test: add tests for acceptable policies exts

Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24663)
2024-11-27 05:21:51 +08:00 · 2024-06-24 20:23:23 +00:00 · 2024-06-24 20:23:23 +00:00 · b76a6c26a2
commit b76a6c26a2
parent 2b735fe219
3 changed files with 47 additions and 1 deletions
--- a/test/certs/ext-acceptableCertPolicies.pem
+++ b/test/certs/ext-acceptableCertPolicies.pem
@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkDCCAXygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy
+MDM4WhgPMjAyMTA4MzEwMjIwMzhaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxcwFTATBgNVHTQEDDAKBgNVBAsG
+A1UEDTALBgkqhkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----
--- a/test/certs/ext-acceptablePrivilegePolicies.pem
+++ b/test/certs/ext-acceptablePrivilegePolicies.pem
@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkDCCAXygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMTI1
+NjEyWhgPMjAyMTA4MzAxMjU2MTJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxcwFTATBgNVHTkEDDAKBgNVBAMG
+A1UECjALBgkqhkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;

 setup("test_x509");

-plan tests => 82;
+plan tests => 88;

 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@ -245,6 +245,30 @@ cert_contains($ass_info_cert,
              "localityName",
              1, 'X509v3 Associated Information');

+my $acc_cert_pol = srctop_file(@certs, "ext-acceptableCertPolicies.pem");
+cert_contains($acc_cert_pol,
+              "X509v3 Acceptable Certification Policies",
+              1, 'X509v3 Acceptable Certification Policies');
+# Yes, I know these OIDs make no sense in a policies extension. It's just a test.
+cert_contains($acc_cert_pol,
+              "organizationalUnitName",
+              1, 'X509v3 Acceptable Certification Policies');
+cert_contains($acc_cert_pol,
+              "description",
+              1, 'X509v3 Acceptable Certification Policies');
+
+my $acc_priv_pol = srctop_file(@certs, "ext-acceptablePrivilegePolicies.pem");
+cert_contains($acc_priv_pol,
+              "X509v3 Acceptable Privilege Policies",
+              1, 'X509v3 Acceptable Privilege Policies');
+# Yes, I know these OIDs make no sense in a policies extension. It's just a test.
+cert_contains($acc_priv_pol,
+              "commonName",
+              1, 'X509v3 Acceptable Certification Policies');
+cert_contains($acc_priv_pol,
+              "organizationName",
+              1, 'X509v3 Acceptable Certification Policies');
+
 sub test_errors { # actually tests diagnostics of OSSL_STORE
    my ($expected, $cert, @opts) = @_;
    my $infile = srctop_file(@certs, $cert);