$no_rc2 = 1 if disabled("legacy");
-plan tests => 14;
+plan tests => 15;
ok(run(test(["pkcs7_test"])), "test pkcs7");
"Verify CMS signed digest, S/MIME format");
};
+subtest "CMS code signing test" => sub {
+ plan tests => 7;
+ my $sig_file = "signature.p7s";
+ ok(run(app(["openssl", "cms", @prov, "-sign", "-in", $smcont,
+ "-certfile", catfile($smdir, "smroot.pem"),
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-out", $sig_file])),
+ "accept perform CMS signature with smime certificate");
+
+ ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-content", $smcont])),
+ "accept verify CMS signature with smime certificate");
+
+ ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-purpose", "codesign",
+ "-content", $smcont])),
+ "fail verify CMS signature with smime certificate for purpose code signing");
+
+ ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-purpose", "football",
+ "-content", $smcont])),
+ "fail verify CMS signature with invalid purpose argument");
+
+ ok(run(app(["openssl", "cms", @prov, "-sign", "-in", $smcont,
+ "-certfile", catfile($smdir, "smroot.pem"),
+ "-signer", catfile($smdir, "csrsa1.pem"),
+ "-out", $sig_file])),
+ "accept perform CMS signature with code signing certificate");
+
+ ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-purpose", "codesign",
+ "-content", $smcont])),
+ "accept verify CMS signature with code signing certificate for purpose code signing");
+
+ ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-content", $smcont])),
+ "fail verify CMS signature with code signing certificate for purpose smime_sign");
+};
+
sub check_availability {
my $tnam = shift;
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCo/4lYYYWu3tss
+D9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT5Rcf/w3G
+Q/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1lDz9mjsI2
+oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1U7OWaoIb
+FYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5ep5LR2in
+Kcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tniIQPYf55
+NB9KiR+3AgMBAAECggEAFvp/40uHUMquhGQ2wsl5/zzVV6ZECFGhIaoVdwiq7Npl
+cERPGSxdt7mXg+AliGQO2JXIf4iDx273oYC3PFuWbn9YMQd5RUuAZ/oD+hB25QB8
+vmGJTeqDUgZ0+4qs0fsM5upPUqFrHnfEwoarS9oMh0HEQi9yWzHy7E/E9Rk0dm8Q
+qAwfKKqqwBe0RIp6GOwRJ2AO4NLvPh1oddVX15zvVeDP5pmHScZKtGXf9sIKfJJo
+JN7N5UaviOKEGpQtxKVNOjn1wYusvzrvz3U3TmvyXTGkPCdSxK/6bz0LN+Lwyfzw
+RpSoNUe/cREZJkXDIIaqvmzlQVk1aKDdAx4+8ltyWQKBgQDahgSMZAAeGuQwtI+S
+jor9dNWcxEr5Uf/iw5gWmp5E59CSyc35Zj5rdf4M12X7jPRqAbFcM6FgERtbKyYd
+lg+PGgcKMYXKXJWimA6xU06+wwRl1iI/j718FCLeov6Lt17VHr8sjO3GiZ/WtHz1
+H6mqV8i9vcClmA6IyS+EQvtkBQKBgQDF+y0JwcbEzS3YqTHy4DGQtcCOkcLi+WM5
+APch7pev4I9MTgZdRnC6ZjnYKXQU9nzALZrH1PoHnFRZbsXbCFsmTdh/6g1L0b7B
+/zfZhB+9LiB7NBpfHiUydj1JQfkw/EvnLbs7r5EYGbpkMhpzmmzE9Yv0d+xj1CPd
+6kz/6CRdiwKBgBE1ZpxLr7qvMXModPn8obNuBPhweNsDexw3fP2itX4Fp2Y34DGY
+vKenxhbqy4wwwHqsoXP6WOYA0t+uGTVRQO5rBUznM3sJKXuBb/7E6bmaD/mZEF9j
+CXABAfH4cgU8roon/rQacQsmgWDeG80N7kWM3jEbBVXFELfy5/wJblSlAoGAUZax
+eNPiljf4LNGNRAogYwKD2D05k1AzE8rSDanF2TUx2MBO3yGoUyjNrcdnjzwFLS2e
+G7wpTfmeyTxdTWakKaTrE8vgrt5BPrFu0rUgX1YjDKLsO0axDZqspwQJLabLoPm3
+r2Eq6kOwDJqZTArXyFNo2daSFJHYNhvYn52LXwECgYB9CRrPMe0sWdbVPm55bXGM
+Ern05LQuaLaDZjsbsaH9Q5YPk99Sq7jklyQ3ZuHodSLAArHGu/96uu66xtMrRYcj
+c89fqFeqc/BwnkodvWJ3K80UNulnjfOcPVAPHaAr9GE9rJcjICNpu2+wJ2wi4JAF
+rLxFTZXBDbnGZ9QtcGcJSw==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIUGi+UX00em2j4v8bJ1scHsD41/ccwDQYJKoZIhvcNAQEL
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDgxNjExNTgwMFoYDzIxMjIw
+ODE2MTE1ODAwWjBHMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
+cDEgMB4GA1UEAwwXVGVzdCBDb2RlU2lnbiBFRSBSU0EgIzEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lYYYWu3tssD9Vz++K3qBt6dWAr1H08c3a1
+rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJT
+YgVFTeAxl++qnRDSWA2eBp4yuxsIVl1lDz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4
+I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFk
+ijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5ep5LR2inKcc/SuIiJ7TvkGPX79ByST5b
+rbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tniIQPYf55NB9KiR+3AgMBAAGjcjBwMAkG
+A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB0G
+A1UdDgQWBBTnm+IqrYpsOst2UeWOB5gil+FzojAfBgNVHSMEGDAWgBQVwRMha+JV
+X6dqHVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAMpLHe2q3OYJ8kKYAvjS5
+VDiESqPPVyYMSKb6B7bsex/BgFArxmk+8hOpuyuqSoejiyVAO9re/JrmQetM1tNo
+7kd9R3WDL1D34hG7kgDTAaqbcBPDUc7gin8bTkZ3TJ6b7cUJrwh9XCwWXTcOlJ1O
+5wXeF9mATyHZGwChOrroiEzDkRoOdePj0sKNZZRopjOVZ50d/X8JMCmW/x8lvOui
+R+uDTotH9+sb3tghJ0cmpVKkFC0pXS/0DB5qVHrohJdkwLRu8AX3CWbcQgHWg7BR
+ZbQ6TamQB8AlXdYj8Fs7m7DMkkmBxjrQUu3s7FRTALxp/lqMcoaZy+bdBzd59GaO
+FQ==
+-----END CERTIFICATE-----