diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 0905232e35..9f4eaa2961 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -16,7 +16,11 @@ my $test_name = "test_store"; setup($test_name); my $mingw = config('target') =~ m|^mingw|; -my $cnf = srctop_file("test", "ca-and-certs.cnf"); + +my $use_md5 = !disabled("md5"); +my $use_des = !disabled("des"); # also affects 3des and pkcs12 app +my $use_dsa = !disabled("dsa"); +my $use_ecc = !disabled("ec"); my @noexist_files = ( "test/blahdiblah.pem", @@ -41,25 +45,35 @@ my @generated_files = "rsa-key-pkcs1.pem", "rsa-key-pkcs1.der", "rsa-key-pkcs1-aes128.pem", "rsa-key-pkcs8.pem", "rsa-key-pkcs8.der", - "rsa-key-pkcs8-pbes1-sha1-3des.pem", "rsa-key-pkcs8-pbes1-sha1-3des.der", "rsa-key-pkcs8-pbes2-sha1.pem", "rsa-key-pkcs8-pbes2-sha1.der", + "rsa-key-pkcs8-pbes2-sha256.pem", "rsa-key-pkcs8-pbes2-sha256.der", + ); +push(@generated_files, ( + "rsa-key-pkcs8-pbes1-sha1-3des.pem", "rsa-key-pkcs8-pbes1-sha1-3des.der", + )) if $use_des; +push(@generated_files, ( "rsa-key-sha1-3des-sha1.p12", "rsa-key-sha1-3des-sha256.p12", "rsa-key-aes256-cbc-sha256.p12", "rsa-key-md5-des-sha1.p12", - "rsa-key-aes256-cbc-md5-des-sha256.p12", - "rsa-key-pkcs8-pbes2-sha256.pem", "rsa-key-pkcs8-pbes2-sha256.der", - "rsa-key-pkcs8-pbes1-md5-des.pem", "rsa-key-pkcs8-pbes1-md5-des.der", + "rsa-key-aes256-cbc-md5-des-sha256.p12" + )) if $use_des; +push(@generated_files, ( + "rsa-key-pkcs8-pbes1-md5-des.pem", "rsa-key-pkcs8-pbes1-md5-des.der" + )) if $use_md5 && $use_des; +push(@generated_files, ( "dsa-key-pkcs1.pem", "dsa-key-pkcs1.der", "dsa-key-pkcs1-aes128.pem", "dsa-key-pkcs8.pem", "dsa-key-pkcs8.der", "dsa-key-pkcs8-pbes2-sha1.pem", "dsa-key-pkcs8-pbes2-sha1.der", - "dsa-key-aes256-cbc-sha256.p12", + )) if $use_dsa; +push(@generated_files, "dsa-key-aes256-cbc-sha256.p12") if $use_dsa && $use_des; +push(@generated_files, ( "ec-key-pkcs1.pem", "ec-key-pkcs1.der", "ec-key-pkcs1-aes128.pem", "ec-key-pkcs8.pem", "ec-key-pkcs8.der", "ec-key-pkcs8-pbes2-sha1.pem", "ec-key-pkcs8-pbes2-sha1.der", - "ec-key-aes256-cbc-sha256.p12", - ); + )) if $use_ecc; +push(@generated_files, "ec-key-aes256-cbc-sha256.p12") if $use_ecc && $use_des; my %generated_file_files = $^O eq 'linux' ? ( "test/testx509.pem" => "file:testx509.pem", @@ -85,7 +99,7 @@ plan tests => $n; indir "store_$$" => sub { SKIP: { - skip "failed initialisation", $n unless init(); + init() or die "init failed"; my $rehash = init_rehash(); @@ -220,28 +234,35 @@ indir "store_$$" => sub { }, create => 1, cleanup => 1; sub init { + my $cnf = srctop_file('test', 'ca-and-certs.cnf'); + my $cakey = srctop_file('test', 'certs', 'ca-key.pem'); return ( # rsa-key-pkcs1.pem - run(app(["openssl", "genrsa", - "-out", "rsa-key-pkcs1.pem", "2432"])) - # dsa-key-pkcs1.pem - && run(app(["openssl", "dsaparam", "-genkey", - "-out", "dsa-key-pkcs1.pem", "1024"])) - # ec-key-pkcs1.pem (one might think that 'genec' would be practical) - && run(app(["openssl", "ecparam", "-genkey", "-name", "prime256v1", - "-out", "ec-key-pkcs1.pem"])) + run(app(["openssl", "pkey", + "-in", data_file("rsa-key-2432.pem"), + "-out", "rsa-key-pkcs1.pem"])) # rsa-key-pkcs1-aes128.pem && run(app(["openssl", "rsa", "-passout", "pass:password", "-aes128", "-in", "rsa-key-pkcs1.pem", "-out", "rsa-key-pkcs1-aes128.pem"])) + # dsa-key-pkcs1.pem + && (!$use_dsa || run(app(["openssl", "gendsa", + "-out", "dsa-key-pkcs1.pem", + data_file("dsaparam.pem")]))) # dsa-key-pkcs1-aes128.pem - && run(app(["openssl", "dsa", "-passout", "pass:password", "-aes128", - "-in", "dsa-key-pkcs1.pem", - "-out", "dsa-key-pkcs1-aes128.pem"])) + && (!$use_dsa || run(app(["openssl", "dsa", + "-passout", "pass:password", "-aes128", + "-in", "dsa-key-pkcs1.pem", + "-out", "dsa-key-pkcs1-aes128.pem"]))) + # ec-key-pkcs1.pem (one might think that 'genec' would be practical) + && (!$use_ecc || run(app(["openssl", "ecparam", "-genkey", + "-name", "prime256v1", + "-out", "ec-key-pkcs1.pem"]))) # ec-key-pkcs1-aes128.pem - && run(app(["openssl", "ec", "-passout", "pass:password", "-aes128", - "-in", "ec-key-pkcs1.pem", - "-out", "ec-key-pkcs1-aes128.pem"])) + && (!$use_ecc || run(app(["openssl", "ec", + "-passout", "pass:password", "-aes128", + "-in", "ec-key-pkcs1.pem", + "-out", "ec-key-pkcs1-aes128.pem"]))) # *-key-pkcs8.pem && runall(sub { my $dstfile = shift; @@ -297,19 +318,19 @@ sub init { # *-cert.pem (intermediary for the .p12 inits) && run(app(["openssl", "req", "-x509", "-config", $cnf, "-nodes", - "-out", "cacert.pem", "-keyout", "cakey.pem"])) + "-key", $cakey, "-out", "cacert.pem"])) && runall(sub { my $srckey = shift; (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|; (my $csr = $dstfile) =~ s|\.pem|.csr|; (run(app(["openssl", "req", "-new", - "-config", $cnf, + "-config", $cnf, "-section", "userreq", "-key", $srckey, "-out", $csr])) && run(app(["openssl", "x509", "-days", "3650", "-CA", "cacert.pem", - "-CAkey", "cakey.pem", + "-CAkey", $cakey, "-set_serial", time(), "-req", "-in", $csr, "-out", $dstfile]))); }, grep(/-key-pkcs8\.pem$/, @generated_files)) @@ -350,16 +371,19 @@ sub init { my $macalg = $macalgs{$macalg_index}; if (!defined($certpbe) || !defined($keypbe) || !defined($macalg)) { - print STDERR "Cert PBE for $pbe_index not defined\n" + print STDERR "Cert PBE for $certpbe_index not defined\n" unless defined $certpbe; - print STDERR "Key PBE for $pbe_index not defined\n" + print STDERR "Key PBE for $keypbe_index not defined\n" unless defined $keypbe; print STDERR "MACALG for $macalg_index not defined\n" unless defined $macalg; print STDERR "(destination file was $dstfile)\n"; return 0; } - run(app(["openssl", "pkcs12", "-inkey", $srckey, + run(app(["openssl", "pkcs12", + "-provider", "default", + "-provider", "legacy", + "-inkey", $srckey, "-in", $srccert, "-passout", "pass:password", "-chain", "-CAfile", "cacert.pem", "-export", "-macalg", $macalg, diff --git a/test/recipes/90-test_store_data/ca.cnf b/test/recipes/90-test_store_data/ca.cnf deleted file mode 100644 index bda6eec4b0..0000000000 --- a/test/recipes/90-test_store_data/ca.cnf +++ /dev/null @@ -1,56 +0,0 @@ -#################################################################### -[ req ] -default_bits = 2432 -default_keyfile = cakey.pem -default_md = sha256 -distinguished_name = req_DN -string_mask = utf8only -x509_extensions = v3_selfsign - -[ req_DN ] -commonName = "Common Name" -commonName_value = "CA" - -[ v3_selfsign ] -basicConstraints = critical,CA:true -keyUsage = keyCertSign -subjectKeyIdentifier=hash - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA -certificate = ./demoCA/cacert.pem -serial = ./demoCA/serial -private_key = ./demoCA/private/cakey.pem -new_certs_dir = ./demoCA/newcerts - -certificate = cacert.pem -private_key = cakey.pem - -x509_extensions = v3_user - -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -policy = policy_anything - -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ v3_user ] -basicConstraints=critical,CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer -issuerAltName=issuer:copy - diff --git a/test/recipes/90-test_store_data/dsaparam.pem b/test/recipes/90-test_store_data/dsaparam.pem new file mode 100644 index 0000000000..60563cbb03 --- /dev/null +++ b/test/recipes/90-test_store_data/dsaparam.pem @@ -0,0 +1,14 @@ +-----BEGIN DSA PARAMETERS----- +MIICLAKCAQEArjV9Th2W4p8AlmBabk0HjaV8vPmt15/V6e6mM1Hee3LSdapxd/Fj ++7bsWroNcqIaHGS45YkJbclvC3/Szp/vh1q2Zy/v7utZ9V7/qCiEnls3CRGAfAhc +1eFIS9Jo+z+fK2tsDUgbGoDC6xEbN3nWjItyPmelBQ5Bip41ULTSQCdr/eBka1s4 +QpS1Sdrvbng3zTCJw0VQe5yM5xyYcHFdeV/v6JSFUz7voyzOGqt91l4UzVFUiZ13 +5Pgi8DUQdQVxUU+MTFwNLCy+bDTuEoKHAxkGEqiq9A08ScxwWtgy7jJQhXDoGP10 +gFMyV+5Qya7rrrYiMhZrjFna7h0z30yiPQIhAK0tbhew8+vHuO6VePIX9TMBZ7ze +k//uQOh/8ZNtS4cTAoIBAGZv2mOljtJM1UUtdl1fzUq0GkI1hjpvqfonq94DITYK +BynJL21JqPfG9JLXc8HYdg5hpwtulrjIyzg1EiB5pQgoNVy8UhavUroPw7FjEicL +dKRHQ9YwuJwuQBTNmX/ojjewqT9U6WYiYUz4SQNXFDIdNz3ikviOoGpmY/Cwbgcr +Pb/QhGqqHzB3ZeX89exVznPbvqeNOp967U+vooBMMJ4oSWVA8ANFVpmikxucRt69 +qKtfkD+3P9RvjVow4dRjOmp8jyT82RQoCeSEThdDVrjUS6IpRdMT8MJ2mwGggG6T +Y16HJCAq/7ufqJlsp5oAuX3aZsnAcnIiDxrMI9m3Xxs= +-----END DSA PARAMETERS----- diff --git a/test/recipes/90-test_store_data/rsa-key-2432.pem b/test/recipes/90-test_store_data/rsa-key-2432.pem new file mode 100644 index 0000000000..b5e37f4b8a --- /dev/null +++ b/test/recipes/90-test_store_data/rsa-key-2432.pem @@ -0,0 +1,32 @@ +-----BEGIN PRIVATE KEY----- +MIIFlQIBADANBgkqhkiG9w0BAQEFAASCBX8wggV7AgEAAoIBMQCrCYwxGQmujZVF +lnZeobOyrk+JiHh4/6IjpepHlb1hRMZbDS2V2kZAupNr3oV14Dx4bDwbxAMOvGQr +sVDiM+LAAZtxXXq6sQNOrq3yTPuCdW6IbsHaB5ZuPwz4cNWOOHs19Jx9UufxoFZ+ +1Cj3WG0joTCTbPNe08llJ67YKCj4b3l19AJKauPFWyLl8sQE5f29rBGGnnJYzrf3 +ZRrrZApbXy2PxDVKfkjLf89la6Hcr/RihgPiZHLoN7TyAPOL4OPY+Jv6fVG9PTrf +3hwoTRD9Wp0ZdmOSCiU93vvoTFovnBMpfh7Qb6k+ufqZV0cvdDWYV7UQO1MBx24R +mqcVGwHzPCMET71GoRNKvtMI3zrN/ZN8lyyqKU3pEPcLvykZ8Pi2lZB31uLA0x6Z +zUe+rEavAgMBAAECggEwM8aFIMvCiYukl1cv5/+tRTbNLwYX6hEAhSgRnq/uj0Zh +gWig1w8nWyrfu7S10/QYeh/RploUzt4quKtJn+AzEQqrgorYvzEcnjH0yDeTn29r +EXPtzNGlMSR3CbImg5IHglLVGH8DZbqy1FvnNtEW4MVHzikaFyenfK6hmB+4H1Sn +gRRnqR1oa/LlwpRV0GHLCSLQf17xoH4chaLLZXi3kdIOIcg9bzDef7APQmKHdu01 +hlAhFZ3rPib63anYtg9jG4hLrZCUHwEwHsOaDEh9QVNSxqZJS2KTtMbYIclK3hDG +wZFmlv9bemE+KiR3EAJt9/xMROjLTNDgTOZZujR/O4IObszQ6obExiL0Z37K0AAz +f0hhMbweg0W1hC3j/pseOZpEvfoK5QZYY0nbdNqVkQKBmQDczLiFYgDEcCbc2ak4 +VGDA/N+R1lUFvfBoBKLlWaOFSnfYC9XrGa1lVe5nMZN4OAgkR4Ogvo1uh5BzXptP +s+fYfh40JS6RFXeO8/K8meFOUnjKiMZroBuFcJHSCDDJZFyfEM1vVqnsaLsqQHAd +casa3PewKvUbUDMWQFNImW6dMuDL3GpKpGc4/eU3208JnpoApcnp2qLPlwKBmQDG +TexoAiQLKRlSHrZcZJTemrTZQFoCPEoXZjbzXHERYoSOcriINWWVuhvAtA64WY/+ +lOYXb3H1kD+CccR1NLUu9lrrFbizeHl9ovrvhLCR8smgVhwP4QjW1fjNYEOfIXXX +BPLCizKSdqDLID/Jph+ym29vOedbjHZmr6Pto3fVBKQPpkLkQmyj061pmknE8DES +k6GFHAAkqQKBmQDTVtxzRwfm/lYkY+417YWikyhHRfihg1k9ptpoXnFG3q1xTHrY +Cf7PFP4ZJfm6Qx9/4jeaP2nOVtGrq+1Kz69lp+mvDbvRwNNsMBGx9jQSrJvTeDE7 +yMcu5T2d5JsV2QtScVnBbRk+IEytt3nYpPkawFAP/j4Xg58yeCV/QuT+cDl8x5+x +jEUE5vhki3TOh1Fut0FZphzaRwKBmHPpKkzlK3JGlKFWiFtbA1VWcm0mWzZBTUF+ +IpJ/LyvtPPQShGBBbd5lyUELPittVmiFWjTKlH7n0OeLXjzwEROhNiWBLdPhkInq +UOjd02OL2WTZ0E9LxyHkMijBouUJ5tpG7yrduDK6GmSAtihE7PQ2PJ1z6BKv+Kku +8w+9ZBbkPo1TLnhDh0L/QLagU4xEpTpphpjKdB75AoGYcaonPrYPhvM+EAe4DDTf +qpxI6wX6P+ws9Fx8VuD/UN3DB8AhE+tlFYQYJQkgqpAvNiOg9ix0mwNDe6oB4xwB +iQKxoBtCKYhwwP7AvXrzyqe73aWtvW9VFYUbdiVQQVqR/+Gd1wL572qFTcnw56je +wxTi4bfTajt7O/nY7jYs3WWstBh0wyl5XNZ14Acic6ZsSp+PLCEfpLo= +-----END PRIVATE KEY----- diff --git a/test/recipes/90-test_store_data/user.cnf b/test/recipes/90-test_store_data/user.cnf deleted file mode 100644 index 91f796947a..0000000000 --- a/test/recipes/90-test_store_data/user.cnf +++ /dev/null @@ -1,19 +0,0 @@ -#################################################################### -[ req ] -default_bits = 2432 -default_md = sha256 -distinguished_name = req_DN -string_mask = utf8only - -req_extensions = v3_req # The extensions to add to a certificate request - -[ req_DN ] -commonName = "Common Name" -commonName_value = "A user" -userId = "User ID" -userId_value = "test" - -[ v3_req ] -extendedKeyUsage = clientAuth -subjectKeyIdentifier = hash -basicConstraints = CA:false