test: the attributeDescriptor X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)

diff --git a/test/certs/ext-attributeDescriptor.pem b/test/certs/ext-attributeDescriptor.pem
new file mode 100644 (file)
index 0000000..55b9e6e
--- /dev/null
+++ b/test/certs/ext-attributeDescriptor.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCzCCAfegAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDEw
+NzA5WhgPMjAyMTA4MzEwMTA3MDlaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABo4GRMIGOMIGLBgNVHTAEgYMwgYAG
+A1UEAwQYVW5ib3VuZGVkRGlyZWN0b3J5U3RyaW5ngApjb21tb25OYW1lgRZBIGdl
+bmVyYWwtcHVycG9zZSBuYW1lMDsGA1UECjA0MCCkHjAcMRowGAYDVQQDDBFXaWxk
+Ym9hciBTb2Z0d2FyZTAQMAsGCWCGSAFlAwQCAQMBADALBgkqhkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----

diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index 39440498efe9320f154258f61cb9f58e25a36db6..664ba5425c52a50086031ac4cd5e3ad087a88cce 100644 (file)
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 105;
+plan tests => 111;
 
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -332,6 +332,28 @@ cert_contains($role_spec_cert,
               "Registered ID:description",
               1, 'X.509 Role Spec Certificate Identifier');
 
+my $attr_desc_cert = srctop_file(@certs, "ext-attributeDescriptor.pem");
+cert_contains($attr_desc_cert,
+              "Identifier: 2.5.4.3",
+              1, 'X.509 Attribute Descriptor');
+# This comes from the syntax field, which starts on the next line.
+cert_contains($attr_desc_cert,
+              "UnboundedDirectoryString",
+              1, 'X.509 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "Name: commonName",
+              1, 'X.509 Attribute Descriptor');
+# These comes from the dominationRule field.
+cert_contains($attr_desc_cert,
+              "Privilege Policy Identifier: 2.5.4.10",
+              1, 'X.509 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "DirName:CN = Wildboar",
+              1, 'X.509 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "Algorithm: sha256",
+              1, 'X.509 Attribute Descriptor');
+
 sub test_errors { # actually tests diagnostics of OSSL_STORE
     my ($expected, $cert, @opts) = @_;
     my $infile = srctop_file(@certs, $cert);