDATION_POLICY_TRUSTED,
- test_chain,
- validation_params);
-
-
- // validate without the trust flag.
- test_store->validate(0, test_chain, validation_params);
-
- // clear out the store
- test_store = new LLBasicCertificateStore("mycertstore.pem");
- // append the intermediate cert
- test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
- ensure_throws("no CA, with child and intermediate certs",
- LLCertValidationTrustException,
- (*test_chain)[1],
- test_store->validate,
- VALIDATION_POLICY_TRUSTED | VALIDATION_POLICY_TRUSTED,
- test_chain,
- validation_params);
- // validate without the trust flag
- test_store->validate(0, test_chain, validation_params);
-
- // Test time validity
- LLSD child_info;
- ((*test_chain)[0])->getLLSD(child_info);
- validation_params = LLSD::emptyMap();
- validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() + 1.0);
- test_store->validate(VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
- test_chain, validation_params);
-
- validation_params = LLSD::emptyMap();
- validation_params[CERT_VALIDATION_DATE] = child_info[CERT_VALID_FROM].asDate();
-
- validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() - 1.0);
-
- // test not yet valid
- ensure_throws("Child cert not yet valid" ,
- LLCertValidationExpirationException,
- (*test_chain)[0],
- test_store->validate,
- VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
- test_chain,
- validation_params);
- validation_params = LLSD::emptyMap();
- validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_TO].asDate().secondsSinceEpoch() + 1.0);
-
- // test cert expired
- ensure_throws("Child cert expired",
- LLCertValidationExpirationException,
- (*test_chain)[0],
- test_store->validate,
- VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
- test_chain,
- validation_params);
-
- // test SSL KU
- // validate basic trust for a chain containing child and intermediate.
- test_chain = new LLBasicCertificateChain(NULL);
- test_chain->add(new LLBasicCertificate(mX509ChildCert, &mValidationDate));
- test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
- test_store->validate(VALIDATION_POLICY_SSL_KU | VALIDATION_POLICY_TRUSTED,
- test_chain, validation_params);
-
- test_chain = new LLBasicCertificateChain(NULL);
- test_chain->add(new LLBasicCertificate(mX509TestCert, &mValidationDate));
-
- test_store = new LLBasicCertificateStore("mycertstore.pem");
- ensure_throws("Cert doesn't have ku",
- LLCertKeyUsageValidationException,
- (*test_chain)[0],
- test_store->validate,
- VALIDATION_POLICY_SSL_KU | VALIDATION_POLICY_TRUSTED,
- test_chain,
- validation_params);
-
- test_store->validate(0, test_chain, validation_params);
- }
-
-};
-
+/**
+ * @file llsechandler_basic_test.cpp
+ * @author Roxie
+ * @date 2009-02-10
+ * @brief Test the 'basic' sec handler functions
+ *
+ * $LicenseInfo:firstyear=2005&license=viewerlgpl$
+ * Second Life Viewer Source Code
+ * Copyright (C) 2010, Linden Research, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License only.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA
+ * $/LicenseInfo$
+ */
+#include "../llviewerprecompiledheaders.h"
+#include "../test/lltut.h"
+#include "../llsecapi.h"
+#include "../llsechandler_basic.h"
+#include "../../llxml/llcontrol.h"
+#include "../llviewernetwork.h"
+#include "lluuid.h"
+#include "lldate.h"
+#include "llxorcipher.h"
+#include "apr_base64.h"
+#include <vector>
+#include <ios>
+#include <llsdserialize.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include "llxorcipher.h"
+#include <openssl/ossl_typ.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/asn1.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include "../llmachineid.h"
+
+#define ensure_throws(str, exc_type, cert, func, ...) \
+try \
+{ \
+func(__VA_ARGS__); \
+fail("throws, " str); \
+} \
+catch(exc_type& except) \
+{ \
+LLSD cert_data; \
+cert->getLLSD(cert_data); \
+ensure("Exception cert is incorrect for " str, valueCompareLLSD(except.getCertData(), cert_data)); \
+}
+
+extern bool _cert_hostname_wildcard_match(const std::string& hostname, const std::string& wildcard_string);
+
+//----------------------------------------------------------------------------
+// Mock objects for the dependencies of the code we're testing
+
+std::string gFirstName;
+std::string gLastName;
+LLControlGroup::LLControlGroup(const std::string& name)
+: LLInstanceTracker<LLControlGroup, std::string>(name) {}
+LLControlGroup::~LLControlGroup() {}
+LLControlVariable* LLControlGroup::declareString(const std::string& name,
+ const std::string& initial_val,
+ const std::string& comment,
+ LLControlVariable::ePersist persist) {return NULL;}
+void LLControlGroup::setString(std::string_view name, const std::string& val){}
+std::string LLControlGroup::getString(std::string_view name)
+{
+
+ if (name == "FirstName")
+ return gFirstName;
+ else if (name == "LastName")
+ return gLastName;
+ return "";
+}
+
+// Stub for --no-verify-ssl-cert
+bool LLControlGroup::getBOOL(std::string_view name) { return false; }
+
+LLSD LLCredential::getLoginParams()
+{
+ LLSD result = LLSD::emptyMap();
+
+ // legacy credential
+ result["passwd"] = "$1$testpasssd";
+ result["first"] = "myfirst";
+ result["last"] ="mylast";
+ return result;
+}
+
+void LLCredential::identifierType(std::string &idType)
+{
+}
+
+void LLCredential::authenticatorType(std::string &idType)
+{
+}
+
+
+LLControlGroup gSavedSettings("test");
+unsigned char gMACAddress[MAC_ADDRESS_BYTES] = {77,21,46,31,89,2};
+
+
+S32 LLMachineID::getUniqueID(unsigned char *unique_id, size_t len)
+{
+ memcpy(unique_id, gMACAddress, len);
+ return 1;
+}
+S32 LLMachineID::getLegacyID(unsigned char *unique_id, size_t len)
+{
+ return 0;
+}
+S32 LLMachineID::init() { return 1; }
+
+
+LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg)
+ : LLException(msg),
+ mCertData(cert_data)
+{
+ LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
+}
+
+
+// -------------------------------------------------------------------------------------------
+// TUT
+// -------------------------------------------------------------------------------------------
+namespace tut
+{
+ const std::string mPemTestCert(
+ "Certificate:\n"
+ " Data:\n"
+ " Version: 3 (0x2)\n"
+ " Serial Number:\n"
+ " 04:00:00:00:00:01:15:4b:5a:c3:94\n"
+ " Signature Algorithm: sha1WithRSAEncryption\n"
+ " Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA\n"
+ " Validity\n"
+ " Not Before: Sep 1 12:00:00 1998 GMT\n"
+ " Not After : Jan 28 12:00:00 2028 GMT\n"
+ " Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA\n"
+ " Subject Public Key Info:\n"
+ " Public Key Algorithm: rsaEncryption\n"
+ " Public-Key: (2048 bit)\n"
+ " Modulus:\n"
+ " 00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:\n"
+ " 83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:\n"
+ " 63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:\n"
+ " 8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:\n"
+ " 70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:\n"
+ " 15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:\n"
+ " 6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:\n"
+ " 89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:\n"
+ " 54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:\n"
+ " 92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:\n"
+ " 75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:\n"
+ " c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:\n"
+ " bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:\n"
+ " ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:\n"
+ " 63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:\n"
+ " 48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:\n"
+ " 07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:\n"
+ " 90:cf\n"
+ " Exponent: 65537 (0x10001)\n"
+ " X509v3 extensions:\n"
+ " X509v3 Key Usage: critical\n"
+ " Certificate Sign, CRL Sign\n"
+ " X509v3 Basic Constraints: critical\n"
+ " CA:TRUE\n"
+ " X509v3 Subject Key Identifier: \n"
+ " 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B\n"
+ " Signature Algorithm: sha1WithRSAEncryption\n"
+ " d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28:32:b5:\n"
+ " 7c:fc:6c:9c:2c:2b:bd:09:9e:53:bf:6b:5e:aa:11:48:b6:e5:\n"
+ " 08:a3:b3:ca:3d:61:4d:d3:46:09:b3:3e:c3:a0:e3:63:55:1b:\n"
+ " f2:ba:ef:ad:39:e1:43:b9:38:a3:e6:2f:8a:26:3b:ef:a0:50:\n"
+ " 56:f9:c6:0a:fd:38:cd:c4:0b:70:51:94:97:98:04:df:c3:5f:\n"
+ " 94:d5:15:c9:14:41:9c:c4:5d:75:64:15:0d:ff:55:30:ec:86:\n"
+ " 8f:ff:0d:ef:2c:b9:63:46:f6:aa:fc:df:bc:69:fd:2e:12:48:\n"
+ " 64:9a:e0:95:f0:a6:ef:29:8f:01:b1:15:b5:0c:1d:a5:fe:69:\n"
+ " 2c:69:24:78:1e:b3:a7:1c:71:62:ee:ca:c8:97:ac:17:5d:8a:\n"
+ " c2:f8:47:86:6e:2a:c4:56:31:95:d0:67:89:85:2b:f9:6c:a6:\n"
+ " 5d:46:9d:0c:aa:82:e4:99:51:dd:70:b7:db:56:3d:61:e4:6a:\n"
+ " e1:5c:d6:f6:fe:3d:de:41:cc:07:ae:63:52:bf:53:53:f4:2b:\n"
+ " e9:c7:fd:b6:f7:82:5f:85:d2:41:18:db:81:b3:04:1c:c5:1f:\n"
+ " a4:80:6f:15:20:c9:de:0c:88:0a:1d:d6:66:55:e2:fc:48:c9:\n"
+ " 29:26:69:e0\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n"
+ "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n"
+ "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n"
+ "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n"
+ "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n"
+ "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n"
+ "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n"
+ "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n"
+ "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n"
+ "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n"
+ "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n"
+ "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n"
+ "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n"
+ "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n"
+ "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n"
+ "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n"
+ "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n"
+ "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
+ "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
+ "-----END CERTIFICATE-----\n"
+ );
+
+ /*
+ * The following certificates were generated using the instructions at
+ * https://jamielinux.com/docs/openssl-certificate-authority/sign-server-and-client-certificates.html
+ * with the exception that the server certificate has a longer expiration time, and the full text
+ * expansion was included in the certificates.
+ */
+ const std::string mPemRootCert(
+ "Certificate:\n"
+ " Data:\n"
+ " Version: 3 (0x2)\n"
+ " Serial Number:\n"
+ " 82:2f:8f:eb:8d:06:24:b0\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " Issuer: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
+ " Validity\n"
+ " Not Before: May 22 22:19:45 2018 GMT\n"
+ " Not After : May 17 22:19:45 2038 GMT\n"
+ " Subject: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
+ " Subject Public Key Info:\n"
+ " Public Key Algorithm: rsaEncryption\n"
+ " Public-Key: (4096 bit)\n"
+ " Modulus:\n"
+ " 00:bd:e0:79:dd:3b:a6:ac:87:d0:39:f0:58:c7:a4:\n"
+ " 42:42:f6:5f:93:b0:36:04:b5:e2:d5:f7:2a:c0:6c:\n"
+ " a0:13:d2:1e:02:81:57:02:50:4c:57:b7:ef:27:9e:\n"
+ " f6:f1:f1:30:30:72:1e:57:34:e5:3f:82:3c:21:c4:\n"
+ " 66:d2:73:63:6c:91:e6:dd:49:9e:9c:b1:34:6a:81:\n"
+ " 45:a1:6e:c4:50:28:f2:d8:e3:fe:80:2f:83:aa:28:\n"
+ " 91:b4:8c:57:c9:f1:16:d9:0c:87:3c:25:80:a0:81:\n"
+ " 8d:71:f2:96:e2:16:f1:97:c4:b0:d8:53:bb:13:6c:\n"
+ " 73:54:2f:29:94:85:cf:86:6e:75:71:ad:39:e3:fc:\n"
+ " 39:12:53:93:1c:ce:39:e0:33:da:49:b7:3d:af:b0:\n"
+ " 37:ce:77:09:03:27:32:70:c0:9c:7f:9c:89:ce:90:\n"
+ " 45:b0:7d:94:8b:ff:13:27:ba:88:7f:ae:c4:aa:73:\n"
+ " d5:47:b8:87:69:89:80:0c:c1:22:18:78:c2:0d:47:\n"
+ " d9:10:ff:80:79:0d:46:71:ec:d9:ba:c9:f3:77:fd:\n"
+ " 92:6d:1f:0f:d9:54:18:6d:f6:72:24:5c:5c:3d:43:\n"
+ " 49:35:3e:1c:28:de:7e:44:dc:29:c3:9f:62:04:46:\n"
+ " aa:c4:e6:69:6a:15:f8:e3:74:1c:14:e9:f4:97:7c:\n"
+ " 30:6c:d4:28:fc:2a:0e:1d:6d:39:2e:1d:f9:17:43:\n"
+ " 35:5d:23:e7:ba:e3:a8:e9:97:6b:3c:3e:23:ef:d8:\n"
+ " bc:fb:7a:57:37:39:93:59:03:fc:78:ca:b1:31:ef:\n"
+ " 26:19:ed:56:e1:63:c3:ad:99:80:5b:47:b5:03:35:\n"
+ " 5f:fe:6a:a6:21:63:ec:50:fb:4e:c9:f9:ae:a5:66:\n"
+ " d0:55:33:8d:e6:c5:50:5a:c6:8f:5c:34:45:a7:72:\n"
+ " da:50:f6:66:4c:19:f5:d1:e4:fb:11:8b:a1:b5:4e:\n"
+ " 09:43:81:3d:39:28:86:3b:fe:07:28:97:02:b5:3a:\n"
+ " 07:5f:4a:20:80:1a:7d:a4:8c:f7:6c:f6:c5:9b:f6:\n"
+ " 61:e5:c7:b0:c3:d5:58:38:7b:bb:47:1e:34:d6:16:\n"
+ " 55:c5:d2:6c:b0:93:77:b1:90:69:06:b1:53:cb:1b:\n"
+ " 84:71:cf:b8:87:1b:1e:44:35:b4:2b:bb:04:59:58:\n"
+ " 0b:e8:93:d8:ae:21:9b:b1:1c:89:30:ae:11:80:77:\n"
+ " cc:16:f3:d6:35:ed:a1:b3:70:b3:4f:cd:a1:56:99:\n"
+ " ee:0e:c0:00:a4:09:70:c3:5b:0b:be:a1:07:18:dd:\n"
+ " c6:f4:6d:8b:58:bc:f9:bb:4b:01:2c:f6:cc:2c:9b:\n"
+ " 87:0e:b1:4f:9c:10:be:fc:45:e2:a4:ec:7e:fc:ff:\n"
+ " 45:b8:53\n"
+ " Exponent: 65537 (0x10001)\n"
+ " X509v3 extensions:\n"
+ " X509v3 Subject Key Identifier: \n"
+ " 8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
+ " X509v3 Authority Key Identifier: \n"
+ " keyid:8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
+ "\n"
+ " X509v3 Basic Constraints: critical\n"
+ " CA:TRUE\n"
+ " X509v3 Key Usage: critical\n"
+ " Digital Signature, Certificate Sign, CRL Sign\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " b3:cb:33:eb:0e:02:64:f4:55:9a:3d:03:9a:cf:6a:4c:18:43:\n"
+ " f7:42:cb:65:dc:61:52:e5:9f:2f:42:97:3c:93:16:22:d4:af:\n"
+ " ae:b2:0f:c3:9b:ef:e0:cc:ee:b6:b1:69:a3:d8:da:26:c3:ad:\n"
+ " 3b:c5:64:dc:9f:d4:c2:53:4b:91:6d:c4:92:09:0b:ac:f0:99:\n"
+ " be:6f:b9:3c:03:4a:6d:9f:01:5d:ec:5a:9a:f3:a7:e5:3b:2c:\n"
+ " 99:57:7d:7e:25:15:68:20:12:30:96:16:86:f5:db:74:90:60:\n"
+ " fe:8b:df:99:f6:f7:62:49:9f:bc:8d:45:23:0a:c8:73:b8:79:\n"
+ " 80:3c:b9:e5:72:85:4b:b3:81:66:74:a2:72:92:4c:44:fd:7b:\n"
+ " 46:2e:21:a2:a9:81:a2:f3:26:4d:e3:89:7d:78:b0:c6:6f:b5:\n"
+ " 87:cb:ee:25:ed:27:1f:75:13:fa:6d:e9:37:73:ad:07:bb:af:\n"
+ " d3:6c:87:ea:02:01:70:bd:53:aa:ce:39:2c:d4:66:39:33:aa:\n"
+ " d1:9c:ee:67:e3:a9:45:d2:7b:2e:54:09:af:70:5f:3f:5a:67:\n"
+ " 2e:6c:72:ef:e0:9d:92:28:4a:df:ba:0b:b7:23:ca:5b:04:11:\n"
+ " 45:d1:51:e9:ea:c9:ec:54:fa:34:46:ae:fc:dc:6c:f8:1e:2c:\n"
+ " 9e:f4:71:51:8d:b5:a1:26:9a:13:30:be:1e:41:25:59:58:05:\n"
+ " 2c:64:c8:f9:5e:38:ae:dc:93:b0:8a:d6:38:74:02:cb:ce:ce:\n"
+ " 95:31:76:f6:7c:bf:a4:a1:8e:27:fd:ca:74:82:d1:e1:4d:b6:\n"
+ " 48:51:fa:c5:17:59:22:a3:84:be:82:c8:83:ec:61:a0:f4:ee:\n"
+ " 2c:e3:a3:ea:e5:51:c9:d3:4f:db:85:bd:ba:7a:52:14:b6:03:\n"
+ " ed:43:17:d8:d7:1c:22:5e:c9:56:d9:d6:81:96:11:e3:5e:01:\n"
+ " 40:91:30:09:da:a3:5f:d3:27:60:e5:9d:6c:da:d0:f0:39:01:\n"
+ " 23:4a:a6:15:7a:4a:82:eb:ec:72:4a:1d:36:dc:6f:83:c4:85:\n"
+ " 84:b5:8d:cd:09:e5:12:63:f3:21:56:c8:64:6b:db:b8:cf:d4:\n"
+ " df:ca:a8:24:8e:df:8d:63:a5:96:84:bf:ff:8b:7e:46:7a:f0:\n"
+ " c7:73:7c:70:8a:f5:17:d0:ac:c8:89:1e:d7:89:42:0f:4d:66:\n"
+ " c4:d8:bb:36:a8:ae:ca:e1:cf:e2:88:f6:cf:b0:44:4a:5f:81:\n"
+ " 50:4b:d6:28:81:cd:6c:f0:ec:e6:09:08:f2:59:91:a2:69:ac:\n"
+ " c7:81:fa:ab:61:3e:db:6f:f6:7f:db:1a:9e:b9:5d:cc:cc:33:\n"
+ " fa:95:c6:f7:8d:4b:30:f3\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXDCCBESgAwIBAgIJAIIvj+uNBiSwMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD\n"
+ "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j\n"
+ "aXNjbzETMBEGA1UECgwKTGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25kIExpZmUg\n"
+ "RW5naW5lZXJpbmcxITAfBgNVBAMMGEludGVncmF0aW9uIFRlc3QgUm9vdCBDQTEk\n"
+ "MCIGCSqGSIb3DQEJARYVbm9yZXBseUBsaW5kZW5sYWIuY29tMB4XDTE4MDUyMjIy\n"
+ "MTk0NVoXDTM4MDUxNzIyMTk0NVowgboxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD\n"
+ "YWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApMaW5k\n"
+ "ZW4gTGFiMSAwHgYDVQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVlcmluZzEhMB8GA1UE\n"
+ "AwwYSW50ZWdyYXRpb24gVGVzdCBSb290IENBMSQwIgYJKoZIhvcNAQkBFhVub3Jl\n"
+ "cGx5QGxpbmRlbmxhYi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n"
+ "AQC94HndO6ash9A58FjHpEJC9l+TsDYEteLV9yrAbKAT0h4CgVcCUExXt+8nnvbx\n"
+ "8TAwch5XNOU/gjwhxGbSc2NskebdSZ6csTRqgUWhbsRQKPLY4/6AL4OqKJG0jFfJ\n"
+ "8RbZDIc8JYCggY1x8pbiFvGXxLDYU7sTbHNULymUhc+GbnVxrTnj/DkSU5Mczjng\n"
+ "M9pJtz2vsDfOdwkDJzJwwJx/nInOkEWwfZSL/xMnuoh/rsSqc9VHuIdpiYAMwSIY\n"
+ "eMINR9kQ/4B5DUZx7Nm6yfN3/ZJtHw/ZVBht9nIkXFw9Q0k1Phwo3n5E3CnDn2IE\n"
+ "RqrE5mlqFfjjdBwU6fSXfDBs1Cj8Kg4dbTkuHfkXQzVdI+e646jpl2s8PiPv2Lz7\n"
+ "elc3OZNZA/x4yrEx7yYZ7VbhY8OtmYBbR7UDNV/+aqYhY+xQ+07J+a6lZtBVM43m\n"
+ "xVBaxo9cNEWnctpQ9mZMGfXR5PsRi6G1TglDgT05KIY7/gcolwK1OgdfSiCAGn2k\n"
+ "jPds9sWb9mHlx7DD1Vg4e7tHHjTWFlXF0mywk3exkGkGsVPLG4Rxz7iHGx5ENbQr\n"
+ "uwRZWAvok9iuIZuxHIkwrhGAd8wW89Y17aGzcLNPzaFWme4OwACkCXDDWwu+oQcY\n"
+ "3cb0bYtYvPm7SwEs9swsm4cOsU+cEL78ReKk7H78/0W4UwIDAQABo2MwYTAdBgNV\n"
+ "HQ4EFgQUiiLGnC4R80AMzoIMIln/+H/QuRMwHwYDVR0jBBgwFoAUiiLGnC4R80AM\n"
+ "zoIMIln/+H/QuRMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJ\n"
+ "KoZIhvcNAQELBQADggIBALPLM+sOAmT0VZo9A5rPakwYQ/dCy2XcYVLlny9ClzyT\n"
+ "FiLUr66yD8Ob7+DM7raxaaPY2ibDrTvFZNyf1MJTS5FtxJIJC6zwmb5vuTwDSm2f\n"
+ "AV3sWprzp+U7LJlXfX4lFWggEjCWFob123SQYP6L35n292JJn7yNRSMKyHO4eYA8\n"
+ "ueVyhUuzgWZ0onKSTET9e0YuIaKpgaLzJk3jiX14sMZvtYfL7iXtJx91E/pt6Tdz\n"
+ "rQe7r9Nsh+oCAXC9U6rOOSzUZjkzqtGc7mfjqUXSey5UCa9wXz9aZy5scu/gnZIo\n"
+ "St+6C7cjylsEEUXRUenqyexU+jRGrvzcbPgeLJ70cVGNtaEmmhMwvh5BJVlYBSxk\n"
+ "yPleOK7ck7CK1jh0AsvOzpUxdvZ8v6Shjif9ynSC0eFNtkhR+sUXWSKjhL6CyIPs\n"
+ "YaD07izjo+rlUcnTT9uFvbp6UhS2A+1DF9jXHCJeyVbZ1oGWEeNeAUCRMAnao1/T\n"
+ "J2DlnWza0PA5ASNKphV6SoLr7HJKHTbcb4PEhYS1jc0J5RJj8yFWyGRr27jP1N/K\n"
+ "qCSO341jpZaEv/+LfkZ68MdzfHCK9RfQrMiJHteJQg9NZsTYuzaorsrhz+KI9s+w\n"
+ "REpfgVBL1iiBzWzw7OYJCPJZkaJprMeB+qthPttv9n/bGp65XczMM/qVxveNSzDz\n"
+ "-----END CERTIFICATE-----\n"
+ );
+
+ const std::string mPemIntermediateCert(
+ "Certificate:\n"
+ " Data:\n"
+ " Version: 3 (0x2)\n"
+ " Serial Number: 4096 (0x1000)\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " Issuer: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
+ " Validity\n"
+ " Not Before: May 22 22:39:08 2018 GMT\n"
+ " Not After : May 19 22:39:08 2028 GMT\n"
+ " Subject: C=US, ST=California, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Intermediate CA/emailAddress=noreply@lindenlab.com\n"
+ " Subject Public Key Info:\n"
+ " Public Key Algorithm: rsaEncryption\n"
+ " Public-Key: (4096 bit)\n"
+ " Modulus:\n"
+ " 00:ce:a3:70:e2:c4:fb:4b:97:90:a1:30:bb:c1:1b:\n"
+ " 13:b9:aa:7e:46:17:a3:26:8d:69:3f:5e:73:95:e8:\n"
+ " 6a:b1:0a:b4:8f:50:65:e3:c6:5c:39:24:34:df:0b:\n"
+ " b7:cc:ce:62:0c:36:5a:12:2c:fe:35:4c:e9:1c:ac:\n"
+ " 80:5e:24:99:d7:aa:bd:be:48:c0:62:64:77:36:88:\n"
+ " 66:ce:f4:a8:dd:d2:76:24:62:90:55:41:fc:1d:13:\n"
+ " 4e:a7:4e:57:bc:a8:a4:59:4b:2c:5a:1c:d8:cc:16:\n"
+ " de:e8:88:30:c9:95:df:2f:a6:14:28:0f:eb:34:46:\n"
+ " 12:58:ba:da:0e:e6:de:9c:15:f6:f4:e3:9f:74:aa:\n"
+ " 70:89:79:8b:e9:5a:7b:18:54:15:94:3a:23:0a:65:\n"
+ " 78:05:d9:33:90:2a:ce:15:18:0d:52:fc:5c:31:65:\n"
+ " 20:d0:12:37:8c:11:80:ba:d4:b0:82:73:00:4b:49:\n"
+ " be:cb:d6:bc:e7:cd:61:f3:00:98:99:74:5a:37:81:\n"
+ " 49:96:7e:14:01:1b:86:d2:d0:06:94:40:63:63:46:\n"
+ " 11:fc:33:5c:bd:3a:5e:d4:e5:44:47:64:50:bd:a6:\n"
+ " 97:55:70:64:9b:26:cc:de:20:82:90:6a:83:41:9c:\n"
+ " 6f:71:47:14:be:cb:68:7c:85:be:ef:2e:76:12:19:\n"
+ " d3:c9:87:32:b4:ac:60:20:16:28:2d:af:bc:e8:01:\n"
+ " c6:7f:fb:d8:11:d5:f4:b7:14:bd:27:08:5b:72:be:\n"
+ " 09:e0:91:c8:9c:7b:b4:b3:12:ef:32:36:be:b1:b9:\n"
+ " a2:b7:e3:69:47:30:76:ba:9c:9b:19:99:4d:53:dd:\n"
+ " 5c:e8:2c:f1:b2:64:69:cf:15:bd:f8:bb:58:95:73:\n"
+ " 58:38:95:b4:7a:cf:84:29:a6:c2:db:f0:bd:ef:97:\n"
+ " 26:d4:99:ac:d7:c7:be:b0:0d:11:f4:26:86:2d:77:\n"
+ " 42:52:25:d7:56:c7:e3:97:b1:36:5c:97:71:d0:9b:\n"
+ " f5:b5:50:8d:f9:ff:fb:10:77:3c:b5:53:6d:a1:43:\n"
+ " 35:a9:03:32:05:ab:d7:f5:d1:19:bd:5f:92:a3:00:\n"
+ " 2a:79:37:a4:76:4f:e9:32:0d:e4:86:bb:ea:c3:1a:\n"
+ " c5:33:e8:16:d4:a5:d8:e0:e8:bb:c2:f0:22:15:e2:\n"
+ " d9:8c:ae:ac:7d:2b:bf:eb:a3:4c:3b:29:1d:94:ac:\n"
+ " a3:bb:6d:ba:6d:03:91:03:cf:46:12:c4:66:21:c5:\n"
+ " c6:67:d8:11:19:79:01:0e:6e:84:1c:76:6f:11:3d:\n"
+ " eb:94:89:c5:6a:26:1f:cd:e0:11:8b:51:ee:99:35:\n"
+ " 69:e5:7f:0b:77:2a:94:e4:4b:64:b9:83:04:30:05:\n"
+ " e4:a2:e3\n"
+ " Exponent: 65537 (0x10001)\n"
+ " X509v3 extensions:\n"
+ " X509v3 Subject Key Identifier: \n"
+ " 83:21:DE:EC:C0:79:03:6D:1E:83:F3:E5:97:29:D5:5A:C0:96:40:FA\n"
+ " X509v3 Authority Key Identifier: \n"
+ " keyid:8A:22:C6:9C:2E:11:F3:40:0C:CE:82:0C:22:59:FF:F8:7F:D0:B9:13\n"
+ "\n"
+ " X509v3 Basic Constraints: critical\n"
+ " CA:TRUE, pathlen:0\n"
+ " X509v3 Key Usage: critical\n"
+ " Digital Signature, Certificate Sign, CRL Sign\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " a3:6c:85:9a:2e:4e:7e:5d:83:63:0f:f5:4f:a9:7d:ec:0e:6f:\n"
+ " ae:d7:ba:df:64:e0:46:0e:3d:da:18:15:2c:f3:73:ca:81:b1:\n"
+ " 10:d9:53:14:21:7d:72:5c:94:88:a5:9d:ad:ab:45:42:c6:64:\n"
+ " a9:d9:2e:4e:29:47:2c:b1:95:07:b7:62:48:68:1f:68:13:1c:\n"
+ " d2:a0:fb:5e:38:24:4a:82:0a:87:c9:93:20:43:7e:e9:f9:79:\n"
+ " ef:03:a2:bd:9e:24:6b:0a:01:5e:4a:36:c5:7d:7a:fe:d6:aa:\n"
+ " 2f:c2:8c:38:8a:99:3c:b0:6a:e5:60:be:56:d6:eb:60:03:55:\n"
+ " 24:42:a0:1a:fa:91:24:a3:53:15:75:5d:c8:eb:7c:1e:68:5a:\n"
+ " 7e:13:34:e3:85:37:1c:76:3f:77:67:1b:ed:1b:52:17:fc:4a:\n"
+ " a3:e2:74:84:80:2c:69:fc:dd:7d:26:97:c4:2a:69:7d:9c:dc:\n"
+ " 61:97:70:29:a7:3f:2b:5b:2b:22:51:fd:fe:6a:5d:f9:e7:14:\n"
+ " 48:b7:2d:c8:33:58:fc:f2:5f:27:f7:26:16:be:be:b5:aa:a2:\n"
+ " 64:53:3c:69:e8:b5:61:eb:ab:91:a5:b4:09:9b:f6:98:b8:5c:\n"
+ " 5b:24:2f:93:f5:2b:9c:8c:58:fb:26:3f:67:53:d7:42:64:e8:\n"
+ " 79:77:73:41:4e:e3:02:39:0b:b6:68:97:8b:84:e8:1d:83:a8:\n"
+ " 15:f1:06:46:47:80:42:5e:14:e2:61:8a:76:84:d5:d4:71:7f:\n"
+ " 4e:ff:d9:74:87:ff:32:c5:87:20:0a:d4:59:40:3e:d8:17:ef:\n"
+ " da:65:e9:0a:51:fe:1e:c3:46:91:d2:ee:e4:23:57:97:87:d4:\n"
+ " a6:a5:eb:ef:81:6a:d8:8c:d6:1f:8e:b1:18:4c:6b:89:32:55:\n"
+ " 53:68:26:9e:bb:03:be:2c:e9:8b:ff:97:9c:1c:ac:28:c3:9f:\n"
+ " 0b:b7:93:23:24:31:63:e4:19:13:f2:bb:08:71:b7:c5:c5:c4:\n"
+ " 10:ff:dc:fc:33:54:a4:5e:ec:a3:fe:0a:80:ca:9c:bc:95:6f:\n"
+ " 5f:39:91:3b:61:69:16:94:0f:57:4b:fc:4b:b1:be:72:98:5d:\n"
+ " 10:f9:08:a7:d6:e0:e8:3d:5d:54:7d:fa:4b:6a:dd:98:41:ed:\n"
+ " 84:a1:39:67:5c:6c:7f:0c:b0:e1:98:c1:14:ed:fe:1e:e8:05:\n"
+ " 8d:7f:6a:24:cb:1b:05:42:0d:7f:13:ba:ca:b5:91:db:a5:f0:\n"
+ " 40:2b:70:7a:2a:a5:5d:ed:56:0c:f0:c2:72:ee:63:dd:cb:5d:\n"
+ " 76:f6:08:e6:e6:30:ef:3a:b2:16:34:41:a4:e1:30:14:bc:c7:\n"
+ " f9:23:3a:1a:70:df:b8:cc\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGSDCCBDCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVT\n"
+ "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMw\n"
+ "EQYDVQQKDApMaW5kZW4gTGFiMSAwHgYDVQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVl\n"
+ "cmluZzEhMB8GA1UEAwwYSW50ZWdyYXRpb24gVGVzdCBSb290IENBMSQwIgYJKoZI\n"
+ "hvcNAQkBFhVub3JlcGx5QGxpbmRlbmxhYi5jb20wHhcNMTgwNTIyMjIzOTA4WhcN\n"
+ "MjgwNTE5MjIzOTA4WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju\n"
+ "aWExEzARBgNVBAoMCkxpbmRlbiBMYWIxIDAeBgNVBAsMF1NlY29uZCBMaWZlIEVu\n"
+ "Z2luZWVyaW5nMSkwJwYDVQQDDCBJbnRlZ3JhdGlvbiBUZXN0IEludGVybWVkaWF0\n"
+ "ZSBDQTEkMCIGCSqGSIb3DQEJARYVbm9yZXBseUBsaW5kZW5sYWIuY29tMIICIjAN\n"
+ "BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzqNw4sT7S5eQoTC7wRsTuap+Rhej\n"
+ "Jo1pP15zlehqsQq0j1Bl48ZcOSQ03wu3zM5iDDZaEiz+NUzpHKyAXiSZ16q9vkjA\n"
+ "YmR3NohmzvSo3dJ2JGKQVUH8HRNOp05XvKikWUssWhzYzBbe6IgwyZXfL6YUKA/r\n"
+ "NEYSWLraDubenBX29OOfdKpwiXmL6Vp7GFQVlDojCmV4BdkzkCrOFRgNUvxcMWUg\n"
+ "0BI3jBGAutSwgnMAS0m+y9a8581h8wCYmXRaN4FJln4UARuG0tAGlEBjY0YR/DNc\n"
+ "vTpe1OVER2RQvaaXVXBkmybM3iCCkGqDQZxvcUcUvstofIW+7y52EhnTyYcytKxg\n"
+ "IBYoLa+86AHGf/vYEdX0txS9Jwhbcr4J4JHInHu0sxLvMja+sbmit+NpRzB2upyb\n"
+ "GZlNU91c6CzxsmRpzxW9+LtYlXNYOJW0es+EKabC2/C975cm1Jms18e+sA0R9CaG\n"
+ "LXdCUiXXVsfjl7E2XJdx0Jv1tVCN+f/7EHc8tVNtoUM1qQMyBavX9dEZvV+SowAq\n"
+ "eTekdk/pMg3khrvqwxrFM+gW1KXY4Oi7wvAiFeLZjK6sfSu/66NMOykdlKyju226\n"
+ "bQORA89GEsRmIcXGZ9gRGXkBDm6EHHZvET3rlInFaiYfzeARi1HumTVp5X8LdyqU\n"
+ "5EtkuYMEMAXkouMCAwEAAaNmMGQwHQYDVR0OBBYEFIMh3uzAeQNtHoPz5Zcp1VrA\n"
+ "lkD6MB8GA1UdIwQYMBaAFIoixpwuEfNADM6CDCJZ//h/0LkTMBIGA1UdEwEB/wQI\n"
+ "MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCjbIWa\n"
+ "Lk5+XYNjD/VPqX3sDm+u17rfZOBGDj3aGBUs83PKgbEQ2VMUIX1yXJSIpZ2tq0VC\n"
+ "xmSp2S5OKUcssZUHt2JIaB9oExzSoPteOCRKggqHyZMgQ37p+XnvA6K9niRrCgFe\n"
+ "SjbFfXr+1qovwow4ipk8sGrlYL5W1utgA1UkQqAa+pEko1MVdV3I63weaFp+EzTj\n"
+ "hTccdj93ZxvtG1IX/Eqj4nSEgCxp/N19JpfEKml9nNxhl3Appz8rWysiUf3+al35\n"
+ "5xRIty3IM1j88l8n9yYWvr61qqJkUzxp6LVh66uRpbQJm/aYuFxbJC+T9SucjFj7\n"
+ "Jj9nU9dCZOh5d3NBTuMCOQu2aJeLhOgdg6gV8QZGR4BCXhTiYYp2hNXUcX9O/9l0\n"
+ "h/8yxYcgCtRZQD7YF+/aZekKUf4ew0aR0u7kI1eXh9SmpevvgWrYjNYfjrEYTGuJ\n"
+ "MlVTaCaeuwO+LOmL/5ecHKwow58Lt5MjJDFj5BkT8rsIcbfFxcQQ/9z8M1SkXuyj\n"
+ "/gqAypy8lW9fOZE7YWkWlA9XS/xLsb5ymF0Q+Qin1uDoPV1UffpLat2YQe2EoTln\n"
+ "XGx/DLDhmMEU7f4e6AWNf2okyxsFQg1/E7rKtZHbpfBAK3B6KqVd7VYM8MJy7mPd\n"
+ "y1129gjm5jDvOrIWNEGk4TAUvMf5IzoacN+4zA==\n"
+ "-----END CERTIFICATE-----\n"
+ );
+
+ const std::string mPemChildCert(
+ "Certificate:\n"
+ " Data:\n"
+ " Version: 3 (0x2)\n"
+ " Serial Number: 4096 (0x1000)\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " Issuer: C=US, ST=California, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Intermediate CA/emailAddress=noreply@lindenlab.com\n"
+ " Validity\n"
+ " Not Before: May 22 22:58:15 2018 GMT\n"
+ " Not After : Jul 19 22:58:15 2024 GMT\n"
+ " Subject: C=US, ST=California, L=San Francisco, O=Linden Lab, OU=Second Life Engineering, CN=Integration Test Server Cert/emailAddress=noreply@lindenlab.com\n"
+ " Subject Public Key Info:\n"
+ " Public Key Algorithm: rsaEncryption\n"
+ " Public-Key: (2048 bit)\n"
+ " Modulus:\n"
+ " 00:bf:a1:1c:76:82:4a:10:1d:25:0e:02:e2:7a:64:\n"
+ " 54:c7:94:c5:c0:98:d5:35:f3:cb:cb:30:ba:31:9c:\n"
+ " bd:4c:2f:4a:4e:24:03:4b:87:5c:c1:5c:fe:d9:89:\n"
+ " 3b:cb:01:bc:eb:a5:b7:78:dc:b3:58:e5:78:a7:15:\n"
+ " 34:50:30:aa:16:3a:b2:94:17:6d:1e:7f:b2:70:1e:\n"
+ " 96:41:bb:1d:e3:22:80:fa:dc:00:6a:fb:34:3e:67:\n"
+ " e7:c2:21:2f:1b:d3:af:04:49:91:eb:bb:60:e0:26:\n"
+ " 52:75:28:8a:08:5b:91:56:4e:51:50:40:51:70:af:\n"
+ " cb:80:66:c8:59:e9:e2:48:a8:62:d0:26:67:80:0a:\n"
+ " 12:16:d1:f6:15:9e:1f:f5:92:37:f3:c9:2f:03:9e:\n"
+ " 22:f6:60:5a:76:45:8c:01:2c:99:54:72:19:db:b7:\n"
+ " 72:e6:5a:69:f3:e9:31:65:5d:0f:c7:5c:9c:17:29:\n"
+ " 71:14:7f:db:47:c9:1e:65:a2:41:b0:2f:14:17:ec:\n"
+ " 4b:25:f2:43:8f:b4:a3:8d:37:1a:07:34:b3:29:bb:\n"
+ " 8a:44:8e:84:08:a2:1b:76:7a:cb:c2:39:2f:6e:e3:\n"
+ " fc:d6:91:b5:1f:ce:58:91:57:70:35:6e:25:a9:48:\n"
+ " 0e:07:cf:4e:dd:16:42:65:cf:8a:42:b3:27:e6:fe:\n"
+ " 6a:e3\n"
+ " Exponent: 65537 (0x10001)\n"
+ " X509v3 extensions:\n"
+ " X509v3 Basic Constraints: \n"
+ " CA:FALSE\n"
+ " Netscape Cert Type: \n"
+ " SSL Server\n"
+ " Netscape Comment: \n"
+ " OpenSSL Generated Server Certificate\n"
+ " X509v3 Subject Key Identifier: \n"
+ " BB:59:9F:DE:6B:51:A7:6C:B3:6D:5B:8B:42:F7:B1:65:77:17:A4:E4\n"
+ " X509v3 Authority Key Identifier: \n"
+ " keyid:83:21:DE:EC:C0:79:03:6D:1E:83:F3:E5:97:29:D5:5A:C0:96:40:FA\n"
+ " DirName:/C=US/ST=California/L=San Francisco/O=Linden Lab/OU=Second Life Engineering/CN=Integration Test Root CA/emailAddress=noreply@lindenlab.com\n"
+ " serial:10:00\n"
+ "\n"
+ " X509v3 Key Usage: critical\n"
+ " Digital Signature, Key Encipherment\n"
+ " X509v3 Extended Key Usage: \n"
+ " TLS Web Server Authentication\n"
+ " Signature Algorithm: sha256WithRSAEncryption\n"
+ " 18:a6:58:55:9b:d4:af:7d:8a:27:d3:28:3a:4c:4b:42:4e:f0:\n"
+ " 30:d6:d9:95:11:48:12:0a:96:40:d9:2b:21:39:c5:d4:8d:e5:\n"
+ " 10:bc:68:78:69:0b:9f:15:4a:0b:f1:ab:99:45:0c:20:5f:27:\n"
+ " df:e7:14:2d:4a:30:f2:c2:8d:37:73:36:1a:27:55:5a:08:5f:\n"
+ " 71:a1:5e:05:83:b2:59:fe:02:5e:d7:4a:30:15:23:58:04:cf:\n"
+ " 48:cc:b0:71:88:9c:6b:57:f0:04:0a:d3:a0:64:6b:ee:f3:5f:\n"
+ " ea:ac:e1:2b:b9:7f:79:b8:db:ce:72:48:72:db:c8:5c:38:72:\n"
+ " 31:55:d0:ff:6b:bd:73:23:a7:30:18:5d:ed:47:18:0a:67:8e:\n"
+ " 53:32:0e:99:9b:96:72:45:7f:c6:00:2c:5d:1a:97:53:75:3a:\n"
+ " 0b:49:3d:3a:00:37:14:67:0c:28:97:34:87:aa:c5:32:e4:ae:\n"
+ " 34:83:12:4a:10:f7:0e:74:d4:5f:73:bd:ef:0c:b7:d8:0a:7d:\n"
+ " 8e:8d:5a:48:bd:f4:8e:7b:f9:4a:15:3b:61:c9:5e:40:59:6e:\n"
+ " c7:a8:a4:02:28:72:c5:54:8c:77:f4:55:a7:86:c0:38:a0:68:\n"
+ " 19:da:0f:72:5a:a9:7e:69:9f:9c:3a:d6:66:aa:e1:f4:fd:f9:\n"
+ " b8:4b:6c:71:9e:f0:38:02:c7:6a:9e:dc:e6:fb:ef:23:59:4f:\n"
+ " 5c:84:0a:df:ea:86:1f:fd:0e:5c:fa:c4:e5:50:1c:10:cf:89:\n"
+ " 4e:08:0e:4c:4b:61:1a:49:12:f7:e9:4b:17:71:43:7b:6d:b6:\n"
+ " b5:9f:d4:3b:c7:88:53:48:63:b6:00:80:8f:49:0a:c5:7e:58:\n"
+ " ac:78:d8:b9:06:b0:bc:86:e2:2e:48:5b:c3:24:fa:aa:72:d8:\n"
+ " ec:f6:c7:91:9f:0f:c8:b5:fd:2b:b2:a7:bc:2f:40:20:2b:47:\n"
+ " e0:d1:1d:94:52:6f:6b:be:12:b6:8c:dc:11:db:71:e6:19:ef:\n"
+ " a8:71:8b:ad:d3:32:c0:1c:a4:3f:b3:0f:af:e5:50:e1:ff:41:\n"
+ " a4:b7:6f:57:71:af:fd:16:4c:e8:24:b3:99:1b:cf:12:8f:43:\n"
+ " 05:80:ba:18:19:0a:a5:ec:49:81:41:4c:7e:28:b2:21:f2:59:\n"
+ " 6e:4a:ed:de:f9:fa:99:85:60:1f:e6:c2:42:5c:08:00:3c:84:\n"
+ " 06:a9:24:d4:cf:7b:6e:1b:59:1d:f4:70:16:03:a1:e0:0b:00:\n"
+ " 95:5c:39:03:fc:9d:1c:8e:f7:59:0c:61:47:f6:7f:07:22:48:\n"
+ " 83:40:ac:e1:98:5f:c7:be:05:d5:29:2b:bf:0d:03:0e:e9:5e:\n"
+ " 2b:dd:09:18:fe:5e:30:61\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGbjCCBFagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgaoxCzAJBgNVBAYTAlVT\n"
+ "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQKDApMaW5kZW4gTGFiMSAwHgYD\n"
+ "VQQLDBdTZWNvbmQgTGlmZSBFbmdpbmVlcmluZzEpMCcGA1UEAwwgSW50ZWdyYXRp\n"
+ "b24gVGVzdCBJbnRlcm1lZGlhdGUgQ0ExJDAiBgkqhkiG9w0BCQEWFW5vcmVwbHlA\n"
+ "bGluZGVubGFiLmNvbTAeFw0xODA1MjIyMjU4MTVaFw0yNDA3MTkyMjU4MTVaMIG+\n"
+ "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n"
+ "IEZyYW5jaXNjbzETMBEGA1UECgwKTGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25k\n"
+ "IExpZmUgRW5naW5lZXJpbmcxJTAjBgNVBAMMHEludGVncmF0aW9uIFRlc3QgU2Vy\n"
+ "dmVyIENlcnQxJDAiBgkqhkiG9w0BCQEWFW5vcmVwbHlAbGluZGVubGFiLmNvbTCC\n"
+ "ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+hHHaCShAdJQ4C4npkVMeU\n"
+ "xcCY1TXzy8swujGcvUwvSk4kA0uHXMFc/tmJO8sBvOult3jcs1jleKcVNFAwqhY6\n"
+ "spQXbR5/snAelkG7HeMigPrcAGr7ND5n58IhLxvTrwRJkeu7YOAmUnUoighbkVZO\n"
+ "UVBAUXCvy4BmyFnp4kioYtAmZ4AKEhbR9hWeH/WSN/PJLwOeIvZgWnZFjAEsmVRy\n"
+ "Gdu3cuZaafPpMWVdD8dcnBcpcRR/20fJHmWiQbAvFBfsSyXyQ4+0o403Ggc0sym7\n"
+ "ikSOhAiiG3Z6y8I5L27j/NaRtR/OWJFXcDVuJalIDgfPTt0WQmXPikKzJ+b+auMC\n"
+ "AwEAAaOCAYYwggGCMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG\n"
+ "SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw\n"
+ "HQYDVR0OBBYEFLtZn95rUadss21bi0L3sWV3F6TkMIHoBgNVHSMEgeAwgd2AFIMh\n"
+ "3uzAeQNtHoPz5Zcp1VrAlkD6oYHApIG9MIG6MQswCQYDVQQGEwJVUzETMBEGA1UE\n"
+ "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwK\n"
+ "TGluZGVuIExhYjEgMB4GA1UECwwXU2Vjb25kIExpZmUgRW5naW5lZXJpbmcxITAf\n"
+ "BgNVBAMMGEludGVncmF0aW9uIFRlc3QgUm9vdCBDQTEkMCIGCSqGSIb3DQEJARYV\n"
+ "bm9yZXBseUBsaW5kZW5sYWIuY29tggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l\n"
+ "BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBABimWFWb1K99iifTKDpM\n"
+ "S0JO8DDW2ZURSBIKlkDZKyE5xdSN5RC8aHhpC58VSgvxq5lFDCBfJ9/nFC1KMPLC\n"
+ "jTdzNhonVVoIX3GhXgWDsln+Al7XSjAVI1gEz0jMsHGInGtX8AQK06Bka+7zX+qs\n"
+ "4Su5f3m4285ySHLbyFw4cjFV0P9rvXMjpzAYXe1HGApnjlMyDpmblnJFf8YALF0a\n"
+ "l1N1OgtJPToANxRnDCiXNIeqxTLkrjSDEkoQ9w501F9zve8Mt9gKfY6NWki99I57\n"
+ "+UoVO2HJXkBZbseopAIocsVUjHf0VaeGwDigaBnaD3JaqX5pn5w61maq4fT9+bhL\n"
+ "bHGe8DgCx2qe3Ob77yNZT1yECt/qhh/9Dlz6xOVQHBDPiU4IDkxLYRpJEvfpSxdx\n"
+ "Q3tttrWf1DvHiFNIY7YAgI9JCsV+WKx42LkGsLyG4i5IW8Mk+qpy2Oz2x5GfD8i1\n"
+ "/Suyp7wvQCArR+DRHZRSb2u+EraM3BHbceYZ76hxi63TMsAcpD+zD6/lUOH/QaS3\n"
+ "b1dxr/0WTOgks5kbzxKPQwWAuhgZCqXsSYFBTH4osiHyWW5K7d75+pmFYB/mwkJc\n"
+ "CAA8hAapJNTPe24bWR30cBYDoeALAJVcOQP8nRyO91kMYUf2fwciSINArOGYX8e+\n"
+ "BdUpK78NAw7pXivdCRj+XjBh\n"
+ "-----END CERTIFICATE-----\n"
+ );
+
+ // Test wrapper declaration : wrapping nothing for the moment
+ struct sechandler_basic_test
+ {
+ X509 *mX509TestCert, *mX509RootCert, *mX509IntermediateCert, *mX509ChildCert;
+ LLSD mValidationDate;
+
+ sechandler_basic_test()
+ {
+ LLMachineID::init();
+ OpenSSL_add_all_algorithms();
+ OpenSSL_add_all_ciphers();
+ OpenSSL_add_all_digests();
+ ERR_load_crypto_strings();
+ gFirstName = "";
+ gLastName = "";
+ mValidationDate[CERT_VALIDATION_DATE] = LLDate("2017-04-11T00:00:00.00Z");
+ LLFile::remove("test_password.dat");
+ LLFile::remove("sechandler_settings.tmp");
+
+ mX509TestCert = NULL;
+ mX509RootCert = NULL;
+ mX509IntermediateCert = NULL;
+ mX509ChildCert = NULL;
+
+ // Read each of the 4 Pem certs and store in mX509*Cert pointers
+ BIO * validation_bio;
+ validation_bio = BIO_new_mem_buf((void*)mPemTestCert.c_str(), mPemTestCert.length());
+ PEM_read_bio_X509(validation_bio, &mX509TestCert, 0, NULL);
+ BIO_free(validation_bio);
+
+ validation_bio = BIO_new_mem_buf((void*)mPemRootCert.c_str(), mPemRootCert.length());
+ PEM_read_bio_X509(validation_bio, &mX509RootCert, 0, NULL);
+ BIO_free(validation_bio);
+
+ validation_bio = BIO_new_mem_buf((void*)mPemIntermediateCert.c_str(), mPemIntermediateCert.length());
+ PEM_read_bio_X509(validation_bio, &mX509IntermediateCert, 0, NULL);
+ BIO_free(validation_bio);
+
+ validation_bio = BIO_new_mem_buf((void*)mPemChildCert.c_str(), mPemChildCert.length());
+ PEM_read_bio_X509(validation_bio, &mX509ChildCert, 0, NULL);
+ BIO_free(validation_bio);
+ }
+ ~sechandler_basic_test()
+ {
+ LLFile::remove("test_password.dat");
+ LLFile::remove("sechandler_settings.tmp");
+ LLFile::remove("mycertstore.pem");
+ X509_free(mX509TestCert);
+ X509_free(mX509RootCert);
+ X509_free(mX509IntermediateCert);
+ X509_free(mX509ChildCert);
+ }
+ };
+
+ // Tut templating thingamagic: test group, object and test instance
+ typedef test_group<sechandler_basic_test> sechandler_basic_test_factory;
+ typedef sechandler_basic_test_factory::object sechandler_basic_test_object;
+ tut::sechandler_basic_test_factory tut_test("LLSecHandler");
+
+ // ---------------------------------------------------------------------------------------
+ // Test functions
+ // ---------------------------------------------------------------------------------------
+ // test cert data retrieval
+ template<> template<>
+ void sechandler_basic_test_object::test<1>()
+ {
+ try
+ {
+ LLPointer<LLBasicCertificate> test_cert(new LLBasicCertificate(mPemTestCert, &mValidationDate));
+ LL_INFOS() << "ok" << LL_ENDL;
+ }
+ catch (LLCertException& cert_exception)
+ {
+ LL_INFOS() << "cert ex: " << cert_exception.getCertData() << LL_ENDL;
+ fail("cert exception");
+ }
+ catch (...)
+ {
+ LOG_UNHANDLED_EXCEPTION("test 1");
+ fail("other exception");
+ }
+ }
+
+ template<> template<>
+ void sechandler_basic_test_object::test<2>()
+ {
+ LLPointer<LLCertificate> test_cert(new LLBasicCertificate(mPemChildCert, &mValidationDate));
+
+ LLSD llsd_cert;
+ test_cert->getLLSD(llsd_cert);
+ //std::ostringstream llsd_value;
+ //llsd_value << LLSDOStreamer<LLSDNotationFormatter>(llsd_cert) << std::endl;
+ LL_DEBUGS() << "test 1 cert " << llsd_cert << LL_ENDL;
+
+ ensure_equals("Issuer Name/commonName", (std::string)llsd_cert["issuer_name"]["commonName"], "Integration Test Intermediate CA");
+ ensure_equals("Issuer Name/countryName", (std::string)llsd_cert["issuer_name"]["countryName"], "US");
+ ensure_equals("Issuer Name/state", (std::string)llsd_cert["issuer_name"]["stateOrProvinceName"], "California");
+ ensure_equals("Issuer Name/org name", (std::string)llsd_cert["issuer_name"]["organizationName"], "Linden Lab");
+ ensure_equals("Issuer Name/org unit", (std::string)llsd_cert["issuer_name"]["organizationalUnitName"], "Second Life Engineering");
+ ensure_equals("Issuer name string", (std::string)llsd_cert["issuer_name_string"],
+ "emailAddress=noreply@lindenlab.com,CN=Integration Test Intermediate CA,OU=Second Life Engineering,O=Linden Lab,ST=California,C=US");
+ ensure_equals("subject Name/commonName", (std::string)llsd_cert["subject_name"]["commonName"],
+ "Integration Test Server Cert");
+ ensure_equals("subject Name/countryName", (std::string)llsd_cert["subject_name"]["countryName"], "US");
+ ensure_equals("subject Name/state", (std::string)llsd_cert["subject_name"]["stateOrProvinceName"], "California");
+ ensure_equals("subject Name/localityName", (std::string)llsd_cert["subject_name"]["localityName"], "San Francisco");
+ ensure_equals("subject Name/org name", (std::string)llsd_cert["subject_name"]["organizationName"], "Linden Lab");
+ ensure_equals("subjectName/org unit",
+ (std::string)llsd_cert["subject_name"]["organizationalUnitName"], "Second Life Engineering");
+
+ ensure_equals("subject name string",
+ (std::string)llsd_cert["subject_name_string"],
+ "emailAddress=noreply@lindenlab.com,CN=Integration Test Server Cert,OU=Second Life Engineering,O=Linden Lab,L=San Francisco,ST=California,C=US");
+ ensure_equals("serial number", (std::string)llsd_cert["serial_number"], "1000");
+ ensure_equals("valid from", (std::string)llsd_cert["valid_from"], "2018-05-22T22:58:15Z");
+ ensure_equals("valid to", (std::string)llsd_cert["valid_to"], "2024-07-19T22:58:15Z");
+ LLSD expectedKeyUsage = LLSD::emptyArray();
+ expectedKeyUsage.append(LLSD((std::string)"digitalSignature"));
+ expectedKeyUsage.append(LLSD((std::string)"keyEncipherment"));
+ ensure("key usage", valueCompareLLSD(llsd_cert["keyUsage"], expectedKeyUsage));
+ ensure_equals("basic constraints", llsd_cert["basicConstraints"]["CA"].asInteger(), 0);
+
+ ensure("x509 is equal", !X509_cmp(mX509ChildCert, test_cert->getOpenSSLX509()));
+ }
+
+
+ // test protected data
+ template<> template<>
+ void sechandler_basic_test_object::test<3>()
+ {
+ std::string protected_data = "sUSh3wj77NG9oAMyt3XIhaej3KLZhLZWFZvI6rIGmwUUOmmelrRg0NI9rkOj8ZDpTPxpwToaBT5u"
+ "GQhakdaGLJznr9bHr4/6HIC1bouKj4n2rs4TL6j2WSjto114QdlNfLsE8cbbE+ghww58g8SeyLQO"
+ "nyzXoz+/PBz0HD5SMFDuObccoPW24gmqYySz8YoEWhSwO0pUtEEqOjVRsAJgF5wLAtJZDeuilGsq"
+ "4ZT9Y4wZ9Rh8nnF3fDUL6IGamHe1ClXM1jgBu10F6UMhZbnH4C3aJ2E9+LiOntU+l3iCb2MpkEpr"
+ "82r2ZAMwIrpnirL/xoYoyz7MJQYwUuMvBPToZJrxNSsjI+S2Z+I3iEJAELMAAA==";
+
+ std::vector<U8> binary_data(apr_base64_decode_len(protected_data.c_str()));
+ apr_base64_decode_binary(&binary_data[0], protected_data.c_str());
+
+ LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES);
+ cipher.decrypt(&binary_data[0], 16);
+ unsigned char unique_id[MAC_ADDRESS_BYTES];
+ LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
+ LLXORCipher cipher2(unique_id, sizeof(unique_id));
+ cipher2.encrypt(&binary_data[0], 16);
+ std::ofstream temp_file("sechandler_settings.tmp", std::ofstream::binary);
+ temp_file.write((const char *)&binary_data[0], binary_data.size());
+ temp_file.close();
+
+ LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp",
+ "test_password.dat");
+ handler->init();
+ // data retrieval for existing data
+ LLSD data = handler->getProtectedData("test_data_type", "test_data_id");
+
+
+ ensure_equals("retrieve existing data1", (std::string)data["data1"], "test_data_1");
+ ensure_equals("retrieve existing data2", (std::string)data["data2"], "test_data_2");
+ ensure_equals("retrieve existing data3", (std::string)data["data3"]["elem1"], "test element1");
+
+ // data storage
+ LLSD store_data = LLSD::emptyMap();
+ store_data["store_data1"] = "test_store_data1";
+ store_data["store_data2"] = 27;
+ store_data["store_data3"] = LLSD::emptyMap();
+ store_data["store_data3"]["subelem1"] = "test_subelem1";
+
+ handler->setProtectedData("test_data_type", "test_data_id1", store_data);
+ data = handler->getProtectedData("test_data_type", "test_data_id");
+
+ data = handler->getProtectedData("test_data_type", "test_data_id");
+ // verify no overwrite of existing data
+ ensure_equals("verify no overwrite 1", (std::string)data["data1"], "test_data_1");
+ ensure_equals("verify no overwrite 2", (std::string)data["data2"], "test_data_2");
+ ensure_equals("verify no overwrite 3", (std::string)data["data3"]["elem1"], "test element1");
+
+ // verify written data is good
+ data = handler->getProtectedData("test_data_type", "test_data_id1");
+ ensure_equals("verify stored data1", (std::string)data["store_data1"], "test_store_data1");
+ ensure_equals("verify stored data2", (int)data["store_data2"], 27);
+ ensure_equals("verify stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1");
+
+ // verify overwrite works
+ handler->setProtectedData("test_data_type", "test_data_id", store_data);
+ data = handler->getProtectedData("test_data_type", "test_data_id");
+ ensure_equals("verify overwrite stored data1", (std::string)data["store_data1"], "test_store_data1");
+ ensure_equals("verify overwrite stored data2", (int)data["store_data2"], 27);
+ ensure_equals("verify overwrite stored data3", (std::string)data["store_data3"]["subelem1"], "test_subelem1");
+
+ // verify other datatype doesn't conflict
+ store_data["store_data3"] = "test_store_data3";
+ store_data["store_data4"] = 28;
+ store_data["store_data5"] = LLSD::emptyMap();
+ store_data["store_data5"]["subelem2"] = "test_subelem2";
+
+ handler->setProtectedData("test_data_type1", "test_data_id", store_data);
+ data = handler->getProtectedData("test_data_type1", "test_data_id");
+ ensure_equals("verify datatype stored data3", (std::string)data["store_data3"], "test_store_data3");
+ ensure_equals("verify datatype stored data4", (int)data["store_data4"], 28);
+ ensure_equals("verify datatype stored data5", (std::string)data["store_data5"]["subelem2"], "test_subelem2");
+
+ // test data not found
+
+ data = handler->getProtectedData("test_data_type1", "test_data_not_found");
+ ensure("not found", data.isUndefined());
+
+ // cause a 'write' by using 'LLPointer' to delete then instantiate a handler
+ handler = NULL;
+ handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler->init();
+
+ data = handler->getProtectedData("test_data_type1", "test_data_id");
+ ensure_equals("verify datatype stored data3a", (std::string)data["store_data3"], "test_store_data3");
+ ensure_equals("verify datatype stored data4a", (int)data["store_data4"], 28);
+ ensure_equals("verify datatype stored data5a", (std::string)data["store_data5"]["subelem2"], "test_subelem2");
+
+ // rewrite the initial file to verify reloads
+ handler = NULL;
+ std::ofstream temp_file2("sechandler_settings.tmp", std::ofstream::binary);
+ temp_file2.write((const char *)&binary_data[0], binary_data.size());
+ temp_file2.close();
+
+ // cause a 'write'
+ handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler->init();
+ data = handler->getProtectedData("test_data_type1", "test_data_id");
+ ensure("not found", data.isUndefined());
+
+ handler->deleteProtectedData("test_data_type", "test_data_id");
+ ensure("Deleted data not found", handler->getProtectedData("test_data_type", "test_data_id").isUndefined());
+
+ LLFile::remove("sechandler_settings.tmp");
+ handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler->init();
+ data = handler->getProtectedData("test_data_type1", "test_data_id");
+ ensure("not found", data.isUndefined());
+ handler = NULL;
+
+ ensure(LLFile::isfile("sechandler_settings.tmp"));
+ }
+
+ // test credenitals
+ template<> template<>
+ void sechandler_basic_test_object::test<4>()
+ {
+ LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
+ handler->init();
+
+ LLSD my_id = LLSD::emptyMap();
+ LLSD my_authenticator = LLSD::emptyMap();
+ my_id["type"] = "test_type";
+ my_id["username"] = "testuser@lindenlab.com";
+ my_authenticator["type"] = "test_auth";
+ my_authenticator["creds"] = "12345";
+
+ // test creation of credentials
+ LLPointer<LLCredential> my_cred = handler->createCredential("my_grid", my_id, my_authenticator);
+
+ // test retrieval of credential components
+ ensure_equals("basic credential creation: identifier", my_id, my_cred->getIdentifier());
+ ensure_equals("basic credential creation: authenticator", my_authenticator, my_cred->getAuthenticator());
+ ensure_equals("basic credential creation: grid", "my_grid", my_cred->getGrid());
+
+ // test setting/overwriting of credential components
+ my_id["first_name"] = "firstname";
+ my_id.erase("username");
+ my_authenticator.erase("creds");
+ my_authenticator["hash"] = "6563245";
+
+ my_cred->setCredentialData(my_id, my_authenticator);
+ ensure_equals("set credential data: identifier", my_id, my_cred->getIdentifier());
+ ensure_equals("set credential data: authenticator", my_authenticator, my_cred->getAuthenticator());
+ ensure_equals("set credential data: grid", "my_grid", my_cred->getGrid());
+
+ // test loading of a credential, that hasn't been saved, without
+ // any legacy saved credential data
+ LLPointer<LLCredential> my_new_cred = handler->loadCredential("my_grid2");
+ ensure("unknown credential load test", my_new_cred->getIdentifier().isMap());
+ ensure("unknown credential load test", !my_new_cred->getIdentifier().has("type"));
+ ensure("unknown credential load test", my_new_cred->getAuthenticator().isMap());
+ ensure("unknown credential load test", !my_new_cred->getAuthenticator().has("type"));
+ // test saving of a credential
+ handler->saveCredential(my_cred, true);
+
+ // test loading of a known credential
+ my_new_cred = handler->loadCredential("my_grid");
+ ensure_equals("load a known credential: identifier", my_id, my_new_cred->getIdentifier());
+ ensure_equals("load a known credential: authenticator",my_authenticator, my_new_cred->getAuthenticator());
+ ensure_equals("load a known credential: grid", "my_grid", my_cred->getGrid());
+
+ // test deletion of a credential
+ handler->deleteCredential(my_new_cred);
+
+ ensure("delete credential: identifier", my_new_cred->getIdentifier().isUndefined());
+ ensure("delete credentialt: authenticator", my_new_cred->getIdentifier().isUndefined());
+ ensure_equals("delete credential: grid", "my_grid", my_cred->getGrid());
+ // load unknown cred
+
+ my_new_cred = handler->loadCredential("my_grid");
+ ensure("deleted credential load test", my_new_cred->getIdentifier().isMap());
+ ensure("deleted credential load test", !my_new_cred->getIdentifier().has("type"));
+ ensure("deleted credential load test", my_new_cred->getAuthenticator().isMap());
+ ensure("deleted credential load test", !my_new_cred->getAuthenticator().has("type"));
+
+ // test loading of an unknown credential with legacy saved username, but without
+ // saved password
+ gFirstName = "myfirstname";
+ gLastName = "mylastname";
+ my_new_cred = handler->loadCredential("my_legacy_grid");
+ ensure_equals("legacy credential with no password: type",
+ (const std::string)my_new_cred->getIdentifier()["type"], "agent");
+ ensure_equals("legacy credential with no password: first_name",
+ (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname");
+ ensure_equals("legacy credential with no password: last_name",
+ (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname");
+
+ ensure("legacy credential with no password: no authenticator", my_new_cred->getAuthenticator().isUndefined());
+
+ // test loading of an unknown credential with legacy saved password and username
+
+ std::string hashed_password = "fSQcLG03eyIWJmkzfyYaKm81dSweLmsxeSAYKGE7fSQ=";
+ int length = apr_base64_decode_len(hashed_password.c_str());
+ std::vector<char> decoded_password(length);
+ apr_base64_decode(&decoded_password[0], hashed_password.c_str());
+ LLXORCipher cipher(gMACAddress, MAC_ADDRESS_BYTES);
+ cipher.decrypt((U8*)&decoded_password[0], length);
+ unsigned char unique_id[MAC_ADDRESS_BYTES];
+ LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
+ LLXORCipher cipher2(unique_id, sizeof(unique_id));
+ cipher2.encrypt((U8*)&decoded_password[0], length);
+ llofstream password_file("test_password.dat", std::ofstream::binary);
+ password_file.write(&decoded_password[0], length);
+ password_file.close();
+
+ my_new_cred = handler->loadCredential("my_legacy_grid2");
+ ensure_equals("legacy credential with password: type",
+ (const std::string)my_new_cred->getIdentifier()["type"], "agent");
+ ensure_equals("legacy credential with password: first_name",
+ (const std::string)my_new_cred->getIdentifier()["first_name"], "myfirstname");
+ ensure_equals("legacy credential with password: last_name",
+ (const std::string)my_new_cred->getIdentifier()["last_name"], "mylastname");
+
+ LLSD legacy_authenticator = my_new_cred->getAuthenticator();
+ ensure_equals("legacy credential with password: type",
+ (std::string)legacy_authenticator["type"],
+ "hash");
+ ensure_equals("legacy credential with password: algorithm",
+ (std::string)legacy_authenticator["algorithm"],
+ "md5");
+ ensure_equals("legacy credential with password: algorithm",
+ (std::string)legacy_authenticator["secret"],
+ "01234567890123456789012345678901");
+
+ // test creation of credentials
+ my_cred = handler->createCredential("mysavedgrid", my_id, my_authenticator);
+ // test save without saving authenticator.
+ handler->saveCredential(my_cred, false);
+ my_new_cred = handler->loadCredential("mysavedgrid");
+ ensure_equals("saved credential without auth",
+ (const std::string)my_new_cred->getIdentifier()["type"], "test_type");
+ ensure("no authenticator values were saved", my_new_cred->getAuthenticator().isUndefined());
+ }
+
+ // test cert vector
+ template<> template<>
+ void sechandler_basic_test_object::test<5>()
+ {
+ // validate create from empty vector
+ LLPointer<LLBasicCertificateVector> test_vector = new LLBasicCertificateVector();
+ ensure_equals("when loading with nothing, we should result in no certs in vector", test_vector->size(), 0);
+
+ test_vector->add(new LLBasicCertificate(mPemTestCert, &mValidationDate));
+ ensure_equals("one element in vector", test_vector->size(), 1);
+ test_vector->add(new LLBasicCertificate(mPemChildCert, &mValidationDate));
+ ensure_equals("two elements in vector after add", test_vector->size(), 2);
+
+ // add duplicate; should be a no-op (and log at DEBUG level)
+ test_vector->add(new LLBasicCertificate(mPemChildCert, &mValidationDate));
+ ensure_equals("two elements in vector after re-add", test_vector->size(), 2);
+
+ // validate order
+ X509* test_cert = (*test_vector)[0]->getOpenSSLX509();
+ ensure("first cert added remains first cert", !X509_cmp(test_cert, mX509TestCert));
+ X509_free(test_cert);
+
+ test_cert = (*test_vector)[1]->getOpenSSLX509();
+ ensure("second cert is second cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ //
+ // validate iterator
+ //
+ LLBasicCertificateVector::iterator current_cert = test_vector->begin();
+ LLBasicCertificateVector::iterator copy_current_cert = current_cert;
+ // operator++(int)
+ ensure("validate iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[0]);
+ ensure("validate 2nd iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[1]);
+ ensure("validate end iterator++", current_cert == test_vector->end());
+
+ // copy
+ ensure("validate copy iterator element in vector is expected cert", *copy_current_cert == (*test_vector)[0]);
+
+ // operator--(int)
+ current_cert--;
+ ensure("validate iterator-- element in vector is expected cert", *current_cert-- == (*test_vector)[1]);
+ ensure("validate iterator-- element in vector is expected cert", *current_cert == (*test_vector)[0]);
+
+ ensure("begin iterator is equal", current_cert == test_vector->begin());
+
+ // operator++
+ ensure("validate ++iterator element in vector is expected cert", *++current_cert == (*test_vector)[1]);
+ ensure("end of cert vector after ++iterator", ++current_cert == test_vector->end());
+ // operator--
+ ensure("validate --iterator element in vector is expected cert", *--current_cert == (*test_vector)[1]);
+ ensure("validate 2nd --iterator element in vector is expected cert", *--current_cert == (*test_vector)[0]);
+
+ test_vector->erase(test_vector->begin());
+ ensure_equals("one element in store after remove", test_vector->size(), 1);
+ test_cert = (*test_vector)[0]->getOpenSSLX509();
+ ensure("Child cert remains", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ // validate insert
+ test_vector->insert(test_vector->begin(), new LLBasicCertificate(mPemIntermediateCert, &mValidationDate));
+ test_cert = (*test_vector)[0]->getOpenSSLX509();
+ ensure_equals("two elements in store after insert", test_vector->size(), 2);
+ ensure("validate intermediate cert was inserted at first position", !X509_cmp(test_cert, mX509IntermediateCert));
+ X509_free(test_cert);
+ test_cert = (*test_vector)[1]->getOpenSSLX509();
+ ensure("validate child cert still there", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ //validate find
+ LLSD find_info = LLSD::emptyMap();
+ find_info["subjectKeyIdentifier"] = "bb:59:9f:de:6b:51:a7:6c:b3:6d:5b:8b:42:f7:b1:65:77:17:a4:e4";
+ LLBasicCertificateVector::iterator found_cert = test_vector->find(find_info);
+ ensure("found some cert", found_cert != test_vector->end());
+ X509* found_x509 = (*found_cert).get()->getOpenSSLX509();
+ ensure("child cert was found", !X509_cmp(found_x509, mX509ChildCert));
+ X509_free(found_x509);
+
+ find_info["subjectKeyIdentifier"] = "00:00:00:00"; // bogus
+ current_cert =test_vector->find(find_info);
+ ensure("didn't find cert", current_cert == test_vector->end());
+ }
+
+ // test cert store
+ template<> template<>
+ void sechandler_basic_test_object::test<6>()
+ {
+ // validate load with nothing
+ LLFile::remove("mycertstore.pem");
+ LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
+
+ // validate load with empty file
+ test_store->save();
+ test_store = NULL;
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
+ test_store=NULL;
+
+ // instantiate a cert store from a file
+ llofstream certstorefile("mycertstore.pem", std::ios::out);
+ certstorefile << mPemChildCert << std::endl << mPemTestCert << std::endl;
+ certstorefile.close();
+ // validate loaded certs
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_equals("two elements in store", test_store->size(), 2);
+
+ // operator[]
+ X509* test_cert = (*test_store)[0]->getOpenSSLX509();
+
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+ test_cert = (*test_store)[1]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));
+ X509_free(test_cert);
+
+
+ // validate save
+ LLFile::remove("mycertstore.pem");
+ test_store->save();
+ test_store = NULL;
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_equals("two elements in store after save", test_store->size(), 2);
+ LLCertificateStore::iterator current_cert = test_store->begin();
+ test_cert = (*current_cert)->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ current_cert++;
+ X509_free(test_cert);
+ test_cert = (*current_cert)->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));
+ X509_free(test_cert);
+ current_cert++;
+ ensure("end of cert store", current_cert == test_store->end());
+
+ }
+
+ // cert name wildcard matching
+ template<> template<>
+ void sechandler_basic_test_object::test<7>()
+ {
+ ensure("simple name match",
+ _cert_hostname_wildcard_match("foo", "foo"));
+
+ ensure("simple name match, with end period",
+ _cert_hostname_wildcard_match("foo.", "foo."));
+
+ ensure("simple name match, with begin period",
+ _cert_hostname_wildcard_match(".foo", ".foo"));
+
+ ensure("simple name match, with mismatched period cn",
+ _cert_hostname_wildcard_match("foo.", "foo"));
+
+ ensure("simple name match, with mismatched period hostname",
+ _cert_hostname_wildcard_match("foo", "foo."));
+
+ ensure("simple name match, with subdomain",
+ _cert_hostname_wildcard_match("foo.bar", "foo.bar"));
+
+ ensure("stutter name match",
+ _cert_hostname_wildcard_match("foobbbbfoo", "foo*bbbfoo"));
+
+ ensure("simple name match, with beginning wildcard",
+ _cert_hostname_wildcard_match("foobar", "*bar"));
+
+ ensure("simple name match, with ending wildcard",
+ _cert_hostname_wildcard_match("foobar", "foo*"));
+
+ ensure("simple name match, with beginning null wildcard",
+ _cert_hostname_wildcard_match("foobar", "*foobar"));
+
+ ensure("simple name match, with ending null wildcard",
+ _cert_hostname_wildcard_match("foobar", "foobar*"));
+
+ ensure("simple name match, with embedded wildcard",
+ _cert_hostname_wildcard_match("foobar", "f*r"));
+
+ ensure("simple name match, with embedded null wildcard",
+ _cert_hostname_wildcard_match("foobar", "foo*bar"));
+
+ ensure("simple name match, with dual embedded wildcard",
+ _cert_hostname_wildcard_match("foobar", "f*o*ar"));
+
+ ensure("simple name mismatch",
+ !_cert_hostname_wildcard_match("bar", "foo"));
+
+ ensure("simple name mismatch, with end period",
+ !_cert_hostname_wildcard_match("foobar.", "foo."));
+
+ ensure("simple name mismatch, with begin period",
+ !_cert_hostname_wildcard_match(".foobar", ".foo"));
+
+ ensure("simple name mismatch, with subdomain",
+ !_cert_hostname_wildcard_match("foobar.bar", "foo.bar"));
+
+ ensure("simple name mismatch, with beginning wildcard",
+ !_cert_hostname_wildcard_match("foobara", "*bar"));
+
+ ensure("simple name mismatch, with ending wildcard",
+ !_cert_hostname_wildcard_match("oobar", "foo*"));
+
+ ensure("simple name mismatch, with embedded wildcard",
+ !_cert_hostname_wildcard_match("oobar", "f*r"));
+
+ ensure("simple name mismatch, with dual embedded wildcard",
+ !_cert_hostname_wildcard_match("foobar", "f*d*ar"));
+
+ ensure("simple wildcard",
+ _cert_hostname_wildcard_match("foobar", "*"));
+
+ ensure("long domain",
+ _cert_hostname_wildcard_match("foo.bar.com", "foo.bar.com"));
+
+ ensure("long domain with multiple wildcards",
+ _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com"));
+
+ ensure("end periods",
+ _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com."));
+
+ ensure("match end period",
+ _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com"));
+
+ ensure("match end period2",
+ _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com."));
+
+ ensure("wildcard mismatch",
+ !_cert_hostname_wildcard_match("bar.com", "*.bar.com"));
+
+ ensure("wildcard match",
+ _cert_hostname_wildcard_match("foo.bar.com", "*.bar.com"));
+
+ ensure("wildcard match",
+ _cert_hostname_wildcard_match("foo.foo.bar.com", "*.bar.com"));
+
+ ensure("wildcard match",
+ _cert_hostname_wildcard_match("foo.foo.bar.com", "*.*.com"));
+
+ ensure("wildcard mismatch",
+ !_cert_hostname_wildcard_match("foo.foo.bar.com", "*.foo.com"));
+ }
+
+ // test cert chain
+ template<> template<>
+ void sechandler_basic_test_object::test<8>()
+ {
+ // validate create from empty chain
+ LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
+ ensure_equals("when loading with nothing, we should result in no certs in chain", test_chain->size(), 0);
+
+ // Single cert in the chain.
+ X509_STORE_CTX *test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, NULL);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("two elements in store", test_chain->size(), 1);
+ X509* test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ // cert + CA
+
+ test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("two elements in store", test_chain->size(), 2);
+ test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+ test_cert = (*test_chain)[1]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
+ X509_free(test_cert);
+
+ // cert + nonrelated
+
+ test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("two elements in store", test_chain->size(), 1);
+ test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+
+ // cert + CA + nonrelated
+ test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("two elements in store", test_chain->size(), 2);
+ test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+ test_cert = (*test_chain)[1]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
+ X509_free(test_cert);
+
+ // cert + intermediate + CA
+ test_store = X509_STORE_CTX_new();
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert);
+ test_chain = new LLBasicCertificateChain(test_store);
+ X509_STORE_CTX_free(test_store);
+ ensure_equals("three elements in store", test_chain->size(), 3);
+ test_cert = (*test_chain)[0]->getOpenSSLX509();
+ ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+ X509_free(test_cert);
+ test_cert = (*test_chain)[1]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));
+ X509_free(test_cert);
+
+ test_cert = (*test_chain)[2]->getOpenSSLX509();
+ ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509RootCert));
+ X509_free(test_cert);
+ }
+
+ // test cert validation
+ template<> template<>
+ void sechandler_basic_test_object::test<9>()
+ {
+ // start with a trusted store with our known root cert
+ LLFile::remove("mycertstore.pem");
+ LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
+ test_store->add(new LLBasicCertificate(mX509RootCert, &mValidationDate));
+ LLSD validation_params;
+
+ // validate basic trust for a chain containing only the intermediate cert. (1 deep)
+ LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
+
+ test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
+
+ test_store->validate(0, test_chain, validation_params);
+
+ // add the root certificate to the chain and revalidate
+ test_chain->add(new LLBasicCertificate(mX509RootCert, &mValidationDate));
+ test_store->validate(0, test_chain, validation_params);
+
+ // add the child cert at the head of the chain, and revalidate (3 deep chain)
+ test_chain->insert(test_chain->begin(), new LLBasicCertificate(mX509ChildCert, &mValidationDate));
+ test_store->validate(0, test_chain, validation_params);
+
+ // basic failure cases
+ test_chain = new LLBasicCertificateChain(NULL);
+ //validate with only the child cert in chain, but child cert was previously
+ // trusted
+ test_chain->add(new LLBasicCertificate(mX509ChildCert, &mValidationDate));
+
+ // validate without the trust flag.
+ test_store->validate(VALIDATION_POLICY_TRUSTED, test_chain, validation_params);
+
+ // Validate with child cert but no parent, and no parent in CA store
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_throws("no CA, with only a child cert",
+ LLCertValidationTrustException,
+ (*test_chain)[0],
+ test_store->validate,
+ VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+
+
+ // validate without the trust flag.
+ test_store->validate(0, test_chain, validation_params);
+
+ // clear out the store
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ // append the intermediate cert
+ test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
+ ensure_throws("no CA, with child and intermediate certs",
+ LLCertValidationTrustException,
+ (*test_chain)[1],
+ test_store->validate,
+ VALIDATION_POLICY_TRUSTED | VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+ // validate without the trust flag
+ test_store->validate(0, test_chain, validation_params);
+
+ // Test time validity
+ LLSD child_info;
+ ((*test_chain)[0])->getLLSD(child_info);
+ validation_params = LLSD::emptyMap();
+ validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() + 1.0);
+ test_store->validate(VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
+ test_chain, validation_params);
+
+ validation_params = LLSD::emptyMap();
+ validation_params[CERT_VALIDATION_DATE] = child_info[CERT_VALID_FROM].asDate();
+
+ validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() - 1.0);
+
+ // test not yet valid
+ ensure_throws("Child cert not yet valid" ,
+ LLCertValidationExpirationException,
+ (*test_chain)[0],
+ test_store->validate,
+ VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+ validation_params = LLSD::emptyMap();
+ validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_TO].asDate().secondsSinceEpoch() + 1.0);
+
+ // test cert expired
+ ensure_throws("Child cert expired",
+ LLCertValidationExpirationException,
+ (*test_chain)[0],
+ test_store->validate,
+ VALIDATION_POLICY_TIME | VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+
+ // test SSL KU
+ // validate basic trust for a chain containing child and intermediate.
+ test_chain = new LLBasicCertificateChain(NULL);
+ test_chain->add(new LLBasicCertificate(mX509ChildCert, &mValidationDate));
+ test_chain->add(new LLBasicCertificate(mX509IntermediateCert, &mValidationDate));
+ test_store->validate(VALIDATION_POLICY_SSL_KU | VALIDATION_POLICY_TRUSTED,
+ test_chain, validation_params);
+
+ test_chain = new LLBasicCertificateChain(NULL);
+ test_chain->add(new LLBasicCertificate(mX509TestCert, &mValidationDate));
+
+ test_store = new LLBasicCertificateStore("mycertstore.pem");
+ ensure_throws("Cert doesn't have ku",
+ LLCertKeyUsageValidationException,
+ (*test_chain)[0],
+ test_store->validate,
+ VALIDATION_POLICY_SSL_KU | VALIDATION_POLICY_TRUSTED,
+ test_chain,
+ validation_params);
+
+ test_store->validate(0, test_chain, validation_params);
+ }
+
+};
+