Ticket #1311: Add tests for the PKI cert validation (!1200) · Merge requests · Systerel / S2OPC

Nathan Lebeau requested to merge pki_additional_tests into master Dec 06, 2023

Some explanations on the implementation of theses tests (you can find some information in the README files):

point 1. of the issue (verification of a chain):

I made some simple chains of 3 certificates and used already existing certificates.
point 2. of the issue (self-signed CA certificates with pathlen):

I needed to create some certificates here:
- ca_selfsigned_pathLen0 (and its corresponding private key ca_selfsigned_pathLen0key.pem) for the first two cases of the point. I put this certificate in samples/ and it is copied in the build folder S2OPC_Demo_PKI/ since it may be used for a successful validation case.
- ca_selfsigned_pathLen1 and ca_selfsigned_missingPathLen which are used for testing degraged cases only. I then put them in tests/ and copied them in a dedicated folder in the build: check_pki_cert_validate_test_data/. These two certificates have been made with two new keys that I deleted (the certificates are valid for 100 years).
point 3. of the issuer (CRL not renewd):

I needed to make a CRL here. I put this CRL in tests/ (with the degraged certificates) since it also only tests a degraded case.

Edited Dec 06, 2023 by Nathan Lebeau

Ticket #1311: Add tests for the PKI cert validation