mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
a0430488c1
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15824)
118 lines
3.2 KiB
Perl
118 lines
3.2 KiB
Perl
#! /usr/bin/env perl
|
|
# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
|
|
use OpenSSL::Test::Utils;
|
|
|
|
setup("test_verify_store");
|
|
|
|
plan tests => 10;
|
|
|
|
my $dummycnf = srctop_file("apps", "openssl.cnf");
|
|
my $cakey = srctop_file("test", "certs", "ca-key.pem");
|
|
my $ukey = srctop_file("test", "certs", "ee-key.pem");
|
|
|
|
my $cnf = srctop_file("test", "ca-and-certs.cnf");
|
|
my $CAkey = "keyCA.ss";
|
|
my $CAcert="certCA.ss";
|
|
my $CAserial="certCA.srl";
|
|
my $CAreq="reqCA.ss";
|
|
my $CAreq2="req2CA.ss"; # temp
|
|
my $Ukey="keyU.ss";
|
|
my $Ureq="reqU.ss";
|
|
my $Ucert="certU.ss";
|
|
|
|
SKIP: {
|
|
req( 'make cert request',
|
|
qw(-new -section userreq),
|
|
-config => $cnf,
|
|
-out => $CAreq,
|
|
-key => $cakey,
|
|
-keyout => $CAkey );
|
|
|
|
skip 'failure', 8 unless
|
|
x509( 'convert request into self-signed cert',
|
|
qw(-req -CAcreateserial -days 30),
|
|
qw(-extensions v3_ca),
|
|
-in => $CAreq,
|
|
-out => $CAcert,
|
|
-signkey => $CAkey,
|
|
-extfile => $cnf );
|
|
|
|
skip 'failure', 7 unless
|
|
x509( 'convert cert into a cert request',
|
|
qw(-x509toreq),
|
|
-in => $CAcert,
|
|
-out => $CAreq2,
|
|
-signkey => $CAkey );
|
|
|
|
skip 'failure', 6 unless
|
|
req( 'verify request 1',
|
|
qw(-verify -noout -section userreq),
|
|
-config => $dummycnf,
|
|
-in => $CAreq );
|
|
|
|
skip 'failure', 5 unless
|
|
req( 'verify request 2',
|
|
qw(-verify -noout -section userreq),
|
|
-config => $dummycnf,
|
|
-in => $CAreq2 );
|
|
|
|
skip 'failure', 4 unless
|
|
verify( 'verify signature',
|
|
-CAstore => $CAcert,
|
|
$CAcert );
|
|
|
|
skip 'failure', 3 unless
|
|
req( 'make a user cert request',
|
|
qw(-new -section userreq),
|
|
-config => $cnf,
|
|
-out => $Ureq,
|
|
-key => $ukey,
|
|
-keyout => $Ukey );
|
|
|
|
skip 'failure', 2 unless
|
|
x509( 'sign user cert request',
|
|
qw(-req -CAcreateserial -days 30 -extensions v3_ee),
|
|
-in => $Ureq,
|
|
-out => $Ucert,
|
|
-CA => $CAcert,
|
|
-CAkey => $CAkey,
|
|
-CAserial => $CAserial,
|
|
-extfile => $cnf )
|
|
&& verify( undef,
|
|
-CAstore => $CAcert,
|
|
$Ucert );
|
|
|
|
skip 'failure', 0 unless
|
|
x509( 'Certificate details',
|
|
qw(-subject -issuer -startdate -enddate -noout),
|
|
-in => $Ucert );
|
|
}
|
|
|
|
sub verify {
|
|
my $title = shift;
|
|
|
|
ok(run(app([qw(openssl verify), @_])), $title);
|
|
}
|
|
|
|
sub req {
|
|
my $title = shift;
|
|
|
|
ok(run(app([qw(openssl req), @_])), $title);
|
|
}
|
|
|
|
sub x509 {
|
|
my $title = shift;
|
|
|
|
ok(run(app([qw(openssl x509), @_])), $title);
|
|
}
|