test/recipes/25-test_verify_store.t

   1 #! /usr/bin/env perl
   2 # Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9 use strict;
  10 use warnings;
  11
  12 use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
  13 use OpenSSL::Test::Utils;
  14
  15 setup("test_verify_store");
  16
  17 plan tests => 10;
  18
  19 my $dummycnf = srctop_file("apps", "openssl.cnf");
  20
  21 my $cnf = srctop_file("test", "ca-and-certs.cnf");
  22 my $CAkey = "keyCA.ss";
  23 my $CAcert="certCA.ss";
  24 my $CAserial="certCA.srl";
  25 my $CAreq="reqCA.ss";
  26 my $CAreq2="req2CA.ss"; # temp
  27 my $Ukey="keyU.ss";
  28 my $Ureq="reqU.ss";
  29 my $Ucert="certU.ss";
  30
  31 SKIP: {
  32     req( 'make cert request',
  33          qw(-new -section userreq),
  34          -config       => $cnf,
  35          -out          => $CAreq,
  36          -keyout       => $CAkey );
  37
  38     skip 'failure', 8 unless
  39         x509( 'convert request into self-signed cert',
  40               qw(-req -CAcreateserial -days 30),
  41               qw(-extensions v3_ca),
  42               -in       => $CAreq,
  43               -out      => $CAcert,
  44               -signkey  => $CAkey,
  45               -extfile  => $cnf );
  46
  47     skip 'failure', 7 unless
  48         x509( 'convert cert into a cert request',
  49               qw(-x509toreq),
  50               -in       => $CAcert,
  51               -out      => $CAreq2,
  52               -signkey  => $CAkey );
  53
  54     skip 'failure', 6 unless
  55         req( 'verify request 1',
  56              qw(-verify -noout -section userreq),
  57              -config    => $dummycnf,
  58              -in        => $CAreq );
  59
  60     skip 'failure', 5 unless
  61         req( 'verify request 2',
  62              qw(-verify -noout -section userreq),
  63              -config    => $dummycnf,
  64              -in        => $CAreq2 );
  65
  66     skip 'failure', 4 unless
  67         verify( 'verify signature',
  68                 -CAstore => $CAcert,
  69                 $CAcert );
  70
  71     skip 'failure', 3 unless
  72         req( 'make a user cert request',
  73              qw(-new -section userreq),
  74              -config  => $cnf,
  75              -out     => $Ureq,
  76              -keyout  => $Ukey );
  77
  78     skip 'failure', 2 unless
  79         x509( 'sign user cert request',
  80               qw(-req -CAcreateserial -days 30 -extensions v3_ee),
  81               -in     => $Ureq,
  82               -out    => $Ucert,
  83               -CA     => $CAcert,
  84               -CAkey  => $CAkey,
  85               -CAserial => $CAserial,
  86               -extfile => $cnf )
  87         && verify( undef,
  88                    -CAstore => $CAcert,
  89                    $Ucert );
  90
  91     skip 'failure', 0 unless
  92         x509( 'Certificate details',
  93               qw(-subject -issuer -startdate -enddate -noout),
  94               -in     => $Ucert );
  95 }
  96
  97 sub verify {
  98     my $title = shift;
  99
 100     ok(run(app([qw(openssl verify), @_])), $title);
 101 }
 102
 103 sub req {
 104     my $title = shift;
 105
 106     ok(run(app([qw(openssl req), @_])), $title);
 107 }
 108
 109 sub x509 {
 110     my $title = shift;
 111
 112     ok(run(app([qw(openssl x509), @_])), $title);
 113 }