Blame - ap/lib/libssl/openssl-1.1.1o/test/recipes/25-test_req.t - R306

blob: 383120c234d9f1c967bddd814a065d733cbd8c1d [file] [log] [blame]

yuezonghe	824eb0c	2024-06-27 02:32:26 -0700	[diff] [blame]	1	#! /usr/bin/env perl
				2	# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
				3	#
				4	# Licensed under the OpenSSL license (the "License"). You may not use
				5	# this file except in compliance with the License. You can obtain a copy
				6	# in the file LICENSE in the source distribution or at
				7	# https://www.openssl.org/source/license.html
				8
				9
				10	use strict;
				11	use warnings;
				12
				13	use OpenSSL::Test::Utils;
				14	use OpenSSL::Test qw/:DEFAULT srctop_file/;
				15
				16	setup("test_req");
				17
				18	plan tests => 14;
				19
				20	require_ok(srctop_file('test','recipes','tconversion.pl'));
				21
				22	open RND, ">>", ".rnd";
				23	print RND "string to make the random number generator think it has randomness";
				24	close RND;
				25
				26	# What type of key to generate?
				27	my @req_new;
				28	if (disabled("rsa")) {
				29	@req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
				30	} else {
				31	@req_new = ("-new");
				32	note("There should be a 2 sequences of .'s and some +'s.");
				33	note("There should not be more that at most 80 per line");
				34	}
				35
				36	# Check for duplicate -addext parameters, and one "working" case.
				37	my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
				38	"-config", srctop_file("test", "test.cnf"), @req_new );
				39	my $val = "subjectAltName=DNS:example.com";
				40	my $val2 = " " . $val;
				41	my $val3 = $val;
				42	$val3 =~ s/=/ =/;
				43	ok( run(app([@addext_args, "-addext", $val])));
				44	ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
				45	ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
				46	ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
				47	ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
				48
				49	subtest "generating certificate requests with RSA" => sub {
				50	plan tests => 6;
				51
				52	SKIP: {
				53	skip "RSA is not supported by this OpenSSL build", 2
				54	if disabled("rsa");
				55
				56	ok(run(app(["openssl", "req",
				57	"-config", srctop_file("test", "test.cnf"),
				58	"-new", "-out", "testreq.pem", "-utf8",
				59	"-key", srctop_file("test", "testrsa.pem")])),
				60	"Generating request");
				61
				62	ok(run(app(["openssl", "req",
				63	"-config", srctop_file("test", "test.cnf"),
				64	"-verify", "-in", "testreq.pem", "-noout"])),
				65	"Verifying signature on request");
				66
				67	ok(run(app(["openssl", "req",
				68	"-config", srctop_file("test", "test.cnf"),
				69	"-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
				70	"-key", srctop_file("test", "testrsa_withattrs.pem")])),
				71	"Generating request from a key with extra attributes - PEM");
				72
				73	ok(run(app(["openssl", "req",
				74	"-config", srctop_file("test", "test.cnf"),
				75	"-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
				76	"Verifying signature on request from a key with extra attributes - PEM");
				77
				78	ok(run(app(["openssl", "req",
				79	"-config", srctop_file("test", "test.cnf"),
				80	"-new", "-out", "testreq_withattrs_der.pem", "-utf8",
				81	"-key", srctop_file("test", "testrsa_withattrs.der"),
				82	"-keyform", "DER"])),
				83	"Generating request from a key with extra attributes - PEM");
				84
				85	ok(run(app(["openssl", "req",
				86	"-config", srctop_file("test", "test.cnf"),
				87	"-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
				88	"Verifying signature on request from a key with extra attributes - PEM");
				89	}
				90	};
				91
				92	subtest "generating certificate requests with DSA" => sub {
				93	plan tests => 2;
				94
				95	SKIP: {
				96	skip "DSA is not supported by this OpenSSL build", 2
				97	if disabled("dsa");
				98
				99	ok(run(app(["openssl", "req",
				100	"-config", srctop_file("test", "test.cnf"),
				101	"-new", "-out", "testreq.pem", "-utf8",
				102	"-key", srctop_file("test", "testdsa.pem")])),
				103	"Generating request");
				104
				105	ok(run(app(["openssl", "req",
				106	"-config", srctop_file("test", "test.cnf"),
				107	"-verify", "-in", "testreq.pem", "-noout"])),
				108	"Verifying signature on request");
				109	}
				110	};
				111
				112	subtest "generating certificate requests with ECDSA" => sub {
				113	plan tests => 2;
				114
				115	SKIP: {
				116	skip "ECDSA is not supported by this OpenSSL build", 2
				117	if disabled("ec");
				118
				119	ok(run(app(["openssl", "req",
				120	"-config", srctop_file("test", "test.cnf"),
				121	"-new", "-out", "testreq.pem", "-utf8",
				122	"-key", srctop_file("test", "testec-p256.pem")])),
				123	"Generating request");
				124
				125	ok(run(app(["openssl", "req",
				126	"-config", srctop_file("test", "test.cnf"),
				127	"-verify", "-in", "testreq.pem", "-noout"])),
				128	"Verifying signature on request");
				129	}
				130	};
				131
				132	subtest "generating certificate requests with Ed25519" => sub {
				133	plan tests => 2;
				134
				135	SKIP: {
				136	skip "Ed25519 is not supported by this OpenSSL build", 2
				137	if disabled("ec");
				138
				139	ok(run(app(["openssl", "req",
				140	"-config", srctop_file("test", "test.cnf"),
				141	"-new", "-out", "testreq.pem", "-utf8",
				142	"-key", srctop_file("test", "tested25519.pem")])),
				143	"Generating request");
				144
				145	ok(run(app(["openssl", "req",
				146	"-config", srctop_file("test", "test.cnf"),
				147	"-verify", "-in", "testreq.pem", "-noout"])),
				148	"Verifying signature on request");
				149	}
				150	};
				151
				152	subtest "generating certificate requests with Ed448" => sub {
				153	plan tests => 2;
				154
				155	SKIP: {
				156	skip "Ed448 is not supported by this OpenSSL build", 2
				157	if disabled("ec");
				158
				159	ok(run(app(["openssl", "req",
				160	"-config", srctop_file("test", "test.cnf"),
				161	"-new", "-out", "testreq.pem", "-utf8",
				162	"-key", srctop_file("test", "tested448.pem")])),
				163	"Generating request");
				164
				165	ok(run(app(["openssl", "req",
				166	"-config", srctop_file("test", "test.cnf"),
				167	"-verify", "-in", "testreq.pem", "-noout"])),
				168	"Verifying signature on request");
				169	}
				170	};
				171
				172	subtest "generating certificate requests" => sub {
				173	plan tests => 2;
				174
				175	ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
				176	@req_new, "-out", "testreq.pem"])),
				177	"Generating request");
				178
				179	ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
				180	"-verify", "-in", "testreq.pem", "-noout"])),
				181	"Verifying signature on request");
				182	};
				183
				184	my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
				185
				186	run_conversion('req conversions',
				187	"testreq.pem");
				188	run_conversion('req conversions -- testreq2',
				189	srctop_file("test", "testreq2.pem"));
				190
				191	unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
				192
				193	sub run_conversion {
				194	my $title = shift;
				195	my $reqfile = shift;
				196
				197	subtest $title => sub {
				198	run(app(["openssl", @openssl_args,
				199	"-in", $reqfile, "-inform", "p",
				200	"-noout", "-text"],
				201	stderr => "req-check.err", stdout => undef));
				202	open DATA, "req-check.err";
				203	SKIP: {
				204	plan skip_all => "skipping req conversion test for $reqfile"
				205	if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
				206
				207	tconversion("req", $reqfile, @openssl_args);
				208	}
				209	close DATA;
				210	unlink "req-check.err";
				211
				212	done_testing();
				213	};
				214	}