test/recipes/25-test_verify_store.t

   1 #! /usr/bin/env perl
   2 # Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9 use strict;
  10 use warnings;
  11
  12 use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
  13 use OpenSSL::Test::Utils;
  14
  15 setup("test_verify_store");
  16
  17 plan tests => 10;
  18
  19 my $dummycnf = srctop_file("apps", "openssl.cnf");
  20
  21 my $CAkey = "keyCA.ss";
  22 my $CAcert="certCA.ss";
  23 my $CAserial="certCA.srl";
  24 my $CAreq="reqCA.ss";
  25 my $CAconf=srctop_file("test","CAss.cnf");
  26 my $CAreq2="req2CA.ss"; # temp
  27
  28 my $Uconf=srctop_file("test","Uss.cnf");
  29 my $Ukey="keyU.ss";
  30 my $Ureq="reqU.ss";
  31 my $Ucert="certU.ss";
  32
  33 SKIP: {
  34     req( 'make cert request',
  35          qw(-new),
  36          -config       => $CAconf,
  37          -out          => $CAreq,
  38          -keyout       => $CAkey );
  39
  40     skip 'failure', 8 unless
  41         x509( 'convert request into self-signed cert',
  42               qw(-req -CAcreateserial),
  43               -in       => $CAreq,
  44               -out      => $CAcert,
  45               -signkey  => $CAkey,
  46               -days     => 30,
  47               -extfile  => $CAconf,
  48               -extensions => 'v3_ca' );
  49
  50     skip 'failure', 7 unless
  51         x509( 'convert cert into a cert request',
  52               qw(-x509toreq),
  53               -in       => $CAcert,
  54               -out      => $CAreq2,
  55               -signkey  => $CAkey );
  56
  57     skip 'failure', 6 unless
  58         req( 'verify request 1',
  59              qw(-verify -noout),
  60              -config    => $dummycnf,
  61              -in        => $CAreq );
  62
  63     skip 'failure', 5 unless
  64         req( 'verify request 2',
  65              qw(-verify -noout),
  66              -config    => $dummycnf,
  67              -in        => $CAreq2 );
  68
  69     skip 'failure', 4 unless
  70         verify( 'verify signature',
  71                 -CAstore => $CAcert,
  72                 $CAcert );
  73
  74     skip 'failure', 3 unless
  75         req( 'make a user cert request',
  76              qw(-new),
  77              -config  => $Uconf,
  78              -out     => $Ureq,
  79              -keyout  => $Ukey );
  80
  81     skip 'failure', 2 unless
  82         x509( 'sign user cert request',
  83               qw(-req -CAcreateserial),
  84               -in     => $Ureq,
  85               -out    => $Ucert,
  86               -CA     => $CAcert,
  87               -CAkey  => $CAkey,
  88               -CAserial => $CAserial,
  89               -days   => 30,
  90               -extfile => $Uconf,
  91               -extensions => 'v3_ee' )
  92         && verify( undef,
  93                    -CAstore => $CAcert,
  94                    $Ucert );
  95
  96     skip 'failure', 0 unless
  97         x509( 'Certificate details',
  98               qw( -subject -issuer -startdate -enddate -noout),
  99               -in     => $Ucert );
 100 }
 101
 102 sub verify {
 103     my $title = shift;
 104
 105     ok(run(app([qw(openssl verify), @_])), $title);
 106 }
 107
 108 sub req {
 109     my $title = shift;
 110
 111     ok(run(app([qw(openssl req), @_])), $title);
 112 }
 113
 114 sub x509 {
 115     my $title = shift;
 116
 117     ok(run(app([qw(openssl x509), @_])), $title);
 118 }