]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/80-test_pkcs12.t
2 # Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
12 use OpenSSL
::Test qw
/:DEFAULT srctop_file/;
13 use OpenSSL
::Test
::Utils
;
19 my $pass = "σύνθημα γνώρισμα";
22 if (eval { require Win32
::API
; 1; }) {
23 # Trouble is that Win32 perl uses CreateProcessA, which
24 # makes it problematic to pass non-ASCII arguments, from perl[!]
25 # that is. This is because CreateProcessA is just a wrapper for
26 # CreateProcessW and will call MultiByteToWideChar and use
27 # system default locale. Since we attempt Greek pass-phrase
28 # conversion can be done only with Greek locale.
30 Win32
::API
->Import("kernel32","UINT GetSystemDefaultLCID()");
31 if (GetSystemDefaultLCID
() != 0x408) {
32 plan skip_all
=> "Non-Greek system locale";
34 # Ensure correct code page so that VERBOSE output is right.
35 Win32
::API
->Import("kernel32","UINT GetConsoleOutputCP()");
36 Win32
::API
->Import("kernel32","BOOL SetConsoleOutputCP(UINT cp)");
37 $savedcp = GetConsoleOutputCP
();
38 SetConsoleOutputCP
(1253);
39 $pass = Encode
::encode
("cp1253",Encode
::decode
("utf-8",$pass));
41 } elsif ($^O
eq "MSWin32") {
42 plan skip_all
=> "Win32::API unavailable";
43 } elsif ($^O
ne "VMS") {
44 # Running MinGW tests transparently under Wine apparently requires
47 foreach(`locale -a`) {
49 if ($_ =~ m/^C\.UTF\-?8/i) {
55 $ENV{OPENSSL_WIN32_UTF8
}=1;
59 # Test different PKCS#12 formats
60 ok
(run
(test
(["pkcs12_format_test"])), "test pkcs12 formats");
61 # Test with legacy APIs
62 ok
(run
(test
(["pkcs12_format_test", "-legacy"])), "test pkcs12 formats using legacy APIs");
63 # Test with a non-default library context (and no loaded providers in the default context)
64 ok
(run
(test
(["pkcs12_format_test", "-context"])), "test pkcs12 formats using a non-default library context");
67 skip
"VMS doesn't have command line UTF-8 support yet in DCL", 1
70 # just see that we can read shibboleth.pfx protected with $pass
71 ok
(run
(app
(["openssl", "pkcs12", "-noout",
72 "-password", "pass:$pass",
73 "-in", srctop_file
("test", "shibboleth.pfx")])),
74 "test_load_cert_pkcs12");
77 my @path = qw(test certs);
78 my $outfile1 = "out1.p12";
79 my $outfile2 = "out2.p12";
80 my $outfile3 = "out3.p12";
81 my $outfile4 = "out4.p12";
82 my $outfile5 = "out5.p12";
83 my $outfile6 = "out6.p12";
85 # Test the -chain option with -untrusted
86 ok
(run
(app
(["openssl", "pkcs12", "-export", "-chain",
87 "-CAfile", srctop_file
(@path, "sroot-cert.pem"),
88 "-untrusted", srctop_file
(@path, "ca-cert.pem"),
89 "-in", srctop_file
(@path, "ee-cert.pem"),
90 "-nokeys", "-passout", "pass:", "-out", $outfile1])),
91 "test_pkcs12_chain_untrusted");
93 # Test the -passcerts option
95 skip
"Skipping PKCS#12 test because DES is disabled in this build", 1
97 ok
(run
(app
(["openssl", "pkcs12", "-export",
98 "-in", srctop_file
(@path, "ee-cert.pem"),
99 "-certfile", srctop_file
(@path, "v3-certs-TDES.p12"),
100 "-passcerts", "pass:v3-certs",
101 "-nokeys", "-passout", "pass:v3-certs", "-descert",
102 "-out", $outfile2])),
103 "test_pkcs12_passcerts");
107 skip
"Skipping legacy PKCS#12 test because the required algorithms are disabled", 1
108 if disabled
("des") || disabled
("rc2") || disabled
("legacy");
109 # Test reading legacy PKCS#12 file
110 ok
(run
(app
(["openssl", "pkcs12", "-export",
111 "-in", srctop_file
(@path, "v3-certs-RC2.p12"),
112 "-passin", "pass:v3-certs",
113 "-provider", "default", "-provider", "legacy",
114 "-nokeys", "-passout", "pass:v3-certs", "-descert",
115 "-out", $outfile3])),
116 "test_pkcs12_passcerts_legacy");
119 # Test export of PEM file with both cert and key
120 # -nomac necessary to avoid legacy provider requirement
121 ok
(run
(app
(["openssl", "pkcs12", "-export",
122 "-inkey", srctop_file
(@path, "cert-key-cert.pem"),
123 "-in", srctop_file
(@path, "cert-key-cert.pem"),
124 "-passout", "pass:v3-certs",
125 "-nomac", "-out", $outfile4], stderr
=> "outerr.txt")),
126 "test_export_pkcs12_cert_key_cert");
127 open DATA
, "outerr.txt";
128 my @match = grep /:error:/, <DATA
>;
130 ok
(scalar @match > 0 ?
0 : 1, "test_export_pkcs12_outerr_empty");
132 ok
(run
(app
(["openssl", "pkcs12",
134 "-passin", "pass:v3-certs",
135 "-nomacver", "-nodes"])),
136 "test_import_pkcs12_cert_key_cert");
138 ok
(run
(app
(["openssl", "pkcs12", "-export", "-out", $outfile5,
139 "-in", srctop_file
(@path, "ee-cert.pem"), "-caname", "testname",
140 "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])),
141 "test nokeys single cert");
143 my @pkcs12info = run
(app
(["openssl", "pkcs12", "-info", "-in", $outfile5,
144 "-passin", "pass:"]), capture
=> 1);
146 # Test that with one input certificate, we get one output certificate
147 ok
(grep(/subject=CN\s*=\s*server.example/, @pkcs12info) == 1,
148 "test one cert in output");
149 # Test that the expected friendly name is present in the output
150 ok
(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");
152 # Test export of PEM file with both cert and key, without password.
153 # -nomac necessary to avoid legacy provider requirement
155 ok
(run
(app
(["openssl", "pkcs12", "-export",
156 "-inkey", srctop_file
(@path, "cert-key-cert.pem"),
157 "-in", srctop_file
(@path, "cert-key-cert.pem"),
159 "-nomac", "-out", $outfile6], stderr
=> "outerr6.txt")),
160 "test_export_pkcs12_cert_key_cert_no_pass");
161 open DATA
, "outerr6.txt";
162 my @match = grep /:error:/, <DATA
>;
164 ok
(scalar @match > 0 ?
0 : 1, "test_export_pkcs12_outerr6_empty");
167 # Tests for pkcs12_parse
168 ok
(run
(test
(["pkcs12_api_test",
171 ])), "Test pkcs12_parse()");
174 skip
"Skipping PKCS#12 parse test because DES is disabled in this build", 1
176 ok
(run
(test
(["pkcs12_api_test",
180 ])), "Test pkcs12_parse()");
184 skip
"Skipping PKCS#12 parse test because the required algorithms are disabled", 1
185 if disabled
("des") || disabled
("rc2") || disabled
("legacy");
186 ok
(run
(test
(["pkcs12_api_test",
190 ])), "Test pkcs12_parse()");
193 ok
(run
(test
(["pkcs12_api_test",
199 ])), "Test pkcs12_parse()");
201 ok
(run
(test
(["pkcs12_api_test",
204 ])), "Test pkcs12_parse()");
206 ok
(run
(test
(["pkcs12_api_test",
212 ])), "Test pkcs12_parse()");
214 SetConsoleOutputCP
($savedcp) if (defined($savedcp));