2 # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
13 use OpenSSL::Test::Utils;
14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
20 require_ok(srctop_file('test','recipes','tconversion.pl'));
22 open RND, ">>", ".rnd";
23 print RND "string to make the random number generator think it has randomness";
26 # What type of key to generate?
28 if (disabled("rsa")) {
29 @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
32 note("There should be a 2 sequences of .'s and some +'s.");
33 note("There should not be more that at most 80 per line");
36 # Check for duplicate -addext parameters, and one "working" case.
37 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
38 "-config", srctop_file("test", "test.cnf"), @req_new );
39 my $val = "subjectAltName=DNS:example.com";
40 my $val2 = " " . $val;
43 ok( run(app([@addext_args, "-addext", $val])));
44 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
45 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
46 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
47 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
49 subtest "generating certificate requests with RSA" => sub {
53 skip "RSA is not supported by this OpenSSL build", 2
56 ok(run(app(["openssl", "req",
57 "-config", srctop_file("test", "test.cnf"),
58 "-new", "-out", "testreq.pem", "-utf8",
59 "-key", srctop_file("test", "testrsa.pem")])),
60 "Generating request");
62 ok(run(app(["openssl", "req",
63 "-config", srctop_file("test", "test.cnf"),
64 "-verify", "-in", "testreq.pem", "-noout"])),
65 "Verifying signature on request");
67 ok(run(app(["openssl", "req",
68 "-config", srctop_file("test", "test.cnf"),
69 "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
70 "-key", srctop_file("test", "testrsa_withattrs.pem")])),
71 "Generating request from a key with extra attributes - PEM");
73 ok(run(app(["openssl", "req",
74 "-config", srctop_file("test", "test.cnf"),
75 "-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
76 "Verifying signature on request from a key with extra attributes - PEM");
78 ok(run(app(["openssl", "req",
79 "-config", srctop_file("test", "test.cnf"),
80 "-new", "-out", "testreq_withattrs_der.pem", "-utf8",
81 "-key", srctop_file("test", "testrsa_withattrs.der"),
83 "Generating request from a key with extra attributes - PEM");
85 ok(run(app(["openssl", "req",
86 "-config", srctop_file("test", "test.cnf"),
87 "-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
88 "Verifying signature on request from a key with extra attributes - PEM");
92 subtest "generating certificate requests with DSA" => sub {
96 skip "DSA is not supported by this OpenSSL build", 2
99 ok(run(app(["openssl", "req",
100 "-config", srctop_file("test", "test.cnf"),
101 "-new", "-out", "testreq.pem", "-utf8",
102 "-key", srctop_file("test", "testdsa.pem")])),
103 "Generating request");
105 ok(run(app(["openssl", "req",
106 "-config", srctop_file("test", "test.cnf"),
107 "-verify", "-in", "testreq.pem", "-noout"])),
108 "Verifying signature on request");
112 subtest "generating certificate requests with ECDSA" => sub {
116 skip "ECDSA is not supported by this OpenSSL build", 2
119 ok(run(app(["openssl", "req",
120 "-config", srctop_file("test", "test.cnf"),
121 "-new", "-out", "testreq.pem", "-utf8",
122 "-key", srctop_file("test", "testec-p256.pem")])),
123 "Generating request");
125 ok(run(app(["openssl", "req",
126 "-config", srctop_file("test", "test.cnf"),
127 "-verify", "-in", "testreq.pem", "-noout"])),
128 "Verifying signature on request");
132 subtest "generating certificate requests with Ed25519" => sub {
136 skip "Ed25519 is not supported by this OpenSSL build", 2
139 ok(run(app(["openssl", "req",
140 "-config", srctop_file("test", "test.cnf"),
141 "-new", "-out", "testreq.pem", "-utf8",
142 "-key", srctop_file("test", "tested25519.pem")])),
143 "Generating request");
145 ok(run(app(["openssl", "req",
146 "-config", srctop_file("test", "test.cnf"),
147 "-verify", "-in", "testreq.pem", "-noout"])),
148 "Verifying signature on request");
152 subtest "generating certificate requests with Ed448" => sub {
156 skip "Ed448 is not supported by this OpenSSL build", 2
159 ok(run(app(["openssl", "req",
160 "-config", srctop_file("test", "test.cnf"),
161 "-new", "-out", "testreq.pem", "-utf8",
162 "-key", srctop_file("test", "tested448.pem")])),
163 "Generating request");
165 ok(run(app(["openssl", "req",
166 "-config", srctop_file("test", "test.cnf"),
167 "-verify", "-in", "testreq.pem", "-noout"])),
168 "Verifying signature on request");
172 subtest "generating certificate requests" => sub {
175 ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
176 @req_new, "-out", "testreq.pem"])),
177 "Generating request");
179 ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
180 "-verify", "-in", "testreq.pem", "-noout"])),
181 "Verifying signature on request");
184 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
186 run_conversion('req conversions',
188 run_conversion('req conversions -- testreq2',
189 srctop_file("test", "testreq2.pem"));
191 unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
197 subtest $title => sub {
198 run(app(["openssl", @openssl_args,
199 "-in", $reqfile, "-inform", "p",
201 stderr => "req-check.err", stdout => undef));
202 open DATA, "req-check.err";
204 plan skip_all => "skipping req conversion test for $reqfile"
205 if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
207 tconversion("req", $reqfile, @openssl_args);
210 unlink "req-check.err";