2 # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
11 use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file);
13 my $test_name = "test_store";
17 ( "test/blahdiblah.pem",
18 "test/blahdibleh.der" );
20 ( "test/testx509.pem",
22 "test/testrsapub.pem",
27 ### generated from the source files
35 ### These examples were pilfered from OpenConnect's test suite
37 "rsa-key-pkcs1.pem", "rsa-key-pkcs1.der",
38 "rsa-key-pkcs1-aes128.pem",
39 "rsa-key-pkcs8.pem", "rsa-key-pkcs8.der",
40 "rsa-key-pkcs8-pbes1-sha1-3des.pem", "rsa-key-pkcs8-pbes1-sha1-3des.der",
41 "rsa-key-pkcs8-pbes2-sha1.pem", "rsa-key-pkcs8-pbes2-sha1.der",
42 "rsa-key-sha1-3des-sha1.p12", "rsa-key-sha1-3des-sha256.p12",
43 "rsa-key-aes256-cbc-sha256.p12",
44 "rsa-key-md5-des-sha1.p12",
45 "rsa-key-aes256-cbc-md5-des-sha256.p12",
46 "rsa-key-pkcs8-pbes2-sha256.pem", "rsa-key-pkcs8-pbes2-sha256.der",
47 "rsa-key-pkcs8-pbes1-md5-des.pem", "rsa-key-pkcs8-pbes1-md5-des.der",
48 "dsa-key-pkcs1.pem", "dsa-key-pkcs1.der",
49 "dsa-key-pkcs1-aes128.pem",
50 "dsa-key-pkcs8.pem", "dsa-key-pkcs8.der",
51 "dsa-key-pkcs8-pbes2-sha1.pem", "dsa-key-pkcs8-pbes2-sha1.der",
52 "dsa-key-aes256-cbc-sha256.p12",
53 "ec-key-pkcs1.pem", "ec-key-pkcs1.der",
54 "ec-key-pkcs1-aes128.pem",
55 "ec-key-pkcs8.pem", "ec-key-pkcs8.der",
56 "ec-key-pkcs8-pbes2-sha1.pem", "ec-key-pkcs8-pbes2-sha1.der",
57 "ec-key-aes256-cbc-sha256.p12",
60 my $n = (2 * scalar @noexist_files)
61 + (5 * scalar @src_files)
62 + (3 * scalar @generated_files);
66 indir "store_$$" => sub {
69 skip "failed initialisation", $n unless init();
71 foreach (@noexist_files) {
72 my $file = srctop_file($_);
73 ok(!run(app(["openssl", "storeutl", $file])));
74 ok(!run(app(["openssl", "storeutl", to_file_uri($file)])));
76 foreach (@src_files) {
77 my $file = srctop_file($_);
78 ok(run(app(["openssl", "storeutl", $file])));
79 ok(run(app(["openssl", "storeutl", to_file_uri($file)])));
80 ok(run(app(["openssl", "storeutl", to_file_uri($file, 0,
82 ok(run(app(["openssl", "storeutl", to_file_uri($file, 0,
84 ok(!run(app(["openssl", "storeutl", to_file_uri($file, 0,
87 foreach (@generated_files) {
90 skip "PKCS#12 files not currently supported", 3 if m|\.p12$|;
92 ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
94 ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
96 ok(!run(app(["openssl", "storeutl", "-passin", "pass:password",
97 to_rel_file_uri($_)])));
101 }, create => 1, cleanup => 1;
106 run(app(["openssl", "genrsa",
107 "-out", "rsa-key-pkcs1.pem", "2432"]))
109 && run(app(["openssl", "dsaparam", "-genkey",
110 "-out", "dsa-key-pkcs1.pem", "1024"]))
111 # ec-key-pkcs1.pem (one might think that 'genec' would be practical)
112 && run(app(["openssl", "ecparam", "-genkey", "-name", "prime256v1",
113 "-out", "ec-key-pkcs1.pem"]))
114 # rsa-key-pkcs1-aes128.pem
115 && run(app(["openssl", "rsa", "-passout", "pass:password", "-aes128",
116 "-in", "rsa-key-pkcs1.pem",
117 "-out", "rsa-key-pkcs1-aes128.pem"]))
118 # dsa-key-pkcs1-aes128.pem
119 && run(app(["openssl", "dsa", "-passout", "pass:password", "-aes128",
120 "-in", "dsa-key-pkcs1.pem",
121 "-out", "dsa-key-pkcs1-aes128.pem"]))
122 # ec-key-pkcs1-aes128.pem
123 && run(app(["openssl", "ec", "-passout", "pass:password", "-aes128",
124 "-in", "ec-key-pkcs1.pem",
125 "-out", "ec-key-pkcs1-aes128.pem"]))
129 (my $srcfile = $dstfile)
130 =~ s/-key-pkcs8\.pem$/-key-pkcs1.pem/i;
131 run(app(["openssl", "pkcs8", "-topk8", "-nocrypt",
132 "-in", $srcfile, "-out", $dstfile]));
133 }, grep(/-key-pkcs8\.pem$/, @generated_files))
134 # *-key-pkcs8-pbes1-sha1-3des.pem
137 (my $srcfile = $dstfile)
138 =~ s/-key-pkcs8-pbes1-sha1-3des\.pem$
140 run(app(["openssl", "pkcs8", "-topk8",
141 "-passout", "pass:password",
142 "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC",
143 "-in", $srcfile, "-out", $dstfile]));
144 }, grep(/-key-pkcs8-pbes1-sha1-3des\.pem$/, @generated_files))
145 # *-key-pkcs8-pbes1-md5-des.pem
148 (my $srcfile = $dstfile)
149 =~ s/-key-pkcs8-pbes1-md5-des\.pem$
151 run(app(["openssl", "pkcs8", "-topk8",
152 "-passout", "pass:password",
153 "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC",
154 "-in", $srcfile, "-out", $dstfile]));
155 }, grep(/-key-pkcs8-pbes1-md5-des\.pem$/, @generated_files))
156 # *-key-pkcs8-pbes2-sha1.pem
159 (my $srcfile = $dstfile)
160 =~ s/-key-pkcs8-pbes2-sha1\.pem$
162 run(app(["openssl", "pkcs8", "-topk8",
163 "-passout", "pass:password",
164 "-v2", "aes256", "-v2prf", "hmacWithSHA1",
165 "-in", $srcfile, "-out", $dstfile]));
166 }, grep(/-key-pkcs8-pbes2-sha1\.pem$/, @generated_files))
167 # *-key-pkcs8-pbes2-sha1.pem
170 (my $srcfile = $dstfile)
171 =~ s/-key-pkcs8-pbes2-sha256\.pem$
173 run(app(["openssl", "pkcs8", "-topk8",
174 "-passout", "pass:password",
175 "-v2", "aes256", "-v2prf", "hmacWithSHA256",
176 "-in", $srcfile, "-out", $dstfile]));
177 }, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
178 # *.der (the end all init)
181 (my $srcfile = $dstfile) =~ s/\.der$/.pem/i;
183 $srcfile = srctop_file("test", $srcfile);
186 unless (open $infh, $srcfile) {
190 while (($l = <$infh>) !~ /^-----BEGIN\s/
191 || $l =~ /^-----BEGIN.*PARAMETERS-----/) {
194 while (($l = <$infh>) !~ /^-----END\s/) {
196 $b64 .= $l unless $l =~ /:/;
199 my $der = decode_base64($b64);
200 unless (length($b64) / 4 * 3 - length($der) < 3) {
201 print STDERR "Length error, ",length($b64),
202 " bytes of base64 became ",length($der),
203 " bytes of der? ($srcfile => $dstfile)\n";
207 unless (open $outfh, ">:raw", $dstfile) {
213 }, grep(/\.der$/, @generated_files))
218 my ($function, @items) = @_;
221 return 0 unless $function->($_);
226 # According to RFC8089, a relative file: path is invalid. We still produce
227 # them for testing purposes.
228 sub to_rel_file_uri {
229 my ($file, $isdir, $authority) = @_;
233 die "to_rel_file_uri: No file given\n" if !defined($file) || $file eq '';
235 ($vol, $dir, $file) = File::Spec->splitpath($file, $isdir // 0);
237 # Make sure we have a Unix style directory.
238 $dir = join('/', File::Spec->splitdir($dir));
239 # Canonicalise it (note: it seems to be only needed on Unix)
242 $newdir =~ s|/[^/]*[^/\.]+[^/]*/\.\./|/|g;
243 last if $newdir eq $dir;
246 # Take care of the corner cases the loop can't handle, and that $dir
247 # ends with a / unless it's empty
248 $dir =~ s|/[^/]*[^/\.]+[^/]*/\.\.$|/|;
249 $dir =~ s|^[^/]*[^/\.]+[^/]*/\.\./|/|;
250 $dir =~ s|^[^/]*[^/\.]+[^/]*/\.\.$||;
252 $dir =~ s|/$|| if $dir ne '/';
254 $dir .= '/' if $dir ne '' && $dir !~ m|/$|;
257 # If the file system has separate volumes (at present, Windows and VMS)
258 # we need to handle them. In URIs, they are invariably the first
259 # component of the path, which is always absolute.
260 # On VMS, user:[foo.bar] translates to /user/foo/bar
261 # On Windows, c:\Users\Foo translates to /c:/Users/Foo
263 $vol =~ s|:||g if ($^O eq "VMS");
264 $dir = '/' . $dir if $dir ne '' && $dir !~ m|^/|;
265 $dir = '/' . $vol . $dir;
267 $file = $dir . $file;
269 return "file://$authority$file" if defined $authority;
274 my ($file, $isdir, $authority) = @_;
276 die "to_file_uri: No file given\n" if !defined($file) || $file eq '';
277 return to_rel_file_uri(File::Spec->rel2abs($file), $isdir, $authority);