diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2017-02-23 14:28:32 -0600 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-02-28 21:23:26 +0100 |
commit | e8cee55718bb9cb957f449fbe7145a77f252bb73 (patch) | |
tree | a62a7b048051a3df2dc363293032b84310b55650 /test/recipes/04-test_pem.t | |
parent | 5ea564f154ebe8bda2a0e091a312e2058edf437f (diff) |
Add test corpus for PEM reading
Generate a fresh certificate and DSA private key in their respective PEM
files. Modify the resulting ASCII in various ways so as to produce input
files that might be generated by non-openssl programs (openssl always
generates "standard" PEM files, with base64 data in 64-character lines
except for a possible shorter last line).
Exercise various combinations of line lengths, leading/trailing
whitespace, non-base64 characters, comments, and padding, for both
unencrypted and encrypted files. (We do not have any other test coverage
that uses encrypted files, as far as I can see, and the parser enforces
different rules for the body of encrypted files.)
Add a recipe to parse these test files and verify that they contain the
expected string or are rejected, according to the expected status.
Some of the current behavior is perhaps suboptimal and could be revisited.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2756)
Diffstat (limited to 'test/recipes/04-test_pem.t')
-rw-r--r-- | test/recipes/04-test_pem.t | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/test/recipes/04-test_pem.t b/test/recipes/04-test_pem.t new file mode 100644 index 0000000000..291f2ba3da --- /dev/null +++ b/test/recipes/04-test_pem.t @@ -0,0 +1,95 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ====================================================================== + + +use strict; +use warnings; + +use File::Compare qw/compare_text/; +use File::Basename; +use OpenSSL::Test qw/:DEFAULT srctop_file data_file/; +use OpenSSL::Test::Utils; + +setup("test_pem_reading"); + +my $testsrc = srctop_file("test", "recipes", basename($0)); + +my $cmd = "openssl"; + +# map input PEM file to 1 if it should be accepted; 0 when should be rejected +my %cert_expected = ( + "cert-1023line.pem" => 1, + "cert-1024line.pem" => 1, + "cert-1025line.pem" => 1, + "cert-255line.pem" => 1, + "cert-256line.pem" => 1, + "cert-257line.pem" => 1, + "cert-blankline.pem" => 0, + "cert-comment.pem" => 0, + "cert-earlypad.pem" => 0, + "cert-extrapad.pem" => 0, + "cert-infixwhitespace.pem" => 1, + "cert-junk.pem" => 0, + "cert-leadingwhitespace.pem" => 1, + "cert-longline.pem" => 1, + "cert-misalignedpad.pem" => 0, + "cert-onecolumn.pem" => 1, + "cert-oneline.pem" => 1, + "cert-shortandlongline.pem" => 1, + "cert-shortline.pem" => 1, + "cert-threecolumn.pem" => 1, + "cert-trailingwhitespace.pem" => 1, + "cert.pem" => 1 +); +my %dsa_expected = ( + "dsa-1023line.pem" => 0, + "dsa-1024line.pem" => 0, + "dsa-1025line.pem" => 0, + "dsa-255line.pem" => 0, + "dsa-256line.pem" => 0, + "dsa-257line.pem" => 0, + "dsa-blankline.pem" => 0, + "dsa-comment.pem" => 0, + "dsa-corruptedheader.pem" => 0, + "dsa-corruptiv.pem" => 0, + "dsa-earlypad.pem" => 0, + "dsa-extrapad.pem" => 0, + "dsa-infixwhitespace.pem" => 0, + "dsa-junk.pem" => 0, + "dsa-leadingwhitespace.pem" => 0, + "dsa-longline.pem" => 0, + "dsa-misalignedpad.pem" => 0, + "dsa-onecolumn.pem" => 0, + "dsa-oneline.pem" => 0, + "dsa-onelineheader.pem" => 0, + "dsa-shortandlongline.pem" => 0, + "dsa-shortline.pem" => 0, + "dsa-threecolumn.pem" => 0, + "dsa-trailingwhitespace.pem" => 1, + "dsa.pem" => 1 +); + +plan tests => scalar keys(%cert_expected) + scalar keys(%dsa_expected); + +foreach my $input (keys %cert_expected) { + my @common = ($cmd, "x509", "-text", "-noout", "-inform", "PEM", "-in"); + my @data = run(app([@common, data_file($input)], stderr => undef), capture => 1); + my @match = grep /The Great State of Long-Winded Certificate Field Names Whereby to Increase the Output Size/, @data; + is((scalar @match > 0 ? 1 : 0), $cert_expected{$input}); +} +SKIP: { + skip "DSA support disabled, skipping...", (scalar keys %dsa_expected) unless !disabled("dsa"); + foreach my $input (keys %dsa_expected) { + my @common = ($cmd, "pkey", "-inform", "PEM", "-passin", "file:" . data_file("wellknown"), "-noout", "-text", "-in"); + my @data = run(app([@common, data_file($input)], stderr => undef), capture => 1); + my @match = grep /68:42:02:16:63:54:16:eb:06:5c:ab:06:72:3b:78:/, @data; + is((scalar @match > 0 ? 1 : 0), $dsa_expected{$input}); + } +} |