#! /usr/bin/env perl # Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html use strict; use warnings; use File::Compare qw/compare_text/; use File::Copy; use OpenSSL::Test qw/:DEFAULT/; use Time::Piece; use POSIX qw(strftime); my %conversionforms = ( # Default conversion forms. Other series may be added with # specific test types as key. "*" => [ "d", "p" ], "msb" => [ "d", "p", "msblob" ], "pvk" => [ "d", "p", "pvk" ], ); sub tconversion { my %opts = @_; die "Missing option -type" unless $opts{-type}; die "Missing option -in" unless $opts{-in}; my $testtype = $opts{-type}; my $t = $opts{-in}; my $prefix = $opts{-prefix} // $testtype; my @conversionforms = defined($conversionforms{$testtype}) ? @{$conversionforms{$testtype}} : @{$conversionforms{"*"}}; my @openssl_args; if (defined $opts{-args}) { @openssl_args = @{$opts{-args}} if ref $opts{-args} eq 'ARRAY'; @openssl_args = ($opts{-args}) if ref $opts{-args} eq ''; } @openssl_args = ($testtype) unless @openssl_args; my $n = scalar @conversionforms; my $totaltests = 1 # for initializing + $n # initial conversions from p to all forms (A) + $n*$n # conversion from result of A to all forms (B) + 1 # comparing original test file to p form of A + $n*($n-1); # comparing first conversion to each form in A with B $totaltests-- if ($testtype eq "p7d"); # no comparison of original test file $totaltests -= $n if ($testtype eq "pvk"); # no comparisons of the pvk form plan tests => $totaltests; my @cmd = ("openssl", @openssl_args); my $init; if (scalar @openssl_args > 0 && $openssl_args[0] eq "pkey") { $init = ok(run(app([@cmd, "-in", $t, "-out", "$prefix-fff.p"])), 'initializing'); } else { $init = ok(copy($t, "$prefix-fff.p"), 'initializing'); } if (!$init) { diag("Trying to copy $t to $prefix-fff.p : $!"); } SKIP: { skip "Not initialized, skipping...", 22 unless $init; foreach my $to (@conversionforms) { ok(run(app([@cmd, "-in", "$prefix-fff.p", "-inform", "p", "-out", "$prefix-f.$to", "-outform", $to])), "p -> $to"); } foreach my $to (@conversionforms) { foreach my $from (@conversionforms) { ok(run(app([@cmd, "-in", "$prefix-f.$from", "-inform", $from, "-out", "$prefix-ff.$from$to", "-outform", $to])), "$from -> $to"); } } if ($testtype ne "p7d") { is(cmp_text("$prefix-fff.p", "$prefix-f.p"), 0, 'comparing orig to p'); } foreach my $to (@conversionforms) { next if $to eq "d" or $to eq "pvk"; foreach my $from (@conversionforms) { is(cmp_text("$prefix-f.$to", "$prefix-ff.$from$to"), 0, "comparing $to to $from$to"); } } } } sub cmp_text { return compare_text(@_, sub { $_[0] =~ s/\R//g; $_[1] =~ s/\R//g; return $_[0] ne $_[1]; }); } sub file_contains { $_ = shift @_; my $pattern = shift @_; open(DATA, $_) or return 0; $_= join('', ); close(DATA); s/\s+/ /g; # take multiple whitespace (including newline) as single space return m/$pattern/ ? 1 : 0; } sub cert_contains { my $cert = shift @_; my $pattern = shift @_; my $expected = shift @_; my $name = shift @_; my $out = "cert_contains.out"; run(app(["openssl", "x509", "-noout", "-text", "-in", $cert, "-out", $out])); is(file_contains($out, $pattern), $expected, ($name ? "$name: " : ""). "$cert should ".($expected ? "" : "not ")."contain: \"$pattern\""); # not unlinking $out } sub has_version { my $cert = shift @_; my $expect = shift @_; cert_contains($cert, "Version: $expect", 1); } sub has_SKID { my $cert = shift @_; my $expect = shift @_; cert_contains($cert, "Subject Key Identifier", $expect); } sub has_AKID { my $cert = shift @_; my $expect = shift @_; cert_contains($cert, "Authority Key Identifier", $expect); } sub uniq (@) { my %seen = (); grep { not $seen{$_}++ } @_; } sub file_n_different_lines { my $filename = shift @_; open(DATA, $filename) or return 0; chomp(my @lines = ); close(DATA); return scalar(uniq @lines); } sub cert_ext_has_n_different_lines { my $cert = shift @_; my $expected = shift @_; my $exts = shift @_; my $name = shift @_; my $out = "cert_n_different_exts.out"; run(app(["openssl", "x509", "-noout", "-ext", $exts, "-in", $cert, "-out", $out])); is(file_n_different_lines($out), $expected, ($name ? "$name: " : ""). "$cert '$exts' output should contain $expected different lines"); # not unlinking $out } # extracts string value of certificate field from a -text formatted-output sub get_field { my ($f, $field) = @_; my $string = ""; open my $fh, $f or die; while (my $line = <$fh>) { if ($line =~ /$field:\s+(.*)/) { $string = $1; } } close $fh; return $string; } sub get_issuer { return get_field(@_, "Issuer"); } sub get_not_before { return get_field(@_, "Not Before"); } # Date as yyyy-mm-dd sub get_not_before_date { return Time::Piece->strptime( get_not_before(@_), "%b %d %T %Y %Z")->date; } sub get_not_after { return get_field(@_, "Not After "); } # Date as yyyy-mm-dd sub get_not_after_date { return Time::Piece->strptime( get_not_after(@_), "%b %d %T %Y %Z")->date; } 1;