test: aAissuingDistributionPoint X.509v3 extension

Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26174)
2025-01-18 13:44:20 +08:00 · 2024-12-13 06:52:25 +00:00 · 2024-12-13 06:52:25 +00:00 · 635ad41cd9
commit 635ad41cd9
parent 7346348779
2 changed files with 34 additions and 1 deletions
--- a/test/certs/ext-aAissuingDistributionPoint.pem
+++ b/test/certs/ext-aAissuingDistributionPoint.pem
@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBtDCCAaCgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDA1
+MjIzWhgPMjAyMTA4MzEwMDUyMjNaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozswOTA3BgNVHT8EMDAuoCKgIKQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgQIFIIIB/4QB/zALBgkqhkiG
+9w0BAQUDAQA=
+-----END CERTIFICATE-----
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;

 setup("test_x509");

-plan tests => 126;
+plan tests => 132;

 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@ -400,6 +400,7 @@ cert_contains($attr_map_cert,
 cert_contains($attr_map_cert,
              "commonName:asdf == localityName:03:3E",
              1, 'X.509 Attribute Mappings');
+
 my $aaa_cert = srctop_file(@certs, "ext-allowedAttributeAssignments.pem");
 cert_contains($aaa_cert,
              "Attribute Type: commonName",
@ -408,6 +409,26 @@ cert_contains($aaa_cert,
              "Holder Domain: email:jonathan.wilbur",
              1, 'X.509 Allowed Attribute Assignments');

+my $aa_idp_cert = srctop_file(@certs, "ext-aAissuingDistributionPoint.pem");
+cert_contains($aa_idp_cert,
+              "DirName:CN = Wildboar",
+              1, 'X.509 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              "CA Compromise",
+              1, 'X.509 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              "Indirect CRL: TRUE",
+              1, 'X.509 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              "Contains User Attribute Certificates: TRUE",
+              1, 'X.509 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              "Contains Attribute Authority \\(AA\\) Certificates: TRUE",
+              1, 'X.509 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              "Contains Source Of Authority \\(SOA\\) Public Key Certificates: TRUE",
+              1, 'X.509 Attribute Authority Issuing Distribution Point');
+
 sub test_errors { # actually tests diagnostics of OSSL_STORE
    my ($expected, $cert, @opts) = @_;
    my $infile = srctop_file(@certs, $cert);