openssl/test/recipes/tconversion.pl
Stephan Wurm 8120223773 apps: ca,req,x509: Add explicit start and end dates options
- Added options `-not_before` (start date) and `-not-after` (end date)
  for explicit setting of the validity period of a certificate in the
  apps `ca`, `req` and `x509`
- The new options accept time strings or "today"
- In app `ca`, use the new options as aliases of the already existing
  options `-startdate` and `-enddate`
- When used in apps `req` and `x509`, the end date must be >= the start
  date, in app `ca` end date < start date is also accepted
- In any case, `-not-after` overrides the `-days` option
- Added helper function `check_cert_time_string` to validate given
  certificate time strings
- Use the new helper function in apps `ca`, `req` and `x509`
- Moved redundant code for time string checking into `set_cert_times`
  helper function.
- Added tests for explicit start and end dates in apps `req` and `x509`
- test: Added auxiliary functions for parsing fields from `-text`
  formatted output to `tconversion.pl`
- CHANGES: Added to new section 3.4

Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de>

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21716)
2024-04-09 20:13:31 +02:00

222 lines
5.7 KiB
Perl

#! /usr/bin/env perl
# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use File::Compare qw/compare_text/;
use File::Copy;
use OpenSSL::Test qw/:DEFAULT/;
use Time::Piece;
use POSIX qw(strftime);
my %conversionforms = (
# Default conversion forms. Other series may be added with
# specific test types as key.
"*" => [ "d", "p" ],
"msb" => [ "d", "p", "msblob" ],
"pvk" => [ "d", "p", "pvk" ],
);
sub tconversion {
my %opts = @_;
die "Missing option -type" unless $opts{-type};
die "Missing option -in" unless $opts{-in};
my $testtype = $opts{-type};
my $t = $opts{-in};
my $prefix = $opts{-prefix} // $testtype;
my @conversionforms =
defined($conversionforms{$testtype}) ?
@{$conversionforms{$testtype}} :
@{$conversionforms{"*"}};
my @openssl_args;
if (defined $opts{-args}) {
@openssl_args = @{$opts{-args}} if ref $opts{-args} eq 'ARRAY';
@openssl_args = ($opts{-args}) if ref $opts{-args} eq '';
}
@openssl_args = ($testtype) unless @openssl_args;
my $n = scalar @conversionforms;
my $totaltests =
1 # for initializing
+ $n # initial conversions from p to all forms (A)
+ $n*$n # conversion from result of A to all forms (B)
+ 1 # comparing original test file to p form of A
+ $n*($n-1); # comparing first conversion to each form in A with B
$totaltests-- if ($testtype eq "p7d"); # no comparison of original test file
$totaltests -= $n if ($testtype eq "pvk"); # no comparisons of the pvk form
plan tests => $totaltests;
my @cmd = ("openssl", @openssl_args);
my $init;
if (scalar @openssl_args > 0 && $openssl_args[0] eq "pkey") {
$init = ok(run(app([@cmd, "-in", $t, "-out", "$prefix-fff.p"])),
'initializing');
} else {
$init = ok(copy($t, "$prefix-fff.p"), 'initializing');
}
if (!$init) {
diag("Trying to copy $t to $prefix-fff.p : $!");
}
SKIP: {
skip "Not initialized, skipping...", 22 unless $init;
foreach my $to (@conversionforms) {
ok(run(app([@cmd,
"-in", "$prefix-fff.p",
"-inform", "p",
"-out", "$prefix-f.$to",
"-outform", $to])),
"p -> $to");
}
foreach my $to (@conversionforms) {
foreach my $from (@conversionforms) {
ok(run(app([@cmd,
"-in", "$prefix-f.$from",
"-inform", $from,
"-out", "$prefix-ff.$from$to",
"-outform", $to])),
"$from -> $to");
}
}
if ($testtype ne "p7d") {
is(cmp_text("$prefix-fff.p", "$prefix-f.p"), 0,
'comparing orig to p');
}
foreach my $to (@conversionforms) {
next if $to eq "d" or $to eq "pvk";
foreach my $from (@conversionforms) {
is(cmp_text("$prefix-f.$to", "$prefix-ff.$from$to"), 0,
"comparing $to to $from$to");
}
}
}
}
sub cmp_text {
return compare_text(@_, sub {
$_[0] =~ s/\R//g;
$_[1] =~ s/\R//g;
return $_[0] ne $_[1];
});
}
sub file_contains {
$_ = shift @_;
my $pattern = shift @_;
open(DATA, $_) or return 0;
$_= join('', <DATA>);
close(DATA);
s/\s+/ /g; # take multiple whitespace (including newline) as single space
return m/$pattern/ ? 1 : 0;
}
sub cert_contains {
my $cert = shift @_;
my $pattern = shift @_;
my $expected = shift @_;
my $name = shift @_;
my $out = "cert_contains.out";
run(app(["openssl", "x509", "-noout", "-text", "-in", $cert, "-out", $out]));
is(file_contains($out, $pattern), $expected, ($name ? "$name: " : "").
"$cert should ".($expected ? "" : "not ")."contain: \"$pattern\"");
# not unlinking $out
}
sub has_version {
my $cert = shift @_;
my $expect = shift @_;
cert_contains($cert, "Version: $expect", 1);
}
sub has_SKID {
my $cert = shift @_;
my $expect = shift @_;
cert_contains($cert, "Subject Key Identifier", $expect);
}
sub has_AKID {
my $cert = shift @_;
my $expect = shift @_;
cert_contains($cert, "Authority Key Identifier", $expect);
}
sub uniq (@) {
my %seen = ();
grep { not $seen{$_}++ } @_;
}
sub file_n_different_lines {
my $filename = shift @_;
open(DATA, $filename) or return 0;
chomp(my @lines = <DATA>);
close(DATA);
return scalar(uniq @lines);
}
sub cert_ext_has_n_different_lines {
my $cert = shift @_;
my $expected = shift @_;
my $exts = shift @_;
my $name = shift @_;
my $out = "cert_n_different_exts.out";
run(app(["openssl", "x509", "-noout", "-ext", $exts,
"-in", $cert, "-out", $out]));
is(file_n_different_lines($out), $expected, ($name ? "$name: " : "").
"$cert '$exts' output should contain $expected different lines");
# not unlinking $out
}
# extracts string value of certificate field from a -text formatted-output
sub get_field {
my ($f, $field) = @_;
my $string = "";
open my $fh, $f or die;
while (my $line = <$fh>) {
if ($line =~ /$field:\s+(.*)/) {
$string = $1;
}
}
close $fh;
return $string;
}
sub get_issuer {
return get_field(@_, "Issuer");
}
sub get_not_before {
return get_field(@_, "Not Before");
}
# Date as yyyy-mm-dd
sub get_not_before_date {
return Time::Piece->strptime(
get_not_before(@_),
"%b %d %T %Y %Z")->date;
}
sub get_not_after {
return get_field(@_, "Not After ");
}
# Date as yyyy-mm-dd
sub get_not_after_date {
return Time::Piece->strptime(
get_not_after(@_),
"%b %d %T %Y %Z")->date;
}
1;