25-test_req.t 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247
  1. #! /usr/bin/env perl
  2. # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use OpenSSL::Test::Utils;
  11. use OpenSSL::Test qw/:DEFAULT srctop_file/;
  12. setup("test_req");
  13. plan tests => 16;
  14. require_ok(srctop_file('test','recipes','tconversion.pl'));
  15. # What type of key to generate?
  16. my @req_new;
  17. if (disabled("rsa")) {
  18. @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
  19. } else {
  20. @req_new = ("-new");
  21. note("There should be a 2 sequences of .'s and some +'s.");
  22. note("There should not be more that at most 80 per line");
  23. }
  24. # Check for duplicate -addext parameters, and one "working" case.
  25. my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
  26. "-config", srctop_file("test", "test.cnf"), @req_new );
  27. my $val = "subjectAltName=DNS:example.com";
  28. my $val2 = " " . $val;
  29. my $val3 = $val;
  30. $val3 =~ s/=/ =/;
  31. ok( run(app([@addext_args, "-addext", $val])));
  32. ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
  33. ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
  34. ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
  35. ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
  36. subtest "generating alt certificate requests with RSA" => sub {
  37. plan tests => 3;
  38. SKIP: {
  39. skip "RSA is not supported by this OpenSSL build", 2
  40. if disabled("rsa");
  41. ok(run(app(["openssl", "req",
  42. "-config", srctop_file("test", "test.cnf"),
  43. "-section", "altreq",
  44. "-new", "-out", "testreq-rsa.pem", "-utf8",
  45. "-key", srctop_file("test", "testrsa.pem")])),
  46. "Generating request");
  47. ok(run(app(["openssl", "req",
  48. "-config", srctop_file("test", "test.cnf"),
  49. "-verify", "-in", "testreq-rsa.pem", "-noout"])),
  50. "Verifying signature on request");
  51. ok(run(app(["openssl", "req",
  52. "-config", srctop_file("test", "test.cnf"),
  53. "-section", "altreq",
  54. "-verify", "-in", "testreq-rsa.pem", "-noout"])),
  55. "Verifying signature on request");
  56. }
  57. };
  58. subtest "generating certificate requests with RSA" => sub {
  59. plan tests => 2;
  60. SKIP: {
  61. skip "RSA is not supported by this OpenSSL build", 2
  62. if disabled("rsa");
  63. ok(run(app(["openssl", "req",
  64. "-config", srctop_file("test", "test.cnf"),
  65. "-new", "-out", "testreq-rsa.pem", "-utf8",
  66. "-key", srctop_file("test", "testrsa.pem")])),
  67. "Generating request");
  68. ok(run(app(["openssl", "req",
  69. "-config", srctop_file("test", "test.cnf"),
  70. "-verify", "-in", "testreq-rsa.pem", "-noout"])),
  71. "Verifying signature on request");
  72. }
  73. };
  74. subtest "generating certificate requests with DSA" => sub {
  75. plan tests => 2;
  76. SKIP: {
  77. skip "DSA is not supported by this OpenSSL build", 2
  78. if disabled("dsa");
  79. ok(run(app(["openssl", "req",
  80. "-config", srctop_file("test", "test.cnf"),
  81. "-new", "-out", "testreq-dsa.pem", "-utf8",
  82. "-key", srctop_file("test", "testdsa.pem")])),
  83. "Generating request");
  84. ok(run(app(["openssl", "req",
  85. "-config", srctop_file("test", "test.cnf"),
  86. "-verify", "-in", "testreq-dsa.pem", "-noout"])),
  87. "Verifying signature on request");
  88. }
  89. };
  90. subtest "generating certificate requests with ECDSA" => sub {
  91. plan tests => 2;
  92. SKIP: {
  93. skip "ECDSA is not supported by this OpenSSL build", 2
  94. if disabled("ec");
  95. ok(run(app(["openssl", "req",
  96. "-config", srctop_file("test", "test.cnf"),
  97. "-new", "-out", "testreq-ec.pem", "-utf8",
  98. "-key", srctop_file("test", "testec-p256.pem")])),
  99. "Generating request");
  100. ok(run(app(["openssl", "req",
  101. "-config", srctop_file("test", "test.cnf"),
  102. "-verify", "-in", "testreq-ec.pem", "-noout"])),
  103. "Verifying signature on request");
  104. }
  105. };
  106. subtest "generating certificate requests with Ed25519" => sub {
  107. plan tests => 2;
  108. SKIP: {
  109. skip "Ed25519 is not supported by this OpenSSL build", 2
  110. if disabled("ec");
  111. ok(run(app(["openssl", "req",
  112. "-config", srctop_file("test", "test.cnf"),
  113. "-new", "-out", "testreq-ed25519.pem", "-utf8",
  114. "-key", srctop_file("test", "tested25519.pem")])),
  115. "Generating request");
  116. ok(run(app(["openssl", "req",
  117. "-config", srctop_file("test", "test.cnf"),
  118. "-verify", "-in", "testreq-ed25519.pem", "-noout"])),
  119. "Verifying signature on request");
  120. }
  121. };
  122. subtest "generating certificate requests with Ed448" => sub {
  123. plan tests => 2;
  124. SKIP: {
  125. skip "Ed448 is not supported by this OpenSSL build", 2
  126. if disabled("ec");
  127. ok(run(app(["openssl", "req",
  128. "-config", srctop_file("test", "test.cnf"),
  129. "-new", "-out", "testreq-ed448.pem", "-utf8",
  130. "-key", srctop_file("test", "tested448.pem")])),
  131. "Generating request");
  132. ok(run(app(["openssl", "req",
  133. "-config", srctop_file("test", "test.cnf"),
  134. "-verify", "-in", "testreq-ed448.pem", "-noout"])),
  135. "Verifying signature on request");
  136. }
  137. };
  138. subtest "generating certificate requests" => sub {
  139. plan tests => 2;
  140. ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
  141. @req_new, "-out", "testreq.pem"])),
  142. "Generating request");
  143. ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
  144. "-verify", "-in", "testreq.pem", "-noout"])),
  145. "Verifying signature on request");
  146. };
  147. subtest "generating SM2 certificate requests" => sub {
  148. plan tests => 4;
  149. SKIP: {
  150. skip "SM2 is not supported by this OpenSSL build", 4
  151. if disabled("sm2");
  152. ok(run(app(["openssl", "req",
  153. "-config", srctop_file("test", "test.cnf"),
  154. "-new", "-key", srctop_file("test", "certs", "sm2.key"),
  155. "-sigopt", "distid:1234567812345678",
  156. "-out", "testreq-sm2.pem", "-sm3"])),
  157. "Generating SM2 certificate request");
  158. ok(run(app(["openssl", "req",
  159. "-config", srctop_file("test", "test.cnf"),
  160. "-verify", "-in", "testreq-sm2.pem", "-noout",
  161. "-vfyopt", "distid:1234567812345678", "-sm3"])),
  162. "Verifying signature on SM2 certificate request");
  163. ok(run(app(["openssl", "req",
  164. "-config", srctop_file("test", "test.cnf"),
  165. "-new", "-key", srctop_file("test", "certs", "sm2.key"),
  166. "-sigopt", "hexdistid:DEADBEEF",
  167. "-out", "testreq-sm2.pem", "-sm3"])),
  168. "Generating SM2 certificate request with hex id");
  169. ok(run(app(["openssl", "req",
  170. "-config", srctop_file("test", "test.cnf"),
  171. "-verify", "-in", "testreq-sm2.pem", "-noout",
  172. "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),
  173. "Verifying signature on SM2 certificate request");
  174. }
  175. };
  176. my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
  177. run_conversion('req conversions',
  178. "testreq.pem");
  179. run_conversion('req conversions -- testreq2',
  180. srctop_file("test", "testreq2.pem"));
  181. sub run_conversion {
  182. my $title = shift;
  183. my $reqfile = shift;
  184. subtest $title => sub {
  185. run(app(["openssl", @openssl_args,
  186. "-in", $reqfile, "-inform", "p",
  187. "-noout", "-text"],
  188. stderr => "req-check.err", stdout => undef));
  189. open DATA, "req-check.err";
  190. SKIP: {
  191. plan skip_all => "skipping req conversion test for $reqfile"
  192. if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
  193. tconversion("req", $reqfile, @openssl_args);
  194. }
  195. close DATA;
  196. unlink "req-check.err";
  197. done_testing();
  198. };
  199. }