test: run PKCS#7 verification with both internal and external certificates

author Dan Streetman <ddstreet@ieee.org>

Fri, 7 Mar 2025 16:35:05 +0000 (11:35 -0500)

committer Dan Streetman <ddstreet@ieee.org>

Fri, 7 Mar 2025 16:52:44 +0000 (11:52 -0500)
author Dan Streetman <ddstreet@ieee.org>
Fri, 7 Mar 2025 16:35:05 +0000 (11:35 -0500)
committer Dan Streetman <ddstreet@ieee.org>
Fri, 7 Mar 2025 16:52:44 +0000 (11:52 -0500)
diff --git a/test/units/TEST-74-AUX-UTILS.keyutil.sh b/test/units/TEST-74-AUX-UTILS.keyutil.sh

index d08c86e6972109a4e236dc2f0b5ddc6289010da8..96700a58cd42ca1e1d49cb2d4c1d004cae0a6b48 100755 (executable)
--- a/test/units/TEST-74-AUX-UTILS.keyutil.sh
+++ b/test/units/TEST-74-AUX-UTILS.keyutil.sh
@@ -49,9 +49,18 @@ testcase_public() {
  
  testcase_pkcs7() {
      echo -n "test" > /tmp/payload
+
+    # Generate PKCS#1 signature
      openssl dgst -sha256 -sign /tmp/test.key -out /tmp/payload.sig /tmp/payload
+
+    # Generate PKCS#7 signature
      /usr/lib/systemd/systemd-keyutil --certificate /tmp/test.crt --output /tmp/payload.p7s --signature /tmp/payload.sig pkcs7
-    openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -certfile /tmp/test.crt -nointern -noverify > /dev/null
+
+    # Verify using internal x509 certificate
+    openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -noverify > /dev/null
+
+    # Verify using external (original) x509 certificate
+    openssl smime -verify -binary -inform der -in /tmp/payload.p7s -content /tmp/payload -certificate /tmp/test.crt -nointern -noverify > /dev/null
  }
  
  run_testcases
author	Dan Streetman <ddstreet@ieee.org>
	Fri, 7 Mar 2025 16:35:05 +0000 (11:35 -0500)
committer	Dan Streetman <ddstreet@ieee.org>
	Fri, 7 Mar 2025 16:52:44 +0000 (11:52 -0500)