2 # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
12 use OpenSSL::Test qw/:DEFAULT srctop_file/;
13 use OpenSSL::Test::Utils;
19 plan skip_all => "The PKCS12 command line utility is not supported by this OpenSSL build"
22 my $pass = "σύνθημα γνώρισμα";
25 if (eval { require Win32::API; 1; }) {
26 # Trouble is that Win32 perl uses CreateProcessA, which
27 # makes it problematic to pass non-ASCII arguments, from perl[!]
28 # that is. This is because CreateProcessA is just a wrapper for
29 # CreateProcessW and will call MultiByteToWideChar and use
30 # system default locale. Since we attempt Greek pass-phrase
31 # conversion can be done only with Greek locale.
33 Win32::API->Import("kernel32","UINT GetSystemDefaultLCID()");
34 if (GetSystemDefaultLCID() != 0x408) {
35 plan skip_all => "Non-Greek system locale";
37 # Ensure correct code page so that VERBOSE output is right.
38 Win32::API->Import("kernel32","UINT GetConsoleOutputCP()");
39 Win32::API->Import("kernel32","BOOL SetConsoleOutputCP(UINT cp)");
40 $savedcp = GetConsoleOutputCP();
41 SetConsoleOutputCP(1253);
42 $pass = Encode::encode("cp1253",Encode::decode("utf-8",$pass));
44 } elsif ($^O eq "MSWin32") {
45 plan skip_all => "Win32::API unavailable";
47 # Running MinGW tests transparently under Wine apparently requires
50 foreach(`locale -a`) {
52 if ($_ =~ m/^C\.UTF\-?8/i) {
58 $ENV{OPENSSL_WIN32_UTF8}=1;
62 # Test different PKCS#12 formats
63 ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
65 # just see that we can read shibboleth.pfx protected with $pass
66 ok(run(app(["openssl", "pkcs12", "-noout",
67 "-password", "pass:$pass",
68 "-in", srctop_file("test", "shibboleth.pfx")])),
71 my @path = qw(test certs);
72 my $tmpfile = "tmp.p12";
74 # Test the -chain option with -untrusted
75 ok(run(app(["openssl", "pkcs12", "-export", "-chain",
76 "-CAfile", srctop_file(@path, "sroot-cert.pem"),
77 "-untrusted", srctop_file(@path, "ca-cert.pem"),
78 "-in", srctop_file(@path, "ee-cert.pem"),
79 "-nokeys", "-passout", "pass:", "-out", $tmpfile])),
80 "test_pkcs12_chain_untrusted");
82 # Test the -passcerts option
83 ok(run(app(["openssl", "pkcs12", "-export",
84 "-in", srctop_file(@path, "ee-cert.pem"),
85 "-certfile", srctop_file(@path, "v3-certs-TDES.p12"),
86 "-passcerts", "pass:v3-certs",
87 "-nokeys", "-passout", "pass:v3-certs", "-descert",
89 "test_pkcs12_passcert");
92 # Test reading legacy PKCS#12 file
93 ok(run(app(["openssl", "pkcs12", "-export",
94 "-in", srctop_file(@path, "v3-certs-RC2.p12"),
95 "-passin", "pass:v3-certs",
96 "-provider", "default", "-provider", "legacy",
97 "-nokeys", "-passout", "pass:v3-certs", "-descert",
99 "test_pkcs12_passcert");
102 SetConsoleOutputCP($savedcp) if (defined($savedcp));