Domů Procházet Nápověda
Přihlásit se
OWEALs
/
openssl
zrcadlo git://git.openssl.org/openssl.git
2
0
Rozštěpit 0
Soubory Úkoly 1 Wiki
Strom: c2bd8d2783
Větve Značky
openssl
/
test
/
recipes
/
25-test_req.t

25-test_req.t 8.5 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248 
  1. #! /usr/bin/env perl
    2. 

  2. # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5. # this file except in compliance with the License.  You can obtain a copy
    6. 

  6. # in the file LICENSE in the source distribution or at
    7. 

  7. # https://www.openssl.org/source/license.html
    8. 

  8. 

  9. 

  10. use strict;
    11. 

  11. use warnings;
    12. 

  12. 

  13. use OpenSSL::Test::Utils;
    14. 

  14. use OpenSSL::Test qw/:DEFAULT srctop_file/;
    15. 

  15. 

  16. setup("test_req");
    17. 

  17. 

  18. plan tests => 16;
    19. 

  19. 

  20. require_ok(srctop_file('test','recipes','tconversion.pl'));
    21. 

  21. 

  22. # What type of key to generate?
    23. 

  23. my @req_new;
    24. 

  24. if (disabled("rsa")) {
    25. 

  25.     @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
    26. 

  26. } else {
    27. 

  27.     @req_new = ("-new");
    28. 

  28.     note("There should be a 2 sequences of .'s and some +'s.");
    29. 

  29.     note("There should not be more that at most 80 per line");
    30. 

  30. }
    31. 

  31. 

  32. # Check for duplicate -addext parameters, and one "working" case.
    33. 

  33. my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
    34. 

  34.     "-config", srctop_file("test", "test.cnf"), @req_new );
    35. 

  35. my $val = "subjectAltName=DNS:example.com";
    36. 

  36. my $val2 = " " . $val;
    37. 

  37. my $val3 = $val;
    38. 

  38. $val3 =~ s/=/    =/;
    39. 

  39. ok( run(app([@addext_args, "-addext", $val])));
    40. 

  40. ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
    41. 

  41. ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
    42. 

  42. ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
    43. 

  43. ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
    44. 

  44. 

  45. subtest "generating alt certificate requests with RSA" => sub {
    46. 

  46.     plan tests => 3;
    47. 

  47. 

  48.     SKIP: {
    49. 

  49.         skip "RSA is not supported by this OpenSSL build", 2
    50. 

  50.             if disabled("rsa");
    51. 

  51. 

  52.         ok(run(app(["openssl", "req",
    53. 

  53.                     "-config", srctop_file("test", "test.cnf"),
    54. 

  54.                     "-section", "altreq",
    55. 

  55.                     "-new", "-out", "testreq-rsa.pem", "-utf8",
    56. 

  56.                     "-key", srctop_file("test", "testrsa.pem")])),
    57. 

  57.            "Generating request");
    58. 

  58. 

  59.         ok(run(app(["openssl", "req",
    60. 

  60.                     "-config", srctop_file("test", "test.cnf"),
    61. 

  61.                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
    62. 

  62.            "Verifying signature on request");
    63. 

  63. 

  64.         ok(run(app(["openssl", "req",
    65. 

  65.                     "-config", srctop_file("test", "test.cnf"),
    66. 

  66.                     "-section", "altreq",
    67. 

  67.                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
    68. 

  68.            "Verifying signature on request");
    69. 

  69.     }
    70. 

  70. };
    71. 

  71. 

  72. 

  73. subtest "generating certificate requests with RSA" => sub {
    74. 

  74.     plan tests => 2;
    75. 

  75. 

  76.     SKIP: {
    77. 

  77.         skip "RSA is not supported by this OpenSSL build", 2
    78. 

  78.             if disabled("rsa");
    79. 

  79. 

  80.         ok(run(app(["openssl", "req",
    81. 

  81.                     "-config", srctop_file("test", "test.cnf"),
    82. 

  82.                     "-new", "-out", "testreq-rsa.pem", "-utf8",
    83. 

  83.                     "-key", srctop_file("test", "testrsa.pem")])),
    84. 

  84.            "Generating request");
    85. 

  85. 

  86.         ok(run(app(["openssl", "req",
    87. 

  87.                     "-config", srctop_file("test", "test.cnf"),
    88. 

  88.                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
    89. 

  89.            "Verifying signature on request");
    90. 

  90.     }
    91. 

  91. };
    92. 

  92. 

  93. subtest "generating certificate requests with DSA" => sub {
    94. 

  94.     plan tests => 2;
    95. 

  95. 

  96.     SKIP: {
    97. 

  97.         skip "DSA is not supported by this OpenSSL build", 2
    98. 

  98.             if disabled("dsa");
    99. 

  99. 

  100.         ok(run(app(["openssl", "req",
    101. 

  101.                     "-config", srctop_file("test", "test.cnf"),
    102. 

  102.                     "-new", "-out", "testreq-dsa.pem", "-utf8",
    103. 

  103.                     "-key", srctop_file("test", "testdsa.pem")])),
    104. 

  104.            "Generating request");
    105. 

  105. 

  106.         ok(run(app(["openssl", "req",
    107. 

  107.                     "-config", srctop_file("test", "test.cnf"),
    108. 

  108.                     "-verify", "-in", "testreq-dsa.pem", "-noout"])),
    109. 

  109.            "Verifying signature on request");
    110. 

  110.     }
    111. 

  111. };
    112. 

  112. 

  113. subtest "generating certificate requests with ECDSA" => sub {
    114. 

  114.     plan tests => 2;
    115. 

  115. 

  116.     SKIP: {
    117. 

  117.         skip "ECDSA is not supported by this OpenSSL build", 2
    118. 

  118.             if disabled("ec");
    119. 

  119. 

  120.         ok(run(app(["openssl", "req",
    121. 

  121.                     "-config", srctop_file("test", "test.cnf"),
    122. 

  122.                     "-new", "-out", "testreq-ec.pem", "-utf8",
    123. 

  123.                     "-key", srctop_file("test", "testec-p256.pem")])),
    124. 

  124.            "Generating request");
    125. 

  125. 

  126.         ok(run(app(["openssl", "req",
    127. 

  127.                     "-config", srctop_file("test", "test.cnf"),
    128. 

  128.                     "-verify", "-in", "testreq-ec.pem", "-noout"])),
    129. 

  129.            "Verifying signature on request");
    130. 

  130.     }
    131. 

  131. };
    132. 

  132. 

  133. subtest "generating certificate requests with Ed25519" => sub {
    134. 

  134.     plan tests => 2;
    135. 

  135. 

  136.     SKIP: {
    137. 

  137.         skip "Ed25519 is not supported by this OpenSSL build", 2
    138. 

  138.             if disabled("ec");
    139. 

  139. 

  140.         ok(run(app(["openssl", "req",
    141. 

  141.                     "-config", srctop_file("test", "test.cnf"),
    142. 

  142.                     "-new", "-out", "testreq-ed25519.pem", "-utf8",
    143. 

  143.                     "-key", srctop_file("test", "tested25519.pem")])),
    144. 

  144.            "Generating request");
    145. 

  145. 

  146.         ok(run(app(["openssl", "req",
    147. 

  147.                     "-config", srctop_file("test", "test.cnf"),
    148. 

  148.                     "-verify", "-in", "testreq-ed25519.pem", "-noout"])),
    149. 

  149.            "Verifying signature on request");
    150. 

  150.     }
    151. 

  151. };
    152. 

  152. 

  153. subtest "generating certificate requests with Ed448" => sub {
    154. 

  154.     plan tests => 2;
    155. 

  155. 

  156.     SKIP: {
    157. 

  157.         skip "Ed448 is not supported by this OpenSSL build", 2
    158. 

  158.             if disabled("ec");
    159. 

  159. 

  160.         ok(run(app(["openssl", "req",
    161. 

  161.                     "-config", srctop_file("test", "test.cnf"),
    162. 

  162.                     "-new", "-out", "testreq-ed448.pem", "-utf8",
    163. 

  163.                     "-key", srctop_file("test", "tested448.pem")])),
    164. 

  164.            "Generating request");
    165. 

  165. 

  166.         ok(run(app(["openssl", "req",
    167. 

  167.                     "-config", srctop_file("test", "test.cnf"),
    168. 

  168.                     "-verify", "-in", "testreq-ed448.pem", "-noout"])),
    169. 

  169.            "Verifying signature on request");
    170. 

  170.     }
    171. 

  171. };
    172. 

  172. 

  173. subtest "generating certificate requests" => sub {
    174. 

  174.     plan tests => 2;
    175. 

  175. 

  176.     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
    177. 

  177.                 @req_new, "-out", "testreq.pem"])),
    178. 

  178.        "Generating request");
    179. 

  179. 

  180.     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
    181. 

  181.                 "-verify", "-in", "testreq.pem", "-noout"])),
    182. 

  182.        "Verifying signature on request");
    183. 

  183. };
    184. 

  184. 

  185. subtest "generating SM2 certificate requests" => sub {
    186. 

  186.     plan tests => 4;
    187. 

  187. 

  188.     SKIP: {
    189. 

  189.         skip "SM2 is not supported by this OpenSSL build", 4
    190. 

  190.         if disabled("sm2");
    191. 

  191.         ok(run(app(["openssl", "req",
    192. 

  192.                     "-config", srctop_file("test", "test.cnf"),
    193. 

  193.                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
    194. 

  194.                     "-sigopt", "distid:1234567812345678",
    195. 

  195.                     "-out", "testreq-sm2.pem", "-sm3"])),
    196. 

  196.            "Generating SM2 certificate request");
    197. 

  197. 

  198.         ok(run(app(["openssl", "req",
    199. 

  199.                     "-config", srctop_file("test", "test.cnf"),
    200. 

  200.                     "-verify", "-in", "testreq-sm2.pem", "-noout",
    201. 

  201.                     "-vfyopt", "distid:1234567812345678", "-sm3"])),
    202. 

  202.            "Verifying signature on SM2 certificate request");
    203. 

  203. 

  204.         ok(run(app(["openssl", "req",
    205. 

  205.                     "-config", srctop_file("test", "test.cnf"),
    206. 

  206.                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
    207. 

  207.                     "-sigopt", "hexdistid:DEADBEEF",
    208. 

  208.                     "-out", "testreq-sm2.pem", "-sm3"])),
    209. 

  209.            "Generating SM2 certificate request with hex id");
    210. 

  210. 

  211.         ok(run(app(["openssl", "req",
    212. 

  212.                     "-config", srctop_file("test", "test.cnf"),
    213. 

  213.                     "-verify", "-in", "testreq-sm2.pem", "-noout",
    214. 

  214.                     "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),
    215. 

  215.            "Verifying signature on SM2 certificate request");
    216. 

  216.     }
    217. 

  217. };
    218. 

  218. 

  219. my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
    220. 

  220. 

  221. run_conversion('req conversions',
    222. 

  222.                "testreq.pem");
    223. 

  223. run_conversion('req conversions -- testreq2',
    224. 

  224.                srctop_file("test", "testreq2.pem"));
    225. 

  225. 

  226. sub run_conversion {
    227. 

  227.     my $title = shift;
    228. 

  228.     my $reqfile = shift;
    229. 

  229. 

  230.     subtest $title => sub {
    231. 

  231.         run(app(["openssl", @openssl_args,
    232. 

  232.                  "-in", $reqfile, "-inform", "p",
    233. 

  233.                  "-noout", "-text"],
    234. 

  234.                 stderr => "req-check.err", stdout => undef));
    235. 

  235.         open DATA, "req-check.err";
    236. 

  236.         SKIP: {
    237. 

  237.             plan skip_all => "skipping req conversion test for $reqfile"
    238. 

  238.                 if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
    239. 

  239. 

  240.             tconversion( -type => 'req', -in => $reqfile,
    241. 

  241.                          -args => [ @openssl_args ] );
    242. 

  242.         }
    243. 

  243.         close DATA;
    244. 

  244.         unlink "req-check.err";
    245. 

  245. 

  246.         done_testing();
    247. 

  247.     };
    248. 

  248. }
    249.