openssl/test/recipes/80-test_ca_internals.t
Armin Fuerst 065121ff19 Add tests for do_updatedb
Fixes #13944

Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.

Added function "asn1_string_to_time_t" including tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17645)
2022-02-14 10:18:46 +01:00

166 lines
4.5 KiB
Perl

#! /usr/bin/env perl
# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use POSIX;
use OpenSSL::Test qw/:DEFAULT data_file/;
use File::Copy;
setup('test_ca_internals');
my @updatedb_tests = (
{
description => 'updatedb called before the first certificate expires',
filename => 'index.txt',
copydb => 1,
testdate => '990101000000Z',
need64bit => 0,
expirelist => [ ]
},
{
description => 'updatedb called before Y2k',
filename => 'index.txt',
copydb => 0,
testdate => '991201000000Z',
need64bit => 0,
expirelist => [ '1000' ]
},
{
description => 'updatedb called after year 2020',
filename => 'index.txt',
copydb => 0,
testdate => '211201000000Z',
need64bit => 0,
expirelist => [ '1001' ]
},
{
description => 'updatedb called in year 2049 (last year with 2 digits)',
filename => 'index.txt',
copydb => 0,
testdate => '491201000000Z',
need64bit => 1,
expirelist => [ '1002' ]
},
{
description => 'updatedb called in year 2050 (first year with 4 digits) before the last certificate expires',
filename => 'index.txt',
copydb => 0,
testdate => '20500101000000Z',
need64bit => 1,
expirelist => [ ]
},
{
description => 'updatedb called after the last certificate expired',
filename => 'index.txt',
copydb => 0,
testdate => '20501201000000Z',
need64bit => 1,
expirelist => [ '1003' ]
},
{
description => 'updatedb called for the first time after the last certificate expired',
filename => 'index.txt',
copydb => 1,
testdate => '20501201000000Z',
need64bit => 1,
expirelist => [ '1000',
'1001',
'1002',
'1003' ]
}
);
my @unsupported_commands = (
{
command => 'unsupported'
}
);
# every "test_updatedb" makes 3 checks
plan tests => 3 * scalar(@updatedb_tests) +
1 * scalar(@unsupported_commands);
foreach my $test (@updatedb_tests) {
test_updatedb($test);
}
foreach my $test (@unsupported_commands) {
test_unsupported_commands($test);
}
################### subs to do tests per supported command ################
sub test_unsupported_commands {
my ($opts) = @_;
run(
test(['ca_internals_test',
$opts->{command}
]),
capture => 0,
statusvar => \my $exit
);
is($exit, 0, "command '".$opts->{command}."' completed without an error");
}
sub test_updatedb {
my ($opts) = @_;
my $amtexpectedexpired = scalar(@{$opts->{expirelist}});
my @output;
my $expirelistcorrect = 1;
my $cert;
my $amtexpired = 0;
my $skipped = 0;
if ($opts->{copydb}) {
copy(data_file('index.txt'), 'index.txt');
}
@output = run(
test(['ca_internals_test',
"do_updatedb",
$opts->{filename},
$opts->{testdate},
$opts->{need64bit}
]),
capture => 1,
statusvar => \my $exit
);
foreach my $tmp (@output) {
($cert) = $tmp =~ /^[\x20\x23]*[^0-9A-Fa-f]*([0-9A-Fa-f]+)=Expired/;
if ($tmp =~ /^[\x20\x23]*skipping test/) {
$skipped = 1;
}
if (defined($cert) && (length($cert) > 0)) {
$amtexpired++;
my $expirefound = 0;
foreach my $expire (@{$opts->{expirelist}}) {
if ($expire eq $cert) {
$expirefound = 1;
}
}
if ($expirefound != 1) {
$expirelistcorrect = 0;
}
}
}
if ($skipped) {
$amtexpired = $amtexpectedexpired;
$expirelistcorrect = 1;
}
is($exit, 1, "ca_internals_test: returned EXIT_FAILURE (".$opts->{description}.")");
is($amtexpired, $amtexpectedexpired, "ca_internals_test: amount of expired certificates differs from expected amount (".$opts->{description}.")");
is($expirelistcorrect, 1, "ca_internals_test: list of expired certificates differs from expected list (".$opts->{description}.")");
}