Major plugin refactor and cleanup.

Switched to POCO library for unified platform/library interface.
Deprecated the external module API. It was creating more problems than solving.
Removed most built-in libraries in favor of system libraries for easier maintenance.
Cleaned and secured code with help from static analyzers.

vendor/POCO/Crypto/testsuite/src/CryptoTest.cpp

@@ -0,0 +1,426 @@
+//
+// CryptoTest.cpp
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "CryptoTest.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include "Poco/Crypto/CipherFactory.h"
+#include "Poco/Crypto/Cipher.h"
+#include "Poco/Crypto/CipherKey.h"
+#include "Poco/Crypto/X509Certificate.h"
+#include "Poco/Crypto/CryptoStream.h"
+#include "Poco/Crypto/CryptoTransform.h"
+#include "Poco/StreamCopier.h"
+#include "Poco/Base64Encoder.h"
+#include "Poco/HexBinaryEncoder.h"
+#include <sstream>
+
+
+using namespace Poco::Crypto;
+
+
+static const std::string APPINF_PEM(
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIESzCCAzOgAwIBAgIBATALBgkqhkiG9w0BAQUwgdMxEzARBgNVBAMMCmFwcGlu\n"
+	"Zi5jb20xNjA0BgNVBAoMLUFwcGxpZWQgSW5mb3JtYXRpY3MgU29mdHdhcmUgRW5n\n"
+	"aW5lZXJpbmcgR21iSDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEjAQBgNVBAgMCUNh\n"
+	"cmludGhpYTELMAkGA1UEBhMCQVQxHjAcBgNVBAcMFVN0LiBKYWtvYiBpbSBSb3Nl\n"
+	"bnRhbDEtMCsGCSqGSIb3DQEJARYeZ3VlbnRlci5vYmlsdHNjaG5pZ0BhcHBpbmYu\n"
+	"Y29tMB4XDTA5MDUwNzE0NTY1NloXDTI5MDUwMjE0NTY1NlowgdMxEzARBgNVBAMM\n"
+	"CmFwcGluZi5jb20xNjA0BgNVBAoMLUFwcGxpZWQgSW5mb3JtYXRpY3MgU29mdHdh\n"
+	"cmUgRW5naW5lZXJpbmcgR21iSDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEjAQBgNV\n"
+	"BAgMCUNhcmludGhpYTELMAkGA1UEBhMCQVQxHjAcBgNVBAcMFVN0LiBKYWtvYiBp\n"
+	"bSBSb3NlbnRhbDEtMCsGCSqGSIb3DQEJARYeZ3VlbnRlci5vYmlsdHNjaG5pZ0Bh\n"
+	"cHBpbmYuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA89GolWCR\n"
+	"KtLQclJ2M2QtpFqzNC54hUQdR6n8+DAeruH9WFwLSdWW2fEi+jrtd/WEWCdt4PxX\n"
+	"F2/eBYeURus7Hg2ZtJGDd3je0+Ygsv7+we4cMN/knaBY7rATqhmnZWk+yBpkf5F2\n"
+	"IHp9gBxUaJWmt/bq3XrvTtzrDXpCd4zg4zPXZ8IC8ket5o3K2vnkAOsIsgN+Ffqd\n"
+	"4GjF4dsblG6u6E3VarGRLwGtgB8BAZOA/33mV4FHSMkc4OXpAChaK3tM8YhrLw+m\n"
+	"XtsfqDiv1825S6OWFCKGj/iX8X2QAkrdB63vXCSpb3de/ByIUfp31PpMlMh6dKo1\n"
+	"vf7yj0nb2w0utQIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAww\n"
+	"CgYIKwYBBQUHAwMwDQYJKoZIhvcNAQEFBQADggEBAM0cpfb4BgiU/rkYe121P581\n"
+	"ftg5Ck1PYYda1Fy/FgzbgJh2AwVo/6sn6GF79/QkEcWEgtCMNNO3LMTTddUUApuP\n"
+	"jnEimyfmUhIThyud/vryzTMNa/eZMwaAqUQWqLf+AwgqjUsBSMenbSHavzJOpsvR\n"
+	"LI0PQ1VvqB+3UGz0JUnBJiKvHs83Fdm4ewPAf3M5fGcIa+Fl2nU5Plzwzskj84f6\n"
+	"73ZlEEi3aW9JieNy7RWsMM+1E8Sj2CGRZC4BM9V1Fgnsh4+VHX8Eu7eHucvfeIYx\n"
+	"3mmLMoK4sCayL/FGhrUDw5AkWb8tKNpRXY+W60Et281yxQSeWLPIbatVzIWI0/M=\n"
+	"-----END CERTIFICATE-----\n"
+);
+
+static const std::string UTF8_PEM(
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIDEzCCArigAwIBAgIQAKegojl/YLNUPqTyCnQ4LzAKBggqhkjOPQQDAjB0MQsw\n"
+	"CQYDVQQGEwJDSDEQMA4GA1UECgwHU2llbWVuczEUMBIGA1UECwwLQlQgRGl2aXNp\n"
+	"b24xPTA7BgNVBAMMNEt1cnpSUzFNUDIyc3ByaW50NTlwcmVWVlMgcHJvamVjdCBp\n"
+	"bnRlcm1lZGlhdGUgQ0EgRUMwHhcNMTkxMTI3MDAwMDAwWhcNMjQxMTI4MTkzMzQw\n"
+	"WjCCAQMxJDAiBgNVBAUTG1BJRDpQWEM1LkUwMDMgU046MTQwMDA0RDhFMjELMAkG\n"
+	"A1UEBhMCQ0gxEDAOBgNVBAoMB1NpZW1lbnMxFzAVBgNVBAsMDlNJIEJQIERpdmlz\n"
+	"aW9uMQwwCgYDVQQIDANadWcxHjAcBgNVBAcMFVrDpGhsZXJ3ZWcgNyBSb29tIDU0\n"
+	"NDEnMCUGCSqGSIb3DQEJARYYcmljaGFyZC5rdXJ6QHNpZW1lbnMuY29tMRgwFgYD\n"
+	"VQQLDA9TU0wgQ2VydGlmaWNhdGUxMjAwBgNVBAMMKUt1cnpSUzFNUDIyc3ByaW50\n"
+	"NTlwcmVWVlMuS3VyUFhDNUJOUjM3NjUyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n"
+	"QgAEJjy+wx/mN9FbW3/IoOAOXdbfQvF1gF8wNasHUeLdn1UsCABnaAZTytqX7gMD\n"
+	"Y5HS32SIvdULYwsy6Dn3CO5tVKOBmjCBlzAOBgNVHQ8BAf8EBAMCA6gwIAYDVR0l\n"
+	"AQH/BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0O\n"
+	"BBYEFIbtuXQJoVh7FlYiWZeWT2ooEQRNMB8GA1UdIwQYMBaAFOtUSuT1OYK7bNS4\n"
+	"Mqz0UGPoGavuMBUGA1UdEQQOMAyHBAqqt7SHBMCo/AEwCgYIKoZIzj0EAwIDSQAw\n"
+	"RgIhANBQnB1HFLHp7t8oZbLYsm8nWI0hshmVQupXV9oFwb4qAiEAg5UqSDnvAax3\n"
+	"LWWgnAZJkUS0AEQXu4Rx9ZiP7wBdFtA=\n"
+	"-----END CERTIFICATE-----\n"
+);
+
+CryptoTest::CryptoTest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+CryptoTest::~CryptoTest()
+{
+}
+
+
+void CryptoTest::testEncryptDecrypt()
+{
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(CipherKey("aes256"));
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_NONE);
+		std::string result = pCipher->decryptString(out, Cipher::ENC_NONE);
+		assertTrue (in == result);
+	}
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_BASE64);
+		std::string result = pCipher->decryptString(out, Cipher::ENC_BASE64);
+		assertTrue (in == result);
+	}
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_BINHEX);
+		std::string result = pCipher->decryptString(out, Cipher::ENC_BINHEX);
+		assertTrue (in == result);
+	}
+}
+
+
+void CryptoTest::testEncryptDecryptWithSalt()
+{
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(CipherKey("aes256", "simplepwd", "Too much salt"));
+	Cipher::Ptr pCipher2 = CipherFactory::defaultFactory().createCipher(CipherKey("aes256", "simplepwd", "Too much salt"));
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_NONE);
+		std::string result = pCipher2->decryptString(out, Cipher::ENC_NONE);
+		assertTrue (in == result);
+	}
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_BASE64);
+		std::string result = pCipher2->decryptString(out, Cipher::ENC_BASE64);
+		assertTrue (in == result);
+	}
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_BINHEX);
+		std::string result = pCipher2->decryptString(out, Cipher::ENC_BINHEX);
+		assertTrue (in == result);
+	}
+}
+
+
+void CryptoTest::testEncryptDecryptWithSaltSha1()
+{
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(
+		CipherKey("aes256", "simplepwd", "Too much salt", 2000, "sha1"));
+	Cipher::Ptr pCipher2 = CipherFactory::defaultFactory().createCipher(
+		CipherKey("aes256", "simplepwd", "Too much salt", 2000, "sha1"));
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_NONE);
+		std::string result = pCipher2->decryptString(out, Cipher::ENC_NONE);
+		assertTrue (in == result);
+	}
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_BASE64);
+		std::string result = pCipher2->decryptString(out, Cipher::ENC_BASE64);
+		assertTrue (in == result);
+	}
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_BINHEX);
+		std::string result = pCipher2->decryptString(out, Cipher::ENC_BINHEX);
+		assertTrue (in == result);
+	}
+}
+
+
+void CryptoTest::testEncryptDecryptDESECB()
+{
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(CipherKey("des-ecb", "password"));
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_NONE);
+		std::string result = pCipher->decryptString(out, Cipher::ENC_NONE);
+		assertTrue (in == result);
+	}
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_BASE64);
+		std::string result = pCipher->decryptString(out, Cipher::ENC_BASE64);
+		assertTrue (in == result);
+	}
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::string in(n, 'x');
+		std::string out = pCipher->encryptString(in, Cipher::ENC_BINHEX);
+		std::string result = pCipher->decryptString(out, Cipher::ENC_BINHEX);
+		assertTrue (in == result);
+	}
+}
+
+
+void CryptoTest::testEncryptDecryptGCM()
+{
+	CipherKey key("aes-256-gcm");
+
+	CipherKey::ByteVec iv(20, 213);
+	key.setIV(iv);
+
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(key);
+
+	for (std::size_t n = 1; n < MAX_DATA_SIZE; n++)
+	{
+		std::stringstream str;
+		CryptoTransform::Ptr pEncryptor = pCipher->createEncryptor();
+		CryptoOutputStream encryptorStream(str, pEncryptor);
+		std::string in(n, 'x');
+		encryptorStream << in;
+		encryptorStream.close();
+		assertTrue (encryptorStream.good());
+
+		std::string tag = pEncryptor->getTag();
+
+		CryptoTransform::Ptr pDecryptor = pCipher->createDecryptor();
+		pDecryptor->setTag(tag);
+		CryptoInputStream decryptorStream(str, pDecryptor);
+		std::string out;
+		decryptorStream >> out;
+
+		assertTrue (in == out);
+	}
+}
+
+
+void CryptoTest::testPassword()
+{
+	CipherKey key("aes256", "password", "salt");
+
+	std::ostringstream keyStream;
+	Poco::Base64Encoder base64KeyEnc(keyStream);
+	base64KeyEnc.write(reinterpret_cast<const char*>(&key.getKey()[0]), key.keySize());
+	base64KeyEnc.close();
+	std::string base64Key = keyStream.str();
+	assertTrue (base64Key == "hIzxBt58GDd7/6mRp88bewKk42lM4QwaF78ek0FkVoA=");
+}
+
+
+void CryptoTest::testPasswordSha1()
+{
+	// the test uses 1 iteration, as the openssl executable does not allow to set a custom number
+	// of iterations
+	CipherKey key("aes256", "password", "saltsalt", 1, "sha1");
+
+	std::ostringstream keyStream;
+	Poco::HexBinaryEncoder hexKeyEnc(keyStream);
+	hexKeyEnc.write(reinterpret_cast<const char*>(&key.getKey()[0]), key.keySize());
+	hexKeyEnc.close();
+	std::string hexKey = keyStream.str();
+
+	std::ostringstream ivStream;
+	Poco::HexBinaryEncoder hexIvEnc(ivStream);
+	hexIvEnc.write(reinterpret_cast<const char*>(&key.getIV()[0]), key.ivSize());
+	hexIvEnc.close();
+	std::string hexIv = ivStream.str();
+
+	// got Hex value for key and iv using:
+	// openssl enc -e -a -md sha1 -aes256 -k password -S 73616c7473616c74 -P
+	// (where "salt" == 73616c74 in Hex, doubled for an 8 bytes salt, openssl padds the salt with 0
+	// whereas Poco's implementation padds with the existing bytes using a modulo operation)
+	assertTrue (hexIv == "c96049b0edc0b67af61ecc43d3de8898");
+	assertTrue (hexKey == "cab86dd6261710891e8cb56ee3625691a75df344f0bff4c12cf3596fc00b39c7");
+}
+
+
+void CryptoTest::testEncryptInterop()
+{
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(CipherKey("aes256", "password", "salt"));
+
+	const std::string plainText  = "This is a secret message.";
+	const std::string expectedCipherText = "9HITTPaU3A/LaZzldbdnRZ109DKlshouKren/n8BsHc=";
+	std::string cipherText = pCipher->encryptString(plainText, Cipher::ENC_BASE64);
+	assertTrue (cipherText == expectedCipherText);
+}
+
+
+void CryptoTest::testDecryptInterop()
+{
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(CipherKey("aes256", "password", "salt"));
+
+	const std::string expectedPlainText  = "This is a secret message.";
+	const std::string cipherText = "9HITTPaU3A/LaZzldbdnRZ109DKlshouKren/n8BsHc=";
+	std::string plainText = pCipher->decryptString(cipherText, Cipher::ENC_BASE64);
+	assertTrue (plainText == expectedPlainText);
+}
+
+
+void CryptoTest::testStreams()
+{
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(CipherKey("aes256"));
+
+	static const std::string SECRET_MESSAGE = "This is a secret message. Don't tell anyone.";
+
+	std::stringstream sstr;
+	EncryptingOutputStream encryptor(sstr, *pCipher);
+	encryptor << SECRET_MESSAGE;
+	encryptor.close();
+
+	DecryptingInputStream decryptor(sstr, *pCipher);
+	std::string result;
+	Poco::StreamCopier::copyToString(decryptor, result);
+
+	assertTrue (result == SECRET_MESSAGE);
+	assertTrue (decryptor.eof());
+	assertTrue (!decryptor.bad());
+
+
+	std::istringstream emptyStream;
+	DecryptingInputStream badDecryptor(emptyStream, *pCipher);
+	Poco::StreamCopier::copyToString(badDecryptor, result);
+
+	assertTrue (badDecryptor.fail());
+	assertTrue (badDecryptor.bad());
+	assertTrue (!badDecryptor.eof());
+}
+
+
+void CryptoTest::testCertificate()
+{
+	std::istringstream certStream(APPINF_PEM);
+	X509Certificate cert(certStream);
+
+	std::string subjectName(cert.subjectName());
+	std::string issuerName(cert.issuerName());
+	std::string commonName(cert.commonName());
+	std::string country(cert.subjectName(X509Certificate::NID_COUNTRY));
+	std::string localityName(cert.subjectName(X509Certificate::NID_LOCALITY_NAME));
+	std::string stateOrProvince(cert.subjectName(X509Certificate::NID_STATE_OR_PROVINCE));
+	std::string organizationName(cert.subjectName(X509Certificate::NID_ORGANIZATION_NAME));
+	std::string organizationUnitName(cert.subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME));
+
+	assertTrue (subjectName == "CN=appinf.com,O=Applied Informatics Software Engineering GmbH,OU=Development,ST=Carinthia,C=AT,L=St. Jakob im Rosental,emailAddress=guenter.obiltschnig@appinf.com");
+	assertTrue (issuerName == subjectName);
+	assertTrue (commonName == "appinf.com");
+	assertTrue (country == "AT");
+	assertTrue (localityName == "St. Jakob im Rosental");
+	assertTrue (stateOrProvince == "Carinthia");
+	assertTrue (organizationName == "Applied Informatics Software Engineering GmbH");
+	assertTrue (organizationUnitName == "Development");
+
+	// fails with recent OpenSSL versions:
+	// assert (cert.issuedBy(cert));
+
+	std::istringstream otherCertStream(APPINF_PEM);
+	X509Certificate otherCert(otherCertStream);
+
+	assertTrue (cert.equals(otherCert));
+}
+
+void CryptoTest::testCertificateUTF8()
+{
+	std::istringstream certStream(UTF8_PEM);
+	X509Certificate cert(certStream);
+
+	std::string subjectName(cert.subjectName());
+	std::string issuerName(cert.issuerName());
+	std::string commonName(cert.commonName());
+	std::string country(cert.subjectName(X509Certificate::NID_COUNTRY));
+	std::string localityName(cert.subjectName(X509Certificate::NID_LOCALITY_NAME));
+	std::string stateOrProvince(cert.subjectName(X509Certificate::NID_STATE_OR_PROVINCE));
+	std::string organizationName(cert.subjectName(X509Certificate::NID_ORGANIZATION_NAME));
+	std::string organizationUnitName(cert.subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME));
+
+	assertTrue (subjectName == "serialNumber=PID:PXC5.E003 SN:140004D8E2,C=CH,O=Siemens,OU=SI BP Division,ST=Zug,L=Zählerweg 7 Room 544,emailAddress=richard.kurz@siemens.com,OU=SSL Certificate,CN=KurzRS1MP22sprint59preVVS.KurPXC5BNR37652");
+	assertTrue (commonName == "KurzRS1MP22sprint59preVVS.KurPXC5BNR37652");
+	assertTrue (country == "CH");
+	assertTrue (localityName == "Zählerweg 7 Room 544");
+	assertTrue (stateOrProvince == "Zug");
+	assertTrue (organizationName == "Siemens");
+	assertTrue (organizationUnitName == "SI BP Division");
+
+	std::istringstream otherCertStream(UTF8_PEM);
+	X509Certificate otherCert(otherCertStream);
+
+	assertTrue (cert.equals(otherCert));
+}
+
+
+void CryptoTest::setUp()
+{
+}
+
+
+void CryptoTest::tearDown()
+{
+}
+
+
+CppUnit::Test* CryptoTest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("CryptoTest");
+
+	CppUnit_addTest(pSuite, CryptoTest, testEncryptDecrypt);
+	CppUnit_addTest(pSuite, CryptoTest, testEncryptDecryptWithSalt);
+	CppUnit_addTest(pSuite, CryptoTest, testEncryptDecryptWithSaltSha1);
+	CppUnit_addTest(pSuite, CryptoTest, testEncryptDecryptDESECB);
+	CppUnit_addTest(pSuite, CryptoTest, testEncryptDecryptGCM);
+	CppUnit_addTest(pSuite, CryptoTest, testPassword);
+	CppUnit_addTest(pSuite, CryptoTest, testPasswordSha1);
+	CppUnit_addTest(pSuite, CryptoTest, testEncryptInterop);
+	CppUnit_addTest(pSuite, CryptoTest, testDecryptInterop);
+	CppUnit_addTest(pSuite, CryptoTest, testStreams);
+	CppUnit_addTest(pSuite, CryptoTest, testCertificate);
+	CppUnit_addTest(pSuite, CryptoTest, testCertificateUTF8);
+
+	return pSuite;
+}

vendor/POCO/Crypto/testsuite/src/CryptoTest.h

@@ -0,0 +1,54 @@
+//
+// CryptoTest.h
+//
+// Definition of the CryptoTest class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef CryptoTest_INCLUDED
+#define CryptoTest_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "CppUnit/TestCase.h"
+
+
+class CryptoTest: public CppUnit::TestCase
+{
+public:
+	enum
+	{
+		MAX_DATA_SIZE = 10000
+	};
+
+	CryptoTest(const std::string& name);
+	~CryptoTest();
+
+	void testEncryptDecrypt();
+	void testEncryptDecryptWithSalt();
+	void testEncryptDecryptWithSaltSha1();
+	void testEncryptDecryptDESECB();
+	void testEncryptDecryptGCM();
+	void testStreams();
+	void testPassword();
+	void testPasswordSha1();
+	void testEncryptInterop();
+	void testDecryptInterop();
+	void testCertificate();
+	void testCertificateUTF8();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+};
+
+
+#endif // CryptoTest_INCLUDED

vendor/POCO/Crypto/testsuite/src/CryptoTestSuite.cpp

@@ -0,0 +1,37 @@
+//
+// CryptoTestSuite.cpp
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Platform.h"
+// see https://www.openssl.org/docs/faq.html
+// and https://github.com/openssl/openssl/blob/master/doc/man3/OPENSSL_Applink.pod
+#if defined(POCO_OS_FAMILY_WINDOWS)
+#include "openssl/applink.c"
+#endif
+#include "CryptoTestSuite.h"
+#include "CryptoTest.h"
+#include "RSATest.h"
+#include "ECTest.h"
+#include "EVPTest.h"
+#include "DigestEngineTest.h"
+#include "PKCS12ContainerTest.h"
+
+
+CppUnit::Test* CryptoTestSuite::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("CryptoTestSuite");
+
+	pSuite->addTest(CryptoTest::suite());
+	pSuite->addTest(RSATest::suite());
+	pSuite->addTest(ECTest::suite());
+	pSuite->addTest(EVPTest::suite());
+	pSuite->addTest(DigestEngineTest::suite());
+	pSuite->addTest(PKCS12ContainerTest::suite());
+	return pSuite;
+}

vendor/POCO/Crypto/testsuite/src/CryptoTestSuite.h

@@ -0,0 +1,27 @@
+//
+// CryptoTestSuite.h
+//
+// Definition of the CryptoTestSuite class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef CryptoTestSuite_INCLUDED
+#define CryptoTestSuite_INCLUDED
+
+
+#include "CppUnit/TestSuite.h"
+
+
+class CryptoTestSuite
+{
+public:
+	static CppUnit::Test* suite();
+};
+
+
+#endif // CryptoTestSuite_INCLUDED

vendor/POCO/Crypto/testsuite/src/DigestEngineTest.cpp

@@ -0,0 +1,94 @@
+//
+// DigestEngineTest.cpp
+//
+// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "DigestEngineTest.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include "Poco/Crypto/DigestEngine.h"
+
+
+using Poco::Crypto::DigestEngine;
+
+
+DigestEngineTest::DigestEngineTest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+DigestEngineTest::~DigestEngineTest()
+{
+}
+
+
+void DigestEngineTest::testMD5()
+{
+	DigestEngine engine("MD5");
+
+	// test vectors from RFC 1321
+
+	engine.update("");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "d41d8cd98f00b204e9800998ecf8427e");
+
+	engine.update("a");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "0cc175b9c0f1b6a831c399e269772661");
+
+	engine.update("abc");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "900150983cd24fb0d6963f7d28e17f72");
+
+	engine.update("message digest");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "f96b697d7cb7938d525a2f31aaf161d0");
+
+	engine.update("abcdefghijklmnopqrstuvwxyz");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "c3fcd3d76192e4007dfb496cca67e13b");
+	
+	engine.update("ABCDEFGHIJKLMNOPQRSTUVWXYZ");
+	engine.update("abcdefghijklmnopqrstuvwxyz0123456789");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "d174ab98d277d9f5a5611c2c9f419d9f");
+
+	engine.update("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "57edf4a22be3c955ac49da2e2107b67a");
+}
+
+void DigestEngineTest::testSHA1()
+{
+	DigestEngine engine("SHA1");
+
+	// test vectors from FIPS 180-1
+
+	engine.update("abc");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "a9993e364706816aba3e25717850c26c9cd0d89d");
+
+	engine.update("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq");
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
+
+	for (int i = 0; i < 1000000; ++i)
+		engine.update('a');
+	assertTrue (DigestEngine::digestToHex(engine.digest()) == "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
+}
+
+void DigestEngineTest::setUp()
+{
+}
+
+
+void DigestEngineTest::tearDown()
+{
+}
+
+
+CppUnit::Test* DigestEngineTest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("DigestEngineTest");
+
+	CppUnit_addTest(pSuite, DigestEngineTest, testMD5);
+	CppUnit_addTest(pSuite, DigestEngineTest, testSHA1);
+
+	return pSuite;
+}

vendor/POCO/Crypto/testsuite/src/DigestEngineTest.h

@@ -0,0 +1,39 @@
+//
+// DigestEngineTest.h
+//
+// Definition of the DigestEngineTest class.
+//
+// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef DigestEngineTest_INCLUDED
+#define DigestEngineTest_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "CppUnit/TestCase.h"
+
+
+class DigestEngineTest: public CppUnit::TestCase
+{
+public:
+	DigestEngineTest(const std::string& name);
+	~DigestEngineTest();
+
+	void testMD5();
+	void testSHA1();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+};
+
+
+#endif // DigestEngineTest_INCLUDED

vendor/POCO/Crypto/testsuite/src/Driver.cpp

@@ -0,0 +1,43 @@
+//
+// Driver.cpp
+//
+// Console-based test driver for Poco Crypto.
+//
+// Copyright (c) 2007, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "CppUnit/TestRunner.h"
+#include "CryptoTestSuite.h"
+#include "Poco/Crypto/Crypto.h"
+
+
+class CryptoInitializer
+{
+public:
+	CryptoInitializer()
+	{
+		Poco::Crypto::initializeCrypto();
+	}
+	
+	~CryptoInitializer()
+	{
+		Poco::Crypto::uninitializeCrypto();
+	}
+};
+
+
+int main(int ac, char **av)
+{
+	CryptoInitializer ci;
+	
+	std::vector<std::string> args;
+	for (int i = 0; i < ac; ++i)
+		args.push_back(std::string(av[i]));
+	CppUnit::TestRunner runner;
+	runner.addTest("CryptoTestSuite", CryptoTestSuite::suite());
+	return runner.run(args) ? 0 : 1;
+}

vendor/POCO/Crypto/testsuite/src/ECTest.cpp

@@ -0,0 +1,200 @@
+//
+// ECTest.cpp
+//
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "ECTest.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include "Poco/Crypto/ECKey.h"
+#include "Poco/Crypto/ECDSADigestEngine.h"
+#include <openssl/pem.h>
+#include <iostream>
+#include <sstream>
+#include <cstring>
+
+
+using namespace Poco::Crypto;
+
+
+ECTest::ECTest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+ECTest::~ECTest()
+{
+}
+
+
+void ECTest::testECNewKeys()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			ECKey key(curveName);
+			std::ostringstream strPub;
+			std::ostringstream strPriv;
+			key.save(&strPub, &strPriv, "testpwd");
+			std::string pubKey = strPub.str();
+			std::string privKey = strPriv.str();
+
+			// now do the round trip
+			std::istringstream iPub(pubKey);
+			std::istringstream iPriv(privKey);
+			ECKey key2(&iPub, &iPriv, "testpwd");
+
+			std::istringstream iPriv2(privKey);
+			ECKey key3(0, &iPriv2, "testpwd");
+			std::ostringstream strPub3;
+			key3.save(&strPub3);
+			std::string pubFromPrivate = strPub3.str();
+			assertTrue (pubFromPrivate == pubKey);
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::testECNewKeysNoPassphrase()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			ECKey key(curveName);
+			std::ostringstream strPub;
+			std::ostringstream strPriv;
+			key.save(&strPub, &strPriv);
+			std::string pubKey = strPub.str();
+			std::string privKey = strPriv.str();
+
+			// now do the round trip
+			std::istringstream iPub(pubKey);
+			std::istringstream iPriv(privKey);
+			ECKey key2(&iPub, &iPriv);
+
+			std::istringstream iPriv2(privKey);
+			ECKey key3(0, &iPriv2);
+			std::ostringstream strPub3;
+			key3.save(&strPub3);
+			std::string pubFromPrivate = strPub3.str();
+			assertTrue (pubFromPrivate == pubKey);
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::testECDSASignSha256()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			std::string msg("Test this sign message");
+			ECKey key(curveName);
+			ECDSADigestEngine eng(key, "SHA256");
+			eng.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+			const Poco::DigestEngine::Digest& sig = eng.signature();
+
+			// verify
+			std::ostringstream strPub;
+			key.save(&strPub);
+			std::string pubKey = strPub.str();
+			std::istringstream iPub(pubKey);
+			ECKey keyPub(&iPub);
+			ECDSADigestEngine eng2(keyPub, "SHA256");
+			eng2.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+			assertTrue(eng2.verify(sig));
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::testECDSASignManipulated()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			std::string msg("Test this sign message");
+			std::string msgManip("Test that sign message");
+			ECKey key(curveName);
+			ECDSADigestEngine eng(key, "SHA256");
+			eng.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+			const Poco::DigestEngine::Digest& sig = eng.signature();
+			std::string hexDig = Poco::DigestEngine::digestToHex(sig);
+
+			// verify
+			std::ostringstream strPub;
+			key.save(&strPub);
+			std::string pubKey = strPub.str();
+			std::istringstream iPub(pubKey);
+			ECKey keyPub(&iPub);
+			ECDSADigestEngine eng2(keyPub, "SHA256");
+			eng2.update(msgManip.c_str(), static_cast<unsigned>(msgManip.length()));
+			assertTrue (!eng2.verify(sig));
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void ECTest::setUp()
+{
+}
+
+
+void ECTest::tearDown()
+{
+}
+
+
+CppUnit::Test* ECTest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("ECTest");
+
+	CppUnit_addTest(pSuite, ECTest, testECNewKeys);
+	CppUnit_addTest(pSuite, ECTest, testECNewKeysNoPassphrase);
+	CppUnit_addTest(pSuite, ECTest, testECDSASignSha256);
+	CppUnit_addTest(pSuite, ECTest, testECDSASignManipulated);
+
+	return pSuite;
+}

vendor/POCO/Crypto/testsuite/src/ECTest.h

@@ -0,0 +1,42 @@
+//
+// ECTest.h
+//
+//
+// Definition of the ECTest class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef ECTest_INCLUDED
+#define ECTest_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "CppUnit/TestCase.h"
+
+
+class ECTest: public CppUnit::TestCase
+{
+public:
+	ECTest(const std::string& name);
+	~ECTest();
+
+	void testECNewKeys();
+	void testECNewKeysNoPassphrase();
+	void testECDSASignSha256();
+	void testECDSASignManipulated();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+};
+
+
+#endif // ECTest_INCLUDED

vendor/POCO/Crypto/testsuite/src/EVPTest.cpp

@@ -0,0 +1,539 @@
+//
+// EVPTest.cpp
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "EVPTest.h"
+#include "Poco/Crypto/RSAKey.h"
+#include "Poco/Crypto/ECKey.h"
+#include "Poco/Crypto/EVPPKey.h"
+#include "Poco/TemporaryFile.h"
+#include "Poco/StreamCopier.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include <memory>
+#include <sstream>
+#include <fstream>
+#include <iostream>
+#include <cstring>
+
+
+using namespace Poco::Crypto;
+using Poco::TemporaryFile;
+using Poco::StreamCopier;
+
+
+EVPTest::EVPTest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+EVPTest::~EVPTest()
+{
+}
+
+
+void EVPTest::testRSAEVPPKey()
+{
+	try
+	{
+		std::unique_ptr<RSAKey> key(new RSAKey(RSAKey::KL_1024, RSAKey::EXP_SMALL));
+		assertTrue(key->type() == Poco::Crypto::KeyPair::KT_RSA);
+		// construct EVPPKey from RSAKey*
+		EVPPKey* pKey = new EVPPKey(key.get());
+		// EVPPKey increments reference count, so freeing the original must be ok
+		key.reset();
+
+		assertTrue (!pKey->isSupported(0));
+		assertTrue (!pKey->isSupported(-1));
+		assertTrue (pKey->isSupported(pKey->type()));
+		assertTrue (pKey->type() == EVP_PKEY_RSA);
+
+		// construct RSAKey from const EVPPKey&
+		key.reset(new RSAKey(*pKey));
+		delete pKey;
+		assertTrue(key->type() == Poco::Crypto::KeyPair::KT_RSA);
+		// construct EVPPKey from RSAKey*
+		pKey = new EVPPKey(key.get());
+		assertTrue (pKey->type() == EVP_PKEY_RSA);
+
+		BIO* bioPriv1 = BIO_new(BIO_s_mem());
+		BIO* bioPub1 = BIO_new(BIO_s_mem());
+		assertTrue (0 != PEM_write_bio_PrivateKey(bioPriv1, *pKey, NULL, NULL, 0, 0, NULL));
+		assertTrue (0 != PEM_write_bio_PUBKEY(bioPub1, *pKey));
+		char* pPrivData1;
+		long sizePriv1 = BIO_get_mem_data(bioPriv1, &pPrivData1);
+		char* pPubData1;
+		long sizePub1 = BIO_get_mem_data(bioPub1, &pPubData1);
+
+		// construct EVPPKey from EVP_PKEY*
+		EVPPKey evpPKey(pKey->operator EVP_PKEY*());
+		// EVPPKey makes duplicate, so freeing the original must be ok
+		delete pKey;
+		assertTrue (evpPKey.type() == EVP_PKEY_RSA);
+
+		BIO* bioPriv2 = BIO_new(BIO_s_mem());
+		BIO* bioPub2 = BIO_new(BIO_s_mem());
+		assertTrue (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey, NULL, NULL, 0, 0, NULL));
+		assertTrue (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey));
+		char* pPrivData2;
+		long sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+		char* pPubData2;
+		long sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+		assertTrue (sizePriv1 && (sizePriv1 == sizePriv2));
+		assertTrue (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+		assertTrue (sizePub1 && (sizePub1 == sizePub2));
+		assertTrue (0 == memcmp(pPubData1, pPubData2, sizePub1));
+
+		BIO_free(bioPub2);
+		BIO_free(bioPriv2);
+
+		// copy
+		EVPPKey evpPKey2(evpPKey);
+		assertTrue (evpPKey2.type() == EVP_PKEY_RSA);
+		bioPriv2 = BIO_new(BIO_s_mem());
+		bioPub2 = BIO_new(BIO_s_mem());
+		assertTrue (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey2, NULL, NULL, 0, 0, NULL));
+		assertTrue (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey2));
+		sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+		sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+		assertTrue (sizePriv1 && (sizePriv1 == sizePriv2));
+		assertTrue (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+		assertTrue (sizePub1 && (sizePub1 == sizePub2));
+		assertTrue (0 == memcmp(pPubData1, pPubData2, sizePub1));
+
+		BIO_free(bioPub2);
+		BIO_free(bioPriv2);
+
+		// move
+		EVPPKey evpPKey3(std::move(evpPKey2));
+		assertTrue (evpPKey3.type() == EVP_PKEY_RSA);
+		bioPriv2 = BIO_new(BIO_s_mem());
+		bioPub2 = BIO_new(BIO_s_mem());
+		assertTrue (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey3, NULL, NULL, 0, 0, NULL));
+		assertTrue (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey3));
+		sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+		sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+		assertTrue (sizePriv1 && (sizePriv1 == sizePriv2));
+		assertTrue (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+		assertTrue (sizePub1 && (sizePub1 == sizePub2));
+		assertTrue (0 == memcmp(pPubData1, pPubData2, sizePub1));
+
+		BIO_free(bioPub2);
+		BIO_free(bioPriv2);
+		BIO_free(bioPub1);
+		BIO_free(bioPriv1);
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void EVPTest::testRSAEVPSaveLoadStream()
+{
+	RSAKey rsaKey(RSAKey::KL_1024, RSAKey::EXP_SMALL);
+	EVPPKey key(&rsaKey);
+	std::ostringstream strPub;
+	std::ostringstream strPriv;
+	key.save(&strPub, &strPriv, "testpwd");
+	std::string pubKey = strPub.str();
+	std::string privKey = strPriv.str();
+
+	// now do the round trip
+	std::istringstream iPub(pubKey);
+	std::istringstream iPriv(privKey);
+	EVPPKey key2(&iPub, &iPriv, "testpwd");
+
+	assertTrue (key == key2);
+	assertTrue (!(key != key2));
+	RSAKey rsaKeyNE(RSAKey::KL_1024, RSAKey::EXP_LARGE);
+	EVPPKey keyNE(&rsaKeyNE);
+	assertTrue (key != keyNE);
+	assertTrue (!(key == keyNE));
+	assertTrue (key2 != keyNE);;
+	assertTrue (!(key2 == keyNE));
+
+	std::ostringstream strPub2;
+	std::ostringstream strPriv2;
+	key2.save(&strPub2, &strPriv2, "testpwd");
+	assertTrue (strPub2.str() == pubKey);
+
+	std::istringstream iPriv2(strPriv2.str());
+	EVPPKey key3(0, &iPriv2,  "testpwd");
+	std::ostringstream strPub3;
+	key3.save(&strPub3);
+	assertTrue (strPub3.str() == pubKey);
+}
+
+
+void EVPTest::testRSAEVPSaveLoadStreamNoPass()
+{
+	RSAKey rsaKey(RSAKey::KL_1024, RSAKey::EXP_SMALL);
+	EVPPKey key(&rsaKey);
+	std::ostringstream strPub;
+	std::ostringstream strPriv;
+	key.save(&strPub, &strPriv);
+	std::string pubKey = strPub.str();
+	std::string privKey = strPriv.str();
+
+	// now do the round trip
+	std::istringstream iPub(pubKey);
+	std::istringstream iPriv(privKey);
+	EVPPKey key2(&iPub, &iPriv);
+
+	assertTrue (key == key2);
+	assertTrue (!(key != key2));
+	RSAKey rsaKeyNE(RSAKey::KL_1024, RSAKey::EXP_LARGE);
+	EVPPKey keyNE(&rsaKeyNE);
+	assertTrue (key != keyNE);
+	assertTrue (!(key == keyNE));
+	assertTrue (key2 != keyNE);;
+	assertTrue (!(key2 == keyNE));
+
+	std::istringstream iPriv2(privKey);
+	EVPPKey key3(0, &iPriv2);
+	std::ostringstream strPub3;
+	key3.save(&strPub3);
+	std::string pubFromPrivate = strPub3.str();
+	assertTrue (pubFromPrivate == pubKey);
+}
+
+
+void EVPTest::testECEVPPKey()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			EVPPKey* pKey = new EVPPKey(curveName);
+			assertTrue (pKey != 0);
+			assertTrue (!pKey->isSupported(0));
+			assertTrue (!pKey->isSupported(-1));
+			assertTrue (pKey->isSupported(pKey->type()));
+			assertTrue (pKey->type() == EVP_PKEY_EC);
+
+			BIO* bioPriv1 = BIO_new(BIO_s_mem());
+			BIO* bioPub1 = BIO_new(BIO_s_mem());
+			assertTrue (0 != PEM_write_bio_PrivateKey(bioPriv1, *pKey, NULL, NULL, 0, 0, NULL));
+			assertTrue (0 != PEM_write_bio_PUBKEY(bioPub1, *pKey));
+			char* pPrivData1;
+			long sizePriv1 = BIO_get_mem_data(bioPriv1, &pPrivData1);
+			char* pPubData1;
+			long sizePub1 = BIO_get_mem_data(bioPub1, &pPubData1);
+
+			// construct EVPPKey from EVP_PKEY*
+			EVPPKey evpPKey(pKey->operator EVP_PKEY*());
+			assertTrue (evpPKey.type() == EVP_PKEY_EC);
+			// EVPPKey makes duplicate, so freeing the original must be ok
+			delete pKey;
+
+			BIO* bioPriv2 = BIO_new(BIO_s_mem());
+			BIO* bioPub2 = BIO_new(BIO_s_mem());
+			assertTrue (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey, NULL, NULL, 0, 0, NULL));
+			assertTrue (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey));
+			char* pPrivData2;
+			long sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+			char* pPubData2;
+			long sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+			assertTrue (sizePriv1 && (sizePriv1 == sizePriv2));
+			assertTrue (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+			assertTrue (sizePub1 && (sizePub1 == sizePub2));
+			assertTrue (0 == memcmp(pPubData1, pPubData2, sizePub1));
+
+			BIO_free(bioPub2);
+			BIO_free(bioPriv2);
+
+			// copy
+			EVPPKey evpPKey2(evpPKey);
+			assertTrue (evpPKey2.type() == EVP_PKEY_EC);
+			bioPriv2 = BIO_new(BIO_s_mem());
+			bioPub2 = BIO_new(BIO_s_mem());
+			assertTrue (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey2, NULL, NULL, 0, 0, NULL));
+			assertTrue (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey2));
+			sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+			sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+			assertTrue (sizePriv1 && (sizePriv1 == sizePriv2));
+			assertTrue (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+			assertTrue (sizePub1 && (sizePub1 == sizePub2));
+			assertTrue (0 == memcmp(pPubData1, pPubData2, sizePub1));
+
+			BIO_free(bioPub2);
+			BIO_free(bioPriv2);
+
+			// move
+			EVPPKey evpPKey3(std::move(evpPKey2));
+			assertTrue (evpPKey3.type() == EVP_PKEY_EC);
+			bioPriv2 = BIO_new(BIO_s_mem());
+			bioPub2 = BIO_new(BIO_s_mem());
+			assertTrue (0 != PEM_write_bio_PrivateKey(bioPriv2, evpPKey3, NULL, NULL, 0, 0, NULL));
+			assertTrue (0 != PEM_write_bio_PUBKEY(bioPub2, evpPKey3));
+			sizePriv2 = BIO_get_mem_data(bioPriv2, &pPrivData2);
+			sizePub2 = BIO_get_mem_data(bioPub2, &pPubData2);
+
+			assertTrue (sizePriv1 && (sizePriv1 == sizePriv2));
+			assertTrue (0 == memcmp(pPrivData1, pPrivData2, sizePriv1));
+			assertTrue (sizePub1 && (sizePub1 == sizePub2));
+			assertTrue (0 == memcmp(pPubData1, pPubData2, sizePub1));
+
+			BIO_free(bioPub2);
+			BIO_free(bioPriv2);
+			BIO_free(bioPub1);
+			BIO_free(bioPriv1);
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void EVPTest::testECEVPSaveLoadStream()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			EVPPKey key(curveName);
+			std::ostringstream strPub;
+			std::ostringstream strPriv;
+			key.save(&strPub, &strPriv, "testpwd");
+			std::string pubKey = strPub.str();
+			std::string privKey = strPriv.str();
+
+			// now do the round trip
+			std::istringstream iPub(pubKey);
+			std::istringstream iPriv(privKey);
+			EVPPKey key2(&iPub, &iPriv, "testpwd");
+
+			std::ostringstream strPubE;
+			std::ostringstream strPrivE;
+			key2.save(&strPubE, &strPrivE, "testpwd");
+			assertTrue (strPubE.str() == pubKey);
+			assertTrue (key == key2);
+			assertTrue (!(key != key2));
+			ECKey ecKeyNE(curveName);
+			EVPPKey keyNE(&ecKeyNE);
+			assertTrue (key != keyNE);
+			assertTrue (!(key == keyNE));
+			assertTrue (key2 != keyNE);
+			assertTrue (!(key2 == keyNE));
+
+			std::ostringstream strPub2;
+			std::ostringstream strPriv2;
+			key2.save(&strPub2, &strPriv2, "testpwd");
+			assertTrue (strPub2.str() == pubKey);
+
+			std::istringstream iPriv2(strPriv2.str());
+			EVPPKey key3(0, &iPriv2,  "testpwd");
+			std::ostringstream strPub3;
+			key3.save(&strPub3);
+			std::string pubFromPrivate = strPub3.str();
+			assertTrue (pubFromPrivate == pubKey);
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void EVPTest::testECEVPSaveLoadStreamNoPass()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			EVPPKey key(curveName);
+			std::ostringstream strPub;
+			std::ostringstream strPriv;
+			key.save(&strPub, &strPriv);
+			std::string pubKey = strPub.str();
+			std::string privKey = strPriv.str();
+
+			// now do the round trip
+			std::istringstream iPub(pubKey);
+			std::istringstream iPriv(privKey);
+			EVPPKey key2(&iPub, &iPriv);
+
+			std::ostringstream strPubE;
+			std::ostringstream strPrivE;
+			key2.save(&strPubE, &strPrivE);
+			assertTrue (strPubE.str() == pubKey);
+			assertTrue (key == key2);
+			assertTrue (!(key != key2));
+			ECKey ecKeyNE(curveName);
+			EVPPKey keyNE(&ecKeyNE);
+			assertTrue (key != keyNE);
+			assertTrue (!(key == keyNE));
+			assertTrue (key2 != keyNE);
+			assertTrue (!(key2 == keyNE));
+
+			std::ostringstream strPub2;
+			std::ostringstream strPriv2;
+			key2.save(&strPub2, &strPriv2);
+			assertTrue (strPub2.str() == pubKey);
+			assertTrue (strPriv2.str() == privKey);
+
+			std::istringstream iPriv2(privKey);
+			EVPPKey key3(0, &iPriv2);
+			std::ostringstream strPub3;
+			key3.save(&strPub3);
+			std::string pubFromPrivate = strPub3.str();
+			assertTrue (pubFromPrivate == pubKey);
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void EVPTest::testECEVPSaveLoadFile()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			EVPPKey key(curveName);
+			TemporaryFile filePub;
+			TemporaryFile filePriv;
+			key.save(filePub.path(), filePriv.path(), "testpwd");
+			std::ifstream ifPub(filePub.path().c_str());
+			std::ifstream ifPriv(filePriv.path().c_str());
+			std::string pubKey;
+			std::string privKey;
+			StreamCopier::copyToString(ifPub, pubKey);
+			StreamCopier::copyToString(ifPriv, privKey);
+
+			EVPPKey key2(filePub.path(), filePriv.path(), "testpwd");
+
+			std::ostringstream strPubE;
+			std::ostringstream strPrivE;
+			key2.save(&strPubE, &strPrivE, "testpwd");
+			assertTrue (strPubE.str() == pubKey);
+			assertTrue (key == key2);
+			assertTrue (!(key != key2));
+			ECKey ecKeyNE(curveName);
+			EVPPKey keyNE(&ecKeyNE);
+			assertTrue (key != keyNE);
+			assertTrue (!(key == keyNE));
+			assertTrue (key2 != keyNE);
+			assertTrue (!(key2 == keyNE));
+
+			std::ostringstream strPub2;
+			std::ostringstream strPriv2;
+			key2.save(&strPub2, &strPriv2, "testpwd");
+			assertTrue (strPub2.str() == pubKey);
+
+			EVPPKey key3("", filePriv.path(),  "testpwd");
+			std::ostringstream strPub3;
+			key3.save(&strPub3);
+			std::string pubFromPrivate = strPub3.str();
+			assertTrue (pubFromPrivate == pubKey);
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void EVPTest::testECEVPSaveLoadFileNoPass()
+{
+	try
+	{
+		std::string curveName = ECKey::getCurveName();
+		if (!curveName.empty())
+		{
+			EVPPKey key(curveName);
+			TemporaryFile filePub;
+			TemporaryFile filePriv;
+			key.save(filePub.path(), filePriv.path());
+			std::ifstream ifPub(filePub.path().c_str());
+			std::ifstream ifPriv(filePriv.path().c_str());
+			std::string pubKey;
+			std::string privKey;
+			StreamCopier::copyToString(ifPub, pubKey);
+			StreamCopier::copyToString(ifPriv, privKey);
+
+			EVPPKey key2(filePub.path(), filePriv.path());
+			std::ostringstream strPub2;
+			std::ostringstream strPriv2;
+			key2.save(&strPub2, &strPriv2);
+			assertTrue (strPub2.str() == pubKey);
+
+			EVPPKey key3("", filePriv.path());
+			std::ostringstream strPub3;
+			key3.save(&strPub3);
+			std::string pubFromPrivate = strPub3.str();
+			assertTrue (pubFromPrivate == pubKey);
+		}
+		else
+			std::cerr << "No elliptic curves found!" << std::endl;
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void EVPTest::setUp()
+{
+}
+
+
+void EVPTest::tearDown()
+{
+}
+
+
+CppUnit::Test* EVPTest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("EVPTest");
+
+	CppUnit_addTest(pSuite, EVPTest, testRSAEVPPKey);
+	CppUnit_addTest(pSuite, EVPTest, testRSAEVPSaveLoadStream);
+	CppUnit_addTest(pSuite, EVPTest, testRSAEVPSaveLoadStreamNoPass);
+	CppUnit_addTest(pSuite, EVPTest, testECEVPPKey);
+	CppUnit_addTest(pSuite, EVPTest, testECEVPSaveLoadStream);
+	CppUnit_addTest(pSuite, EVPTest, testECEVPSaveLoadStreamNoPass);
+	CppUnit_addTest(pSuite, EVPTest, testECEVPSaveLoadFile);
+	CppUnit_addTest(pSuite, EVPTest, testECEVPSaveLoadFileNoPass);
+
+	return pSuite;
+}

vendor/POCO/Crypto/testsuite/src/EVPTest.h

@@ -0,0 +1,46 @@
+//
+// EVPTest.h
+//
+// Definition of the EVPTest class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef EVPTest_INCLUDED
+#define EVPTest_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "CppUnit/TestCase.h"
+
+
+class EVPTest: public CppUnit::TestCase
+{
+public:
+	EVPTest(const std::string& name);
+	~EVPTest();
+
+	void testRSAEVPPKey();
+	void testRSAEVPSaveLoadStream();
+	void testRSAEVPSaveLoadStreamNoPass();
+
+	void testECEVPPKey();
+	void testECEVPSaveLoadStream();
+	void testECEVPSaveLoadStreamNoPass();
+	void testECEVPSaveLoadFile();
+	void testECEVPSaveLoadFileNoPass();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+};
+
+
+#endif // EVPTest_INCLUDED

vendor/POCO/Crypto/testsuite/src/PKCS12ContainerTest.cpp

@@ -0,0 +1,366 @@
+//
+// PKCS12ContainerTest.cpp
+//
+// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "PKCS12ContainerTest.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include "Poco/Crypto/EVPPKey.h"
+#include "Poco/Crypto/RSAKey.h"
+#include "Poco/Crypto/KeyPairImpl.h"
+#include "Poco/Environment.h"
+#include "Poco/Path.h"
+#include "Poco/File.h"
+#include "Poco/TemporaryFile.h"
+#include <iostream>
+#include <sstream>
+#include <fstream>
+
+
+
+using namespace Poco::Crypto;
+using Poco::Environment;
+using Poco::Path;
+using Poco::File;
+using Poco::TemporaryFile;
+
+
+PKCS12ContainerTest::PKCS12ContainerTest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+PKCS12ContainerTest::~PKCS12ContainerTest()
+{
+}
+
+
+void PKCS12ContainerTest::testFullPKCS12()
+{
+	try
+	{
+		std::string file = getTestFilesPath("full");
+		full(PKCS12Container(file.c_str(), "crypto"));
+
+		std::ifstream ifs(file.c_str(), std::ios::binary);
+		PKCS12Container pkcs(ifs, "crypto");
+		full(pkcs);
+
+		PKCS12Container pkcs2(pkcs);
+		full(pkcs2);
+
+		PKCS12Container pkcs3(pkcs);
+		pkcs3 = pkcs2;
+		full(pkcs3);
+
+		pkcs3 = std::move(pkcs);
+		full(pkcs3);
+
+		PKCS12Container pkcs4(std::move(pkcs2));
+		full(pkcs4);
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void PKCS12ContainerTest::full(const PKCS12Container& pkcs12)
+{
+	assertTrue ("vally" == pkcs12.getFriendlyName());
+
+	assertTrue (pkcs12.hasKey());
+	EVPPKey pKey = pkcs12.getKey();
+	assertTrue (EVP_PKEY_RSA == pKey.type());
+
+	RSAKey rsa(pkcs12);
+	assertTrue (rsa.impl()->type() == KeyPairImpl::KT_RSA_IMPL);
+
+	assertTrue (pkcs12.hasX509Certificate());
+	fullCert(pkcs12.getX509Certificate());
+
+	std::vector<int> certOrder;
+	for (int i = 0; i < 2; ++i) certOrder.push_back(i);
+	fullList(pkcs12.getCACerts(), pkcs12.getFriendlyNamesCA(), certOrder);
+}
+
+
+void PKCS12ContainerTest::fullCert(const X509Certificate& x509)
+{
+	std::string subjectName(x509.subjectName());
+	std::string issuerName(x509.issuerName());
+	std::string commonName(x509.commonName());
+	std::string country(x509.subjectName(X509Certificate::NID_COUNTRY));
+	std::string localityName(x509.subjectName(X509Certificate::NID_LOCALITY_NAME));
+	std::string stateOrProvince(x509.subjectName(X509Certificate::NID_STATE_OR_PROVINCE));
+	std::string organizationName(x509.subjectName(X509Certificate::NID_ORGANIZATION_NAME));
+	std::string organizationUnitName(x509.subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME));
+	std::string emailAddress(x509.subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS));
+	std::string serialNumber(x509.serialNumber());
+
+	assertTrue (subjectName == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Server");
+	assertTrue (issuerName == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Intermediate CA v3");
+	assertTrue (commonName == "CV Server");
+	assertTrue (country == "CH");
+	assertTrue (localityName.empty());
+	assertTrue (stateOrProvince == "Zug");
+	assertTrue (organizationName == "Crypto Vally");
+	assertTrue (organizationUnitName.empty());
+	assertTrue (emailAddress.empty());
+	assertTrue (serialNumber == "1000");
+	assertTrue (x509.version() == 3);
+	assertTrue (x509.signatureAlgorithm() == "sha256WithRSAEncryption");
+}
+
+
+void PKCS12ContainerTest::fullList(const PKCS12Container::CAList& caList,
+		const PKCS12Container::CANameList& caNamesList,
+		const std::vector<int>& certOrder)
+{
+	assertTrue (certOrder.size() == caList.size());
+	assertTrue ((0 == caNamesList.size()) || (certOrder.size() == caNamesList.size()));
+
+	if (caNamesList.size())
+	{
+		assertTrue (caNamesList[certOrder[0]].empty());
+		assertTrue (caNamesList[certOrder[1]].empty());
+	}
+
+	assertTrue (caList[certOrder[0]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
+	assertTrue (caList[certOrder[0]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
+	assertTrue (caList[certOrder[0]].commonName() == "CV Root CA v3");
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assertTrue (caList[certOrder[0]].serialNumber() == "C3ECA1FCEAA16055");
+	assertTrue (caList[certOrder[0]].version() == 3);
+	assertTrue (caList[certOrder[0]].signatureAlgorithm() == "sha256WithRSAEncryption");
+
+	assertTrue (caList[certOrder[1]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Intermediate CA v3");
+	assertTrue (caList[certOrder[1]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
+	assertTrue (caList[certOrder[1]].commonName() == "CV Intermediate CA v3");
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assertTrue (caList[certOrder[1]].serialNumber() == "1000");
+	assertTrue (caList[certOrder[1]].version() == 3);
+	assertTrue (caList[certOrder[1]].signatureAlgorithm() == "sha256WithRSAEncryption");
+}
+
+
+void PKCS12ContainerTest::testCertsOnlyPKCS12()
+{
+	try
+	{
+		std::string file = getTestFilesPath("certs-only");
+		certsOnly(PKCS12Container(file.c_str(), "crypto"));
+
+		std::ifstream ifs(file.c_str(), std::ios::binary);
+		certsOnly(PKCS12Container(ifs, "crypto"));
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void PKCS12ContainerTest::certsOnly(const PKCS12Container& pkcs12)
+{
+	assertTrue (!pkcs12.hasKey());
+	assertTrue (!pkcs12.hasX509Certificate());
+	assertTrue (pkcs12.getFriendlyName().empty());
+
+	std::vector<int> certOrder;
+	for (int i = 0; i < 5; ++i) certOrder.push_back(i);
+	certsOnlyList(pkcs12.getCACerts(), pkcs12.getFriendlyNamesCA(), certOrder);
+}
+
+
+void PKCS12ContainerTest::certsOnlyList(const PKCS12Container::CAList& caList,
+	const PKCS12Container::CANameList& caNamesList, const std::vector<int>& certOrder)
+{
+	assertTrue (certOrder.size() == caList.size());
+	assertTrue ((0 == caNamesList.size()) || (certOrder.size() == caNamesList.size()));
+
+	if (caNamesList.size())
+	{
+		assertTrue (caNamesList[certOrder[0]].empty());
+		assertTrue (caNamesList[certOrder[1]].empty());
+		assertTrue (caNamesList[certOrder[2]].empty());
+		assertTrue (caNamesList[certOrder[3]] == "vally-ca");
+		assertTrue (caNamesList[certOrder[4]] == "vally-ca");
+	}
+
+	assertTrue (caList[certOrder[0]].subjectName() == "C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3");
+	assertTrue (caList[certOrder[0]].issuerName() == "C=US,O=Internet Security Research Group,CN=ISRG Root X1");
+	assertTrue (caList[certOrder[0]].commonName() == "Let's Encrypt Authority X3");
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_COUNTRY) == "US");
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assertTrue (caList[certOrder[0]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assertTrue (caList[certOrder[0]].serialNumber() == "D3B17226342332DCF40528512AEC9C6A");
+	assertTrue (caList[certOrder[0]].version() == 3);
+	assertTrue (caList[certOrder[0]].signatureAlgorithm() == "sha256WithRSAEncryption");
+
+	assertTrue (caList[certOrder[1]].subjectName() == "C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3");
+	assertTrue (caList[certOrder[1]].issuerName() == "O=Digital Signature Trust Co.,CN=DST Root CA X3");
+	assertTrue (caList[certOrder[1]].commonName() == "Let's Encrypt Authority X3");
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_COUNTRY) == "US");
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Let's Encrypt");
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assertTrue (caList[certOrder[1]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assertTrue (caList[certOrder[1]].serialNumber() == "0A0141420000015385736A0B85ECA708");
+	assertTrue (caList[certOrder[1]].version() == 3);
+	assertTrue (caList[certOrder[1]].signatureAlgorithm() == "sha256WithRSAEncryption");
+
+	assertTrue (caList[certOrder[2]].subjectName() == "C=US,O=Internet Security Research Group,CN=ISRG Root X1");
+	assertTrue (caList[certOrder[2]].issuerName() == "C=US,O=Internet Security Research Group,CN=ISRG Root X1");
+	assertTrue (caList[certOrder[2]].commonName() == "ISRG Root X1");
+	assertTrue (caList[certOrder[2]].subjectName(X509Certificate::NID_COUNTRY) == "US");
+	assertTrue (caList[certOrder[2]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assertTrue (caList[certOrder[2]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE).empty());
+	assertTrue (caList[certOrder[2]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Internet Security Research Group");
+	assertTrue (caList[certOrder[2]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assertTrue (caList[certOrder[2]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assertTrue (caList[certOrder[2]].serialNumber() == "8210CFB0D240E3594463E0BB63828B00");
+	assertTrue (caList[certOrder[2]].version() == 3);
+	assertTrue (caList[certOrder[2]].signatureAlgorithm() == "sha256WithRSAEncryption");
+
+	assertTrue (caList[certOrder[3]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
+	assertTrue (caList[certOrder[3]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
+	assertTrue (caList[certOrder[3]].commonName() == "CV Root CA v3");
+	assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
+	assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
+	assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
+	assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assertTrue (caList[certOrder[3]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assertTrue (caList[certOrder[3]].serialNumber() == "C3ECA1FCEAA16055");
+	assertTrue (caList[certOrder[3]].version() == 3);
+	assertTrue (caList[certOrder[3]].signatureAlgorithm() == "sha256WithRSAEncryption");
+
+	assertTrue (caList[certOrder[4]].subjectName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Intermediate CA v3");
+	assertTrue (caList[certOrder[4]].issuerName() == "C=CH,ST=Zug,O=Crypto Vally,CN=CV Root CA v3");
+	assertTrue (caList[certOrder[4]].commonName() == "CV Intermediate CA v3");
+	assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_COUNTRY) == "CH");
+	assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_LOCALITY_NAME).empty());
+	assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_STATE_OR_PROVINCE) == "Zug");
+	assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_ORGANIZATION_NAME) == "Crypto Vally");
+	assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_ORGANIZATION_UNIT_NAME).empty());
+	assertTrue (caList[certOrder[4]].subjectName(X509Certificate::NID_PKCS9_EMAIL_ADDRESS).empty());
+	assertTrue (caList[certOrder[4]].serialNumber()== "1000");
+	assertTrue (caList[certOrder[4]].version() == 3);
+	assertTrue (caList[certOrder[4]].signatureAlgorithm() == "sha256WithRSAEncryption");
+}
+
+
+void PKCS12ContainerTest::testPEMReadWrite()
+{
+	try
+	{
+		std::string file = getTestFilesPath("certs-only", "pem");
+		X509Certificate::List certsOnly = X509Certificate::readPEM(file);
+		assertTrue (certsOnly.size() == 5);
+		// PEM is written by openssl in reverse order from p12
+		std::vector<int> certOrder;
+		for(int i = (int)certsOnly.size() - 1; i >= 0; --i) certOrder.push_back(i);
+		certsOnlyList(certsOnly, PKCS12Container::CANameList(), certOrder);
+
+		TemporaryFile tmpFile;
+		X509Certificate::writePEM(tmpFile.path(), certsOnly);
+
+		certsOnly.clear();
+		certsOnly = X509Certificate::readPEM(tmpFile.path());
+		certsOnlyList(certsOnly, PKCS12Container::CANameList(), certOrder);
+
+		file = getTestFilesPath("full", "pem");
+		X509Certificate::List full = X509Certificate::readPEM(file);
+		assertTrue (full.size() == 3);
+		fullCert(full[0]);
+		full.erase(full.begin());
+		assertTrue (full.size() == 2);
+
+		certOrder.clear();
+		for(int i = (int)full.size() - 1; i >= 0; --i) certOrder.push_back(i);
+		fullList(full, PKCS12Container::CANameList(), certOrder);
+
+		TemporaryFile tmpFile2;
+		X509Certificate::writePEM(tmpFile2.path(), full);
+
+		full.clear();
+		full = X509Certificate::readPEM(tmpFile2.path());
+		fullList(full, PKCS12Container::CANameList(), certOrder);
+	}
+	catch (Poco::Exception& ex)
+	{
+		std::cerr << ex.displayText() << std::endl;
+		throw;
+	}
+}
+
+
+void PKCS12ContainerTest::setUp()
+{
+}
+
+
+void PKCS12ContainerTest::tearDown()
+{
+}
+
+
+std::string PKCS12ContainerTest::getTestFilesPath(const std::string& name, const std::string& ext)
+{
+	std::ostringstream ostr;
+	ostr << "data/" << name << '.' << ext;
+	std::string fileName(ostr.str());
+	Poco::Path path(fileName);
+	if (Poco::File(path).exists())
+	{
+		return fileName;
+	}
+
+	ostr.str("");
+	ostr << "/Crypto/testsuite/data/" << name << '.' << ext;
+	fileName = Poco::Environment::get("POCO_BASE") + ostr.str();
+	path = fileName;
+
+	if (!Poco::File(path).exists())
+	{
+		std::cerr << "Can't find " << fileName << std::endl;
+		throw Poco::NotFoundException("cannot locate directory containing valid Crypto test files");
+	}
+	return fileName;
+}
+
+
+CppUnit::Test* PKCS12ContainerTest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("PKCS12ContainerTest");
+
+	CppUnit_addTest(pSuite, PKCS12ContainerTest, testFullPKCS12);
+	CppUnit_addTest(pSuite, PKCS12ContainerTest, testCertsOnlyPKCS12);
+	CppUnit_addTest(pSuite, PKCS12ContainerTest, testPEMReadWrite);
+
+	return pSuite;
+}

vendor/POCO/Crypto/testsuite/src/PKCS12ContainerTest.h

@@ -0,0 +1,53 @@
+//
+// PKCS12ContainerTest.h
+//
+// Definition of the PKCS12ContainerTest class.
+//
+// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef PKCS12ContainerTest_INCLUDED
+#define PKCS12ContainerTest_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "CppUnit/TestCase.h"
+#include "Poco/Crypto/PKCS12Container.h"
+#include "Poco/Crypto/X509Certificate.h"
+
+
+class PKCS12ContainerTest: public CppUnit::TestCase
+{
+public:
+	PKCS12ContainerTest(const std::string& name);
+	~PKCS12ContainerTest();
+
+	void testFullPKCS12();
+	void testCertsOnlyPKCS12();
+	void testPEMReadWrite();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+	std::string getTestFilesPath(const std::string& name,
+		const std::string& ext = "p12");
+	void certsOnly(const Poco::Crypto::PKCS12Container& pkcs12);
+	void certsOnlyList(const Poco::Crypto::PKCS12Container::CAList& caList,
+		const Poco::Crypto::PKCS12Container::CANameList& caNamesList,
+		const std::vector<int>& certOrder);
+	void full(const Poco::Crypto::PKCS12Container& pkcs12);
+	void fullCert(const Poco::Crypto::X509Certificate& x509);
+	void fullList(const Poco::Crypto::PKCS12Container::CAList& caList,
+		const Poco::Crypto::PKCS12Container::CANameList& caNamesList,
+		const std::vector<int>& certOrder);
+};
+
+
+#endif // PKCS12ContainerTest_INCLUDED

vendor/POCO/Crypto/testsuite/src/RSATest.cpp

@@ -0,0 +1,277 @@
+//
+// RSATest.cpp
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "RSATest.h"
+#include "CppUnit/TestCaller.h"
+#include "CppUnit/TestSuite.h"
+#include "Poco/Crypto/RSADigestEngine.h"
+#include "Poco/Crypto/CipherFactory.h"
+#include "Poco/Crypto/Cipher.h"
+#include "Poco/Crypto/X509Certificate.h"
+#include <sstream>
+
+
+using namespace Poco::Crypto;
+
+
+static const std::string anyPem(
+	"-----BEGIN CERTIFICATE-----\r\n"
+	"MIICaDCCAdECCQCzfxSsk7yaLjANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJB\r\n"
+	"VDESMBAGA1UECBMJQ2FyaW50aGlhMRIwEAYDVQQHEwlTdC4gSmFrb2IxDzANBgNV\r\n"
+	"BAoTBkFwcEluZjEPMA0GA1UEAxMGQXBwSW5mMRowGAYJKoZIhvcNAQkBFgthcHBA\r\n"
+	"aW5mLmNvbTAeFw0wNjAzMDExMzA3MzFaFw0wNjAzMzExMzA3MzFaMH4xCzAJBgNV\r\n"
+	"BAYTAkFUMRIwEAYDVQQIEwlDYXJpbnRoaWExETAPBgNVBAcTCFN0IEpha29iMRww\r\n"
+	"GgYDVQQKExNBcHBsaWVkIEluZm9ybWF0aWNzMQowCAYDVQQDFAEqMR4wHAYJKoZI\r\n"
+	"hvcNAQkBFg9pbmZvQGFwcGluZi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\r\n"
+	"AoGBAJHGyXDHyCYoWz+65ltNwwZbhwOGnxr9P1WMATuFJh0bPBZxKbZRdbTm9KhZ\r\n"
+	"OlvsEIsfgiYdsxURYIqXfEgISYLZcZY0pQwGEOmB+0NeC/+ENSfOlNSthx6zSVlc\r\n"
+	"zhJ7+dJOGwepHAiLr1fRuc5jogYLraE+lKTnqAAFfzwvti77AgMBAAEwDQYJKoZI\r\n"
+	"hvcNAQEFBQADgYEAY/ZoeY1ukkEJX7259NeoVM0oahlulWV0rlCqyaeosOiDORPT\r\n"
+	"m6X1w/5MTCf9VyaD1zukoSZ4QqNVjHFXcXidbB7Tgt3yRuZ5PC5LIFCDPv9mgPne\r\n"
+	"mUA70yfctNfza2z3ZiQ6NDkW3mZX+1tmxYIrJQIrkVeYeqf1Gh2nyZrUMcE=\r\n"
+	"-----END CERTIFICATE-----\r\n"
+	"-----BEGIN RSA PRIVATE KEY-----\r\n"
+	"Proc-Type: 4,ENCRYPTED\r\n"
+	"DEK-Info: DES-EDE3-CBC,E7AE93C9E49184EA\r\n"
+	"\r\n"
+	"A2IqzNcWs+I5vzV+i+woDk56+yr58eU0Onw8eEvXkLjnSc58JU4327IF7yUbKWdW\r\n"
+	"Q7BYGGOkVFiZ7ANOwviDg5SUhxRDWCcW8dS6/p1vfdQ1C3qj2OwJjkpg0aDBIzJn\r\n"
+	"FzgguT3MF3ama77vxv0S3kOfmCj62MLqPGpj5pQ0/1hefRFbL8oAX8bXUN7/rmGM\r\n"
+	"Zc0QyzFZv2iQ04dY/6TNclwKPB4H0On4K+8BMs3PRkWA0clCaQaFO2+iwnk3XZfe\r\n"
+	"+MsKUEbLCpAQeYspYv1cw38dCdWq1KTP5aJk+oXgwjfX5cAaPTz74NTqTIsCcaTD\r\n"
+	"3vy7ukJYFlDR9Kyo7z8rMazYrKJslhnuRH0BhK9st9McwL957j5tZmrKyraCcmCx\r\n"
+	"dMAGcsis1va3ayYZpIpFqA4EhYrTM+6N8ZRfUap20+b5IQwHfTQDejUhL6rBwy7j\r\n"
+	"Ti5yD83/itoOMyXq2sV/XWfVD5zk/P5iv22O1EAQMhhnPB9K/I/JhuSGQJfn3cNh\r\n"
+	"ykOUYT0+vDeSeEVa+FVEP1W35G0alTbKbNs5Tb8KxJ3iDJUxokM//SvPXZy9hOVX\r\n"
+	"Y05imB04J15DaGbAHlNzunhuJi7121WV/JRXZRW9diE6hwpD8rwqi3FMuRUmy7U9\r\n"
+	"aFA5poKRAYlo9YtZ3YpFyjGKB6MfCQcB2opuSnQ/gbugV41m67uQ4CDwWLaNRkTb\r\n"
+	"GlsMBNcHnidg15Bsat5HaB7l250ukrI13Uw1MYdDUzaS3gPfw9aC4F2w0p3U+DPH\r\n"
+	"80/zePxtroR7T4/+rI136Rl+aMXDMOEGCX1TVP8rjuZzuRyUSUKC8Q==\r\n"
+	"-----END RSA PRIVATE KEY-----\r\n"
+	"-----BEGIN CERTIFICATE-----\r\n"
+	"MIICXTCCAcYCCQC1Vk/N8qR4AjANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJB\r\n"
+	"VDESMBAGA1UECBMJQ2FyaW50aGlhMRIwEAYDVQQHEwlTdC4gSmFrb2IxDzANBgNV\r\n"
+	"BAoTBkFwcEluZjEPMA0GA1UEAxMGQXBwSW5mMRowGAYJKoZIhvcNAQkBFgthcHBA\r\n"
+	"aW5mLmNvbTAeFw0wNjAyMjcxMzI3MThaFw0wNjAzMjkxMzI3MThaMHMxCzAJBgNV\r\n"
+	"BAYTAkFUMRIwEAYDVQQIEwlDYXJpbnRoaWExEjAQBgNVBAcTCVN0LiBKYWtvYjEP\r\n"
+	"MA0GA1UEChMGQXBwSW5mMQ8wDQYDVQQDEwZBcHBJbmYxGjAYBgkqhkiG9w0BCQEW\r\n"
+	"C2FwcEBpbmYuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsFXiPuicN\r\n"
+	"Im4oJwF8NuaFN+lgYwcZ6dAO3ILIR3kLA2PxF8HSQLfF8J8a4odZhLhctIMAKTxm\r\n"
+	"k0w8TW5qhL8QLdGzY9vzvkgdKOkan2t3sMeXJAfrM1AphTsmgntAQazGZjOj5p4W\r\n"
+	"jDnxQ+VXAylqwjHh49eSBxM3wgoscF4iLQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB\r\n"
+	"AIpfLdXiKchPvFMhQS8xTtXvrw5dVL3yImUMYs4GQi8RrjGmfGB3yMAR7B/b8v4a\r\n"
+	"+ztfusgWAWiUKuSGTk4S8YB0fsFlmOv0WDr+PyZ4Lui/a8opbyzGE7rqpnF/s0GO\r\n"
+	"M7uLCNNwIN7WhmxcWV0KZU1wTppoSWPJda1yTbBzF9XP\r\n"
+	"-----END CERTIFICATE-----\r\n"
+);
+
+
+RSATest::RSATest(const std::string& name): CppUnit::TestCase(name)
+{
+}
+
+
+RSATest::~RSATest()
+{
+}
+
+
+void RSATest::testNewKeys()
+{
+	RSAKey key(RSAKey::KL_1024, RSAKey::EXP_SMALL);
+	std::ostringstream strPub;
+	std::ostringstream strPriv;
+	key.save(&strPub, &strPriv, "testpwd");
+	std::string pubKey = strPub.str();
+	std::string privKey = strPriv.str();
+
+	// now do the round trip
+	std::istringstream iPub(pubKey);
+	std::istringstream iPriv(privKey);
+	RSAKey key2(&iPub, &iPriv, "testpwd");
+
+	std::istringstream iPriv2(privKey);
+	RSAKey key3(0, &iPriv2,  "testpwd");
+	std::ostringstream strPub3;
+	key3.save(&strPub3);
+	std::string pubFromPrivate = strPub3.str();
+	assertTrue (pubFromPrivate == pubKey);
+}
+
+
+void RSATest::testNewKeysNoPassphrase()
+{
+	RSAKey key(RSAKey::KL_1024, RSAKey::EXP_SMALL);
+	std::ostringstream strPub;
+	std::ostringstream strPriv;
+	key.save(&strPub, &strPriv);
+	std::string pubKey = strPub.str();
+	std::string privKey = strPriv.str();
+
+	// now do the round trip
+	std::istringstream iPub(pubKey);
+	std::istringstream iPriv(privKey);
+	RSAKey key2(&iPub, &iPriv);
+
+	std::istringstream iPriv2(privKey);
+	RSAKey key3(0, &iPriv2);
+	std::ostringstream strPub3;
+	key3.save(&strPub3);
+	std::string pubFromPrivate = strPub3.str();
+	assertTrue (pubFromPrivate == pubKey);
+}
+
+
+void RSATest::testSign()
+{
+	std::string msg("Test this sign message");
+	RSAKey key(RSAKey::KL_2048, RSAKey::EXP_LARGE);
+	RSADigestEngine eng(key);
+	eng.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+	const Poco::DigestEngine::Digest& sig = eng.signature();
+	std::string hexDig = Poco::DigestEngine::digestToHex(sig);
+
+	// verify
+	std::ostringstream strPub;
+	key.save(&strPub);
+	std::string pubKey = strPub.str();
+	std::istringstream iPub(pubKey);
+	RSAKey keyPub(&iPub);
+	RSADigestEngine eng2(keyPub);
+	eng2.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+	assertTrue (eng2.verify(sig));
+}
+
+
+void RSATest::testSignSha256()
+{
+	std::string msg("Test this sign message");
+	RSAKey key(RSAKey::KL_2048, RSAKey::EXP_LARGE);
+	RSADigestEngine eng(key, "SHA256");
+	eng.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+	const Poco::DigestEngine::Digest& sig = eng.signature();
+	std::string hexDig = Poco::DigestEngine::digestToHex(sig);
+
+	// verify
+	std::ostringstream strPub;
+	key.save(&strPub);
+	std::string pubKey = strPub.str();
+	std::istringstream iPub(pubKey);
+	RSAKey keyPub(&iPub);
+	RSADigestEngine eng2(keyPub, "SHA256");
+	eng2.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+	assertTrue (eng2.verify(sig));
+}
+
+
+void RSATest::testSignManipulated()
+{
+	std::string msg("Test this sign message");
+	std::string msgManip("Test that sign message");
+	RSAKey key(RSAKey::KL_2048, RSAKey::EXP_LARGE);
+	RSADigestEngine eng(key);
+	eng.update(msg.c_str(), static_cast<unsigned>(msg.length()));
+	const Poco::DigestEngine::Digest& sig = eng.signature();
+	std::string hexDig = Poco::DigestEngine::digestToHex(sig);
+
+	// verify
+	std::ostringstream strPub;
+	key.save(&strPub);
+	std::string pubKey = strPub.str();
+	std::istringstream iPub(pubKey);
+	RSAKey keyPub(&iPub);
+	RSADigestEngine eng2(keyPub);
+	eng2.update(msgManip.c_str(), static_cast<unsigned>(msgManip.length()));
+	assertTrue (!eng2.verify(sig));
+}
+
+
+void RSATest::testRSACipher()
+{
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(RSAKey(RSAKey::KL_1024, RSAKey::EXP_SMALL));
+	for (std::size_t n = 1; n <= 1200; n++)
+	{
+		std::string val(n, 'x');
+		std::string enc = pCipher->encryptString(val);
+		std::string dec = pCipher->decryptString(enc);
+		assertTrue (dec == val);
+	}
+}
+
+
+void RSATest::testRSACipherLarge()
+{
+	std::vector<std::size_t> sizes;
+	sizes.push_back (2047);
+	sizes.push_back (2048);
+	sizes.push_back (2049);
+	sizes.push_back (4095);
+	sizes.push_back (4096);
+	sizes.push_back (4097);
+	sizes.push_back (8191);
+	sizes.push_back (8192);
+	sizes.push_back (8193);
+	sizes.push_back (16383);
+	sizes.push_back (16384);
+	sizes.push_back (16385);
+	
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(RSAKey(RSAKey::KL_1024, RSAKey::EXP_SMALL));
+	for (std::vector<std::size_t>::const_iterator it = sizes.begin(); it != sizes.end(); ++it)
+	{
+		std::string val(*it, 'x');
+		std::string enc = pCipher->encryptString(val);
+		std::string dec = pCipher->decryptString(enc);
+		assertTrue (dec == val);
+	}
+}
+
+
+void RSATest::testCertificate()
+{
+	std::istringstream str(anyPem);
+	X509Certificate cert(str);
+	RSAKey publicKey(cert);
+	std::istringstream str2(anyPem);
+	RSAKey privateKey(0, &str2, "test");
+	Cipher::Ptr pCipher = CipherFactory::defaultFactory().createCipher(publicKey);
+	Cipher::Ptr pCipher2 = CipherFactory::defaultFactory().createCipher(privateKey);
+	std::string val("lets do some encryption");
+	
+	std::string enc = pCipher->encryptString(val);
+	std::string dec = pCipher2->decryptString(enc);
+	assertTrue (dec == val);
+}
+
+
+void RSATest::setUp()
+{
+}
+
+
+void RSATest::tearDown()
+{
+}
+
+
+CppUnit::Test* RSATest::suite()
+{
+	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("RSATest");
+
+	CppUnit_addTest(pSuite, RSATest, testNewKeys);
+	CppUnit_addTest(pSuite, RSATest, testNewKeysNoPassphrase);
+	CppUnit_addTest(pSuite, RSATest, testSign);
+	CppUnit_addTest(pSuite, RSATest, testSignSha256);
+	CppUnit_addTest(pSuite, RSATest, testSignManipulated);
+	CppUnit_addTest(pSuite, RSATest, testRSACipher);
+	CppUnit_addTest(pSuite, RSATest, testRSACipherLarge);
+	CppUnit_addTest(pSuite, RSATest, testCertificate);
+
+	return pSuite;
+}

vendor/POCO/Crypto/testsuite/src/RSATest.h

@@ -0,0 +1,45 @@
+//
+// RSATest.h
+//
+// Definition of the RSATest class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef RSATest_INCLUDED
+#define RSATest_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "CppUnit/TestCase.h"
+
+
+class RSATest: public CppUnit::TestCase
+{
+public:
+	RSATest(const std::string& name);
+	~RSATest();
+
+	void testNewKeys();
+	void testNewKeysNoPassphrase();
+	void testSign();
+	void testSignSha256();
+	void testSignManipulated();
+	void testRSACipher();
+	void testRSACipherLarge();
+	void testCertificate();
+
+	void setUp();
+	void tearDown();
+
+	static CppUnit::Test* suite();
+
+private:
+};
+
+
+#endif // RSATest_INCLUDED

vendor/POCO/Crypto/testsuite/src/WinCEDriver.cpp

@@ -0,0 +1,48 @@
+//
+// WinCEDriver.cpp
+//
+// Console-based test driver for Windows CE.
+//
+// Copyright (c) 2004-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "CppUnit/TestRunner.h"
+#include "CryptoTestSuite.h"
+#include "Poco/Crypto/Crypto.h"
+#include <cstdlib>
+
+
+class CryptoInitializer
+{
+public:
+	CryptoInitializer()
+	{
+		Poco::Crypto::initializeCrypto();
+	}
+	
+	~CryptoInitializer()
+	{
+		Poco::Crypto::uninitializeCrypto();
+	}
+};
+
+
+int _tmain(int argc, wchar_t* argv[])
+{
+	CryptoInitializer ci;
+
+	std::vector<std::string> args;
+	for (int i = 0; i < argc; ++i)
+	{
+		char buffer[1024];
+		std::wcstombs(buffer, argv[i], sizeof(buffer));
+		args.push_back(std::string(buffer));
+	}
+	CppUnit::TestRunner runner;	
+	runner.addTest("CryptoTestSuite", CryptoTestSuite::suite());
+	return runner.run(args) ? 0 : 1;
+}

vendor/POCO/Crypto/testsuite/src/WinDriver.cpp

@@ -0,0 +1,46 @@
+//
+// WinDriver.cpp
+//
+// Windows test driver for Poco Crypto.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "WinTestRunner/WinTestRunner.h"
+#include "CryptoTestSuite.h"
+#include "Poco/Crypto/Crypto.h"
+
+
+class CryptoInitializer
+{
+public:
+	CryptoInitializer()
+	{
+		Poco::Crypto::initializeCrypto();
+	}
+	
+	~CryptoInitializer()
+	{
+		Poco::Crypto::uninitializeCrypto();
+	}
+};
+
+
+class TestDriver: public CppUnit::WinTestRunnerApp
+{
+	void TestMain()
+	{
+		CryptoInitializer ci;
+
+		CppUnit::WinTestRunner runner;
+		runner.addTest(CryptoTestSuite::suite());
+		runner.run();
+	}
+};
+
+
+TestDriver theDriver;