2
0

25-test_verify_store.t 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. #! /usr/bin/env perl
  2. # Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
  11. use OpenSSL::Test::Utils;
  12. setup("test_verify_store");
  13. plan tests => 10;
  14. my $dummycnf = srctop_file("apps", "openssl.cnf");
  15. my $cakey = srctop_file("test", "certs", "ca-key.pem");
  16. my $ukey = srctop_file("test", "certs", "ee-key.pem");
  17. my $cnf = srctop_file("test", "ca-and-certs.cnf");
  18. my $CAkey = "keyCA.ss";
  19. my $CAcert="certCA.ss";
  20. my $CAserial="certCA.srl";
  21. my $CAreq="reqCA.ss";
  22. my $CAreq2="req2CA.ss"; # temp
  23. my $Ukey="keyU.ss";
  24. my $Ureq="reqU.ss";
  25. my $Ucert="certU.ss";
  26. SKIP: {
  27. req( 'make cert request',
  28. qw(-new -section userreq),
  29. -config => $cnf,
  30. -out => $CAreq,
  31. -key => $cakey,
  32. -keyout => $CAkey );
  33. skip 'failure', 8 unless
  34. x509( 'convert request into self-signed cert',
  35. qw(-req -CAcreateserial -days 30),
  36. qw(-extensions v3_ca),
  37. -in => $CAreq,
  38. -out => $CAcert,
  39. -signkey => $CAkey,
  40. -extfile => $cnf );
  41. skip 'failure', 7 unless
  42. x509( 'convert cert into a cert request',
  43. qw(-x509toreq),
  44. -in => $CAcert,
  45. -out => $CAreq2,
  46. -signkey => $CAkey );
  47. skip 'failure', 6 unless
  48. req( 'verify request 1',
  49. qw(-verify -noout -section userreq),
  50. -config => $dummycnf,
  51. -in => $CAreq );
  52. skip 'failure', 5 unless
  53. req( 'verify request 2',
  54. qw(-verify -noout -section userreq),
  55. -config => $dummycnf,
  56. -in => $CAreq2 );
  57. skip 'failure', 4 unless
  58. verify( 'verify signature',
  59. -CAstore => $CAcert,
  60. $CAcert );
  61. skip 'failure', 3 unless
  62. req( 'make a user cert request',
  63. qw(-new -section userreq),
  64. -config => $cnf,
  65. -out => $Ureq,
  66. -key => $ukey,
  67. -keyout => $Ukey );
  68. skip 'failure', 2 unless
  69. x509( 'sign user cert request',
  70. qw(-req -CAcreateserial -days 30 -extensions v3_ee),
  71. -in => $Ureq,
  72. -out => $Ucert,
  73. -CA => $CAcert,
  74. -CAkey => $CAkey,
  75. -CAserial => $CAserial,
  76. -extfile => $cnf )
  77. && verify( undef,
  78. -CAstore => $CAcert,
  79. $Ucert );
  80. skip 'failure', 0 unless
  81. x509( 'Certificate details',
  82. qw(-subject -issuer -startdate -enddate -noout),
  83. -in => $Ucert );
  84. }
  85. sub verify {
  86. my $title = shift;
  87. ok(run(app([qw(openssl verify), @_])), $title);
  88. }
  89. sub req {
  90. my $title = shift;
  91. ok(run(app([qw(openssl req), @_])), $title);
  92. }
  93. sub x509 {
  94. my $title = shift;
  95. ok(run(app([qw(openssl x509), @_])), $title);
  96. }