From: Jonathan M. Wilbur <jonathan@wilbur.space>
Date: Wed, 11 Sep 2024 00:46:33 +0000 (+0000)
Subject: test: the roleSpecCertIdentifier X.509v3 extension
X-Git-Tag: openssl-3.5.0-alpha1~1110
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4455c1a309f633936a6a155879b5d57f59606c06;p=thirdparty%2Fopenssl.git

test: the roleSpecCertIdentifier X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25428)
---

diff --git a/test/certs/ext-roleSpecCertIdentifier.pem b/test/certs/ext-roleSpecCertIdentifier.pem
new file mode 100644
index 00000000000..bb497166e52
--- /dev/null
+++ b/test/certs/ext-roleSpecCertIdentifier.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7zCCAdugAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIw
+NzA0WhgPMjAyMTA4MzEwMjA3MDRaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABo3YwdDByBgNVHScEazBpMGegIKQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJloSCkHjAcMRowGAYDVQQDDBFX
+aWxkYm9hciBTb2Z0d2FyZYIEAgQGCKMbghR3aWxkYm9hcnNvZnR3YXJlLmNvbYgD
+VQQNMAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index feb28fd080c..1d458d33629 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 100;
+plan tests => 105;
 
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -315,6 +315,23 @@ cert_contains($auth_att_id_cert,
               "Issuer UID: B2",
               1, 'X.509 Authority Attribute Identifier');
 
+my $role_spec_cert = srctop_file(@certs, "ext-roleSpecCertIdentifier.pem");
+cert_contains($role_spec_cert,
+              "Role Name: DirName:CN = Wildboar",
+              1, 'X.509 Role Spec Certificate Identifier');
+cert_contains($role_spec_cert,
+              "Role Certificate Issuer: DirName:CN",
+              1, 'X.509 Role Spec Certificate Identifier');
+cert_contains($role_spec_cert,
+              "Role Certificate Serial Number: 0x02040608",
+              1, 'X.509 Role Spec Certificate Identifier');
+cert_contains($role_spec_cert,
+              "DNS:wildboarsoftware.com",
+              1, 'X.509 Role Spec Certificate Identifier');
+cert_contains($role_spec_cert,
+              "Registered ID:description",
+              1, 'X.509 Role Spec Certificate Identifier');
+
 sub test_errors { # actually tests diagnostics of OSSL_STORE
     my ($expected, $cert, @opts) = @_;
     my $infile = srctop_file(@certs, $cert);