#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
-use File::Spec;
+use File::Spec::Functions;
+use File::Copy;
use MIME::Base64;
-use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file);
+use OpenSSL::Test qw(:DEFAULT srctop_file srctop_dir bldtop_file data_file);
+use OpenSSL::Test::Utils;
my $test_name = "test_store";
setup($test_name);
+my $mingw = config('target') =~ m|^mingw|;
+
my @noexist_files =
( "test/blahdiblah.pem",
"test/blahdibleh.der" );
"testcrl.der",
### generated locally
- ### These examples were pilfered from OpenConnect's test suite
"rsa-key-pkcs1.pem", "rsa-key-pkcs1.der",
"rsa-key-pkcs1-aes128.pem",
"ec-key-pkcs8-pbes2-sha1.pem", "ec-key-pkcs8-pbes2-sha1.der",
"ec-key-aes256-cbc-sha256.p12",
);
+my %generated_file_files =
+ $^O eq 'linux'
+ ? ( "test/testx509.pem" => "file:testx509.pem",
+ "test/testrsa.pem" => "file:testrsa.pem",
+ "test/testrsapub.pem" => "file:testrsapub.pem",
+ "test/testcrl.pem" => "file:testcrl.pem",
+ "apps/server.pem" => "file:server.pem" )
+ : ();
+my @noexist_file_files =
+ ( "file:blahdiblah.pem",
+ "file:test/blahdibleh.der" );
-my $n = (2 * scalar @noexist_files)
- + (5 * scalar @src_files)
- + (3 * scalar @generated_files);
+my $n = (3 * scalar @noexist_files)
+ + (6 * scalar @src_files)
+ + (4 * scalar @generated_files)
+ + (scalar keys %generated_file_files)
+ + (scalar @noexist_file_files)
+ + 3
+ + 11;
plan tests => $n;
{
skip "failed initialisation", $n unless init();
+ my $rehash = init_rehash();
+
foreach (@noexist_files) {
my $file = srctop_file($_);
- ok(!run(app(["openssl", "storeutl", $file])));
- ok(!run(app(["openssl", "storeutl", to_file_uri($file)])));
+
+ ok(!run(app(["openssl", "storeutl", "-noout", $file])));
+ ok(!run(app(["openssl", "storeutl", "-noout",
+ to_abs_file($file)])));
+ {
+ local $ENV{MSYS2_ARG_CONV_EXCL} = "file:";
+
+ ok(!run(app(["openssl", "storeutl", "-noout",
+ to_abs_file_uri($file)])));
+ }
}
foreach (@src_files) {
my $file = srctop_file($_);
- ok(run(app(["openssl", "storeutl", $file])));
- ok(run(app(["openssl", "storeutl", to_file_uri($file)])));
- ok(run(app(["openssl", "storeutl", to_file_uri($file, 0,
- "")])));
- ok(run(app(["openssl", "storeutl", to_file_uri($file, 0,
- "localhost")])));
- ok(!run(app(["openssl", "storeutl", to_file_uri($file, 0,
- "dummy")])));
+
+ ok(run(app(["openssl", "storeutl", "-noout", $file])));
+ ok(run(app(["openssl", "storeutl", "-noout", to_abs_file($file)])));
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 4 if $mingw;
+
+ ok(run(app(["openssl", "storeutl", "-noout",
+ to_abs_file_uri($file)])));
+ ok(run(app(["openssl", "storeutl", "-noout",
+ to_abs_file_uri($file, 0, "")])));
+ ok(run(app(["openssl", "storeutl", "-noout",
+ to_abs_file_uri($file, 0, "localhost")])));
+ ok(!run(app(["openssl", "storeutl", "-noout",
+ to_abs_file_uri($file, 0, "dummy")])));
+ }
}
foreach (@generated_files) {
+ ok(run(app(["openssl", "storeutl", "-noout", "-passin",
+ "pass:password", $_])));
+ ok(run(app(["openssl", "storeutl", "-noout", "-passin",
+ "pass:password", to_abs_file($_)])));
+
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 2 if $mingw;
+
+ ok(run(app(["openssl", "storeutl", "-noout", "-passin",
+ "pass:password", to_abs_file_uri($_)])));
+ ok(!run(app(["openssl", "storeutl", "-noout", "-passin",
+ "pass:password", to_file_uri($_)])));
+ }
+ }
+ foreach (values %generated_file_files) {
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 1 if $mingw;
+
+ ok(run(app(["openssl", "storeutl", "-noout", $_])));
+ }
+ }
+ foreach (@noexist_file_files) {
SKIP:
{
- skip "PKCS#12 files not currently supported", 3 if m|\.p12$|;
-
- ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
- $_])));
- ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
- to_file_uri($_)])));
- ok(!run(app(["openssl", "storeutl", "-passin", "pass:password",
- to_rel_file_uri($_)])));
+ skip "file: tests disabled on MingW", 1 if $mingw;
+
+ ok(!run(app(["openssl", "storeutl", "-noout", $_])));
}
}
+ {
+ my $dir = srctop_dir("test", "certs");
+
+ ok(run(app(["openssl", "storeutl", "-noout", $dir])));
+ ok(run(app(["openssl", "storeutl", "-noout",
+ to_abs_file($dir, 1)])));
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 1 if $mingw;
+
+ ok(run(app(["openssl", "storeutl", "-noout",
+ to_abs_file_uri($dir, 1)])));
+ }
+ }
+
+ ok(!run(app(['openssl', 'storeutl', '-noout',
+ '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
+ srctop_file('test', 'testx509.pem')])),
+ "Checking that -subject can't be used with a single file");
+
+ ok(run(app(['openssl', 'storeutl', '-certs', '-noout',
+ srctop_file('test', 'testx509.pem')])),
+ "Checking that -certs returns 1 object on a certificate file");
+ ok(run(app(['openssl', 'storeutl', '-certs', '-noout',
+ srctop_file('test', 'testcrl.pem')])),
+ "Checking that -certs returns 0 objects on a CRL file");
+
+ ok(run(app(['openssl', 'storeutl', '-crls', '-noout',
+ srctop_file('test', 'testx509.pem')])),
+ "Checking that -crls returns 0 objects on a certificate file");
+ ok(run(app(['openssl', 'storeutl', '-crls', '-noout',
+ srctop_file('test', 'testcrl.pem')])),
+ "Checking that -crls returns 1 object on a CRL file");
+
+ SKIP: {
+ skip "failed rehash initialisation", 6 unless $rehash;
+
+ # subject from testx509.pem:
+ # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert'
+ # issuer from testcrl.pem:
+ # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority'
+ ok(run(app(['openssl', 'storeutl', '-noout',
+ '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app(['openssl', 'storeutl', '-noout',
+ '-subject',
+ '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app(['openssl', 'storeutl', '-noout', '-certs',
+ '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app(['openssl', 'storeutl', '-noout', '-crls',
+ '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app(['openssl', 'storeutl', '-noout', '-certs',
+ '-subject',
+ '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app(['openssl', 'storeutl', '-noout', '-crls',
+ '-subject',
+ '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
+ catdir(curdir(), 'rehash')])));
+ }
}
}, create => 1, cleanup => 1;
"-v2", "aes256", "-v2prf", "hmacWithSHA256",
"-in", $srcfile, "-out", $dstfile]));
}, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
+ # *-cert.pem (intermediary for the .p12 inits)
+ && run(app(["openssl", "req", "-x509",
+ "-config", data_file("ca.cnf"), "-nodes",
+ "-out", "cacert.pem", "-keyout", "cakey.pem"]))
+ && runall(sub {
+ my $srckey = shift;
+ (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|;
+ (my $csr = $dstfile) =~ s|\.pem|.csr|;
+
+ (run(app(["openssl", "req", "-new",
+ "-config", data_file("user.cnf"),
+ "-key", $srckey, "-out", $csr]))
+ &&
+ run(app(["openssl", "x509", "-days", "3650",
+ "-CA", "cacert.pem",
+ "-CAkey", "cakey.pem",
+ "-set_serial", time(), "-req",
+ "-in", $csr, "-out", $dstfile])));
+ }, grep(/-key-pkcs8\.pem$/, @generated_files))
+ # *.p12
+ && runall(sub {
+ my $dstfile = shift;
+ my ($type, $certpbe_index, $keypbe_index,
+ $macalg_index) =
+ $dstfile =~ m{^(.*)-key-(?|
+ # cert and key PBE are same
+ () #
+ ([^-]*-[^-]*)- # key & cert PBE
+ ([^-]*) # MACalg
+ |
+ # cert and key PBE are not same
+ ([^-]*-[^-]*)- # cert PBE
+ ([^-]*-[^-]*)- # key PBE
+ ([^-]*) # MACalg
+ )\.}x;
+ if (!$certpbe_index) {
+ $certpbe_index = $keypbe_index;
+ }
+ my $srckey = "$type-key-pkcs8.pem";
+ my $srccert = "$type-cert.pem";
+ my %pbes =
+ (
+ "sha1-3des" => "pbeWithSHA1And3-KeyTripleDES-CBC",
+ "md5-des" => "pbeWithMD5AndDES-CBC",
+ "aes256-cbc" => "AES-256-CBC",
+ );
+ my %macalgs =
+ (
+ "sha1" => "SHA1",
+ "sha256" => "SHA256",
+ );
+ my $certpbe = $pbes{$certpbe_index};
+ my $keypbe = $pbes{$keypbe_index};
+ my $macalg = $macalgs{$macalg_index};
+ if (!defined($certpbe) || !defined($keypbe)
+ || !defined($macalg)) {
+ print STDERR "Cert PBE for $pbe_index not defined\n"
+ unless defined $certpbe;
+ print STDERR "Key PBE for $pbe_index not defined\n"
+ unless defined $keypbe;
+ print STDERR "MACALG for $macalg_index not defined\n"
+ unless defined $macalg;
+ print STDERR "(destination file was $dstfile)\n";
+ return 0;
+ }
+ run(app(["openssl", "pkcs12", "-inkey", $srckey,
+ "-in", $srccert, "-passout", "pass:password",
+ "-export", "-macalg", $macalg,
+ "-certpbe", $certpbe, "-keypbe", $keypbe,
+ "-out", $dstfile]));
+ }, grep(/\.p12/, @generated_files))
# *.der (the end all init)
&& runall(sub {
my $dstfile = shift;
close $outfh;
return 1;
}, grep(/\.der$/, @generated_files))
+ && runall(sub {
+ my $srcfile = shift;
+ my $dstfile = $generated_file_files{$srcfile};
+
+ unless (copy srctop_file($srcfile), $dstfile) {
+ warn "$!\n";
+ return 0;
+ }
+ return 1;
+ }, keys %generated_file_files)
+ );
+}
+
+sub init_rehash {
+ return (
+ mkdir(catdir(curdir(), 'rehash'))
+ && copy(srctop_file('test', 'testx509.pem'),
+ catdir(curdir(), 'rehash'))
+ && copy(srctop_file('test', 'testcrl.pem'),
+ catdir(curdir(), 'rehash'))
+ && run(app(['openssl', 'rehash', catdir(curdir(), 'rehash')]))
);
}
# According to RFC8089, a relative file: path is invalid. We still produce
# them for testing purposes.
-sub to_rel_file_uri {
+sub to_file_uri {
my ($file, $isdir, $authority) = @_;
my $vol;
my $dir;
- die "to_rel_file_uri: No file given\n" if !defined($file) || $file eq '';
+ die "to_file_uri: No file given\n" if !defined($file) || $file eq '';
($vol, $dir, $file) = File::Spec->splitpath($file, $isdir // 0);
return "file:$file";
}
-sub to_file_uri {
+sub to_abs_file {
+ my ($file) = @_;
+
+ return File::Spec->rel2abs($file);
+}
+
+sub to_abs_file_uri {
my ($file, $isdir, $authority) = @_;
- die "to_file_uri: No file given\n" if !defined($file) || $file eq '';
- return to_rel_file_uri(File::Spec->rel2abs($file), $isdir, $authority);
+ die "to_abs_file_uri: No file given\n" if !defined($file) || $file eq '';
+ return to_file_uri(to_abs_file($file), $isdir, $authority);
}