summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2016-12-05 15:13:01 +0100
committerRichard Levitte <levitte@openssl.org>2017-06-29 11:55:31 +0200
commit6d737ea09ba62b15df00cd99c4728a4dc55086df (patch)
treeb9ce0341cf90ef972a69c77aab6b98a19aec7efc /test
parenta09003ea22fd99511cc0153314c8751a84d95496 (diff)
STORE tests: add PKCS#12 tests
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
Diffstat (limited to 'test')
-rw-r--r--test/recipes/90-test_store.t90
-rw-r--r--test/recipes/90-test_store_data/ca.cnf56
-rw-r--r--test/recipes/90-test_store_data/user.cnf19
3 files changed, 153 insertions, 12 deletions
diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t
index 41cc96c1ba..53413b785b 100644
--- a/test/recipes/90-test_store.t
+++ b/test/recipes/90-test_store.t
@@ -8,7 +8,7 @@
use File::Spec;
use MIME::Base64;
-use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file);
+use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file data_file);
my $test_name = "test_store";
setup($test_name);
@@ -85,17 +85,12 @@ indir "store_$$" => sub {
"dummy")])));
}
foreach (@generated_files) {
- SKIP:
- {
- skip "PKCS#12 files not currently supported", 3 if m|\.p12$|;
-
- ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
- $_])));
- ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
- to_file_uri($_)])));
- ok(!run(app(["openssl", "storeutl", "-passin", "pass:password",
- to_rel_file_uri($_)])));
- }
+ ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
+ $_])));
+ ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
+ to_file_uri($_)])));
+ ok(!run(app(["openssl", "storeutl", "-passin", "pass:password",
+ to_rel_file_uri($_)])));
}
}
}, create => 1, cleanup => 1;
@@ -175,6 +170,77 @@ sub init {
"-v2", "aes256", "-v2prf", "hmacWithSHA256",
"-in", $srcfile, "-out", $dstfile]));
}, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
+ # *-cert.pem (intermediary for the .p12 inits)
+ && run(app(["openssl", "req", "-x509",
+ "-config", data_file("ca.cnf"), "-nodes",
+ "-out", "cacert.pem", "-keyout", "cakey.pem"]))
+ && runall(sub {
+ my $srckey = shift;
+ (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|;
+ (my $csr = $dstfile) =~ s|\.pem|.csr|;
+
+ (run(app(["openssl", "req", "-new",
+ "-config", data_file("user.cnf"),
+ "-key", $srckey, "-out", $csr]))
+ &&
+ run(app(["openssl", "x509", "-days", "3650",
+ "-CA", "cacert.pem",
+ "-CAkey", "cakey.pem",
+ "-set_serial", time(), "-req",
+ "-in", $csr, "-out", $dstfile])));
+ }, grep(/-key-pkcs8\.pem$/, @generated_files))
+ # *.p12
+ && runall(sub {
+ my $dstfile = shift;
+ my ($type, $certpbe_index, $keypbe_index,
+ $macalg_index) =
+ $dstfile =~ m{^(.*)-key-(?|
+ # cert and key PBE are same
+ () #
+ ([^-]*-[^-]*)- # key & cert PBE
+ ([^-]*) # MACalg
+ |
+ # cert and key PBE are not same
+ ([^-]*-[^-]*)- # cert PBE
+ ([^-]*-[^-]*)- # key PBE
+ ([^-]*) # MACalg
+ )\.}x;
+ if (!$certpbe_index) {
+ $certpbe_index = $keypbe_index;
+ }
+ my $srckey = "$type-key-pkcs8.pem";
+ my $srccert = "$type-cert.pem";
+ my %pbes =
+ (
+ "sha1-3des" => "pbeWithSHA1And3-KeyTripleDES-CBC",
+ "md5-des" => "pbeWithMD5AndDES-CBC",
+ "aes256-cbc" => "AES-256-CBC",
+ );
+ my %macalgs =
+ (
+ "sha1" => "SHA1",
+ "sha256" => "SHA256",
+ );
+ my $certpbe = $pbes{$certpbe_index};
+ my $keypbe = $pbes{$keypbe_index};
+ my $macalg = $macalgs{$macalg_index};
+ if (!defined($certpbe) || !defined($keypbe)
+ || !defined($macalg)) {
+ print STDERR "Cert PBE for $pbe_index not defined\n"
+ unless defined $certpbe;
+ print STDERR "Key PBE for $pbe_index not defined\n"
+ unless defined $keypbe;
+ print STDERR "MACALG for $macalg_index not defined\n"
+ unless defined $macalg;
+ print STDERR "(destination file was $dstfile)\n";
+ return 0;
+ }
+ run(app(["openssl", "pkcs12", "-inkey", $srckey,
+ "-in", $srccert, "-passout", "pass:password",
+ "-export", "-macalg", $macalg,
+ "-certpbe", $certpbe, "-keypbe", $keypbe,
+ "-out", $dstfile]));
+ }, grep(/\.p12/, @generated_files))
# *.der (the end all init)
&& runall(sub {
my $dstfile = shift;
diff --git a/test/recipes/90-test_store_data/ca.cnf b/test/recipes/90-test_store_data/ca.cnf
new file mode 100644
index 0000000000..bda6eec4b0
--- /dev/null
+++ b/test/recipes/90-test_store_data/ca.cnf
@@ -0,0 +1,56 @@
+####################################################################
+[ req ]
+default_bits = 2432
+default_keyfile = cakey.pem
+default_md = sha256
+distinguished_name = req_DN
+string_mask = utf8only
+x509_extensions = v3_selfsign
+
+[ req_DN ]
+commonName = "Common Name"
+commonName_value = "CA"
+
+[ v3_selfsign ]
+basicConstraints = critical,CA:true
+keyUsage = keyCertSign
+subjectKeyIdentifier=hash
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA
+certificate = ./demoCA/cacert.pem
+serial = ./demoCA/serial
+private_key = ./demoCA/private/cakey.pem
+new_certs_dir = ./demoCA/newcerts
+
+certificate = cacert.pem
+private_key = cakey.pem
+
+x509_extensions = v3_user
+
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+policy = policy_anything
+
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ v3_user ]
+basicConstraints=critical,CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+issuerAltName=issuer:copy
+
diff --git a/test/recipes/90-test_store_data/user.cnf b/test/recipes/90-test_store_data/user.cnf
new file mode 100644
index 0000000000..91f796947a
--- /dev/null
+++ b/test/recipes/90-test_store_data/user.cnf
@@ -0,0 +1,19 @@
+####################################################################
+[ req ]
+default_bits = 2432
+default_md = sha256
+distinguished_name = req_DN
+string_mask = utf8only
+
+req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_DN ]
+commonName = "Common Name"
+commonName_value = "A user"
+userId = "User ID"
+userId_value = "test"
+
+[ v3_req ]
+extendedKeyUsage = clientAuth
+subjectKeyIdentifier = hash
+basicConstraints = CA:false