662109c896b22ddb79719e281859eeb220394bc7
[openssl.git] / test / recipes / 25-test_req.t
1 #! /usr/bin/env perl
2 # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License").  You may not use
5 # this file except in compliance with the License.  You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 use strict;
11 use warnings;
12
13 use OpenSSL::Test::Utils;
14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
15
16 setup("test_req");
17
18 plan tests => 16;
19
20 require_ok(srctop_file('test','recipes','tconversion.pl'));
21
22 # What type of key to generate?
23 my @req_new;
24 if (disabled("rsa")) {
25     @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
26 } else {
27     @req_new = ("-new");
28     note("There should be a 2 sequences of .'s and some +'s.");
29     note("There should not be more that at most 80 per line");
30 }
31
32 # Check for duplicate -addext parameters, and one "working" case.
33 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
34     "-config", srctop_file("test", "test.cnf"), @req_new );
35 my $val = "subjectAltName=DNS:example.com";
36 my $val2 = " " . $val;
37 my $val3 = $val;
38 $val3 =~ s/=/    =/;
39 ok( run(app([@addext_args, "-addext", $val])));
40 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
41 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
42 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
43 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
44
45 subtest "generating alt certificate requests with RSA" => sub {
46     plan tests => 3;
47
48     SKIP: {
49         skip "RSA is not supported by this OpenSSL build", 2
50             if disabled("rsa");
51
52         ok(run(app(["openssl", "req",
53                     "-config", srctop_file("test", "test.cnf"),
54                     "-section", "altreq",
55                     "-new", "-out", "testreq-rsa.pem", "-utf8",
56                     "-key", srctop_file("test", "testrsa.pem")])),
57            "Generating request");
58
59         ok(run(app(["openssl", "req",
60                     "-config", srctop_file("test", "test.cnf"),
61                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
62            "Verifying signature on request");
63
64         ok(run(app(["openssl", "req",
65                     "-config", srctop_file("test", "test.cnf"),
66                     "-section", "altreq",
67                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
68            "Verifying signature on request");
69     }
70 };
71
72
73 subtest "generating certificate requests with RSA" => sub {
74     plan tests => 2;
75
76     SKIP: {
77         skip "RSA is not supported by this OpenSSL build", 2
78             if disabled("rsa");
79
80         ok(run(app(["openssl", "req",
81                     "-config", srctop_file("test", "test.cnf"),
82                     "-new", "-out", "testreq-rsa.pem", "-utf8",
83                     "-key", srctop_file("test", "testrsa.pem")])),
84            "Generating request");
85
86         ok(run(app(["openssl", "req",
87                     "-config", srctop_file("test", "test.cnf"),
88                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
89            "Verifying signature on request");
90     }
91 };
92
93 subtest "generating certificate requests with DSA" => sub {
94     plan tests => 2;
95
96     SKIP: {
97         skip "DSA is not supported by this OpenSSL build", 2
98             if disabled("dsa");
99
100         ok(run(app(["openssl", "req",
101                     "-config", srctop_file("test", "test.cnf"),
102                     "-new", "-out", "testreq-dsa.pem", "-utf8",
103                     "-key", srctop_file("test", "testdsa.pem")])),
104            "Generating request");
105
106         ok(run(app(["openssl", "req",
107                     "-config", srctop_file("test", "test.cnf"),
108                     "-verify", "-in", "testreq-dsa.pem", "-noout"])),
109            "Verifying signature on request");
110     }
111 };
112
113 subtest "generating certificate requests with ECDSA" => sub {
114     plan tests => 2;
115
116     SKIP: {
117         skip "ECDSA is not supported by this OpenSSL build", 2
118             if disabled("ec");
119
120         ok(run(app(["openssl", "req",
121                     "-config", srctop_file("test", "test.cnf"),
122                     "-new", "-out", "testreq-ec.pem", "-utf8",
123                     "-key", srctop_file("test", "testec-p256.pem")])),
124            "Generating request");
125
126         ok(run(app(["openssl", "req",
127                     "-config", srctop_file("test", "test.cnf"),
128                     "-verify", "-in", "testreq-ec.pem", "-noout"])),
129            "Verifying signature on request");
130     }
131 };
132
133 subtest "generating certificate requests with Ed25519" => sub {
134     plan tests => 2;
135
136     SKIP: {
137         skip "Ed25519 is not supported by this OpenSSL build", 2
138             if disabled("ec");
139
140         ok(run(app(["openssl", "req",
141                     "-config", srctop_file("test", "test.cnf"),
142                     "-new", "-out", "testreq-ed25519.pem", "-utf8",
143                     "-key", srctop_file("test", "tested25519.pem")])),
144            "Generating request");
145
146         ok(run(app(["openssl", "req",
147                     "-config", srctop_file("test", "test.cnf"),
148                     "-verify", "-in", "testreq-ed25519.pem", "-noout"])),
149            "Verifying signature on request");
150     }
151 };
152
153 subtest "generating certificate requests with Ed448" => sub {
154     plan tests => 2;
155
156     SKIP: {
157         skip "Ed448 is not supported by this OpenSSL build", 2
158             if disabled("ec");
159
160         ok(run(app(["openssl", "req",
161                     "-config", srctop_file("test", "test.cnf"),
162                     "-new", "-out", "testreq-ed448.pem", "-utf8",
163                     "-key", srctop_file("test", "tested448.pem")])),
164            "Generating request");
165
166         ok(run(app(["openssl", "req",
167                     "-config", srctop_file("test", "test.cnf"),
168                     "-verify", "-in", "testreq-ed448.pem", "-noout"])),
169            "Verifying signature on request");
170     }
171 };
172
173 subtest "generating certificate requests" => sub {
174     plan tests => 2;
175
176     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
177                 @req_new, "-out", "testreq.pem"])),
178        "Generating request");
179
180     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
181                 "-verify", "-in", "testreq.pem", "-noout"])),
182        "Verifying signature on request");
183 };
184
185 subtest "generating SM2 certificate requests" => sub {
186     plan tests => 4;
187
188     SKIP: {
189         skip "SM2 is not supported by this OpenSSL build", 4
190         if disabled("sm2");
191         ok(run(app(["openssl", "req",
192                     "-config", srctop_file("test", "test.cnf"),
193                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
194                     "-sigopt", "sm2_id:1234567812345678",
195                     "-out", "testreq-sm2.pem", "-sm3"])),
196            "Generating SM2 certificate request");
197
198         ok(run(app(["openssl", "req",
199                     "-config", srctop_file("test", "test.cnf"),
200                     "-verify", "-in", "testreq-sm2.pem", "-noout",
201                     "-sm2-id", "1234567812345678", "-sm3"])),
202            "Verifying signature on SM2 certificate request");
203
204         ok(run(app(["openssl", "req",
205                     "-config", srctop_file("test", "test.cnf"),
206                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
207                     "-sigopt", "sm2_hex_id:DEADBEEF",
208                     "-out", "testreq-sm2.pem", "-sm3"])),
209            "Generating SM2 certificate request with hex id");
210
211         ok(run(app(["openssl", "req",
212                     "-config", srctop_file("test", "test.cnf"),
213                     "-verify", "-in", "testreq-sm2.pem", "-noout",
214                     "-sm2-hex-id", "DEADBEEF", "-sm3"])),
215            "Verifying signature on SM2 certificate request");
216     }
217 };
218
219 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
220
221 run_conversion('req conversions',
222                "testreq.pem");
223 run_conversion('req conversions -- testreq2',
224                srctop_file("test", "testreq2.pem"));
225
226 sub run_conversion {
227     my $title = shift;
228     my $reqfile = shift;
229
230     subtest $title => sub {
231         run(app(["openssl", @openssl_args,
232                  "-in", $reqfile, "-inform", "p",
233                  "-noout", "-text"],
234                 stderr => "req-check.err", stdout => undef));
235         open DATA, "req-check.err";
236         SKIP: {
237             plan skip_all => "skipping req conversion test for $reqfile"
238                 if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
239
240             tconversion("req", $reqfile, @openssl_args);
241         }
242         close DATA;
243         unlink "req-check.err";
244
245         done_testing();
246     };
247 }