2016-11-20 03:24:17 +08:00
|
|
|
#! /usr/bin/env perl
|
2020-06-04 21:33:57 +08:00
|
|
|
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
2016-11-20 03:24:17 +08:00
|
|
|
#
|
2018-12-06 20:05:25 +08:00
|
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-11-20 03:24:17 +08:00
|
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
|
|
# in the file LICENSE in the source distribution or at
|
|
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
|
2017-02-20 09:49:13 +08:00
|
|
|
use File::Spec::Functions;
|
2017-07-12 18:42:16 +08:00
|
|
|
use File::Copy;
|
2016-11-20 03:24:17 +08:00
|
|
|
use MIME::Base64;
|
2017-02-07 23:30:31 +08:00
|
|
|
use OpenSSL::Test qw(:DEFAULT srctop_file srctop_dir bldtop_file data_file);
|
2017-09-04 18:47:12 +08:00
|
|
|
use OpenSSL::Test::Utils;
|
2016-11-20 03:24:17 +08:00
|
|
|
|
|
|
|
my $test_name = "test_store";
|
|
|
|
setup($test_name);
|
|
|
|
|
2018-05-30 20:25:46 +08:00
|
|
|
my $mingw = config('target') =~ m|^mingw|;
|
2020-05-05 20:04:30 +08:00
|
|
|
|
|
|
|
my $use_md5 = !disabled("md5");
|
|
|
|
my $use_des = !disabled("des"); # also affects 3des and pkcs12 app
|
|
|
|
my $use_dsa = !disabled("dsa");
|
|
|
|
my $use_ecc = !disabled("ec");
|
2018-05-30 20:25:46 +08:00
|
|
|
|
2016-11-20 03:24:17 +08:00
|
|
|
my @noexist_files =
|
|
|
|
( "test/blahdiblah.pem",
|
|
|
|
"test/blahdibleh.der" );
|
|
|
|
my @src_files =
|
|
|
|
( "test/testx509.pem",
|
|
|
|
"test/testrsa.pem",
|
|
|
|
"test/testrsapub.pem",
|
|
|
|
"test/testcrl.pem",
|
|
|
|
"apps/server.pem" );
|
|
|
|
my @generated_files =
|
|
|
|
(
|
|
|
|
### generated from the source files
|
|
|
|
|
|
|
|
"testx509.der",
|
|
|
|
"testrsa.der",
|
|
|
|
"testrsapub.der",
|
|
|
|
"testcrl.der",
|
|
|
|
|
|
|
|
### generated locally
|
|
|
|
|
|
|
|
"rsa-key-pkcs1.pem", "rsa-key-pkcs1.der",
|
|
|
|
"rsa-key-pkcs1-aes128.pem",
|
|
|
|
"rsa-key-pkcs8.pem", "rsa-key-pkcs8.der",
|
|
|
|
"rsa-key-pkcs8-pbes2-sha1.pem", "rsa-key-pkcs8-pbes2-sha1.der",
|
2020-05-05 20:04:30 +08:00
|
|
|
"rsa-key-pkcs8-pbes2-sha256.pem", "rsa-key-pkcs8-pbes2-sha256.der",
|
|
|
|
);
|
|
|
|
push(@generated_files, (
|
|
|
|
"rsa-key-pkcs8-pbes1-sha1-3des.pem", "rsa-key-pkcs8-pbes1-sha1-3des.der",
|
|
|
|
)) if $use_des;
|
|
|
|
push(@generated_files, (
|
2016-11-20 03:24:17 +08:00
|
|
|
"rsa-key-sha1-3des-sha1.p12", "rsa-key-sha1-3des-sha256.p12",
|
|
|
|
"rsa-key-aes256-cbc-sha256.p12",
|
|
|
|
"rsa-key-md5-des-sha1.p12",
|
2020-05-05 20:04:30 +08:00
|
|
|
"rsa-key-aes256-cbc-md5-des-sha256.p12"
|
|
|
|
)) if $use_des;
|
|
|
|
push(@generated_files, (
|
|
|
|
"rsa-key-pkcs8-pbes1-md5-des.pem", "rsa-key-pkcs8-pbes1-md5-des.der"
|
|
|
|
)) if $use_md5 && $use_des;
|
|
|
|
push(@generated_files, (
|
2016-11-20 03:24:17 +08:00
|
|
|
"dsa-key-pkcs1.pem", "dsa-key-pkcs1.der",
|
|
|
|
"dsa-key-pkcs1-aes128.pem",
|
|
|
|
"dsa-key-pkcs8.pem", "dsa-key-pkcs8.der",
|
|
|
|
"dsa-key-pkcs8-pbes2-sha1.pem", "dsa-key-pkcs8-pbes2-sha1.der",
|
2020-05-05 20:04:30 +08:00
|
|
|
)) if $use_dsa;
|
|
|
|
push(@generated_files, "dsa-key-aes256-cbc-sha256.p12") if $use_dsa && $use_des;
|
|
|
|
push(@generated_files, (
|
2016-11-20 03:24:17 +08:00
|
|
|
"ec-key-pkcs1.pem", "ec-key-pkcs1.der",
|
|
|
|
"ec-key-pkcs1-aes128.pem",
|
|
|
|
"ec-key-pkcs8.pem", "ec-key-pkcs8.der",
|
|
|
|
"ec-key-pkcs8-pbes2-sha1.pem", "ec-key-pkcs8-pbes2-sha1.der",
|
2020-05-05 20:04:30 +08:00
|
|
|
)) if $use_ecc;
|
|
|
|
push(@generated_files, "ec-key-aes256-cbc-sha256.p12") if $use_ecc && $use_des;
|
2017-07-12 18:42:16 +08:00
|
|
|
my %generated_file_files =
|
|
|
|
$^O eq 'linux'
|
|
|
|
? ( "test/testx509.pem" => "file:testx509.pem",
|
|
|
|
"test/testrsa.pem" => "file:testrsa.pem",
|
|
|
|
"test/testrsapub.pem" => "file:testrsapub.pem",
|
|
|
|
"test/testcrl.pem" => "file:testcrl.pem",
|
|
|
|
"apps/server.pem" => "file:server.pem" )
|
|
|
|
: ();
|
|
|
|
my @noexist_file_files =
|
|
|
|
( "file:blahdiblah.pem",
|
|
|
|
"file:test/blahdibleh.der" );
|
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
# There is more than one method to get a 'file:' loader.
|
|
|
|
# The default is a built-in provider implementation.
|
|
|
|
# However, there is also an engine, specially for testing purposes.
|
|
|
|
#
|
|
|
|
# @methods is a collection of extra 'openssl storeutl' arguments used to
|
|
|
|
# try the different methods.
|
|
|
|
my @methods;
|
|
|
|
push @methods, [qw(-provider default -provider legacy)];
|
|
|
|
push @methods, [qw(-engine loader_attic)]
|
|
|
|
unless disabled('dynamic-engine') || disabled('deprecated-3.0');
|
|
|
|
|
|
|
|
my $n = scalar @methods
|
|
|
|
* ( (3 * scalar @noexist_files)
|
|
|
|
+ (6 * scalar @src_files)
|
|
|
|
+ (4 * scalar @generated_files)
|
|
|
|
+ (scalar keys %generated_file_files)
|
|
|
|
+ (scalar @noexist_file_files)
|
|
|
|
+ 3
|
|
|
|
+ 11 );
|
|
|
|
|
|
|
|
plan skip_all => "No plan" if $n == 0;
|
2016-11-20 03:24:17 +08:00
|
|
|
|
|
|
|
plan tests => $n;
|
|
|
|
|
|
|
|
indir "store_$$" => sub {
|
|
|
|
SKIP:
|
|
|
|
{
|
2020-05-05 20:04:30 +08:00
|
|
|
init() or die "init failed";
|
2016-11-20 03:24:17 +08:00
|
|
|
|
2017-02-20 09:49:13 +08:00
|
|
|
my $rehash = init_rehash();
|
2017-07-29 18:23:00 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
foreach my $method (@methods) {
|
|
|
|
my @storeutl = ( qw(openssl storeutl), @$method );
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
foreach (@noexist_files) {
|
|
|
|
my $file = srctop_file($_);
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(!run(app([@storeutl, "-noout", $file])));
|
|
|
|
ok(!run(app([@storeutl, "-noout", to_abs_file($file)])));
|
|
|
|
{
|
|
|
|
local $ENV{MSYS2_ARG_CONV_EXCL} = "file:";
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(!run(app([@storeutl, "-noout",
|
|
|
|
to_abs_file_uri($file)])));
|
|
|
|
}
|
2017-09-02 04:42:49 +08:00
|
|
|
}
|
2020-07-23 23:34:26 +08:00
|
|
|
foreach (@src_files) {
|
|
|
|
my $file = srctop_file($_);
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(run(app([@storeutl, "-noout", $file])));
|
|
|
|
ok(run(app([@storeutl, "-noout", to_abs_file($file)])));
|
|
|
|
SKIP:
|
|
|
|
{
|
|
|
|
skip "file: tests disabled on MingW", 4 if $mingw;
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(run(app([@storeutl, "-noout",
|
|
|
|
to_abs_file_uri($file)])));
|
|
|
|
ok(run(app([@storeutl, "-noout",
|
|
|
|
to_abs_file_uri($file, 0, "")])));
|
|
|
|
ok(run(app([@storeutl, "-noout",
|
|
|
|
to_abs_file_uri($file, 0, "localhost")])));
|
|
|
|
ok(!run(app([@storeutl, "-noout",
|
|
|
|
to_abs_file_uri($file, 0, "dummy")])));
|
|
|
|
}
|
2017-09-02 04:42:49 +08:00
|
|
|
}
|
2020-07-23 23:34:26 +08:00
|
|
|
foreach (@generated_files) {
|
|
|
|
ok(run(app([@storeutl, "-noout", "-passin",
|
|
|
|
"pass:password", $_])));
|
|
|
|
ok(run(app([@storeutl, "-noout", "-passin",
|
|
|
|
"pass:password", to_abs_file($_)])));
|
|
|
|
|
|
|
|
SKIP:
|
|
|
|
{
|
|
|
|
skip "file: tests disabled on MingW", 2 if $mingw;
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(run(app([@storeutl, "-noout", "-passin",
|
|
|
|
"pass:password", to_abs_file_uri($_)])));
|
|
|
|
ok(!run(app([@storeutl, "-noout", "-passin",
|
|
|
|
"pass:password", to_file_uri($_)])));
|
|
|
|
}
|
2018-05-30 20:25:46 +08:00
|
|
|
}
|
2020-07-23 23:34:26 +08:00
|
|
|
foreach (values %generated_file_files) {
|
|
|
|
SKIP:
|
|
|
|
{
|
|
|
|
skip "file: tests disabled on MingW", 1 if $mingw;
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(run(app([@storeutl, "-noout", $_])));
|
|
|
|
}
|
2018-05-30 20:25:46 +08:00
|
|
|
}
|
2020-07-23 23:34:26 +08:00
|
|
|
foreach (@noexist_file_files) {
|
|
|
|
SKIP:
|
|
|
|
{
|
|
|
|
skip "file: tests disabled on MingW", 1 if $mingw;
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(!run(app([@storeutl, "-noout", $_])));
|
|
|
|
}
|
|
|
|
}
|
Avoid unnecessary MSYS2 conversion of some arguments
Fixes #4740
The MSYS2 run-time convert arguments that look like paths when
executing a program unless that application is linked with the MSYS
run-time. The exact conversion rules are listed here:
http://www.mingw.org/wiki/Posix_path_conversion
With the built-in configurations (all having names starting with
"mingw"), the openssl application is not linked with the MSYS2
run-time, and therefore, it will receive possibly converted arguments
from the process that executes it. This conversion is fine for normal
path arguments, but it happens that some arguments to the openssl
application get converted when they shouldn't. In one case, it's
arguments like '-passin file:something', and in another, it's a file:
URI (what typically happens is that URIs without an authority
component get converted, 'cause the conversion mechanism doesn't
recognise them as URIs).
To avoid conversion where we don't want it, we simply assign
MSYS2_ARG_CONV_EXCL a pattern to avoid specific conversions. As a
precaution, we only do this where we obviously need it.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4765)
2017-11-21 22:09:59 +08:00
|
|
|
{
|
2020-07-23 23:34:26 +08:00
|
|
|
my $dir = srctop_dir("test", "certs");
|
|
|
|
|
|
|
|
ok(run(app([@storeutl, "-noout", $dir])));
|
|
|
|
ok(run(app([@storeutl, "-noout", to_abs_file($dir, 1)])));
|
|
|
|
SKIP:
|
|
|
|
{
|
|
|
|
skip "file: tests disabled on MingW", 1 if $mingw;
|
2017-09-02 04:42:49 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(run(app([@storeutl, "-noout",
|
|
|
|
to_abs_file_uri($dir, 1)])));
|
|
|
|
}
|
2017-09-02 04:42:49 +08:00
|
|
|
}
|
2017-02-11 11:02:32 +08:00
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
ok(!run(app([@storeutl, '-noout',
|
|
|
|
'-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
|
|
|
|
srctop_file('test', 'testx509.pem')])),
|
|
|
|
"Checking that -subject can't be used with a single file");
|
|
|
|
|
|
|
|
ok(run(app([@storeutl, '-certs', '-noout',
|
|
|
|
srctop_file('test', 'testx509.pem')])),
|
|
|
|
"Checking that -certs returns 1 object on a certificate file");
|
|
|
|
ok(run(app([@storeutl, '-certs', '-noout',
|
|
|
|
srctop_file('test', 'testcrl.pem')])),
|
|
|
|
"Checking that -certs returns 0 objects on a CRL file");
|
|
|
|
|
|
|
|
ok(run(app([@storeutl, '-crls', '-noout',
|
|
|
|
srctop_file('test', 'testx509.pem')])),
|
|
|
|
"Checking that -crls returns 0 objects on a certificate file");
|
|
|
|
ok(run(app([@storeutl, '-crls', '-noout',
|
|
|
|
srctop_file('test', 'testcrl.pem')])),
|
|
|
|
"Checking that -crls returns 1 object on a CRL file");
|
|
|
|
|
|
|
|
SKIP: {
|
|
|
|
skip "failed rehash initialisation", 6 unless $rehash;
|
|
|
|
|
|
|
|
# subject from testx509.pem:
|
|
|
|
# '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert'
|
|
|
|
# issuer from testcrl.pem:
|
|
|
|
# '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority'
|
|
|
|
ok(run(app([@storeutl, '-noout',
|
|
|
|
'-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
|
|
|
|
catdir(curdir(), 'rehash')])));
|
|
|
|
ok(run(app([@storeutl, '-noout',
|
|
|
|
'-subject',
|
|
|
|
'/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
|
|
|
|
catdir(curdir(), 'rehash')])));
|
|
|
|
ok(run(app([@storeutl, '-noout', '-certs',
|
|
|
|
'-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
|
|
|
|
catdir(curdir(), 'rehash')])));
|
|
|
|
ok(run(app([@storeutl, '-noout', '-crls',
|
|
|
|
'-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
|
|
|
|
catdir(curdir(), 'rehash')])));
|
|
|
|
ok(run(app([@storeutl, '-noout', '-certs',
|
|
|
|
'-subject',
|
|
|
|
'/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
|
|
|
|
catdir(curdir(), 'rehash')])));
|
|
|
|
ok(run(app([@storeutl, '-noout', '-crls',
|
|
|
|
'-subject',
|
|
|
|
'/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
|
|
|
|
catdir(curdir(), 'rehash')])));
|
|
|
|
}
|
2017-02-20 09:49:13 +08:00
|
|
|
}
|
2016-11-20 03:24:17 +08:00
|
|
|
}
|
|
|
|
}, create => 1, cleanup => 1;
|
|
|
|
|
|
|
|
sub init {
|
2020-05-05 20:04:30 +08:00
|
|
|
my $cnf = srctop_file('test', 'ca-and-certs.cnf');
|
|
|
|
my $cakey = srctop_file('test', 'certs', 'ca-key.pem');
|
2020-07-23 23:34:26 +08:00
|
|
|
my @std_args = qw(-provider default -provider legacy);
|
2016-11-20 03:24:17 +08:00
|
|
|
return (
|
|
|
|
# rsa-key-pkcs1.pem
|
2020-07-23 23:34:26 +08:00
|
|
|
run(app(["openssl", "pkey", @std_args,
|
2020-05-05 20:04:30 +08:00
|
|
|
"-in", data_file("rsa-key-2432.pem"),
|
|
|
|
"-out", "rsa-key-pkcs1.pem"]))
|
2016-11-20 03:24:17 +08:00
|
|
|
# rsa-key-pkcs1-aes128.pem
|
2020-07-23 23:34:26 +08:00
|
|
|
&& run(app(["openssl", "rsa", @std_args,
|
|
|
|
"-passout", "pass:password", "-aes128",
|
2016-11-20 03:24:17 +08:00
|
|
|
"-in", "rsa-key-pkcs1.pem",
|
|
|
|
"-out", "rsa-key-pkcs1-aes128.pem"]))
|
2020-05-05 20:04:30 +08:00
|
|
|
# dsa-key-pkcs1.pem
|
2020-07-23 23:34:26 +08:00
|
|
|
&& (!$use_dsa
|
|
|
|
|| run(app(["openssl", "gendsa", @std_args,
|
|
|
|
"-out", "dsa-key-pkcs1.pem",
|
|
|
|
data_file("dsaparam.pem")])))
|
2016-11-20 03:24:17 +08:00
|
|
|
# dsa-key-pkcs1-aes128.pem
|
2020-07-23 23:34:26 +08:00
|
|
|
&& (!$use_dsa
|
|
|
|
|| run(app(["openssl", "dsa", @std_args,
|
|
|
|
"-passout", "pass:password", "-aes128",
|
|
|
|
"-in", "dsa-key-pkcs1.pem",
|
|
|
|
"-out", "dsa-key-pkcs1-aes128.pem"])))
|
2020-05-05 20:04:30 +08:00
|
|
|
# ec-key-pkcs1.pem (one might think that 'genec' would be practical)
|
2020-07-23 23:34:26 +08:00
|
|
|
&& (!$use_ecc
|
|
|
|
|| run(app(["openssl", "ecparam", @std_args,
|
|
|
|
"-genkey",
|
|
|
|
"-name", "prime256v1",
|
|
|
|
"-out", "ec-key-pkcs1.pem"])))
|
2016-11-20 03:24:17 +08:00
|
|
|
# ec-key-pkcs1-aes128.pem
|
2020-07-23 23:34:26 +08:00
|
|
|
&& (!$use_ecc
|
|
|
|
|| run(app(["openssl", "ec", @std_args,
|
|
|
|
"-passout", "pass:password", "-aes128",
|
|
|
|
"-in", "ec-key-pkcs1.pem",
|
|
|
|
"-out", "ec-key-pkcs1-aes128.pem"])))
|
2016-11-20 03:24:17 +08:00
|
|
|
# *-key-pkcs8.pem
|
|
|
|
&& runall(sub {
|
|
|
|
my $dstfile = shift;
|
|
|
|
(my $srcfile = $dstfile)
|
|
|
|
=~ s/-key-pkcs8\.pem$/-key-pkcs1.pem/i;
|
2020-07-23 23:34:26 +08:00
|
|
|
run(app(["openssl", "pkcs8", @std_args,
|
|
|
|
"-topk8", "-nocrypt",
|
2016-11-20 03:24:17 +08:00
|
|
|
"-in", $srcfile, "-out", $dstfile]));
|
|
|
|
}, grep(/-key-pkcs8\.pem$/, @generated_files))
|
|
|
|
# *-key-pkcs8-pbes1-sha1-3des.pem
|
|
|
|
&& runall(sub {
|
|
|
|
my $dstfile = shift;
|
|
|
|
(my $srcfile = $dstfile)
|
|
|
|
=~ s/-key-pkcs8-pbes1-sha1-3des\.pem$
|
|
|
|
/-key-pkcs8.pem/ix;
|
2020-07-23 23:34:26 +08:00
|
|
|
run(app(["openssl", "pkcs8", @std_args,
|
|
|
|
"-topk8",
|
2016-11-20 03:24:17 +08:00
|
|
|
"-passout", "pass:password",
|
|
|
|
"-v1", "pbeWithSHA1And3-KeyTripleDES-CBC",
|
|
|
|
"-in", $srcfile, "-out", $dstfile]));
|
|
|
|
}, grep(/-key-pkcs8-pbes1-sha1-3des\.pem$/, @generated_files))
|
|
|
|
# *-key-pkcs8-pbes1-md5-des.pem
|
|
|
|
&& runall(sub {
|
|
|
|
my $dstfile = shift;
|
|
|
|
(my $srcfile = $dstfile)
|
|
|
|
=~ s/-key-pkcs8-pbes1-md5-des\.pem$
|
|
|
|
/-key-pkcs8.pem/ix;
|
2020-07-23 23:34:26 +08:00
|
|
|
run(app(["openssl", "pkcs8", @std_args,
|
|
|
|
"-topk8",
|
2016-11-20 03:24:17 +08:00
|
|
|
"-passout", "pass:password",
|
|
|
|
"-v1", "pbeWithSHA1And3-KeyTripleDES-CBC",
|
|
|
|
"-in", $srcfile, "-out", $dstfile]));
|
|
|
|
}, grep(/-key-pkcs8-pbes1-md5-des\.pem$/, @generated_files))
|
|
|
|
# *-key-pkcs8-pbes2-sha1.pem
|
|
|
|
&& runall(sub {
|
|
|
|
my $dstfile = shift;
|
|
|
|
(my $srcfile = $dstfile)
|
|
|
|
=~ s/-key-pkcs8-pbes2-sha1\.pem$
|
|
|
|
/-key-pkcs8.pem/ix;
|
2020-07-23 23:34:26 +08:00
|
|
|
run(app(["openssl", "pkcs8", @std_args,
|
|
|
|
"-topk8",
|
2016-11-20 03:24:17 +08:00
|
|
|
"-passout", "pass:password",
|
|
|
|
"-v2", "aes256", "-v2prf", "hmacWithSHA1",
|
|
|
|
"-in", $srcfile, "-out", $dstfile]));
|
|
|
|
}, grep(/-key-pkcs8-pbes2-sha1\.pem$/, @generated_files))
|
|
|
|
# *-key-pkcs8-pbes2-sha1.pem
|
|
|
|
&& runall(sub {
|
|
|
|
my $dstfile = shift;
|
|
|
|
(my $srcfile = $dstfile)
|
|
|
|
=~ s/-key-pkcs8-pbes2-sha256\.pem$
|
|
|
|
/-key-pkcs8.pem/ix;
|
2020-07-23 23:34:26 +08:00
|
|
|
run(app(["openssl", "pkcs8", @std_args,
|
|
|
|
"-topk8",
|
2016-11-20 03:24:17 +08:00
|
|
|
"-passout", "pass:password",
|
|
|
|
"-v2", "aes256", "-v2prf", "hmacWithSHA256",
|
|
|
|
"-in", $srcfile, "-out", $dstfile]));
|
|
|
|
}, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
|
2016-12-05 22:13:01 +08:00
|
|
|
# *-cert.pem (intermediary for the .p12 inits)
|
2020-07-23 23:34:26 +08:00
|
|
|
&& run(app(["openssl", "req", "-x509", @std_args,
|
2020-05-11 21:41:08 +08:00
|
|
|
"-config", $cnf, "-noenc",
|
2020-05-05 20:04:30 +08:00
|
|
|
"-key", $cakey, "-out", "cacert.pem"]))
|
2016-12-05 22:13:01 +08:00
|
|
|
&& runall(sub {
|
|
|
|
my $srckey = shift;
|
|
|
|
(my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|;
|
|
|
|
(my $csr = $dstfile) =~ s|\.pem|.csr|;
|
|
|
|
|
2020-07-23 23:34:26 +08:00
|
|
|
(run(app(["openssl", "req", "-new", @std_args,
|
2020-05-05 20:04:30 +08:00
|
|
|
"-config", $cnf, "-section", "userreq",
|
2016-12-05 22:13:01 +08:00
|
|
|
"-key", $srckey, "-out", $csr]))
|
|
|
|
&&
|
2020-07-23 23:34:26 +08:00
|
|
|
run(app(["openssl", "x509", @std_args,
|
|
|
|
"-days", "3650",
|
2016-12-05 22:13:01 +08:00
|
|
|
"-CA", "cacert.pem",
|
2020-05-05 20:04:30 +08:00
|
|
|
"-CAkey", $cakey,
|
2016-12-05 22:13:01 +08:00
|
|
|
"-set_serial", time(), "-req",
|
|
|
|
"-in", $csr, "-out", $dstfile])));
|
|
|
|
}, grep(/-key-pkcs8\.pem$/, @generated_files))
|
|
|
|
# *.p12
|
|
|
|
&& runall(sub {
|
|
|
|
my $dstfile = shift;
|
|
|
|
my ($type, $certpbe_index, $keypbe_index,
|
|
|
|
$macalg_index) =
|
|
|
|
$dstfile =~ m{^(.*)-key-(?|
|
|
|
|
# cert and key PBE are same
|
|
|
|
() #
|
|
|
|
([^-]*-[^-]*)- # key & cert PBE
|
|
|
|
([^-]*) # MACalg
|
|
|
|
|
|
|
|
|
# cert and key PBE are not same
|
|
|
|
([^-]*-[^-]*)- # cert PBE
|
|
|
|
([^-]*-[^-]*)- # key PBE
|
|
|
|
([^-]*) # MACalg
|
|
|
|
)\.}x;
|
|
|
|
if (!$certpbe_index) {
|
|
|
|
$certpbe_index = $keypbe_index;
|
|
|
|
}
|
|
|
|
my $srckey = "$type-key-pkcs8.pem";
|
|
|
|
my $srccert = "$type-cert.pem";
|
|
|
|
my %pbes =
|
|
|
|
(
|
|
|
|
"sha1-3des" => "pbeWithSHA1And3-KeyTripleDES-CBC",
|
|
|
|
"md5-des" => "pbeWithMD5AndDES-CBC",
|
|
|
|
"aes256-cbc" => "AES-256-CBC",
|
|
|
|
);
|
|
|
|
my %macalgs =
|
|
|
|
(
|
|
|
|
"sha1" => "SHA1",
|
|
|
|
"sha256" => "SHA256",
|
|
|
|
);
|
|
|
|
my $certpbe = $pbes{$certpbe_index};
|
|
|
|
my $keypbe = $pbes{$keypbe_index};
|
|
|
|
my $macalg = $macalgs{$macalg_index};
|
|
|
|
if (!defined($certpbe) || !defined($keypbe)
|
|
|
|
|| !defined($macalg)) {
|
2020-05-05 20:04:30 +08:00
|
|
|
print STDERR "Cert PBE for $certpbe_index not defined\n"
|
2016-12-05 22:13:01 +08:00
|
|
|
unless defined $certpbe;
|
2020-05-05 20:04:30 +08:00
|
|
|
print STDERR "Key PBE for $keypbe_index not defined\n"
|
2016-12-05 22:13:01 +08:00
|
|
|
unless defined $keypbe;
|
|
|
|
print STDERR "MACALG for $macalg_index not defined\n"
|
|
|
|
unless defined $macalg;
|
|
|
|
print STDERR "(destination file was $dstfile)\n";
|
|
|
|
return 0;
|
|
|
|
}
|
2020-07-23 23:34:26 +08:00
|
|
|
run(app(["openssl", "pkcs12", @std_args,
|
2020-05-05 20:04:30 +08:00
|
|
|
"-inkey", $srckey,
|
2016-12-05 22:13:01 +08:00
|
|
|
"-in", $srccert, "-passout", "pass:password",
|
2020-05-05 20:18:46 +08:00
|
|
|
"-chain", "-CAfile", "cacert.pem",
|
2016-12-05 22:13:01 +08:00
|
|
|
"-export", "-macalg", $macalg,
|
|
|
|
"-certpbe", $certpbe, "-keypbe", $keypbe,
|
|
|
|
"-out", $dstfile]));
|
|
|
|
}, grep(/\.p12/, @generated_files))
|
2016-11-20 03:24:17 +08:00
|
|
|
# *.der (the end all init)
|
|
|
|
&& runall(sub {
|
|
|
|
my $dstfile = shift;
|
|
|
|
(my $srcfile = $dstfile) =~ s/\.der$/.pem/i;
|
|
|
|
if (! -f $srcfile) {
|
|
|
|
$srcfile = srctop_file("test", $srcfile);
|
|
|
|
}
|
|
|
|
my $infh;
|
|
|
|
unless (open $infh, $srcfile) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
my $l;
|
|
|
|
while (($l = <$infh>) !~ /^-----BEGIN\s/
|
|
|
|
|| $l =~ /^-----BEGIN.*PARAMETERS-----/) {
|
|
|
|
}
|
|
|
|
my $b64 = "";
|
|
|
|
while (($l = <$infh>) !~ /^-----END\s/) {
|
|
|
|
$l =~ s|\R$||;
|
|
|
|
$b64 .= $l unless $l =~ /:/;
|
|
|
|
}
|
|
|
|
close $infh;
|
|
|
|
my $der = decode_base64($b64);
|
|
|
|
unless (length($b64) / 4 * 3 - length($der) < 3) {
|
|
|
|
print STDERR "Length error, ",length($b64),
|
|
|
|
" bytes of base64 became ",length($der),
|
|
|
|
" bytes of der? ($srcfile => $dstfile)\n";
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
my $outfh;
|
|
|
|
unless (open $outfh, ">:raw", $dstfile) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
print $outfh $der;
|
|
|
|
close $outfh;
|
|
|
|
return 1;
|
|
|
|
}, grep(/\.der$/, @generated_files))
|
2017-07-12 18:42:16 +08:00
|
|
|
&& runall(sub {
|
|
|
|
my $srcfile = shift;
|
|
|
|
my $dstfile = $generated_file_files{$srcfile};
|
|
|
|
|
|
|
|
unless (copy srctop_file($srcfile), $dstfile) {
|
|
|
|
warn "$!\n";
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}, keys %generated_file_files)
|
2016-11-20 03:24:17 +08:00
|
|
|
);
|
|
|
|
}
|
2017-02-20 09:49:13 +08:00
|
|
|
|
|
|
|
sub init_rehash {
|
|
|
|
return (
|
|
|
|
mkdir(catdir(curdir(), 'rehash'))
|
|
|
|
&& copy(srctop_file('test', 'testx509.pem'),
|
|
|
|
catdir(curdir(), 'rehash'))
|
|
|
|
&& copy(srctop_file('test', 'testcrl.pem'),
|
|
|
|
catdir(curdir(), 'rehash'))
|
|
|
|
&& run(app(['openssl', 'rehash', catdir(curdir(), 'rehash')]))
|
|
|
|
);
|
|
|
|
}
|
2016-11-20 03:24:17 +08:00
|
|
|
|
|
|
|
sub runall {
|
|
|
|
my ($function, @items) = @_;
|
|
|
|
|
|
|
|
foreach (@items) {
|
|
|
|
return 0 unless $function->($_);
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
# According to RFC8089, a relative file: path is invalid. We still produce
|
|
|
|
# them for testing purposes.
|
2017-07-11 15:48:08 +08:00
|
|
|
sub to_file_uri {
|
2016-11-20 03:24:17 +08:00
|
|
|
my ($file, $isdir, $authority) = @_;
|
|
|
|
my $vol;
|
|
|
|
my $dir;
|
|
|
|
|
2017-07-11 15:48:08 +08:00
|
|
|
die "to_file_uri: No file given\n" if !defined($file) || $file eq '';
|
2016-11-20 03:24:17 +08:00
|
|
|
|
|
|
|
($vol, $dir, $file) = File::Spec->splitpath($file, $isdir // 0);
|
|
|
|
|
|
|
|
# Make sure we have a Unix style directory.
|
|
|
|
$dir = join('/', File::Spec->splitdir($dir));
|
|
|
|
# Canonicalise it (note: it seems to be only needed on Unix)
|
|
|
|
while (1) {
|
|
|
|
my $newdir = $dir;
|
|
|
|
$newdir =~ s|/[^/]*[^/\.]+[^/]*/\.\./|/|g;
|
|
|
|
last if $newdir eq $dir;
|
|
|
|
$dir = $newdir;
|
|
|
|
}
|
|
|
|
# Take care of the corner cases the loop can't handle, and that $dir
|
|
|
|
# ends with a / unless it's empty
|
|
|
|
$dir =~ s|/[^/]*[^/\.]+[^/]*/\.\.$|/|;
|
|
|
|
$dir =~ s|^[^/]*[^/\.]+[^/]*/\.\./|/|;
|
|
|
|
$dir =~ s|^[^/]*[^/\.]+[^/]*/\.\.$||;
|
|
|
|
if ($isdir // 0) {
|
|
|
|
$dir =~ s|/$|| if $dir ne '/';
|
|
|
|
} else {
|
|
|
|
$dir .= '/' if $dir ne '' && $dir !~ m|/$|;
|
|
|
|
}
|
|
|
|
|
|
|
|
# If the file system has separate volumes (at present, Windows and VMS)
|
|
|
|
# we need to handle them. In URIs, they are invariably the first
|
|
|
|
# component of the path, which is always absolute.
|
|
|
|
# On VMS, user:[foo.bar] translates to /user/foo/bar
|
|
|
|
# On Windows, c:\Users\Foo translates to /c:/Users/Foo
|
|
|
|
if ($vol ne '') {
|
|
|
|
$vol =~ s|:||g if ($^O eq "VMS");
|
|
|
|
$dir = '/' . $dir if $dir ne '' && $dir !~ m|^/|;
|
|
|
|
$dir = '/' . $vol . $dir;
|
|
|
|
}
|
|
|
|
$file = $dir . $file;
|
|
|
|
|
|
|
|
return "file://$authority$file" if defined $authority;
|
|
|
|
return "file:$file";
|
|
|
|
}
|
|
|
|
|
2017-07-11 15:51:04 +08:00
|
|
|
sub to_abs_file {
|
|
|
|
my ($file) = @_;
|
|
|
|
|
|
|
|
return File::Spec->rel2abs($file);
|
|
|
|
}
|
|
|
|
|
2017-07-11 15:48:08 +08:00
|
|
|
sub to_abs_file_uri {
|
2016-11-20 03:24:17 +08:00
|
|
|
my ($file, $isdir, $authority) = @_;
|
|
|
|
|
2017-07-11 15:48:08 +08:00
|
|
|
die "to_abs_file_uri: No file given\n" if !defined($file) || $file eq '';
|
|
|
|
return to_file_uri(to_abs_file($file), $isdir, $authority);
|
2016-11-20 03:24:17 +08:00
|
|
|
}
|