]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/recipes/90-test_store.t
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Raise an error on syscall failure in tls_retry_write_records
[thirdparty/openssl.git] / test / recipes / 90-test_store.t
CommitLineData
e1613d9f 1#! /usr/bin/env perl
da1c088f 2# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
e1613d9f 3#
909f1a2e 4# Licensed under the Apache License 2.0 (the "License"). You may not use
e1613d9f
RL		 5# this file except in compliance with the License. You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
a75831f9 9use File::Spec::Functions;
4c0669dc 10use File::Copy;
e1613d9f 11use MIME::Base64;
0a3b330c
RL		 12use OpenSSL::Test qw(:DEFAULT srctop_file srctop_dir bldtop_file bldtop_dir
13 data_file);
45fd6a59 14use OpenSSL::Test::Utils;
e1613d9f
RL		 15
16my $test_name = "test_store";
17setup($test_name);
18
71273ab5 19my $use_md5 = !disabled("md5");
8891a12b 20my $use_des = !(disabled("des") || disabled("legacy")); # also affects 3des and pkcs12 app
71273ab5
DDO		 21my $use_dsa = !disabled("dsa");
22my $use_ecc = !disabled("ec");
1e8d5ea5 23
e1613d9f
RL		 24my @noexist_files =
25 ( "test/blahdiblah.pem",
26 "test/blahdibleh.der" );
27my @src_files =
28 ( "test/testx509.pem",
29 "test/testrsa.pem",
30 "test/testrsapub.pem",
31 "test/testcrl.pem",
32 "apps/server.pem" );
a9fa32c2
RL		 33my @data_files =
34 ( "testrsa.msb" );
35push(@data_files,
36 ( "testrsa.pvk" ))
37 unless disabled("legacy") || disabled("rc4");
0a3b330c
RL		 38my @src_rsa_files =
39 ( "test/testrsa.pem",
40 "test/testrsapub.pem" );
e1613d9f
RL		 41my @generated_files =
42 (
43 ### generated from the source files
44
45 "testx509.der",
46 "testrsa.der",
47 "testrsapub.der",
48 "testcrl.der",
49
50 ### generated locally
e1613d9f
RL		 51
52 "rsa-key-pkcs1.pem", "rsa-key-pkcs1.der",
53 "rsa-key-pkcs1-aes128.pem",
54 "rsa-key-pkcs8.pem", "rsa-key-pkcs8.der",
e1613d9f 55 "rsa-key-pkcs8-pbes2-sha1.pem", "rsa-key-pkcs8-pbes2-sha1.der",
71273ab5
DDO		 56 "rsa-key-pkcs8-pbes2-sha256.pem", "rsa-key-pkcs8-pbes2-sha256.der",
57 );
58push(@generated_files, (
59 "rsa-key-pkcs8-pbes1-sha1-3des.pem", "rsa-key-pkcs8-pbes1-sha1-3des.der",
60 )) if $use_des;
61push(@generated_files, (
e1613d9f
RL		 62 "rsa-key-sha1-3des-sha1.p12", "rsa-key-sha1-3des-sha256.p12",
63 "rsa-key-aes256-cbc-sha256.p12",
64 "rsa-key-md5-des-sha1.p12",
71273ab5
DDO		 65 "rsa-key-aes256-cbc-md5-des-sha256.p12"
66 )) if $use_des;
67push(@generated_files, (
68 "rsa-key-pkcs8-pbes1-md5-des.pem", "rsa-key-pkcs8-pbes1-md5-des.der"
69 )) if $use_md5 && $use_des;
70push(@generated_files, (
e1613d9f
RL		 71 "dsa-key-pkcs1.pem", "dsa-key-pkcs1.der",
72 "dsa-key-pkcs1-aes128.pem",
73 "dsa-key-pkcs8.pem", "dsa-key-pkcs8.der",
74 "dsa-key-pkcs8-pbes2-sha1.pem", "dsa-key-pkcs8-pbes2-sha1.der",
71273ab5
DDO		 75 )) if $use_dsa;
76push(@generated_files, "dsa-key-aes256-cbc-sha256.p12") if $use_dsa && $use_des;
77push(@generated_files, (
e1613d9f
RL		 78 "ec-key-pkcs1.pem", "ec-key-pkcs1.der",
79 "ec-key-pkcs1-aes128.pem",
80 "ec-key-pkcs8.pem", "ec-key-pkcs8.der",
81 "ec-key-pkcs8-pbes2-sha1.pem", "ec-key-pkcs8-pbes2-sha1.der",
71273ab5
DDO		 82 )) if $use_ecc;
83push(@generated_files, "ec-key-aes256-cbc-sha256.p12") if $use_ecc && $use_des;
4c0669dc
RL		 84my %generated_file_files =
85 $^O eq 'linux'
86 ? ( "test/testx509.pem" => "file:testx509.pem",
87 "test/testrsa.pem" => "file:testrsa.pem",
88 "test/testrsapub.pem" => "file:testrsapub.pem",
89 "test/testcrl.pem" => "file:testcrl.pem",
90 "apps/server.pem" => "file:server.pem" )
91 : ();
92my @noexist_file_files =
93 ( "file:blahdiblah.pem",
94 "file:test/blahdibleh.der" );
95
7620d89c
RL		 96# There is more than one method to get a 'file:' loader.
97# The default is a built-in provider implementation.
98# However, there is also an engine, specially for testing purposes.
99#
100# @methods is a collection of extra 'openssl storeutl' arguments used to
101# try the different methods.
102my @methods;
8891a12b
MC		 103my @prov_method = qw(-provider default);
104push @prov_method, qw(-provider legacy) unless disabled('legacy');
105push @methods, [ @prov_method ];
7620d89c 106push @methods, [qw(-engine loader_attic)]
48868950 107 unless disabled('loadereng');
7620d89c 108
323c4753 109my $n = 2 + scalar @methods
7620d89c
RL		 110 * ( (3 * scalar @noexist_files)
111 + (6 * scalar @src_files)
a9fa32c2 112 + (2 * scalar @data_files)
7620d89c
RL		 113 + (4 * scalar @generated_files)
114 + (scalar keys %generated_file_files)
115 + (scalar @noexist_file_files)
116 + 3
117 + 11 );
118
53d0d01f
MC		 119# Test doesn't work under msys because the file name munging doesn't work
120# correctly with the "ot:" prefix
0a3b330c 121my $do_test_ossltest_store =
53d0d01f 122 !(disabled("engine") || disabled("dynamic-engine") || $^O =~ /^msys$/);
0a3b330c
RL		 123
124if ($do_test_ossltest_store) {
125 # test loading with apps 'org.openssl.engine:' loader, using the
126 # ossltest engine.
127 $n += 4 * scalar @src_rsa_files;
128}
129
7620d89c 130plan skip_all => "No plan" if $n == 0;
e1613d9f
RL		 131
132plan tests => $n;
133
323c4753
DDO		 134my $test_x509 = srctop_file('test', 'testx509.pem');
135
136ok(run(app(["openssl", "storeutl", "-crls", $test_x509])),
137 "storeutil with -crls option");
138
139ok(!run(app(["openssl", "storeutl", $test_x509, "-crls"])),
140 "storeutil with extra parameter (at end) should fail");
141
e1613d9f 142indir "store_$$" => sub {
0a3b330c
RL		 143 if ($do_test_ossltest_store) {
144 # ossltest loads PEM files, with names prefixed with 'ot:'.
145 # This prefix ensures that the files are, in fact, loaded through
146 # that engine and not mistakenly going through the 'file:' loader.
147
148 my $engine_scheme = 'org.openssl.engine:';
149 $ENV{OPENSSL_ENGINES} = bldtop_dir("engines");
150
151 foreach (@src_rsa_files) {
152 my $file = srctop_file($_);
153 my $file_abs = to_abs_file($file);
154 my @pubin = $_ =~ m|pub\.pem$| ? ("-pubin") : ();
155
156 ok(run(app(["openssl", "rsa", "-text", "-noout", @pubin,
157 "-engine", "ossltest", "-inform", "engine",
158 "-in", "ot:$file"])));
159 ok(run(app(["openssl", "rsa", "-text", "-noout", @pubin,
160 "-engine", "ossltest", "-inform", "engine",
161 "-in", "ot:$file_abs"])));
162 ok(run(app(["openssl", "rsa", "-text", "-noout", @pubin,
163 "-in", "${engine_scheme}ossltest:ot:$file"])));
164 ok(run(app(["openssl", "rsa", "-text", "-noout", @pubin,
165 "-in", "${engine_scheme}ossltest:ot:$file_abs"])));
166 }
167 }
168
e1613d9f
RL		 169 SKIP:
170 {
71273ab5 171 init() or die "init failed";
e1613d9f 172
a75831f9 173 my $rehash = init_rehash();
0443b117 174
7620d89c
RL		 175 foreach my $method (@methods) {
176 my @storeutl = ( qw(openssl storeutl), @$method );
79120f46 177
7620d89c
RL		 178 foreach (@noexist_files) {
179 my $file = srctop_file($_);
79120f46 180
7620d89c
RL		 181 ok(!run(app([@storeutl, "-noout", $file])));
182 ok(!run(app([@storeutl, "-noout", to_abs_file($file)])));
183 {
184 local $ENV{MSYS2_ARG_CONV_EXCL} = "file:";
79120f46 185
7620d89c
RL		 186 ok(!run(app([@storeutl, "-noout",
187 to_abs_file_uri($file)])));
188 }
79120f46 189 }
7620d89c
RL		 190 foreach (@src_files) {
191 my $file = srctop_file($_);
79120f46 192
7620d89c
RL		 193 ok(run(app([@storeutl, "-noout", $file])));
194 ok(run(app([@storeutl, "-noout", to_abs_file($file)])));
195 SKIP:
196 {
53d0d01f 197 skip "file: tests disabled on MingW", 4 if $^O =~ /^msys$/;
79120f46 198
7620d89c
RL		 199 ok(run(app([@storeutl, "-noout",
200 to_abs_file_uri($file)])));
201 ok(run(app([@storeutl, "-noout",
202 to_abs_file_uri($file, 0, "")])));
203 ok(run(app([@storeutl, "-noout",
204 to_abs_file_uri($file, 0, "localhost")])));
205 ok(!run(app([@storeutl, "-noout",
206 to_abs_file_uri($file, 0, "dummy")])));
207 }
79120f46 208 }
a9fa32c2
RL		 209 foreach (@data_files) {
210 my $file = data_file($_);
211
212 ok(run(app([@storeutl, "-noout", "-passin", "pass:password",
213 $file])));
214 ok(run(app([@storeutl, "-noout", "-passin", "pass:password",
215 to_abs_file($file)])));
216 }
7620d89c 217 foreach (@generated_files) {
a9fa32c2
RL		 218 ok(run(app([@storeutl, "-noout", "-passin", "pass:password",
219 $_])));
220 ok(run(app([@storeutl, "-noout", "-passin", "pass:password",
221 to_abs_file($_)])));
7620d89c
RL		 222
223 SKIP:
224 {
53d0d01f 225 skip "file: tests disabled on MingW", 2 if $^O =~ /^msys$/;
79120f46 226
7620d89c
RL		 227 ok(run(app([@storeutl, "-noout", "-passin",
228 "pass:password", to_abs_file_uri($_)])));
229 ok(!run(app([@storeutl, "-noout", "-passin",
230 "pass:password", to_file_uri($_)])));
231 }
1e8d5ea5 232 }
7620d89c
RL		 233 foreach (values %generated_file_files) {
234 SKIP:
235 {
53d0d01f 236 skip "file: tests disabled on MingW", 1 if $^O =~ /^msys$/;
79120f46 237
7620d89c
RL		 238 ok(run(app([@storeutl, "-noout", $_])));
239 }
1e8d5ea5 240 }
7620d89c
RL		 241 foreach (@noexist_file_files) {
242 SKIP:
243 {
53d0d01f 244 skip "file: tests disabled on MingW", 1 if $^O =~ /^msys$/;
79120f46 245
7620d89c
RL		 246 ok(!run(app([@storeutl, "-noout", $_])));
247 }
248 }
f106f406 249 {
7620d89c
RL		 250 my $dir = srctop_dir("test", "certs");
251
252 ok(run(app([@storeutl, "-noout", $dir])));
253 ok(run(app([@storeutl, "-noout", to_abs_file($dir, 1)])));
254 SKIP:
255 {
53d0d01f 256 skip "file: tests disabled on MingW", 1 if $^O =~ /^msys$/;
79120f46 257
7620d89c
RL		 258 ok(run(app([@storeutl, "-noout",
259 to_abs_file_uri($dir, 1)])));
260 }
79120f46 261 }
7622baf8 262
7620d89c
RL		 263 ok(!run(app([@storeutl, '-noout',
264 '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
265 srctop_file('test', 'testx509.pem')])),
266 "Checking that -subject can't be used with a single file");
267
268 ok(run(app([@storeutl, '-certs', '-noout',
269 srctop_file('test', 'testx509.pem')])),
270 "Checking that -certs returns 1 object on a certificate file");
271 ok(run(app([@storeutl, '-certs', '-noout',
272 srctop_file('test', 'testcrl.pem')])),
273 "Checking that -certs returns 0 objects on a CRL file");
274
275 ok(run(app([@storeutl, '-crls', '-noout',
276 srctop_file('test', 'testx509.pem')])),
277 "Checking that -crls returns 0 objects on a certificate file");
278 ok(run(app([@storeutl, '-crls', '-noout',
279 srctop_file('test', 'testcrl.pem')])),
280 "Checking that -crls returns 1 object on a CRL file");
281
282 SKIP: {
283 skip "failed rehash initialisation", 6 unless $rehash;
284
285 # subject from testx509.pem:
286 # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert'
287 # issuer from testcrl.pem:
288 # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority'
289 ok(run(app([@storeutl, '-noout',
290 '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
291 catdir(curdir(), 'rehash')])));
292 ok(run(app([@storeutl, '-noout',
293 '-subject',
294 '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
295 catdir(curdir(), 'rehash')])));
296 ok(run(app([@storeutl, '-noout', '-certs',
297 '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
298 catdir(curdir(), 'rehash')])));
299 ok(run(app([@storeutl, '-noout', '-crls',
300 '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
301 catdir(curdir(), 'rehash')])));
302 ok(run(app([@storeutl, '-noout', '-certs',
303 '-subject',
304 '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
305 catdir(curdir(), 'rehash')])));
306 ok(run(app([@storeutl, '-noout', '-crls',
307 '-subject',
308 '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
309 catdir(curdir(), 'rehash')])));
310 }
a75831f9 311 }
e1613d9f
RL		 312 }
313}, create => 1, cleanup => 1;
314
315sub init {
71273ab5
DDO		 316 my $cnf = srctop_file('test', 'ca-and-certs.cnf');
317 my $cakey = srctop_file('test', 'certs', 'ca-key.pem');
8891a12b
MC		 318 my @std_args = qw(-provider default);
319 push @std_args, qw(-provider legacy)
320 unless disabled('legacy');
e1613d9f
RL		 321 return (
322 # rsa-key-pkcs1.pem
7620d89c 323 run(app(["openssl", "pkey", @std_args,
71273ab5
DDO		 324 "-in", data_file("rsa-key-2432.pem"),
325 "-out", "rsa-key-pkcs1.pem"]))
e1613d9f 326 # rsa-key-pkcs1-aes128.pem
7620d89c
RL		 327 && run(app(["openssl", "rsa", @std_args,
328 "-passout", "pass:password", "-aes128",
e1613d9f
RL		 329 "-in", "rsa-key-pkcs1.pem",
330 "-out", "rsa-key-pkcs1-aes128.pem"]))
71273ab5 331 # dsa-key-pkcs1.pem
7620d89c
RL		 332 && (!$use_dsa
333 || run(app(["openssl", "gendsa", @std_args,
334 "-out", "dsa-key-pkcs1.pem",
335 data_file("dsaparam.pem")])))
e1613d9f 336 # dsa-key-pkcs1-aes128.pem
7620d89c
RL		 337 && (!$use_dsa
338 || run(app(["openssl", "dsa", @std_args,
339 "-passout", "pass:password", "-aes128",
340 "-in", "dsa-key-pkcs1.pem",
341 "-out", "dsa-key-pkcs1-aes128.pem"])))
71273ab5 342 # ec-key-pkcs1.pem (one might think that 'genec' would be practical)
7620d89c
RL		 343 && (!$use_ecc
344 || run(app(["openssl", "ecparam", @std_args,
345 "-genkey",
346 "-name", "prime256v1",
347 "-out", "ec-key-pkcs1.pem"])))
e1613d9f 348 # ec-key-pkcs1-aes128.pem
7620d89c
RL		 349 && (!$use_ecc
350 || run(app(["openssl", "ec", @std_args,
351 "-passout", "pass:password", "-aes128",
352 "-in", "ec-key-pkcs1.pem",
353 "-out", "ec-key-pkcs1-aes128.pem"])))
e1613d9f
RL		 354 # *-key-pkcs8.pem
355 && runall(sub {
356 my $dstfile = shift;
357 (my $srcfile = $dstfile)
358 =~ s/-key-pkcs8\.pem$/-key-pkcs1.pem/i;
7620d89c
RL		 359 run(app(["openssl", "pkcs8", @std_args,
360 "-topk8", "-nocrypt",
e1613d9f
RL		 361 "-in", $srcfile, "-out", $dstfile]));
362 }, grep(/-key-pkcs8\.pem$/, @generated_files))
363 # *-key-pkcs8-pbes1-sha1-3des.pem
364 && runall(sub {
365 my $dstfile = shift;
366 (my $srcfile = $dstfile)
367 =~ s/-key-pkcs8-pbes1-sha1-3des\.pem$
368 /-key-pkcs8.pem/ix;
7620d89c
RL		 369 run(app(["openssl", "pkcs8", @std_args,
370 "-topk8",
e1613d9f
RL		 371 "-passout", "pass:password",
372 "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC",
373 "-in", $srcfile, "-out", $dstfile]));
374 }, grep(/-key-pkcs8-pbes1-sha1-3des\.pem$/, @generated_files))
375 # *-key-pkcs8-pbes1-md5-des.pem
376 && runall(sub {
377 my $dstfile = shift;
378 (my $srcfile = $dstfile)
379 =~ s/-key-pkcs8-pbes1-md5-des\.pem$
380 /-key-pkcs8.pem/ix;
7620d89c
RL		 381 run(app(["openssl", "pkcs8", @std_args,
382 "-topk8",
e1613d9f
RL		 383 "-passout", "pass:password",
384 "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC",
385 "-in", $srcfile, "-out", $dstfile]));
386 }, grep(/-key-pkcs8-pbes1-md5-des\.pem$/, @generated_files))
387 # *-key-pkcs8-pbes2-sha1.pem
388 && runall(sub {
389 my $dstfile = shift;
390 (my $srcfile = $dstfile)
391 =~ s/-key-pkcs8-pbes2-sha1\.pem$
392 /-key-pkcs8.pem/ix;
7620d89c
RL		 393 run(app(["openssl", "pkcs8", @std_args,
394 "-topk8",
e1613d9f
RL		 395 "-passout", "pass:password",
396 "-v2", "aes256", "-v2prf", "hmacWithSHA1",
397 "-in", $srcfile, "-out", $dstfile]));
398 }, grep(/-key-pkcs8-pbes2-sha1\.pem$/, @generated_files))
399 # *-key-pkcs8-pbes2-sha1.pem
400 && runall(sub {
401 my $dstfile = shift;
402 (my $srcfile = $dstfile)
403 =~ s/-key-pkcs8-pbes2-sha256\.pem$
404 /-key-pkcs8.pem/ix;
7620d89c
RL		 405 run(app(["openssl", "pkcs8", @std_args,
406 "-topk8",
e1613d9f
RL		 407 "-passout", "pass:password",
408 "-v2", "aes256", "-v2prf", "hmacWithSHA256",
409 "-in", $srcfile, "-out", $dstfile]));
410 }, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
6d737ea0 411 # *-cert.pem (intermediary for the .p12 inits)
7620d89c 412 && run(app(["openssl", "req", "-x509", @std_args,
342e3652 413 "-config", $cnf, "-reqexts", "v3_ca", "-noenc",
71273ab5 414 "-key", $cakey, "-out", "cacert.pem"]))
6d737ea0
RL		 415 && runall(sub {
416 my $srckey = shift;
417 (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|;
418 (my $csr = $dstfile) =~ s|\.pem|.csr|;
419
7620d89c 420 (run(app(["openssl", "req", "-new", @std_args,
71273ab5 421 "-config", $cnf, "-section", "userreq",
6d737ea0
RL		 422 "-key", $srckey, "-out", $csr]))
423 &&
7620d89c
RL		 424 run(app(["openssl", "x509", @std_args,
425 "-days", "3650",
6d737ea0 426 "-CA", "cacert.pem",
71273ab5 427 "-CAkey", $cakey,
6d737ea0
RL		 428 "-set_serial", time(), "-req",
429 "-in", $csr, "-out", $dstfile])));
430 }, grep(/-key-pkcs8\.pem$/, @generated_files))
431 # *.p12
432 && runall(sub {
433 my $dstfile = shift;
434 my ($type, $certpbe_index, $keypbe_index,
435 $macalg_index) =
436 $dstfile =~ m{^(.*)-key-(?|
437 # cert and key PBE are same
438 () #
439 ([^-]*-[^-]*)- # key & cert PBE
440 ([^-]*) # MACalg
441 |
442 # cert and key PBE are not same
443 ([^-]*-[^-]*)- # cert PBE
444 ([^-]*-[^-]*)- # key PBE
445 ([^-]*) # MACalg
446 )\.}x;
447 if (!$certpbe_index) {
448 $certpbe_index = $keypbe_index;
449 }
450 my $srckey = "$type-key-pkcs8.pem";
451 my $srccert = "$type-cert.pem";
452 my %pbes =
453 (
454 "sha1-3des" => "pbeWithSHA1And3-KeyTripleDES-CBC",
455 "md5-des" => "pbeWithMD5AndDES-CBC",
456 "aes256-cbc" => "AES-256-CBC",
457 );
458 my %macalgs =
459 (
460 "sha1" => "SHA1",
461 "sha256" => "SHA256",
462 );
463 my $certpbe = $pbes{$certpbe_index};
464 my $keypbe = $pbes{$keypbe_index};
465 my $macalg = $macalgs{$macalg_index};
466 if (!defined($certpbe) || !defined($keypbe)
467 || !defined($macalg)) {
71273ab5 468 print STDERR "Cert PBE for $certpbe_index not defined\n"
6d737ea0 469 unless defined $certpbe;
71273ab5 470 print STDERR "Key PBE for $keypbe_index not defined\n"
6d737ea0
RL		 471 unless defined $keypbe;
472 print STDERR "MACALG for $macalg_index not defined\n"
473 unless defined $macalg;
474 print STDERR "(destination file was $dstfile)\n";
475 return 0;
476 }
7620d89c 477 run(app(["openssl", "pkcs12", @std_args,
71273ab5 478 "-inkey", $srckey,
6d737ea0 479 "-in", $srccert, "-passout", "pass:password",
4ca01555 480 "-chain", "-CAfile", "cacert.pem",
6d737ea0
RL		 481 "-export", "-macalg", $macalg,
482 "-certpbe", $certpbe, "-keypbe", $keypbe,
483 "-out", $dstfile]));
484 }, grep(/\.p12/, @generated_files))
e1613d9f
RL		 485 # *.der (the end all init)
486 && runall(sub {
487 my $dstfile = shift;
488 (my $srcfile = $dstfile) =~ s/\.der$/.pem/i;
489 if (! -f $srcfile) {
490 $srcfile = srctop_file("test", $srcfile);
491 }
492 my $infh;
493 unless (open $infh, $srcfile) {
494 return 0;
495 }
496 my $l;
497 while (($l = <$infh>) !~ /^-----BEGIN\s/
498 || $l =~ /^-----BEGIN.*PARAMETERS-----/) {
499 }
500 my $b64 = "";
501 while (($l = <$infh>) !~ /^-----END\s/) {
502 $l =~ s|\R$||;
503 $b64 .= $l unless $l =~ /:/;
504 }
505 close $infh;
506 my $der = decode_base64($b64);
507 unless (length($b64) / 4 * 3 - length($der) < 3) {
508 print STDERR "Length error, ",length($b64),
509 " bytes of base64 became ",length($der),
510 " bytes of der? ($srcfile => $dstfile)\n";
511 return 0;
512 }
513 my $outfh;
514 unless (open $outfh, ">:raw", $dstfile) {
515 return 0;
516 }
517 print $outfh $der;
518 close $outfh;
519 return 1;
520 }, grep(/\.der$/, @generated_files))
4c0669dc
RL		 521 && runall(sub {
522 my $srcfile = shift;
523 my $dstfile = $generated_file_files{$srcfile};
524
525 unless (copy srctop_file($srcfile), $dstfile) {
526 warn "$!\n";
527 return 0;
528 }
529 return 1;
530 }, keys %generated_file_files)
e1613d9f
RL		 531 );
532}
a75831f9
RL		 533
534sub init_rehash {
535 return (
536 mkdir(catdir(curdir(), 'rehash'))
537 && copy(srctop_file('test', 'testx509.pem'),
538 catdir(curdir(), 'rehash'))
539 && copy(srctop_file('test', 'testcrl.pem'),
540 catdir(curdir(), 'rehash'))
541 && run(app(['openssl', 'rehash', catdir(curdir(), 'rehash')]))
542 );
543}
e1613d9f
RL		 544
545sub runall {
546 my ($function, @items) = @_;
547
548 foreach (@items) {
549 return 0 unless $function->($_);
550 }
551 return 1;
552}
553
554# According to RFC8089, a relative file: path is invalid. We still produce
555# them for testing purposes.
94437ceb 556sub to_file_uri {
e1613d9f
RL		 557 my ($file, $isdir, $authority) = @_;
558 my $vol;
559 my $dir;
560
94437ceb 561 die "to_file_uri: No file given\n" if !defined($file) || $file eq '';
e1613d9f
RL		 562
563 ($vol, $dir, $file) = File::Spec->splitpath($file, $isdir // 0);
564
565 # Make sure we have a Unix style directory.
566 $dir = join('/', File::Spec->splitdir($dir));
567 # Canonicalise it (note: it seems to be only needed on Unix)
568 while (1) {
569 my $newdir = $dir;
570 $newdir =~ s|/[^/]*[^/\.]+[^/]*/\.\./|/|g;
571 last if $newdir eq $dir;
572 $dir = $newdir;
573 }
574 # Take care of the corner cases the loop can't handle, and that $dir
575 # ends with a / unless it's empty
576 $dir =~ s|/[^/]*[^/\.]+[^/]*/\.\.$|/|;
577 $dir =~ s|^[^/]*[^/\.]+[^/]*/\.\./|/|;
578 $dir =~ s|^[^/]*[^/\.]+[^/]*/\.\.$||;
579 if ($isdir // 0) {
580 $dir =~ s|/$|| if $dir ne '/';
581 } else {
582 $dir .= '/' if $dir ne '' && $dir !~ m|/$|;
583 }
584
585 # If the file system has separate volumes (at present, Windows and VMS)
586 # we need to handle them. In URIs, they are invariably the first
587 # component of the path, which is always absolute.
588 # On VMS, user:[foo.bar] translates to /user/foo/bar
589 # On Windows, c:\Users\Foo translates to /c:/Users/Foo
590 if ($vol ne '') {
591 $vol =~ s|:||g if ($^O eq "VMS");
592 $dir = '/' . $dir if $dir ne '' && $dir !~ m|^/|;
593 $dir = '/' . $vol . $dir;
594 }
595 $file = $dir . $file;
596
597 return "file://$authority$file" if defined $authority;
598 return "file:$file";
599}
600
346bf1a2
RL		 601sub to_abs_file {
602 my ($file) = @_;
603
604 return File::Spec->rel2abs($file);
605}
606
94437ceb 607sub to_abs_file_uri {
e1613d9f
RL		 608 my ($file, $isdir, $authority) = @_;
609
94437ceb
RL		 610 die "to_abs_file_uri: No file given\n" if !defined($file) || $file eq '';
611 return to_file_uri(to_abs_file($file), $isdir, $authority);
e1613d9f 612}
A mirror of the official openssl repository