OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179
							/*
 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <string.h>

#include <openssl/pem.h>
#include <openssl/x509.h>
#include "testutil.h"

/*
 * c: path of a cert in PEM format
 * k: path of a key in PEM format
 * t: API type, "cert" for X509_ and "req" for X509_REQ_ APIs.
 * e: expected, "ok" for success, "failed" for what should fail.
 */
static const char *c;
static const char *k;
static const char *t;
static const char *e;

static int test_x509_check_cert_pkey(void)
{
    BIO *bio = NULL;
    X509 *x509 = NULL;
    X509_REQ *x509_req = NULL;
    EVP_PKEY *pkey = NULL;
    int ret = 0, type = 0, expected = 0, result = 0;

    /*
     * we check them first thus if fails we don't need to do
     * those PEM parsing operations.
     */
    if (strcmp(t, "cert") == 0) {
        type = 1;
    } else if (strcmp(t, "req") == 0) {
        type = 2;
    } else {
        TEST_error("invalid 'type'");
        goto failed;
    }

    if (strcmp(e, "ok") == 0) {
        expected = 1;
    } else if (strcmp(e, "failed") == 0) {
        expected = 0;
    } else {
        TEST_error("invalid 'expected'");
        goto failed;
    }

    /* process private key */
    if (!TEST_ptr(bio = BIO_new_file(k, "r")))
        goto failed;

    if (!TEST_ptr(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)))
        goto failed;

    BIO_free(bio);

    /* process cert or cert request, use the same local var */
    if (!TEST_ptr(bio = BIO_new_file(c, "r")))
        goto failed;

    switch (type) {
    case 1:
        x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
        if (x509 == NULL) {
            TEST_error("read PEM x509 failed");
            goto failed;
        }

        result = X509_check_private_key(x509, pkey);
        break;
    case 2:
        x509_req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL);
        if (x509_req == NULL) {
            TEST_error("read PEM x509 req failed");
            goto failed;
        }

        result = X509_REQ_check_private_key(x509_req, pkey);
        break;
    default:
        /* should never be here */
        break;
    }

    if (!TEST_int_eq(result, expected)) {
        TEST_error("check private key: expected: %d, got: %d", expected, result);
        goto failed;
    }

    ret = 1;
failed:
    BIO_free(bio);
    X509_free(x509);
    X509_REQ_free(x509_req);
    EVP_PKEY_free(pkey);
    return ret;
}

static const char *file; /* path of a cert/CRL/key file in PEM format */
static const char *num;  /* expected number of certs/CRLs/keys included */

static int test_PEM_X509_INFO_read_bio(void)
{
    BIO *in;
    STACK_OF(X509_INFO) *sk;
    X509_INFO *it;
    int i, count = 0;
    int expected = 0;

    if (!TEST_ptr((in = BIO_new_file(file, "r"))))
        return 0;
    sk = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
    BIO_free(in);
    sscanf(num, "%d", &expected);
    for (i = 0; i < sk_X509_INFO_num(sk); i++) {
        it = sk_X509_INFO_value(sk, i);
        if (it->x509 != NULL)
            count++;
        if (it->crl != NULL)
            count++;
        if (it->x_pkey != NULL)
            count++;
    }
    sk_X509_INFO_pop_free(sk, X509_INFO_free);
    return TEST_int_eq(count, expected);
}

const OPTIONS *test_get_options(void)
{
    enum { OPT_TEST_ENUM };
    static const OPTIONS test_options[] = {
        OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("cert key type expected\n"
                                          "     or [options] file num\n"),
        { OPT_HELP_STR, 1, '-', "cert\tcertificate or CSR filename in PEM\n" },
        { OPT_HELP_STR, 1, '-', "key\tprivate key filename in PEM\n" },
        { OPT_HELP_STR, 1, '-', "type\t\tvalue must be 'cert' or 'req'\n" },
        { OPT_HELP_STR, 1, '-', "expected\tthe expected return value, either 'ok' or 'failed'\n" },
        { OPT_HELP_STR, 1, '-', "file\tPEM format file containing certs, keys, and/OR CRLs\n" },
        { OPT_HELP_STR, 1, '-', "num\texpected number of credentials to be loaded from file\n" },
        { NULL }
    };
    return test_options;
}

int setup_tests(void)
{
    if (!test_skip_common_options()) {
        TEST_error("Error parsing test options\n");
        return 0;
    }

    if (test_get_argument_count() == 2) {
        if (!TEST_ptr(file = test_get_argument(0))
                || !TEST_ptr(num = test_get_argument(1)))
            return 0;
        ADD_TEST(test_PEM_X509_INFO_read_bio);
        return 1;
    }

    if (!TEST_ptr(c = test_get_argument(0))
            || !TEST_ptr(k = test_get_argument(1))
            || !TEST_ptr(t = test_get_argument(2))
            || !TEST_ptr(e = test_get_argument(3))) {
        return 0;
    }

    ADD_TEST(test_x509_check_cert_pkey);
    return 1;
}