test/recipes/25-test_req.t

   1 #! /usr/bin/env perl
   2 # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use OpenSSL::Test::Utils;
  14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
  15
  16 setup("test_req");
  17
  18 plan tests => 13;
  19
  20 require_ok(srctop_file('test','recipes','tconversion.pl'));
  21
  22 open RND, ">>", ".rnd";
  23 print RND "string to make the random number generator think it has randomness";
  24 close RND;
  25
  26 # What type of key to generate?
  27 my @req_new;
  28 if (disabled("rsa")) {
  29     @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
  30 } else {
  31     @req_new = ("-new");
  32     note("There should be a 2 sequences of .'s and some +'s.");
  33     note("There should not be more that at most 80 per line");
  34 }
  35
  36 # Check for duplicate -addext parameters, and one "working" case.
  37 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
  38     "-config", srctop_file("test", "test.cnf"), @req_new );
  39 my $val = "subjectAltName=DNS:example.com";
  40 my $val2 = " " . $val;
  41 my $val3 = $val;
  42 $val3 =~ s/=/    =/;
  43 ok( run(app([@addext_args, "-addext", $val])));
  44 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
  45 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
  46 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
  47 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
  48
  49 subtest "generating certificate requests with RSA" => sub {
  50     plan tests => 2;
  51
  52     SKIP: {
  53         skip "RSA is not supported by this OpenSSL build", 2
  54             if disabled("rsa");
  55
  56         ok(run(app(["openssl", "req",
  57                     "-config", srctop_file("test", "test.cnf"),
  58                     "-new", "-out", "testreq.pem", "-utf8",
  59                     "-key", srctop_file("test", "testrsa.pem")])),
  60            "Generating request");
  61
  62         ok(run(app(["openssl", "req",
  63                     "-config", srctop_file("test", "test.cnf"),
  64                     "-verify", "-in", "testreq.pem", "-noout"])),
  65            "Verifying signature on request");
  66     }
  67 };
  68
  69 subtest "generating certificate requests with DSA" => sub {
  70     plan tests => 2;
  71
  72     SKIP: {
  73         skip "DSA is not supported by this OpenSSL build", 2
  74             if disabled("dsa");
  75
  76         ok(run(app(["openssl", "req",
  77                     "-config", srctop_file("test", "test.cnf"),
  78                     "-new", "-out", "testreq.pem", "-utf8",
  79                     "-key", srctop_file("test", "testdsa.pem")])),
  80            "Generating request");
  81
  82         ok(run(app(["openssl", "req",
  83                     "-config", srctop_file("test", "test.cnf"),
  84                     "-verify", "-in", "testreq.pem", "-noout"])),
  85            "Verifying signature on request");
  86     }
  87 };
  88
  89 subtest "generating certificate requests with ECDSA" => sub {
  90     plan tests => 2;
  91
  92     SKIP: {
  93         skip "ECDSA is not supported by this OpenSSL build", 2
  94             if disabled("ec");
  95
  96         ok(run(app(["openssl", "req",
  97                     "-config", srctop_file("test", "test.cnf"),
  98                     "-new", "-out", "testreq.pem", "-utf8",
  99                     "-key", srctop_file("test", "testec-p256.pem")])),
 100            "Generating request");
 101
 102         ok(run(app(["openssl", "req",
 103                     "-config", srctop_file("test", "test.cnf"),
 104                     "-verify", "-in", "testreq.pem", "-noout"])),
 105            "Verifying signature on request");
 106     }
 107 };
 108
 109 subtest "generating certificate requests" => sub {
 110     plan tests => 2;
 111
 112     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
 113                 @req_new, "-out", "testreq.pem"])),
 114        "Generating request");
 115
 116     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
 117                 "-verify", "-in", "testreq.pem", "-noout"])),
 118        "Verifying signature on request");
 119 };
 120
 121 subtest "generating SM2 certificate requests" => sub {
 122     plan tests => 4;
 123
 124     SKIP: {
 125         skip "SM2 is not supported by this OpenSSL build", 4
 126         if disabled("sm2");
 127         ok(run(app(["openssl", "req",
 128                     "-config", srctop_file("test", "test.cnf"),
 129                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
 130                     "-sigopt", "sm2_id:1234567812345678",
 131                     "-out", "testreq.pem", "-sm3"])),
 132            "Generating SM2 certificate request");
 133
 134         ok(run(app(["openssl", "req",
 135                     "-config", srctop_file("test", "test.cnf"),
 136                     "-verify", "-in", "testreq.pem", "-noout",
 137                     "-sm2-id", "1234567812345678", "-sm3"])),
 138            "Verifying signature on SM2 certificate request");
 139
 140         ok(run(app(["openssl", "req",
 141                     "-config", srctop_file("test", "test.cnf"),
 142                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
 143                     "-sigopt", "sm2_hex_id:DEADBEEF",
 144                     "-out", "testreq.pem", "-sm3"])),
 145            "Generating SM2 certificate request with hex id");
 146
 147         ok(run(app(["openssl", "req",
 148                     "-config", srctop_file("test", "test.cnf"),
 149                     "-verify", "-in", "testreq.pem", "-noout",
 150                     "-sm2-hex-id", "DEADBEEF", "-sm3"])),
 151            "Verifying signature on SM2 certificate request");
 152     }
 153 };
 154
 155 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
 156
 157 run_conversion('req conversions',
 158                "testreq.pem");
 159 run_conversion('req conversions -- testreq2',
 160                srctop_file("test", "testreq2.pem"));
 161
 162 unlink "testkey.pem", "testreq.pem";
 163
 164 sub run_conversion {
 165     my $title = shift;
 166     my $reqfile = shift;
 167
 168     subtest $title => sub {
 169         run(app(["openssl", @openssl_args,
 170                  "-in", $reqfile, "-inform", "p",
 171                  "-noout", "-text"],
 172                 stderr => "req-check.err", stdout => undef));
 173         open DATA, "req-check.err";
 174         SKIP: {
 175             plan skip_all => "skipping req conversion test for $reqfile"
 176                 if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
 177
 178             tconversion("req", $reqfile, @openssl_args);
 179         }
 180         close DATA;
 181         unlink "req-check.err";
 182
 183         done_testing();
 184     };
 185 }