]>
Commit | Line | Data |
---|---|---|
f4aa6222 | 1 | #! /usr/bin/env perl |
38fc02a7 | 2 | # Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
f4aa6222 RL |
3 | # |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use warnings; | |
11 | ||
12 | use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/; | |
13 | use OpenSSL::Test::Utils; | |
14 | ||
15 | setup("test_verify_store"); | |
16 | ||
17 | plan tests => 10; | |
18 | ||
19 | my $dummycnf = srctop_file("apps", "openssl.cnf"); | |
91f2b15f DDO |
20 | my $cakey = srctop_file("test", "certs", "ca-key.pem"); |
21 | my $ukey = srctop_file("test", "certs", "ee-key.pem"); | |
f4aa6222 | 22 | |
2b584ff3 | 23 | my $cnf = srctop_file("test", "ca-and-certs.cnf"); |
f4aa6222 RL |
24 | my $CAkey = "keyCA.ss"; |
25 | my $CAcert="certCA.ss"; | |
26 | my $CAserial="certCA.srl"; | |
27 | my $CAreq="reqCA.ss"; | |
a0430488 | 28 | my $CAreq2="req2CA.ss"; # temp |
f4aa6222 RL |
29 | my $Ukey="keyU.ss"; |
30 | my $Ureq="reqU.ss"; | |
31 | my $Ucert="certU.ss"; | |
32 | ||
33 | SKIP: { | |
34 | req( 'make cert request', | |
4e6e57cf RS |
35 | qw(-new -section userreq), |
36 | -config => $cnf, | |
f4aa6222 | 37 | -out => $CAreq, |
91f2b15f | 38 | -key => $cakey, |
f4aa6222 RL |
39 | -keyout => $CAkey ); |
40 | ||
41 | skip 'failure', 8 unless | |
42 | x509( 'convert request into self-signed cert', | |
4e6e57cf RS |
43 | qw(-req -CAcreateserial -days 30), |
44 | qw(-extensions v3_ca), | |
f4aa6222 RL |
45 | -in => $CAreq, |
46 | -out => $CAcert, | |
47 | -signkey => $CAkey, | |
4e6e57cf | 48 | -extfile => $cnf ); |
f4aa6222 RL |
49 | |
50 | skip 'failure', 7 unless | |
51 | x509( 'convert cert into a cert request', | |
52 | qw(-x509toreq), | |
53 | -in => $CAcert, | |
54 | -out => $CAreq2, | |
55 | -signkey => $CAkey ); | |
56 | ||
57 | skip 'failure', 6 unless | |
58 | req( 'verify request 1', | |
4e6e57cf | 59 | qw(-verify -noout -section userreq), |
f4aa6222 RL |
60 | -config => $dummycnf, |
61 | -in => $CAreq ); | |
62 | ||
63 | skip 'failure', 5 unless | |
64 | req( 'verify request 2', | |
4e6e57cf | 65 | qw(-verify -noout -section userreq), |
f4aa6222 RL |
66 | -config => $dummycnf, |
67 | -in => $CAreq2 ); | |
68 | ||
69 | skip 'failure', 4 unless | |
70 | verify( 'verify signature', | |
71 | -CAstore => $CAcert, | |
72 | $CAcert ); | |
73 | ||
74 | skip 'failure', 3 unless | |
75 | req( 'make a user cert request', | |
4e6e57cf RS |
76 | qw(-new -section userreq), |
77 | -config => $cnf, | |
f4aa6222 | 78 | -out => $Ureq, |
91f2b15f | 79 | -key => $ukey, |
f4aa6222 RL |
80 | -keyout => $Ukey ); |
81 | ||
82 | skip 'failure', 2 unless | |
83 | x509( 'sign user cert request', | |
4e6e57cf | 84 | qw(-req -CAcreateserial -days 30 -extensions v3_ee), |
f4aa6222 RL |
85 | -in => $Ureq, |
86 | -out => $Ucert, | |
87 | -CA => $CAcert, | |
88 | -CAkey => $CAkey, | |
89 | -CAserial => $CAserial, | |
4e6e57cf | 90 | -extfile => $cnf ) |
f4aa6222 RL |
91 | && verify( undef, |
92 | -CAstore => $CAcert, | |
93 | $Ucert ); | |
94 | ||
95 | skip 'failure', 0 unless | |
96 | x509( 'Certificate details', | |
4e6e57cf | 97 | qw(-subject -issuer -startdate -enddate -noout), |
f4aa6222 RL |
98 | -in => $Ucert ); |
99 | } | |
100 | ||
101 | sub verify { | |
102 | my $title = shift; | |
103 | ||
104 | ok(run(app([qw(openssl verify), @_])), $title); | |
105 | } | |
106 | ||
107 | sub req { | |
108 | my $title = shift; | |
109 | ||
110 | ok(run(app([qw(openssl req), @_])), $title); | |
111 | } | |
112 | ||
113 | sub x509 { | |
114 | my $title = shift; | |
115 | ||
116 | ok(run(app([qw(openssl x509), @_])), $title); | |
117 | } |