test/recipes/25-test_req.t

   1 #! /usr/bin/env perl
   2 # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use OpenSSL::Test::Utils;
  14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
  15
  16 setup("test_req");
  17
  18 plan tests => 14;
  19
  20 require_ok(srctop_file('test','recipes','tconversion.pl'));
  21
  22 open RND, ">>", ".rnd";
  23 print RND "string to make the random number generator think it has randomness";
  24 close RND;
  25
  26 # What type of key to generate?
  27 my @req_new;
  28 if (disabled("rsa")) {
  29     @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
  30 } else {
  31     @req_new = ("-new");
  32     note("There should be a 2 sequences of .'s and some +'s.");
  33     note("There should not be more that at most 80 per line");
  34 }
  35
  36 # Check for duplicate -addext parameters, and one "working" case.
  37 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
  38     "-config", srctop_file("test", "test.cnf"), @req_new );
  39 my $val = "subjectAltName=DNS:example.com";
  40 my $val2 = " " . $val;
  41 my $val3 = $val;
  42 $val3 =~ s/=/    =/;
  43 ok( run(app([@addext_args, "-addext", $val])));
  44 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
  45 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
  46 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
  47 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
  48
  49 subtest "generating certificate requests with RSA" => sub {
  50     plan tests => 6;
  51
  52     SKIP: {
  53         skip "RSA is not supported by this OpenSSL build", 2
  54             if disabled("rsa");
  55
  56         ok(run(app(["openssl", "req",
  57                     "-config", srctop_file("test", "test.cnf"),
  58                     "-new", "-out", "testreq.pem", "-utf8",
  59                     "-key", srctop_file("test", "testrsa.pem")])),
  60            "Generating request");
  61
  62         ok(run(app(["openssl", "req",
  63                     "-config", srctop_file("test", "test.cnf"),
  64                     "-verify", "-in", "testreq.pem", "-noout"])),
  65            "Verifying signature on request");
  66
  67         ok(run(app(["openssl", "req",
  68                     "-config", srctop_file("test", "test.cnf"),
  69                     "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
  70                     "-key", srctop_file("test", "testrsa_withattrs.pem")])),
  71            "Generating request from a key with extra attributes - PEM");
  72
  73         ok(run(app(["openssl", "req",
  74                     "-config", srctop_file("test", "test.cnf"),
  75                     "-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
  76            "Verifying signature on request from a key with extra attributes - PEM");
  77
  78         ok(run(app(["openssl", "req",
  79                     "-config", srctop_file("test", "test.cnf"),
  80                     "-new", "-out", "testreq_withattrs_der.pem", "-utf8",
  81                     "-key", srctop_file("test", "testrsa_withattrs.der"),
  82                     "-keyform", "DER"])),
  83            "Generating request from a key with extra attributes - PEM");
  84
  85         ok(run(app(["openssl", "req",
  86                     "-config", srctop_file("test", "test.cnf"),
  87                     "-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
  88            "Verifying signature on request from a key with extra attributes - PEM");
  89     }
  90 };
  91
  92 subtest "generating certificate requests with DSA" => sub {
  93     plan tests => 2;
  94
  95     SKIP: {
  96         skip "DSA is not supported by this OpenSSL build", 2
  97             if disabled("dsa");
  98
  99         ok(run(app(["openssl", "req",
 100                     "-config", srctop_file("test", "test.cnf"),
 101                     "-new", "-out", "testreq.pem", "-utf8",
 102                     "-key", srctop_file("test", "testdsa.pem")])),
 103            "Generating request");
 104
 105         ok(run(app(["openssl", "req",
 106                     "-config", srctop_file("test", "test.cnf"),
 107                     "-verify", "-in", "testreq.pem", "-noout"])),
 108            "Verifying signature on request");
 109     }
 110 };
 111
 112 subtest "generating certificate requests with ECDSA" => sub {
 113     plan tests => 2;
 114
 115     SKIP: {
 116         skip "ECDSA is not supported by this OpenSSL build", 2
 117             if disabled("ec");
 118
 119         ok(run(app(["openssl", "req",
 120                     "-config", srctop_file("test", "test.cnf"),
 121                     "-new", "-out", "testreq.pem", "-utf8",
 122                     "-key", srctop_file("test", "testec-p256.pem")])),
 123            "Generating request");
 124
 125         ok(run(app(["openssl", "req",
 126                     "-config", srctop_file("test", "test.cnf"),
 127                     "-verify", "-in", "testreq.pem", "-noout"])),
 128            "Verifying signature on request");
 129     }
 130 };
 131
 132 subtest "generating certificate requests with Ed25519" => sub {
 133     plan tests => 2;
 134
 135     SKIP: {
 136         skip "Ed25519 is not supported by this OpenSSL build", 2
 137             if disabled("ec");
 138
 139         ok(run(app(["openssl", "req",
 140                     "-config", srctop_file("test", "test.cnf"),
 141                     "-new", "-out", "testreq.pem", "-utf8",
 142                     "-key", srctop_file("test", "tested25519.pem")])),
 143            "Generating request");
 144
 145         ok(run(app(["openssl", "req",
 146                     "-config", srctop_file("test", "test.cnf"),
 147                     "-verify", "-in", "testreq.pem", "-noout"])),
 148            "Verifying signature on request");
 149     }
 150 };
 151
 152 subtest "generating certificate requests with Ed448" => sub {
 153     plan tests => 2;
 154
 155     SKIP: {
 156         skip "Ed448 is not supported by this OpenSSL build", 2
 157             if disabled("ec");
 158
 159         ok(run(app(["openssl", "req",
 160                     "-config", srctop_file("test", "test.cnf"),
 161                     "-new", "-out", "testreq.pem", "-utf8",
 162                     "-key", srctop_file("test", "tested448.pem")])),
 163            "Generating request");
 164
 165         ok(run(app(["openssl", "req",
 166                     "-config", srctop_file("test", "test.cnf"),
 167                     "-verify", "-in", "testreq.pem", "-noout"])),
 168            "Verifying signature on request");
 169     }
 170 };
 171
 172 subtest "generating certificate requests" => sub {
 173     plan tests => 2;
 174
 175     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
 176                 @req_new, "-out", "testreq.pem"])),
 177        "Generating request");
 178
 179     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
 180                 "-verify", "-in", "testreq.pem", "-noout"])),
 181        "Verifying signature on request");
 182 };
 183
 184 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
 185
 186 run_conversion('req conversions',
 187                "testreq.pem");
 188 run_conversion('req conversions -- testreq2',
 189                srctop_file("test", "testreq2.pem"));
 190
 191 unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
 192
 193 sub run_conversion {
 194     my $title = shift;
 195     my $reqfile = shift;
 196
 197     subtest $title => sub {
 198         run(app(["openssl", @openssl_args,
 199                  "-in", $reqfile, "-inform", "p",
 200                  "-noout", "-text"],
 201                 stderr => "req-check.err", stdout => undef));
 202         open DATA, "req-check.err";
 203         SKIP: {
 204             plan skip_all => "skipping req conversion test for $reqfile"
 205                 if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
 206
 207             tconversion("req", $reqfile, @openssl_args);
 208         }
 209         close DATA;
 210         unlink "req-check.err";
 211
 212         done_testing();
 213     };
 214 }