xref: /netbsd-src/crypto/external/bsd/openssl/dist/test/recipes/25-test_req.t (revision cef8759bd76c1b621f8eab8faa6f208faabc2e15) 
1#! /usr/bin/env perl
2# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the OpenSSL license (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use OpenSSL::Test::Utils;
14use OpenSSL::Test qw/:DEFAULT srctop_file/;
15
16setup("test_req");
17
18plan tests => 12;
19
20require_ok(srctop_file('test','recipes','tconversion.pl'));
21
22open RND, ">>", ".rnd";
23print RND "string to make the random number generator think it has randomness";
24close RND;
25
26# What type of key to generate?
27my @req_new;
28if (disabled("rsa")) {
29    @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
30} else {
31    @req_new = ("-new");
32    note("There should be a 2 sequences of .'s and some +'s.");
33    note("There should not be more that at most 80 per line");
34}
35
36# Check for duplicate -addext parameters, and one "working" case.
37my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
38    "-config", srctop_file("test", "test.cnf"), @req_new );
39my $val = "subjectAltName=DNS:example.com";
40my $val2 = " " . $val;
41my $val3 = $val;
42$val3 =~ s/=/    =/;
43ok( run(app([@addext_args, "-addext", $val])));
44ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
45ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
46ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
47ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
48
49subtest "generating certificate requests with RSA" => sub {
50    plan tests => 2;
51
52    SKIP: {
53        skip "RSA is not supported by this OpenSSL build", 2
54            if disabled("rsa");
55
56        ok(run(app(["openssl", "req",
57                    "-config", srctop_file("test", "test.cnf"),
58                    "-new", "-out", "testreq.pem", "-utf8",
59                    "-key", srctop_file("test", "testrsa.pem")])),
60           "Generating request");
61
62        ok(run(app(["openssl", "req",
63                    "-config", srctop_file("test", "test.cnf"),
64                    "-verify", "-in", "testreq.pem", "-noout"])),
65           "Verifying signature on request");
66    }
67};
68
69subtest "generating certificate requests with DSA" => sub {
70    plan tests => 2;
71
72    SKIP: {
73        skip "DSA is not supported by this OpenSSL build", 2
74            if disabled("dsa");
75
76        ok(run(app(["openssl", "req",
77                    "-config", srctop_file("test", "test.cnf"),
78                    "-new", "-out", "testreq.pem", "-utf8",
79                    "-key", srctop_file("test", "testdsa.pem")])),
80           "Generating request");
81
82        ok(run(app(["openssl", "req",
83                    "-config", srctop_file("test", "test.cnf"),
84                    "-verify", "-in", "testreq.pem", "-noout"])),
85           "Verifying signature on request");
86    }
87};
88
89subtest "generating certificate requests with ECDSA" => sub {
90    plan tests => 2;
91
92    SKIP: {
93        skip "ECDSA is not supported by this OpenSSL build", 2
94            if disabled("ec");
95
96        ok(run(app(["openssl", "req",
97                    "-config", srctop_file("test", "test.cnf"),
98                    "-new", "-out", "testreq.pem", "-utf8",
99                    "-key", srctop_file("test", "testec-p256.pem")])),
100           "Generating request");
101
102        ok(run(app(["openssl", "req",
103                    "-config", srctop_file("test", "test.cnf"),
104                    "-verify", "-in", "testreq.pem", "-noout"])),
105           "Verifying signature on request");
106    }
107};
108
109subtest "generating certificate requests" => sub {
110    plan tests => 2;
111
112    ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
113                @req_new, "-out", "testreq.pem"])),
114       "Generating request");
115
116    ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
117                "-verify", "-in", "testreq.pem", "-noout"])),
118       "Verifying signature on request");
119};
120
121my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
122
123run_conversion('req conversions',
124               "testreq.pem");
125run_conversion('req conversions -- testreq2',
126               srctop_file("test", "testreq2.pem"));
127
128unlink "testkey.pem", "testreq.pem";
129
130sub run_conversion {
131    my $title = shift;
132    my $reqfile = shift;
133
134    subtest $title => sub {
135        run(app(["openssl", @openssl_args,
136                 "-in", $reqfile, "-inform", "p",
137                 "-noout", "-text"],
138                stderr => "req-check.err", stdout => undef));
139        open DATA, "req-check.err";
140        SKIP: {
141            plan skip_all => "skipping req conversion test for $reqfile"
142                if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
143
144            tconversion("req", $reqfile, @openssl_args);
145        }
146        close DATA;
147        unlink "req-check.err";
148
149        done_testing();
150    };
151}
152