[thirdparty/openssl.git] / test / recipes / 60-test_x509_store.t

#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


use strict;
use warnings;

use File::Copy;
use File::Spec::Functions qw/:DEFAULT canonpath/;
use OpenSSL::Test qw/:DEFAULT srctop_file/;

setup("test_x509_store");

#If "openssl rehash -help" fails it's most likely because we're on a platform
#that doesn't support the rehash command (e.g. Windows)
plan skip_all => "test_rehash is not available on this platform"
    unless run(app(["openssl", "rehash", "-help"]));

# We use 'openssl verify' for these tests, as it contains everything
# we need to conduct these tests.  The tests here are a subset of the
# ones found in 25-test_verify.t

sub verify {
    my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_;
    my @args = qw(openssl verify -auth_level 1 -purpose);
    my @path = qw(test certs);
    push(@args, "$purpose", @opts);
    push(@args, "-CApath", $trustedpath);
    for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
    push(@args, srctop_file(@path, "$cert.pem"));
    run(app([@args]));
}

plan tests => 3;

indir "60-test_x509_store" => sub {
    for (("root-cert")) {
        copy(srctop_file("test", "certs", "$_.pem"), curdir());
    }
    ok(run(app([qw(openssl rehash), curdir()])), "Rehashing");

    # Canonical success
    ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"),
       "verify ee-cert");

    # Failure because root cert not present in CApath
    ok(!verify("ca-root2", "any", curdir(), [], "-show_chain"));
}, create => 1, cleanup => 1;
Commit	Line	Data
bb0f7eca RL	1	#! /usr/bin/env perl
	2	# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
bb0f7eca RL	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9
	10	use strict;
	11	use warnings;
	12
	13	use File::Copy;
	14	use File::Spec::Functions qw/:DEFAULT canonpath/;
	15	use OpenSSL::Test qw/:DEFAULT srctop_file/;
	16
	17	setup("test_x509_store");
	18
73540f47 RL	19	#If "openssl rehash -help" fails it's most likely because we're on a platform
	20	#that doesn't support the rehash command (e.g. Windows)
	21	plan skip_all => "test_rehash is not available on this platform"
	22	unless run(app(["openssl", "rehash", "-help"]));
	23
bb0f7eca RL	24	# We use 'openssl verify' for these tests, as it contains everything
	25	# we need to conduct these tests. The tests here are a subset of the
	26	# ones found in 25-test_verify.t
	27
	28	sub verify {
	29	my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_;
	30	my @args = qw(openssl verify -auth_level 1 -purpose);
	31	my @path = qw(test certs);
	32	push(@args, "$purpose", @opts);
	33	push(@args, "-CApath", $trustedpath);
	34	for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
	35	push(@args, srctop_file(@path, "$cert.pem"));
	36	run(app([@args]));
	37	}
	38
	39	plan tests => 3;
	40
	41	indir "60-test_x509_store" => sub {
	42	for (("root-cert")) {
	43	copy(srctop_file("test", "certs", "$_.pem"), curdir());
	44	}
	45	ok(run(app([qw(openssl rehash), curdir()])), "Rehashing");
	46
	47	# Canonical success
	48	ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"),
	49	"verify ee-cert");
	50
	51	# Failure because root cert not present in CApath
	52	ok(!verify("ca-root2", "any", curdir(), [], "-show_chain"));
	53	}, create => 1, cleanup => 1;