test/recipes/25-test_req.t

   1 #! /usr/bin/env perl
   2 # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use OpenSSL::Test::Utils;
  14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
  15
  16 setup("test_req");
  17
  18 plan tests => 10;
  19
  20 require_ok(srctop_file('test','recipes','tconversion.pl'));
  21
  22 open RND, ">>", ".rnd";
  23 print RND "string to make the random number generator think it has randomness";
  24 close RND;
  25
  26 # What type of key to generate?
  27 my @req_new;
  28 if (disabled("rsa")) {
  29     @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
  30 } else {
  31     @req_new = ("-new");
  32     note("There should be a 2 sequences of .'s and some +'s.");
  33     note("There should not be more that at most 80 per line");
  34 }
  35
  36 # Check for duplicate -addext parameters, and one "working" case.
  37 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
  38     "-config", srctop_file("test", "test.cnf"), @req_new );
  39 my $val = "subjectAltName=DNS:example.com";
  40 my $val2 = " " . $val;
  41 my $val3 = $val;
  42 $val3 =~ s/=/    =/;
  43 ok( run(app([@addext_args, "-addext", $val])));
  44 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
  45 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
  46 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
  47 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
  48
  49 subtest "generating certificate requests" => sub {
  50     plan tests => 2;
  51
  52     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
  53                 @req_new, "-out", "testreq.pem"])),
  54        "Generating request");
  55
  56     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
  57                 "-verify", "-in", "testreq.pem", "-noout"])),
  58        "Verifying signature on request");
  59 };
  60
  61 subtest "generating SM2 certificate requests" => sub {
  62     plan tests => 4;
  63
  64     SKIP: {
  65         skip "SM2 is not supported by this OpenSSL build", 4
  66         if disabled("sm2");
  67         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
  68                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
  69                     "-sigopt", "sm2_id:1234567812345678",
  70                     "-out", "testreq.pem", "-sm3"])),
  71            "Generating SM2 certificate request");
  72
  73         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
  74                     "-verify", "-in", "testreq.pem", "-noout",
  75                     "-sm2-id", "1234567812345678", "-sm3"])),
  76            "Verifying signature on SM2 certificate request");
  77
  78         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
  79                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
  80                     "-sigopt", "sm2_hex_id:DEADBEEF",
  81                     "-out", "testreq.pem", "-sm3"])),
  82            "Generating SM2 certificate request with hex id");
  83
  84         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
  85                     "-verify", "-in", "testreq.pem", "-noout",
  86                     "-sm2-hex-id", "DEADBEEF", "-sm3"])),
  87            "Verifying signature on SM2 certificate request");
  88     }
  89 };
  90
  91 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
  92
  93 run_conversion('req conversions',
  94                "testreq.pem");
  95 run_conversion('req conversions -- testreq2',
  96                srctop_file("test", "testreq2.pem"));
  97
  98 unlink "testkey.pem", "testreq.pem";
  99
 100 sub run_conversion {
 101     my $title = shift;
 102     my $reqfile = shift;
 103
 104     subtest $title => sub {
 105         run(app(["openssl", @openssl_args,
 106                  "-in", $reqfile, "-inform", "p",
 107                  "-noout", "-text"],
 108                 stderr => "req-check.err", stdout => undef));
 109         open DATA, "req-check.err";
 110       SKIP: {
 111           plan skip_all => "skipping req conversion test for $reqfile"
 112               if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
 113
 114           tconversion("req", $reqfile, @openssl_args);
 115         }
 116         close DATA;
 117         unlink "req-check.err";
 118
 119         done_testing();
 120     };
 121 }