]>
Commit | Line | Data |
---|---|---|
596d6b7e | 1 | #! /usr/bin/env perl |
1212818e | 2 | # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. |
596d6b7e | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
596d6b7e RS |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
4650de3e RL |
9 | |
10 | use strict; | |
11 | use warnings; | |
12 | ||
e2ec7332 | 13 | use OpenSSL::Test::Utils; |
42e0ccdf | 14 | use OpenSSL::Test qw/:DEFAULT srctop_file/; |
4650de3e RL |
15 | |
16 | setup("test_req"); | |
17 | ||
d462b5ff | 18 | plan tests => 16; |
4650de3e | 19 | |
42e0ccdf | 20 | require_ok(srctop_file('test','recipes','tconversion.pl')); |
4650de3e | 21 | |
f9964863 RS |
22 | # What type of key to generate? |
23 | my @req_new; | |
24 | if (disabled("rsa")) { | |
25 | @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem")); | |
26 | } else { | |
27 | @req_new = ("-new"); | |
28 | note("There should be a 2 sequences of .'s and some +'s."); | |
29 | note("There should not be more that at most 80 per line"); | |
30 | } | |
31 | ||
32 | # Check for duplicate -addext parameters, and one "working" case. | |
33 | my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", | |
34 | "-config", srctop_file("test", "test.cnf"), @req_new ); | |
2ddee136 RS |
35 | my $val = "subjectAltName=DNS:example.com"; |
36 | my $val2 = " " . $val; | |
37 | my $val3 = $val; | |
38 | $val3 =~ s/=/ =/; | |
f9964863 RS |
39 | ok( run(app([@addext_args, "-addext", $val]))); |
40 | ok(!run(app([@addext_args, "-addext", $val, "-addext", $val]))); | |
41 | ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); | |
42 | ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); | |
43 | ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); | |
2ddee136 | 44 | |
d462b5ff RS |
45 | subtest "generating alt certificate requests with RSA" => sub { |
46 | plan tests => 3; | |
47 | ||
48 | SKIP: { | |
49 | skip "RSA is not supported by this OpenSSL build", 2 | |
50 | if disabled("rsa"); | |
51 | ||
52 | ok(run(app(["openssl", "req", | |
53 | "-config", srctop_file("test", "test.cnf"), | |
54 | "-section", "altreq", | |
55 | "-new", "-out", "testreq-rsa.pem", "-utf8", | |
56 | "-key", srctop_file("test", "testrsa.pem")])), | |
57 | "Generating request"); | |
58 | ||
59 | ok(run(app(["openssl", "req", | |
60 | "-config", srctop_file("test", "test.cnf"), | |
61 | "-verify", "-in", "testreq-rsa.pem", "-noout"])), | |
62 | "Verifying signature on request"); | |
63 | ||
64 | ok(run(app(["openssl", "req", | |
65 | "-config", srctop_file("test", "test.cnf"), | |
66 | "-section", "altreq", | |
67 | "-verify", "-in", "testreq-rsa.pem", "-noout"])), | |
68 | "Verifying signature on request"); | |
69 | } | |
70 | }; | |
71 | ||
72 | ||
b2a7310a NT |
73 | subtest "generating certificate requests with RSA" => sub { |
74 | plan tests => 2; | |
75 | ||
76 | SKIP: { | |
77 | skip "RSA is not supported by this OpenSSL build", 2 | |
78 | if disabled("rsa"); | |
79 | ||
80 | ok(run(app(["openssl", "req", | |
81 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 82 | "-new", "-out", "testreq-rsa.pem", "-utf8", |
b2a7310a NT |
83 | "-key", srctop_file("test", "testrsa.pem")])), |
84 | "Generating request"); | |
85 | ||
86 | ok(run(app(["openssl", "req", | |
87 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 88 | "-verify", "-in", "testreq-rsa.pem", "-noout"])), |
b2a7310a NT |
89 | "Verifying signature on request"); |
90 | } | |
91 | }; | |
92 | ||
93 | subtest "generating certificate requests with DSA" => sub { | |
94 | plan tests => 2; | |
95 | ||
96 | SKIP: { | |
97 | skip "DSA is not supported by this OpenSSL build", 2 | |
98 | if disabled("dsa"); | |
99 | ||
100 | ok(run(app(["openssl", "req", | |
101 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 102 | "-new", "-out", "testreq-dsa.pem", "-utf8", |
b2a7310a NT |
103 | "-key", srctop_file("test", "testdsa.pem")])), |
104 | "Generating request"); | |
105 | ||
106 | ok(run(app(["openssl", "req", | |
107 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 108 | "-verify", "-in", "testreq-dsa.pem", "-noout"])), |
b2a7310a NT |
109 | "Verifying signature on request"); |
110 | } | |
111 | }; | |
112 | ||
113 | subtest "generating certificate requests with ECDSA" => sub { | |
114 | plan tests => 2; | |
115 | ||
116 | SKIP: { | |
117 | skip "ECDSA is not supported by this OpenSSL build", 2 | |
118 | if disabled("ec"); | |
119 | ||
120 | ok(run(app(["openssl", "req", | |
121 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 122 | "-new", "-out", "testreq-ec.pem", "-utf8", |
b2a7310a NT |
123 | "-key", srctop_file("test", "testec-p256.pem")])), |
124 | "Generating request"); | |
125 | ||
126 | ok(run(app(["openssl", "req", | |
127 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 128 | "-verify", "-in", "testreq-ec.pem", "-noout"])), |
b2a7310a NT |
129 | "Verifying signature on request"); |
130 | } | |
131 | }; | |
132 | ||
81722fdf NT |
133 | subtest "generating certificate requests with Ed25519" => sub { |
134 | plan tests => 2; | |
135 | ||
136 | SKIP: { | |
137 | skip "Ed25519 is not supported by this OpenSSL build", 2 | |
138 | if disabled("ec"); | |
139 | ||
140 | ok(run(app(["openssl", "req", | |
141 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 142 | "-new", "-out", "testreq-ed25519.pem", "-utf8", |
81722fdf NT |
143 | "-key", srctop_file("test", "tested25519.pem")])), |
144 | "Generating request"); | |
145 | ||
146 | ok(run(app(["openssl", "req", | |
147 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 148 | "-verify", "-in", "testreq-ed25519.pem", "-noout"])), |
81722fdf NT |
149 | "Verifying signature on request"); |
150 | } | |
151 | }; | |
152 | ||
153 | subtest "generating certificate requests with Ed448" => sub { | |
154 | plan tests => 2; | |
155 | ||
156 | SKIP: { | |
157 | skip "Ed448 is not supported by this OpenSSL build", 2 | |
158 | if disabled("ec"); | |
159 | ||
160 | ok(run(app(["openssl", "req", | |
161 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 162 | "-new", "-out", "testreq-ed448.pem", "-utf8", |
81722fdf NT |
163 | "-key", srctop_file("test", "tested448.pem")])), |
164 | "Generating request"); | |
165 | ||
166 | ok(run(app(["openssl", "req", | |
167 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 168 | "-verify", "-in", "testreq-ed448.pem", "-noout"])), |
81722fdf NT |
169 | "Verifying signature on request"); |
170 | } | |
171 | }; | |
172 | ||
e2ec7332 | 173 | subtest "generating certificate requests" => sub { |
e2ec7332 RL |
174 | plan tests => 2; |
175 | ||
176 | ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), | |
b2a7310a | 177 | @req_new, "-out", "testreq.pem"])), |
e2ec7332 RL |
178 | "Generating request"); |
179 | ||
180 | ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), | |
b2a7310a | 181 | "-verify", "-in", "testreq.pem", "-noout"])), |
e2ec7332 RL |
182 | "Verifying signature on request"); |
183 | }; | |
184 | ||
bc42bd62 | 185 | subtest "generating SM2 certificate requests" => sub { |
a45eb7e8 | 186 | plan tests => 4; |
bc42bd62 PY |
187 | |
188 | SKIP: { | |
a45eb7e8 | 189 | skip "SM2 is not supported by this OpenSSL build", 4 |
bc42bd62 | 190 | if disabled("sm2"); |
b2a7310a NT |
191 | ok(run(app(["openssl", "req", |
192 | "-config", srctop_file("test", "test.cnf"), | |
bc42bd62 | 193 | "-new", "-key", srctop_file("test", "certs", "sm2.key"), |
fda127be | 194 | "-sigopt", "distid:1234567812345678", |
11920665 | 195 | "-out", "testreq-sm2.pem", "-sm3"])), |
bc42bd62 PY |
196 | "Generating SM2 certificate request"); |
197 | ||
b2a7310a NT |
198 | ok(run(app(["openssl", "req", |
199 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 200 | "-verify", "-in", "testreq-sm2.pem", "-noout", |
fda127be | 201 | "-vfyopt", "distid:1234567812345678", "-sm3"])), |
bc42bd62 | 202 | "Verifying signature on SM2 certificate request"); |
a45eb7e8 | 203 | |
b2a7310a NT |
204 | ok(run(app(["openssl", "req", |
205 | "-config", srctop_file("test", "test.cnf"), | |
a45eb7e8 | 206 | "-new", "-key", srctop_file("test", "certs", "sm2.key"), |
fda127be | 207 | "-sigopt", "hexdistid:DEADBEEF", |
11920665 | 208 | "-out", "testreq-sm2.pem", "-sm3"])), |
a45eb7e8 PY |
209 | "Generating SM2 certificate request with hex id"); |
210 | ||
b2a7310a NT |
211 | ok(run(app(["openssl", "req", |
212 | "-config", srctop_file("test", "test.cnf"), | |
11920665 | 213 | "-verify", "-in", "testreq-sm2.pem", "-noout", |
fda127be | 214 | "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])), |
a45eb7e8 | 215 | "Verifying signature on SM2 certificate request"); |
bc42bd62 PY |
216 | } |
217 | }; | |
218 | ||
42e0ccdf | 219 | my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf")); |
4650de3e RL |
220 | |
221 | run_conversion('req conversions', | |
b2a7310a | 222 | "testreq.pem"); |
4650de3e | 223 | run_conversion('req conversions -- testreq2', |
b2a7310a | 224 | srctop_file("test", "testreq2.pem")); |
e2ec7332 | 225 | |
4650de3e RL |
226 | sub run_conversion { |
227 | my $title = shift; | |
228 | my $reqfile = shift; | |
229 | ||
230 | subtest $title => sub { | |
b2a7310a NT |
231 | run(app(["openssl", @openssl_args, |
232 | "-in", $reqfile, "-inform", "p", | |
233 | "-noout", "-text"], | |
234 | stderr => "req-check.err", stdout => undef)); | |
235 | open DATA, "req-check.err"; | |
236 | SKIP: { | |
237 | plan skip_all => "skipping req conversion test for $reqfile" | |
238 | if grep /Unknown Public Key/, map { s/\R//; } <DATA>; | |
239 | ||
240 | tconversion("req", $reqfile, @openssl_args); | |
241 | } | |
242 | close DATA; | |
243 | unlink "req-check.err"; | |
244 | ||
245 | done_testing(); | |
4650de3e RL |
246 | }; |
247 | } |