diff --git a/include/aws/io/pem.h b/include/aws/io/pem.h index ce84f8f8b..9649bbcdc 100644 --- a/include/aws/io/pem.h +++ b/include/aws/io/pem.h @@ -39,41 +39,57 @@ enum aws_pem_object_type { AWS_PEM_TYPE_SM2_PARAMETERS }; +/* + * Describes PEM object decoded from file. + * data points to raw data bytes of object (decoding will do additional base 64 + * decoding for each object). + * type will be set to object type or to AWS_PEM_TYPE_UNKNOWN if it could not + * figure out type. + * type_buf are the types bytes, i.e. the string between -----BEGIN and ----- + */ struct aws_pem_object { enum aws_pem_object_type type; struct aws_byte_buf type_buf; - struct aws_byte_buf data; + struct aws_byte_buf data; }; /** - * Cleans up and securely zeroes out the outputs of 'aws_decode_pem_to_buffer_list()' - * and 'aws_read_and_decode_pem_file_to_buffer_list()' + * Cleans up and securely zeroes out the outputs of 'aws_decode_pem_to_object_list()' + * and 'aws_read_and_decode_pem_file_to_object_list()' */ AWS_IO_API void aws_pem_objects_clean_up(struct aws_array_list *pem_objects); /** - * Decodes a PEM file and adds the results to 'cert_chain_or_key' if successful. - * Otherwise, 'cert_chain_or_key' will be empty. The type stored in 'cert_chain_or_key' - * is 'struct aws_byte_buf' by value. This code is slow, and it allocates, so please try + * Decodes PEM data and reads objects sequentially adding them to pem_objects. + * If it comes across an object it cannot read, list of all object read until + * that point is returned. + * If no objects can be read PEM or objects could not be base 64 decoded, + * AWS_ERROR_PEM_MALFORMED_OBJECT is raised. + * out_pem_objects stores aws_pem_object struct by value. + * Caller must initialize out_pem_objects before calling the function. + * This code is slow, and it allocates, so please try * not to call this in the middle of something that needs to be fast or resource sensitive. */ -AWS_IO_API int aws_decode_pem_to_buffer_list( +AWS_IO_API int aws_decode_pem_to_object_list( struct aws_allocator *alloc, struct aws_byte_cursor pem_cursor, - struct aws_array_list *pem_objects); + struct aws_array_list *out_pem_objects); /** - * Decodes a PEM file at 'filename' and adds the results to 'cert_chain_or_key' if successful. - * Otherwise, 'cert_chain_or_key' will be empty. - * The passed-in parameter 'cert_chain_or_key' should be empty and dynamically initialized array_list - * with item type 'struct aws_byte_buf' in value. - * This code is slow, and it allocates, so please try not to call this in the middle of - * something that needs to be fast or resource sensitive. + * Decodes PEM data from file and reads objects sequentially adding them to pem_objects. + * If it comes across an object it cannot read, list of all object read until + * that point is returned. + * If no objects can be read PEM or objects could not be base 64 decoded, + * AWS_ERROR_PEM_MALFORMED_OBJECT is raised. + * out_pem_objects stores aws_pem_object struct by value. + * Caller must initialize out_pem_objects before calling the function. + * This code is slow, and it allocates, so please try + * not to call this in the middle of something that needs to be fast or resource sensitive. */ -AWS_IO_API int aws_read_and_decode_pem_file_to_buffer_list( +AWS_IO_API int aws_read_and_decode_pem_file_to_object_list( struct aws_allocator *allocator, const char *filename, - struct aws_array_list *pem_objects); + struct aws_array_list *out_pem_objects); AWS_EXTERN_C_END #endif /* AWS_IO_PEM_READER_H */ diff --git a/source/darwin/darwin_pki_utils.c b/source/darwin/darwin_pki_utils.c index 94918b0ef..6238202ab 100644 --- a/source/darwin/darwin_pki_utils.c +++ b/source/darwin/darwin_pki_utils.c @@ -44,7 +44,7 @@ int aws_import_ecc_key_into_keychain( } /* Decode PEM format file to DER format */ - if (aws_decode_pem_to_buffer_list(alloc, *private_key, &decoded_key_buffer_list)) { + if (aws_decode_pem_to_object_list(alloc, *private_key, &decoded_key_buffer_list)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: Failed to decode PEM private key to DER format."); goto ecc_import_cleanup; } @@ -213,7 +213,7 @@ int aws_import_public_and_private_keys_to_identity( goto done; } - if (aws_decode_pem_to_buffer_list(alloc, *public_cert_chain, &cert_chain_list)) { + if (aws_decode_pem_to_object_list(alloc, *public_cert_chain, &cert_chain_list)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: decoding certificate PEM failed."); aws_array_list_clean_up(&cert_chain_list); result = AWS_OP_ERR; @@ -329,7 +329,7 @@ int aws_import_trusted_certificates( return AWS_OP_ERR; } - if (aws_decode_pem_to_buffer_list(alloc, *certificates_blob, &certificates)) { + if (aws_decode_pem_to_object_list(alloc, *certificates_blob, &certificates)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: decoding CA PEM failed."); aws_array_list_clean_up(&certificates); return AWS_OP_ERR; diff --git a/source/io.c b/source/io.c index e93431659..54b3f1e69 100644 --- a/source/io.c +++ b/source/io.c @@ -342,8 +342,7 @@ static struct aws_log_subject_info s_io_log_subject_infos[] = { "standard-retry-strategy", "Subject for standard retry strategy"), DEFINE_LOG_SUBJECT_INFO(AWS_LS_IO_PKCS11, "pkcs11", "Subject for PKCS#11 library operations"), - DEFINE_LOG_SUBJECT_INFO(AWS_LS_IO_PEM, "pem", "Subject for pem operations") -}; + DEFINE_LOG_SUBJECT_INFO(AWS_LS_IO_PEM, "pem", "Subject for pem operations")}; static struct aws_log_subject_info_list s_io_log_subject_list = { .subject_list = s_io_log_subject_infos, diff --git a/source/pem.c b/source/pem.c index 02c16ac8b..2714f4ad8 100644 --- a/source/pem.c +++ b/source/pem.c @@ -2,10 +2,10 @@ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ -#include #include -#include +#include #include +#include #include @@ -102,28 +102,36 @@ int aws_sanitize_pem(struct aws_byte_buf *pem, struct aws_allocator *allocator) } /* -* Possible PEM object types. openssl/pem.h used as a source of truth for -* possible types. -*/ + * Possible PEM object types. openssl/pem.h used as a source of truth for + * possible types. + */ static struct aws_byte_cursor s_pem_type_x509_old_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("X509 CERTIFICATE"); static struct aws_byte_cursor s_pem_type_x509_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("CERTIFICATE"); -static struct aws_byte_cursor s_pem_type_x509_trusted_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("TRUSTED CERTIFICATE"); -static struct aws_byte_cursor s_pem_type_x509_req_old_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("NEW CERTIFICATE REQUEST"); +static struct aws_byte_cursor s_pem_type_x509_trusted_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("TRUSTED CERTIFICATE"); +static struct aws_byte_cursor s_pem_type_x509_req_old_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("NEW CERTIFICATE REQUEST"); static struct aws_byte_cursor s_pem_type_x509_req_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("CERTIFICATE REQUEST"); static struct aws_byte_cursor s_pem_type_x509_crl_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("X509 CRL"); static struct aws_byte_cursor s_pem_type_evp_pkey_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("ANY PRIVATE KEY"); static struct aws_byte_cursor s_pem_type_public_pkcs8_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PUBLIC KEY"); -static struct aws_byte_cursor s_pem_type_private_rsa_pkcs1_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_private_rsa_pkcs1_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PRIVATE KEY"); static struct aws_byte_cursor s_pem_type_public_rsa_pkcs1_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PUBLIC KEY"); -static struct aws_byte_cursor s_pem_type_private_dsa_pkcs1_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_private_dsa_pkcs1_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PRIVATE KEY"); static struct aws_byte_cursor s_pem_type_public_dsa_pkcs1_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PUBLIC KEY"); static struct aws_byte_cursor s_pem_type_pkcs7_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PKCS7"); -static struct aws_byte_cursor s_pem_type_pkcs7_signed_data_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PKCS #7 SIGNED DATA"); -static struct aws_byte_cursor s_pem_type_private_pkcs8_encrypted_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("ENCRYPTED PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_pkcs7_signed_data_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PKCS #7 SIGNED DATA"); +static struct aws_byte_cursor s_pem_type_private_pkcs8_encrypted_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("ENCRYPTED PRIVATE KEY"); static struct aws_byte_cursor s_pem_type_private_pkcs8_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PRIVATE KEY"); static struct aws_byte_cursor s_pem_type_dh_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("DH PARAMETERS"); -static struct aws_byte_cursor s_pem_type_dh_parameters_x942_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("X9.42 DH PARAMETERS"); -static struct aws_byte_cursor s_pem_type_ssl_session_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("SSL SESSION PARAMETERS"); +static struct aws_byte_cursor s_pem_type_dh_parameters_x942_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("X9.42 DH PARAMETERS"); +static struct aws_byte_cursor s_pem_type_ssl_session_parameters_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("SSL SESSION PARAMETERS"); static struct aws_byte_cursor s_pem_type_dsa_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("DSA PARAMETERS"); static struct aws_byte_cursor s_pem_type_ecdsa_public_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("ECDSA PUBLIC KEY"); static struct aws_byte_cursor s_pem_type_ec_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("EC PARAMETERS"); @@ -149,13 +157,13 @@ void aws_pem_objects_clean_up(struct aws_array_list *cert_chain) { enum aws_pem_object_type s_map_type_cur_to_type(struct aws_byte_cursor type_cur) { /* - * Putting all those in a hash table might be a bit faster depending on - * hashing function cost, but it complicates code considerably for a - * potential small gain. PEM parsing is already slow due to multiple - * allocations and should not be used in perf critical places. - * So choosing dumb and easy approach over something more complicated and we - * can reevaluate decision in the future. - */ + * Putting all those in a hash table might be a bit faster depending on + * hashing function cost, but it complicates code considerably for a + * potential small gain. PEM parsing is already slow due to multiple + * allocations and should not be used in perf critical places. + * So choosing dumb and easy approach over something more complicated and we + * can reevaluate decision in the future. + */ if (aws_byte_cursor_eq(&type_cur, &s_pem_type_x509_old_cur)) { return AWS_PEM_TYPE_X509_OLD; } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_x509_cur)) { @@ -224,8 +232,9 @@ int s_extract_header_type_cur(struct aws_byte_cursor cur, struct aws_byte_cursor } aws_byte_cursor_advance(&cur, s_begin_header_cur.len); + aws_byte_cursor_advance(&cur, 1); // space after begin struct aws_byte_cursor type_cur = aws_byte_cursor_advance(&cur, cur.len - s_delim_cur.len); - + if (!aws_byte_cursor_eq(&cur, &s_delim_cur)) { AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Invalid PEM buffer: invalid end token"); return aws_raise_error(AWS_ERROR_PEM_MALFORMED_OBJECT); @@ -268,7 +277,7 @@ static int s_convert_pem_to_raw_base64( struct aws_byte_cursor *line_cur_ptr = NULL; int error = aws_array_list_get_at_ptr(&split_buffers, (void **)&line_cur_ptr, i); /* should never fail as we control array size and how we index into list */ - AWS_FATAL_ASSERT(error == AWS_OP_SUCCESS); + AWS_FATAL_ASSERT(error == AWS_OP_SUCCESS); /* Burn off the padding in the buffer first. * Worst case we'll only have to do this once per line in the buffer. */ @@ -306,10 +315,7 @@ static int s_convert_pem_to_raw_base64( struct aws_byte_buf type_buf; aws_byte_buf_init_copy_from_cursor(&type_buf, allocator, current_obj_type_cur); struct aws_pem_object pem_object = { - .data = current_obj_buf, - .type_buf = type_buf, - .type = current_obj_type - }; + .data = current_obj_buf, .type_buf = type_buf, .type = current_obj_type}; if (aws_array_list_push_back(pem_objects, &pem_object)) { goto on_end_of_loop; @@ -325,7 +331,7 @@ static int s_convert_pem_to_raw_base64( /* actually on a line with data in it. */ } else { if (on_length_calc) { - current_obj_len += line_cur_ptr->len; + current_obj_len += line_cur_ptr->len; } else { if (aws_byte_buf_append(¤t_obj_buf, line_cur_ptr)) { goto on_end_of_loop; @@ -341,7 +347,7 @@ static int s_convert_pem_to_raw_base64( /* * Note: this function only hard error if nothing can be parsed out of file. - * Otherwise it succeeds and returns whatever was parsed successfully. + * Otherwise it succeeds and returns whatever was parsed successfully. */ on_end_of_loop: aws_array_list_clean_up(&split_buffers); @@ -356,7 +362,7 @@ static int s_convert_pem_to_raw_base64( return aws_raise_error(AWS_ERROR_PEM_MALFORMED_OBJECT); } -int aws_decode_pem_to_buffer_list( +int aws_decode_pem_to_object_list( struct aws_allocator *allocator, struct aws_byte_cursor pem_cursor, struct aws_array_list *pem_objects) { @@ -394,14 +400,14 @@ int aws_decode_pem_to_buffer_list( pem_obj_ptr->data = decoded_buffer; } - return AWS_OP_SUCCESS; + return AWS_OP_SUCCESS; on_error: aws_pem_objects_clean_up(pem_objects); return AWS_OP_ERR; } -int aws_read_and_decode_pem_file_to_buffer_list( +int aws_read_and_decode_pem_file_to_object_list( struct aws_allocator *alloc, const char *filename, struct aws_array_list *pem_objects) { @@ -414,7 +420,7 @@ int aws_read_and_decode_pem_file_to_buffer_list( AWS_ASSERT(raw_file_buffer.buffer); struct aws_byte_cursor file_cursor = aws_byte_cursor_from_buf(&raw_file_buffer); - if (aws_decode_pem_to_buffer_list(alloc, file_cursor, pem_objects)) { + if (aws_decode_pem_to_object_list(alloc, file_cursor, pem_objects)) { aws_byte_buf_clean_up_secure(&raw_file_buffer); AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Failed to decode PEM file %s.", filename); return AWS_OP_ERR; diff --git a/source/windows/windows_pki_utils.c b/source/windows/windows_pki_utils.c index 4ccc5b73d..065038a4a 100644 --- a/source/windows/windows_pki_utils.c +++ b/source/windows/windows_pki_utils.c @@ -3,8 +3,8 @@ * SPDX-License-Identifier: Apache-2.0. */ -#include #include +#include #include @@ -188,7 +188,7 @@ int aws_import_trusted_certificates( return AWS_OP_ERR; } - if (aws_decode_pem_to_buffer_list(alloc, *certificates_blob, &certificates)) { + if (aws_decode_pem_to_object_list(alloc, *certificates_blob, &certificates)) { goto clean_up; } @@ -569,7 +569,7 @@ int aws_import_key_pair_to_cert_context( return AWS_OP_ERR; } - if (aws_decode_pem_to_buffer_list(alloc, *public_cert_chain, &certificates)) { + if (aws_decode_pem_to_object_list(alloc, *public_cert_chain, &certificates)) { AWS_LOGF_ERROR( AWS_LS_IO_PKI, "static: failed to decode cert pem to buffer list with error %d", (int)aws_last_error()); goto clean_up; @@ -579,7 +579,7 @@ int aws_import_key_pair_to_cert_context( goto clean_up; } - if (aws_decode_pem_to_buffer_list(alloc, *private_key, &private_keys)) { + if (aws_decode_pem_to_object_list(alloc, *private_key, &private_keys)) { AWS_LOGF_ERROR( AWS_LS_IO_PKI, "static: failed to decode key pem to buffer list with error %d", (int)aws_last_error()); goto clean_up; diff --git a/tests/pem_test.c b/tests/pem_test.c index 2a1f8b653..61a9627a0 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -3,8 +3,8 @@ * SPDX-License-Identifier: Apache-2.0. */ #include -#include #include +#include #include @@ -210,12 +210,14 @@ static int s_test_pem_cert_parse_from_file(struct aws_allocator *allocator, void struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_read_and_decode_pem_file_to_buffer_list(allocator, "testparse.crt", &output_list)); + ASSERT_SUCCESS(aws_read_and_decode_pem_file_to_object_list(allocator, "testparse.crt", &output_list)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); aws_pem_objects_clean_up(&output_list); aws_array_list_clean_up(&output_list); @@ -300,12 +302,14 @@ static int s_test_pem_private_key_parse_from_file(struct aws_allocator *allocato struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_read_and_decode_pem_file_to_buffer_list(allocator, "unittests.key", &output_list)); + ASSERT_SUCCESS(aws_read_and_decode_pem_file_to_object_list(allocator, "unittests.key", &output_list)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "RSA PRIVATE KEY"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_PRIVATE_RSA_PKCS1, pem_object->type); aws_pem_objects_clean_up(&output_list); aws_array_list_clean_up(&output_list); @@ -376,12 +380,14 @@ static int s_test_pem_single_cert_parse(struct aws_allocator *allocator, void *c struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_decode_pem_to_buffer_list(allocator, pem_data, &output_list)); + ASSERT_SUCCESS(aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); aws_pem_objects_clean_up(&output_list); aws_array_list_clean_up(&output_list); @@ -588,18 +594,24 @@ static int s_test_pem_cert_chain_parse(struct aws_allocator *allocator, void *ct struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_decode_pem_to_buffer_list(allocator, pem_data, &output_list)); + ASSERT_SUCCESS(aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(3, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); ASSERT_BIN_ARRAYS_EQUALS( s_expected_intermediate_1, sizeof(s_expected_intermediate_1), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 1); ASSERT_BIN_ARRAYS_EQUALS( s_expected_intermediate_2, sizeof(s_expected_intermediate_2), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 2); ASSERT_BIN_ARRAYS_EQUALS(s_expected_leaf, sizeof(s_expected_leaf), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); aws_pem_objects_clean_up(&output_list); aws_array_list_clean_up(&output_list); @@ -712,12 +724,14 @@ static int s_test_pem_private_key_parse(struct aws_allocator *allocator, void *c struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_decode_pem_to_buffer_list(allocator, pem_data, &output_list)); + ASSERT_SUCCESS(aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "RSA PRIVATE KEY"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_PRIVATE_RSA_PKCS1, pem_object->type); aws_pem_objects_clean_up(&output_list); aws_array_list_clean_up(&output_list); @@ -940,18 +954,24 @@ static int s_test_pem_cert_chain_comments_and_whitespace(struct aws_allocator *a struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_decode_pem_to_buffer_list(allocator, pem_data, &output_list)); + ASSERT_SUCCESS(aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(3, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); ASSERT_BIN_ARRAYS_EQUALS( s_expected_intermediate_1, sizeof(s_expected_intermediate_1), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 1); ASSERT_BIN_ARRAYS_EQUALS( s_expected_intermediate_2, sizeof(s_expected_intermediate_2), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 2); ASSERT_BIN_ARRAYS_EQUALS(s_expected_leaf, sizeof(s_expected_leaf), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_buf(&pem_object->type_buf), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); aws_pem_objects_clean_up(&output_list); aws_array_list_clean_up(&output_list); @@ -984,7 +1004,7 @@ static int s_test_pem_invalid_parse(struct aws_allocator *allocator, void *ctx) struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED_OBJECT, aws_decode_pem_to_buffer_list(allocator, pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED_OBJECT, aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list); @@ -1017,7 +1037,7 @@ static int s_test_pem_valid_data_invalid_parse(struct aws_allocator *allocator, struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED_OBJECT, aws_decode_pem_to_buffer_list(allocator, pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED_OBJECT, aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list); @@ -1089,7 +1109,7 @@ static int s_test_pem_invalid_in_chain_parse(struct aws_allocator *allocator, vo struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED_OBJECT, aws_decode_pem_to_buffer_list(allocator, pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED_OBJECT, aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list);