]>
Commit | Line | Data |
---|---|---|
f4aa6222 RL |
1 | #! /usr/bin/env perl |
2 | # Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use warnings; | |
11 | ||
12 | use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/; | |
13 | use OpenSSL::Test::Utils; | |
14 | ||
15 | setup("test_verify_store"); | |
16 | ||
17 | plan tests => 10; | |
18 | ||
19 | my $dummycnf = srctop_file("apps", "openssl.cnf"); | |
20 | ||
21 | my $CAkey = "keyCA.ss"; | |
22 | my $CAcert="certCA.ss"; | |
23 | my $CAserial="certCA.srl"; | |
24 | my $CAreq="reqCA.ss"; | |
25 | my $CAconf=srctop_file("test","CAss.cnf"); | |
26 | my $CAreq2="req2CA.ss"; # temp | |
27 | ||
28 | my $Uconf=srctop_file("test","Uss.cnf"); | |
29 | my $Ukey="keyU.ss"; | |
30 | my $Ureq="reqU.ss"; | |
31 | my $Ucert="certU.ss"; | |
32 | ||
33 | SKIP: { | |
34 | req( 'make cert request', | |
35 | qw(-new), | |
36 | -config => $CAconf, | |
37 | -out => $CAreq, | |
38 | -keyout => $CAkey ); | |
39 | ||
40 | skip 'failure', 8 unless | |
41 | x509( 'convert request into self-signed cert', | |
42 | qw(-req -CAcreateserial), | |
43 | -in => $CAreq, | |
44 | -out => $CAcert, | |
45 | -signkey => $CAkey, | |
46 | -days => 30, | |
47 | -extfile => $CAconf, | |
48 | -extensions => 'v3_ca' ); | |
49 | ||
50 | skip 'failure', 7 unless | |
51 | x509( 'convert cert into a cert request', | |
52 | qw(-x509toreq), | |
53 | -in => $CAcert, | |
54 | -out => $CAreq2, | |
55 | -signkey => $CAkey ); | |
56 | ||
57 | skip 'failure', 6 unless | |
58 | req( 'verify request 1', | |
59 | qw(-verify -noout), | |
60 | -config => $dummycnf, | |
61 | -in => $CAreq ); | |
62 | ||
63 | skip 'failure', 5 unless | |
64 | req( 'verify request 2', | |
65 | qw(-verify -noout), | |
66 | -config => $dummycnf, | |
67 | -in => $CAreq2 ); | |
68 | ||
69 | skip 'failure', 4 unless | |
70 | verify( 'verify signature', | |
71 | -CAstore => $CAcert, | |
72 | $CAcert ); | |
73 | ||
74 | skip 'failure', 3 unless | |
75 | req( 'make a user cert request', | |
76 | qw(-new), | |
77 | -config => $Uconf, | |
78 | -out => $Ureq, | |
79 | -keyout => $Ukey ); | |
80 | ||
81 | skip 'failure', 2 unless | |
82 | x509( 'sign user cert request', | |
83 | qw(-req -CAcreateserial), | |
84 | -in => $Ureq, | |
85 | -out => $Ucert, | |
86 | -CA => $CAcert, | |
87 | -CAkey => $CAkey, | |
88 | -CAserial => $CAserial, | |
89 | -days => 30, | |
90 | -extfile => $Uconf, | |
91 | -extensions => 'v3_ee' ) | |
92 | && verify( undef, | |
93 | -CAstore => $CAcert, | |
94 | $Ucert ); | |
95 | ||
96 | skip 'failure', 0 unless | |
97 | x509( 'Certificate details', | |
98 | qw( -subject -issuer -startdate -enddate -noout), | |
99 | -in => $Ucert ); | |
100 | } | |
101 | ||
102 | sub verify { | |
103 | my $title = shift; | |
104 | ||
105 | ok(run(app([qw(openssl verify), @_])), $title); | |
106 | } | |
107 | ||
108 | sub req { | |
109 | my $title = shift; | |
110 | ||
111 | ok(run(app([qw(openssl req), @_])), $title); | |
112 | } | |
113 | ||
114 | sub x509 { | |
115 | my $title = shift; | |
116 | ||
117 | ok(run(app([qw(openssl x509), @_])), $title); | |
118 | } |