test/recipes/25-test_req.t

   1 #! /usr/bin/env perl
   2 # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use OpenSSL::Test::Utils;
  14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
  15
  16 setup("test_req");
  17
  18 plan tests => 16;
  19
  20 require_ok(srctop_file('test','recipes','tconversion.pl'));
  21
  22 # What type of key to generate?
  23 my @req_new;
  24 if (disabled("rsa")) {
  25     @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
  26 } else {
  27     @req_new = ("-new");
  28     note("There should be a 2 sequences of .'s and some +'s.");
  29     note("There should not be more that at most 80 per line");
  30 }
  31
  32 # Check for duplicate -addext parameters, and one "working" case.
  33 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
  34     "-config", srctop_file("test", "test.cnf"), @req_new );
  35 my $val = "subjectAltName=DNS:example.com";
  36 my $val2 = " " . $val;
  37 my $val3 = $val;
  38 $val3 =~ s/=/    =/;
  39 ok( run(app([@addext_args, "-addext", $val])));
  40 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
  41 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
  42 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
  43 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
  44
  45 subtest "generating alt certificate requests with RSA" => sub {
  46     plan tests => 3;
  47
  48     SKIP: {
  49         skip "RSA is not supported by this OpenSSL build", 2
  50             if disabled("rsa");
  51
  52         ok(run(app(["openssl", "req",
  53                     "-config", srctop_file("test", "test.cnf"),
  54                     "-section", "altreq",
  55                     "-new", "-out", "testreq-rsa.pem", "-utf8",
  56                     "-key", srctop_file("test", "testrsa.pem")])),
  57            "Generating request");
  58
  59         ok(run(app(["openssl", "req",
  60                     "-config", srctop_file("test", "test.cnf"),
  61                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
  62            "Verifying signature on request");
  63
  64         ok(run(app(["openssl", "req",
  65                     "-config", srctop_file("test", "test.cnf"),
  66                     "-section", "altreq",
  67                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
  68            "Verifying signature on request");
  69     }
  70 };
  71
  72
  73 subtest "generating certificate requests with RSA" => sub {
  74     plan tests => 2;
  75
  76     SKIP: {
  77         skip "RSA is not supported by this OpenSSL build", 2
  78             if disabled("rsa");
  79
  80         ok(run(app(["openssl", "req",
  81                     "-config", srctop_file("test", "test.cnf"),
  82                     "-new", "-out", "testreq-rsa.pem", "-utf8",
  83                     "-key", srctop_file("test", "testrsa.pem")])),
  84            "Generating request");
  85
  86         ok(run(app(["openssl", "req",
  87                     "-config", srctop_file("test", "test.cnf"),
  88                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
  89            "Verifying signature on request");
  90     }
  91 };
  92
  93 subtest "generating certificate requests with DSA" => sub {
  94     plan tests => 2;
  95
  96     SKIP: {
  97         skip "DSA is not supported by this OpenSSL build", 2
  98             if disabled("dsa");
  99
 100         ok(run(app(["openssl", "req",
 101                     "-config", srctop_file("test", "test.cnf"),
 102                     "-new", "-out", "testreq-dsa.pem", "-utf8",
 103                     "-key", srctop_file("test", "testdsa.pem")])),
 104            "Generating request");
 105
 106         ok(run(app(["openssl", "req",
 107                     "-config", srctop_file("test", "test.cnf"),
 108                     "-verify", "-in", "testreq-dsa.pem", "-noout"])),
 109            "Verifying signature on request");
 110     }
 111 };
 112
 113 subtest "generating certificate requests with ECDSA" => sub {
 114     plan tests => 2;
 115
 116     SKIP: {
 117         skip "ECDSA is not supported by this OpenSSL build", 2
 118             if disabled("ec");
 119
 120         ok(run(app(["openssl", "req",
 121                     "-config", srctop_file("test", "test.cnf"),
 122                     "-new", "-out", "testreq-ec.pem", "-utf8",
 123                     "-key", srctop_file("test", "testec-p256.pem")])),
 124            "Generating request");
 125
 126         ok(run(app(["openssl", "req",
 127                     "-config", srctop_file("test", "test.cnf"),
 128                     "-verify", "-in", "testreq-ec.pem", "-noout"])),
 129            "Verifying signature on request");
 130     }
 131 };
 132
 133 subtest "generating certificate requests with Ed25519" => sub {
 134     plan tests => 2;
 135
 136     SKIP: {
 137         skip "Ed25519 is not supported by this OpenSSL build", 2
 138             if disabled("ec");
 139
 140         ok(run(app(["openssl", "req",
 141                     "-config", srctop_file("test", "test.cnf"),
 142                     "-new", "-out", "testreq-ed25519.pem", "-utf8",
 143                     "-key", srctop_file("test", "tested25519.pem")])),
 144            "Generating request");
 145
 146         ok(run(app(["openssl", "req",
 147                     "-config", srctop_file("test", "test.cnf"),
 148                     "-verify", "-in", "testreq-ed25519.pem", "-noout"])),
 149            "Verifying signature on request");
 150     }
 151 };
 152
 153 subtest "generating certificate requests with Ed448" => sub {
 154     plan tests => 2;
 155
 156     SKIP: {
 157         skip "Ed448 is not supported by this OpenSSL build", 2
 158             if disabled("ec");
 159
 160         ok(run(app(["openssl", "req",
 161                     "-config", srctop_file("test", "test.cnf"),
 162                     "-new", "-out", "testreq-ed448.pem", "-utf8",
 163                     "-key", srctop_file("test", "tested448.pem")])),
 164            "Generating request");
 165
 166         ok(run(app(["openssl", "req",
 167                     "-config", srctop_file("test", "test.cnf"),
 168                     "-verify", "-in", "testreq-ed448.pem", "-noout"])),
 169            "Verifying signature on request");
 170     }
 171 };
 172
 173 subtest "generating certificate requests" => sub {
 174     plan tests => 2;
 175
 176     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
 177                 @req_new, "-out", "testreq.pem"])),
 178        "Generating request");
 179
 180     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
 181                 "-verify", "-in", "testreq.pem", "-noout"])),
 182        "Verifying signature on request");
 183 };
 184
 185 subtest "generating SM2 certificate requests" => sub {
 186     plan tests => 4;
 187
 188     SKIP: {
 189         skip "SM2 is not supported by this OpenSSL build", 4
 190         if disabled("sm2");
 191         ok(run(app(["openssl", "req",
 192                     "-config", srctop_file("test", "test.cnf"),
 193                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
 194                     "-sigopt", "distid:1234567812345678",
 195                     "-out", "testreq-sm2.pem", "-sm3"])),
 196            "Generating SM2 certificate request");
 197
 198         ok(run(app(["openssl", "req",
 199                     "-config", srctop_file("test", "test.cnf"),
 200                     "-verify", "-in", "testreq-sm2.pem", "-noout",
 201                     "-vfyopt", "distid:1234567812345678", "-sm3"])),
 202            "Verifying signature on SM2 certificate request");
 203
 204         ok(run(app(["openssl", "req",
 205                     "-config", srctop_file("test", "test.cnf"),
 206                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
 207                     "-sigopt", "hexdistid:DEADBEEF",
 208                     "-out", "testreq-sm2.pem", "-sm3"])),
 209            "Generating SM2 certificate request with hex id");
 210
 211         ok(run(app(["openssl", "req",
 212                     "-config", srctop_file("test", "test.cnf"),
 213                     "-verify", "-in", "testreq-sm2.pem", "-noout",
 214                     "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),
 215            "Verifying signature on SM2 certificate request");
 216     }
 217 };
 218
 219 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
 220
 221 run_conversion('req conversions',
 222                "testreq.pem");
 223 run_conversion('req conversions -- testreq2',
 224                srctop_file("test", "testreq2.pem"));
 225
 226 sub run_conversion {
 227     my $title = shift;
 228     my $reqfile = shift;
 229
 230     subtest $title => sub {
 231         run(app(["openssl", @openssl_args,
 232                  "-in", $reqfile, "-inform", "p",
 233                  "-noout", "-text"],
 234                 stderr => "req-check.err", stdout => undef));
 235         open DATA, "req-check.err";
 236         SKIP: {
 237             plan skip_all => "skipping req conversion test for $reqfile"
 238                 if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
 239
 240             tconversion("req", $reqfile, @openssl_args);
 241         }
 242         close DATA;
 243         unlink "req-check.err";
 244
 245         done_testing();
 246     };
 247 }