]>
Commit | Line | Data |
---|---|---|
f4aa6222 | 1 | #! /usr/bin/env perl |
00c405b3 | 2 | # Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. |
f4aa6222 RL |
3 | # |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use warnings; | |
11 | ||
12 | use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/; | |
13 | use OpenSSL::Test::Utils; | |
14 | ||
15 | setup("test_verify_store"); | |
16 | ||
17 | plan tests => 10; | |
18 | ||
19 | my $dummycnf = srctop_file("apps", "openssl.cnf"); | |
20 | ||
2b584ff3 | 21 | my $cnf = srctop_file("test", "ca-and-certs.cnf"); |
f4aa6222 RL |
22 | my $CAkey = "keyCA.ss"; |
23 | my $CAcert="certCA.ss"; | |
24 | my $CAserial="certCA.srl"; | |
25 | my $CAreq="reqCA.ss"; | |
f4aa6222 | 26 | my $CAreq2="req2CA.ss"; # temp |
f4aa6222 RL |
27 | my $Ukey="keyU.ss"; |
28 | my $Ureq="reqU.ss"; | |
29 | my $Ucert="certU.ss"; | |
30 | ||
31 | SKIP: { | |
32 | req( 'make cert request', | |
4e6e57cf RS |
33 | qw(-new -section userreq), |
34 | -config => $cnf, | |
f4aa6222 RL |
35 | -out => $CAreq, |
36 | -keyout => $CAkey ); | |
37 | ||
38 | skip 'failure', 8 unless | |
39 | x509( 'convert request into self-signed cert', | |
4e6e57cf RS |
40 | qw(-req -CAcreateserial -days 30), |
41 | qw(-extensions v3_ca), | |
f4aa6222 RL |
42 | -in => $CAreq, |
43 | -out => $CAcert, | |
44 | -signkey => $CAkey, | |
4e6e57cf | 45 | -extfile => $cnf ); |
f4aa6222 RL |
46 | |
47 | skip 'failure', 7 unless | |
48 | x509( 'convert cert into a cert request', | |
49 | qw(-x509toreq), | |
50 | -in => $CAcert, | |
51 | -out => $CAreq2, | |
52 | -signkey => $CAkey ); | |
53 | ||
54 | skip 'failure', 6 unless | |
55 | req( 'verify request 1', | |
4e6e57cf | 56 | qw(-verify -noout -section userreq), |
f4aa6222 RL |
57 | -config => $dummycnf, |
58 | -in => $CAreq ); | |
59 | ||
60 | skip 'failure', 5 unless | |
61 | req( 'verify request 2', | |
4e6e57cf | 62 | qw(-verify -noout -section userreq), |
f4aa6222 RL |
63 | -config => $dummycnf, |
64 | -in => $CAreq2 ); | |
65 | ||
66 | skip 'failure', 4 unless | |
67 | verify( 'verify signature', | |
68 | -CAstore => $CAcert, | |
69 | $CAcert ); | |
70 | ||
71 | skip 'failure', 3 unless | |
72 | req( 'make a user cert request', | |
4e6e57cf RS |
73 | qw(-new -section userreq), |
74 | -config => $cnf, | |
f4aa6222 RL |
75 | -out => $Ureq, |
76 | -keyout => $Ukey ); | |
77 | ||
78 | skip 'failure', 2 unless | |
79 | x509( 'sign user cert request', | |
4e6e57cf | 80 | qw(-req -CAcreateserial -days 30 -extensions v3_ee), |
f4aa6222 RL |
81 | -in => $Ureq, |
82 | -out => $Ucert, | |
83 | -CA => $CAcert, | |
84 | -CAkey => $CAkey, | |
85 | -CAserial => $CAserial, | |
4e6e57cf | 86 | -extfile => $cnf ) |
f4aa6222 RL |
87 | && verify( undef, |
88 | -CAstore => $CAcert, | |
89 | $Ucert ); | |
90 | ||
91 | skip 'failure', 0 unless | |
92 | x509( 'Certificate details', | |
4e6e57cf | 93 | qw(-subject -issuer -startdate -enddate -noout), |
f4aa6222 RL |
94 | -in => $Ucert ); |
95 | } | |
96 | ||
97 | sub verify { | |
98 | my $title = shift; | |
99 | ||
100 | ok(run(app([qw(openssl verify), @_])), $title); | |
101 | } | |
102 | ||
103 | sub req { | |
104 | my $title = shift; | |
105 | ||
106 | ok(run(app([qw(openssl req), @_])), $title); | |
107 | } | |
108 | ||
109 | sub x509 { | |
110 | my $title = shift; | |
111 | ||
112 | ok(run(app([qw(openssl x509), @_])), $title); | |
113 | } |