]>
Commit | Line | Data |
---|---|---|
1c55e372 | 1 | #! /usr/bin/env perl |
aff636a4 | 2 | # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. |
1c55e372 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
1c55e372 MC |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
70bf33d1 AP |
9 | use strict; |
10 | use warnings; | |
11 | ||
12 | use OpenSSL::Test qw/:DEFAULT srctop_file/; | |
1c55e372 MC |
13 | use OpenSSL::Test::Utils; |
14 | ||
70bf33d1 AP |
15 | use Encode; |
16 | ||
17 | setup("test_pkcs12"); | |
18 | ||
70bf33d1 AP |
19 | my $pass = "σύνθημα γνώρισμα"; |
20 | ||
21 | my $savedcp; | |
652c52a6 | 22 | if (eval { require Win32::API; 1; }) { |
70bf33d1 | 23 | # Trouble is that Win32 perl uses CreateProcessA, which |
652c52a6 AP |
24 | # makes it problematic to pass non-ASCII arguments, from perl[!] |
25 | # that is. This is because CreateProcessA is just a wrapper for | |
26 | # CreateProcessW and will call MultiByteToWideChar and use | |
27 | # system default locale. Since we attempt Greek pass-phrase | |
28 | # conversion can be done only with Greek locale. | |
70bf33d1 | 29 | |
652c52a6 AP |
30 | Win32::API->Import("kernel32","UINT GetSystemDefaultLCID()"); |
31 | if (GetSystemDefaultLCID() != 0x408) { | |
32 | plan skip_all => "Non-Greek system locale"; | |
33 | } else { | |
34 | # Ensure correct code page so that VERBOSE output is right. | |
35 | Win32::API->Import("kernel32","UINT GetConsoleOutputCP()"); | |
36 | Win32::API->Import("kernel32","BOOL SetConsoleOutputCP(UINT cp)"); | |
37 | $savedcp = GetConsoleOutputCP(); | |
38 | SetConsoleOutputCP(1253); | |
39 | $pass = Encode::encode("cp1253",Encode::decode("utf-8",$pass)); | |
40 | } | |
d4c499f5 AP |
41 | } elsif ($^O eq "MSWin32") { |
42 | plan skip_all => "Win32::API unavailable"; | |
46399d9d | 43 | } elsif ($^O ne "VMS") { |
46f4e1be | 44 | # Running MinGW tests transparently under Wine apparently requires |
1194ea8d AP |
45 | # UTF-8 locale... |
46 | ||
47 | foreach(`locale -a`) { | |
48 | s/\R$//; | |
49 | if ($_ =~ m/^C\.UTF\-?8/i) { | |
50 | $ENV{LC_ALL} = $_; | |
51 | last; | |
52 | } | |
53 | } | |
70bf33d1 | 54 | } |
fb5d9f1d | 55 | $ENV{OPENSSL_WIN32_UTF8}=1; |
70bf33d1 | 56 | |
35258435 | 57 | plan tests => 13; |
c5ec6dcf JS |
58 | |
59 | # Test different PKCS#12 formats | |
60 | ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); | |
b536880c JS |
61 | # Test with legacy APIs |
62 | ok(run(test(["pkcs12_format_test", "-legacy"])), "test pkcs12 formats using legacy APIs"); | |
63 | # Test with a non-default library context (and no loaded providers in the default context) | |
64 | ok(run(test(["pkcs12_format_test", "-context"])), "test pkcs12 formats using a non-default library context"); | |
652c52a6 | 65 | |
46399d9d RL |
66 | SKIP: { |
67 | skip "VMS doesn't have command line UTF-8 support yet in DCL", 1 | |
68 | if $^O eq "VMS"; | |
69 | ||
70 | # just see that we can read shibboleth.pfx protected with $pass | |
71 | ok(run(app(["openssl", "pkcs12", "-noout", | |
72 | "-password", "pass:$pass", | |
73 | "-in", srctop_file("test", "shibboleth.pfx")])), | |
74 | "test_load_cert_pkcs12"); | |
75 | } | |
70bf33d1 | 76 | |
b3c5aadf | 77 | my @path = qw(test certs); |
279b61d0 DO |
78 | my $outfile1 = "out1.p12"; |
79 | my $outfile2 = "out2.p12"; | |
80 | my $outfile3 = "out3.p12"; | |
e5808784 | 81 | my $outfile4 = "out4.p12"; |
35258435 | 82 | my $outfile5 = "out5.p12"; |
b3c5aadf | 83 | |
1d6c8670 DDO |
84 | # Test the -chain option with -untrusted |
85 | ok(run(app(["openssl", "pkcs12", "-export", "-chain", | |
86 | "-CAfile", srctop_file(@path, "sroot-cert.pem"), | |
87 | "-untrusted", srctop_file(@path, "ca-cert.pem"), | |
88 | "-in", srctop_file(@path, "ee-cert.pem"), | |
279b61d0 | 89 | "-nokeys", "-passout", "pass:", "-out", $outfile1])), |
1d6c8670 DDO |
90 | "test_pkcs12_chain_untrusted"); |
91 | ||
b3c5aadf | 92 | # Test the -passcerts option |
b536880c JS |
93 | SKIP: { |
94 | skip "Skipping PKCS#12 test because DES is disabled in this build", 1 | |
95 | if disabled("des"); | |
96 | ok(run(app(["openssl", "pkcs12", "-export", | |
b3c5aadf DDO |
97 | "-in", srctop_file(@path, "ee-cert.pem"), |
98 | "-certfile", srctop_file(@path, "v3-certs-TDES.p12"), | |
99 | "-passcerts", "pass:v3-certs", | |
100 | "-nokeys", "-passout", "pass:v3-certs", "-descert", | |
279b61d0 DO |
101 | "-out", $outfile2])), |
102 | "test_pkcs12_passcerts"); | |
b536880c | 103 | } |
b3c5aadf | 104 | |
2d840893 | 105 | SKIP: { |
67cd4308 P |
106 | skip "Skipping legacy PKCS#12 test because the required algorithms are disabled", 1 |
107 | if disabled("des") || disabled("rc2") || disabled("legacy"); | |
2d840893 MC |
108 | # Test reading legacy PKCS#12 file |
109 | ok(run(app(["openssl", "pkcs12", "-export", | |
110 | "-in", srctop_file(@path, "v3-certs-RC2.p12"), | |
111 | "-passin", "pass:v3-certs", | |
112 | "-provider", "default", "-provider", "legacy", | |
113 | "-nokeys", "-passout", "pass:v3-certs", "-descert", | |
114 | "-out", $outfile3])), | |
115 | "test_pkcs12_passcerts_legacy"); | |
116 | } | |
b3c5aadf | 117 | |
e5808784 TM |
118 | # Test export of PEM file with both cert and key |
119 | # -nomac necessary to avoid legacy provider requirement | |
120 | ok(run(app(["openssl", "pkcs12", "-export", | |
121 | "-inkey", srctop_file(@path, "cert-key-cert.pem"), | |
122 | "-in", srctop_file(@path, "cert-key-cert.pem"), | |
123 | "-passout", "pass:v3-certs", | |
124 | "-nomac", "-out", $outfile4], stderr => "outerr.txt")), | |
125 | "test_export_pkcs12_cert_key_cert"); | |
126 | open DATA, "outerr.txt"; | |
127 | my @match = grep /:error:/, <DATA>; | |
128 | close DATA; | |
129 | ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_outerr_empty"); | |
130 | ||
131 | ok(run(app(["openssl", "pkcs12", | |
132 | "-in", $outfile4, | |
133 | "-passin", "pass:v3-certs", | |
134 | "-nomacver", "-nodes"])), | |
135 | "test_import_pkcs12_cert_key_cert"); | |
136 | ||
35258435 MC |
137 | ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile5, |
138 | "-in", srctop_file(@path, "ee-cert.pem"), "-caname", "testname", | |
139 | "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])), | |
140 | "test nokeys single cert"); | |
141 | ||
142 | my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5, | |
143 | "-passin", "pass:"]), capture => 1); | |
144 | ||
145 | # Test that with one input certificate, we get one output certificate | |
146 | ok(grep(/subject=CN = server.example/, @pkcs12info) == 1, | |
147 | "test one cert in output"); | |
148 | # Test that the expected friendly name is present in the output | |
149 | ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output"); | |
e5808784 | 150 | |
652c52a6 | 151 | SetConsoleOutputCP($savedcp) if (defined($savedcp)); |