1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#! /usr/bin/env perl
# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
use OpenSSL::Test::Utils;
setup("test_verify_store");
plan tests => 10;
my $dummycnf = srctop_file("apps", "openssl.cnf");
my $cakey = srctop_file("test", "certs", "ca-key.pem");
my $ukey = srctop_file("test", "certs", "ee-key.pem");
my $cnf = srctop_file("test", "ca-and-certs.cnf");
my $CAkey = "keyCA.ss";
my $CAcert="certCA.ss";
my $CAserial="certCA.srl";
my $CAreq="reqCA.ss";
my $CAreq2="req2CA.ss"; # temp
my $Ukey="keyU.ss";
my $Ureq="reqU.ss";
my $Ucert="certU.ss";
SKIP: {
req( 'make cert request',
qw(-new -section userreq),
-config => $cnf,
-out => $CAreq,
-key => $cakey,
-keyout => $CAkey );
skip 'failure', 8 unless
x509( 'convert request into self-signed cert',
qw(-req -CAcreateserial -days 30),
qw(-extensions v3_ca),
-in => $CAreq,
-out => $CAcert,
-signkey => $CAkey,
-extfile => $cnf );
skip 'failure', 7 unless
x509( 'convert cert into a cert request',
qw(-x509toreq),
-in => $CAcert,
-out => $CAreq2,
-signkey => $CAkey );
skip 'failure', 6 unless
req( 'verify request 1',
qw(-verify -noout -section userreq),
-config => $dummycnf,
-in => $CAreq );
skip 'failure', 5 unless
req( 'verify request 2',
qw(-verify -noout -section userreq),
-config => $dummycnf,
-in => $CAreq2 );
skip 'failure', 4 unless
verify( 'verify signature',
-CAstore => $CAcert,
$CAcert );
skip 'failure', 3 unless
req( 'make a user cert request',
qw(-new -section userreq),
-config => $cnf,
-out => $Ureq,
-key => $ukey,
-keyout => $Ukey );
skip 'failure', 2 unless
x509( 'sign user cert request',
qw(-req -CAcreateserial -days 30 -extensions v3_ee),
-in => $Ureq,
-out => $Ucert,
-CA => $CAcert,
-CAkey => $CAkey,
-CAserial => $CAserial,
-extfile => $cnf )
&& verify( undef,
-CAstore => $CAcert,
$Ucert );
skip 'failure', 0 unless
x509( 'Certificate details',
qw(-subject -issuer -startdate -enddate -noout),
-in => $Ucert );
}
sub verify {
my $title = shift;
ok(run(app([qw(openssl verify), @_])), $title);
}
sub req {
my $title = shift;
ok(run(app([qw(openssl req), @_])), $title);
}
sub x509 {
my $title = shift;
ok(run(app([qw(openssl x509), @_])), $title);
}
|
