context("Test p12 / p7b format") test_that("reading p12 certificates", { skip_if(fips_mode()) p1 <- read_p12("../google.dk/wildcard-google.dk-chain.p12") expect_error(read_p12("../google.dk/wildcard-google.dk-chain-password.p12", password = ""), "password") p2 <- read_p12("../google.dk/wildcard-google.dk-chain-password.p12", password = "password") expect_identical(p1, p2) bundle <- read_cert_bundle("../google.dk/wildcard-google.dk-chain.pem") expect_identical(p1$ca, bundle) leaf <- read_cert("../google.dk/wildcard-google.dk-leaf.crt", der = TRUE) expect_identical(leaf, bundle[[1]]) }) test_that("reading p12 keys", { skip_if(fips_mode()) expect_error(read_p12("../certigo/example-root.p12", password = ""), "password") b1 <- read_p12("../certigo/example-root.p12", password = "password") c1 <- read_cert("../certigo/example-root.crt") p7 <- read_p7b("../certigo/example-root.p7b") expect_identical(b1$cert, c1) expect_identical(c1, p7[[1]]) expect_identical(b1$cert$pubkey, b1$key$pubkey) expect_error(read_p12("../certigo/example-leaf.p12", password = ""), "password") b2<- read_p12("../certigo/example-leaf.p12", password = "password") c2 <- read_cert("../certigo/example-leaf.crt") p7 <- read_p7b("../certigo/example-leaf.p7b") expect_identical(b2$cert, c2) expect_identical(c2, p7[[1]]) expect_identical(b2$cert$pubkey, b2$key$pubkey) if(isTRUE(openssl_config()$ec)){ expect_error(read_p12("../certigo/example-elliptic-sha1.p12", password = ""), "password") b3 <- read_p12("../certigo/example-elliptic-sha1.p12", password = "password") c3 <- read_cert("../certigo/example-elliptic-sha1.crt") p7 <- read_p7b("../certigo/example-elliptic-sha1.p7b") k3 <- read_key("../certigo/example-elliptic-sha1.key") expect_identical(b3$cert, c3) expect_identical(c3, p7[[1]]) expect_identical(b3$key, k3) expect_identical(b3$cert$pubkey, b3$key$pubkey) } }) test_that("roundtrip p12 key and cert", { skip_if(fips_mode()) if(isTRUE(openssl_config()$ec)){ b3 <- read_p12("../certigo/example-elliptic-sha1.p12", password = "password") c3 <- read_cert("../certigo/example-elliptic-sha1.crt") k3 <- read_key("../certigo/example-elliptic-sha1.key") buf <- write_p12(key = k3, cert = c3, name = "example-elliptic-sha1") expect_identical(b3, read_p12(buf)) } }) test_that("writing big p12 bundle", { skip_if(fips_mode()) if(isTRUE(openssl_config()$ec)){ bundle = ca_bundle() #Roundtrip via p12 buf <- write_p12(ca = bundle, password = 'test') out <- read_p12(buf, password = 'test') expect_equal(bundle, out$ca) # Roundtrip via p7b buf <- write_p7b(ca = bundle) out <- read_p7b(buf) expect_equal(bundle, out) } }) test_that("reading encrypted p7b", { skip_if(fips_mode()) msg <- pkcs7_decrypt("../keys/encrypted.rsa.p7b", key = "../keys/id_rsa") expect_equal(trimws(rawToChar(msg)), "yolo") # roundtrip testdata <- serialize(iris, NULL) buf <- pkcs7_encrypt(testdata, cert = "../keys/id_rsa.crt") expect_equal(pkcs7_decrypt(buf, "../keys/id_rsa"), testdata) })