[thirdparty/openssl.git] / test / recipes / 25-test_verify_store.t

#! /usr/bin/env perl
# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;
use warnings;

use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
use OpenSSL::Test::Utils;

setup("test_verify_store");

plan tests => 10;

my $dummycnf = srctop_file("apps", "openssl.cnf");

my $CAkey = "keyCA.ss";
my $CAcert="certCA.ss";
my $CAserial="certCA.srl";
my $CAreq="reqCA.ss";
my $CAconf=srctop_file("test","CAss.cnf");
my $CAreq2="req2CA.ss";	# temp

my $Uconf=srctop_file("test","Uss.cnf");
my $Ukey="keyU.ss";
my $Ureq="reqU.ss";
my $Ucert="certU.ss";

SKIP: {
    req( 'make cert request',
         qw(-new),
         -config       => $CAconf,
         -out          => $CAreq,
         -keyout       => $CAkey );

    skip 'failure', 8 unless
        x509( 'convert request into self-signed cert',
              qw(-req -CAcreateserial),
              -in       => $CAreq,
              -out      => $CAcert,
              -signkey  => $CAkey,
              -days     => 30,
              -extfile  => $CAconf,
              -extensions => 'v3_ca' );

    skip 'failure', 7 unless
        x509( 'convert cert into a cert request',
              qw(-x509toreq),
              -in       => $CAcert,
              -out      => $CAreq2,
              -signkey  => $CAkey );

    skip 'failure', 6 unless
        req( 'verify request 1',
             qw(-verify -noout),
             -config    => $dummycnf,
             -in        => $CAreq );

    skip 'failure', 5 unless
        req( 'verify request 2',
             qw(-verify -noout),
             -config    => $dummycnf,
             -in        => $CAreq2 );

    skip 'failure', 4 unless
        verify( 'verify signature',
                -CAstore => $CAcert,
                $CAcert );

    skip 'failure', 3 unless
        req( 'make a user cert request',
             qw(-new),
             -config  => $Uconf,
             -out     => $Ureq,
             -keyout  => $Ukey );

    skip 'failure', 2 unless
        x509( 'sign user cert request',
              qw(-req -CAcreateserial),
              -in     => $Ureq,
              -out    => $Ucert,
              -CA     => $CAcert,
              -CAkey  => $CAkey,
              -CAserial => $CAserial,
              -days   => 30,
              -extfile => $Uconf,
              -extensions => 'v3_ee' )
        && verify( undef,
                   -CAstore => $CAcert,
                   $Ucert );

    skip 'failure', 0 unless
        x509( 'Certificate details',
              qw( -subject -issuer -startdate -enddate -noout),
              -in     => $Ucert );
}

sub verify {
    my $title = shift;

    ok(run(app([qw(openssl verify), @_])), $title);
}

sub req {
    my $title = shift;

    ok(run(app([qw(openssl req), @_])), $title);
}

sub x509 {
    my $title = shift;

    ok(run(app([qw(openssl x509), @_])), $title);
}
Commit	Line	Data
f4aa6222 RL	1	#! /usr/bin/env perl
	2	# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	3	#
	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9	use strict;
	10	use warnings;
	11
	12	use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
	13	use OpenSSL::Test::Utils;
	14
	15	setup("test_verify_store");
	16
	17	plan tests => 10;
	18
	19	my $dummycnf = srctop_file("apps", "openssl.cnf");
	20
	21	my $CAkey = "keyCA.ss";
	22	my $CAcert="certCA.ss";
	23	my $CAserial="certCA.srl";
	24	my $CAreq="reqCA.ss";
	25	my $CAconf=srctop_file("test","CAss.cnf");
	26	my $CAreq2="req2CA.ss"; # temp
	27
	28	my $Uconf=srctop_file("test","Uss.cnf");
	29	my $Ukey="keyU.ss";
	30	my $Ureq="reqU.ss";
	31	my $Ucert="certU.ss";
	32
	33	SKIP: {
	34	req( 'make cert request',
	35	qw(-new),
	36	-config => $CAconf,
	37	-out => $CAreq,
	38	-keyout => $CAkey );
	39
	40	skip 'failure', 8 unless
	41	x509( 'convert request into self-signed cert',
	42	qw(-req -CAcreateserial),
	43	-in => $CAreq,
	44	-out => $CAcert,
	45	-signkey => $CAkey,
	46	-days => 30,
	47	-extfile => $CAconf,
	48	-extensions => 'v3_ca' );
	49
	50	skip 'failure', 7 unless
	51	x509( 'convert cert into a cert request',
	52	qw(-x509toreq),
	53	-in => $CAcert,
	54	-out => $CAreq2,
	55	-signkey => $CAkey );
	56
	57	skip 'failure', 6 unless
	58	req( 'verify request 1',
	59	qw(-verify -noout),
	60	-config => $dummycnf,
	61	-in => $CAreq );
	62
	63	skip 'failure', 5 unless
	64	req( 'verify request 2',
65	qw(-verify -noout),
66	-config => $dummycnf,
67	-in => $CAreq2 );
68
69	skip 'failure', 4 unless
70	verify( 'verify signature',
71	-CAstore => $CAcert,
72	$CAcert );
73
74	skip 'failure', 3 unless
75	req( 'make a user cert request',
76	qw(-new),
77	-config => $Uconf,
78	-out => $Ureq,
79	-keyout => $Ukey );
80
81	skip 'failure', 2 unless
82	x509( 'sign user cert request',
83	qw(-req -CAcreateserial),
84	-in => $Ureq,
85	-out => $Ucert,
86	-CA => $CAcert,
87	-CAkey => $CAkey,
88	-CAserial => $CAserial,
89	-days => 30,
90	-extfile => $Uconf,
91	-extensions => 'v3_ee' )
92	&& verify( undef,
93	-CAstore => $CAcert,
94	$Ucert );
95
96	skip 'failure', 0 unless
97	x509( 'Certificate details',
98	qw( -subject -issuer -startdate -enddate -noout),
99	-in => $Ucert );
100	}
101
102	sub verify {
103	my $title = shift;
104
105	ok(run(app([qw(openssl verify), @_])), $title);
106	}
107
108	sub req {
109	my $title = shift;
110
111	ok(run(app([qw(openssl req), @_])), $title);
112	}
113
114	sub x509 {
115	my $title = shift;
116
117	ok(run(app([qw(openssl x509), @_])), $title);
118	}