From 2d09fd72eac87c142b10ebc3272ad5bf9dcfd0ca Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Fri, 7 Mar 2025 11:35:05 -0500
Subject: [PATCH] test: run PKCS#7 verification with both internal and external
 certificates

---
 test/units/TEST-74-AUX-UTILS.keyutil.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/test/units/TEST-74-AUX-UTILS.keyutil.sh b/test/units/TEST-74-AUX-UTILS.keyutil.sh
index d08c86e6972..96700a58cd4 100755
--- a/test/units/TEST-74-AUX-UTILS.keyutil.sh
+++ b/test/units/TEST-74-AUX-UTILS.keyutil.sh
@@ -49,9 +49,18 @@ testcase_public() {
 
 testcase_pkcs7() {
     echo -n "test" > /tmp/payload
+
+    # Generate PKCS#1 signature
     openssl dgst -sha256 -sign /tmp/test.key -out /tmp/payload.sig /tmp/payload
+
+    # Generate PKCS#7 signature
     /usr/lib/systemd/systemd-keyutil --certificate /tmp/test.crt --output /tmp/payload.p7s --signature /tmp/payload.sig pkcs7
-    openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -certfile /tmp/test.crt -nointern -noverify > /dev/null
+
+    # Verify using internal x509 certificate
+    openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify > /dev/null
+
+    # Verify using external (original) x509 certificate
+    openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -certificate /tmp/test.crt -nointern -noverify > /dev/null
 }
 
 run_testcases
-- 
2.47.3