use File::Spec;
use MIME::Base64;
-use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file);
+use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file data_file);
my $test_name = "test_store";
setup($test_name);
"dummy")])));
}
foreach (@generated_files) {
- SKIP:
- {
- skip "PKCS#12 files not currently supported", 3 if m|\.p12$|;
-
- ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
- $_])));
- ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
- to_file_uri($_)])));
- ok(!run(app(["openssl", "storeutl", "-passin", "pass:password",
- to_rel_file_uri($_)])));
- }
+ ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
+ $_])));
+ ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
+ to_file_uri($_)])));
+ ok(!run(app(["openssl", "storeutl", "-passin", "pass:password",
+ to_rel_file_uri($_)])));
}
}
}, create => 1, cleanup => 1;
"-v2", "aes256", "-v2prf", "hmacWithSHA256",
"-in", $srcfile, "-out", $dstfile]));
}, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
+ # *-cert.pem (intermediary for the .p12 inits)
+ && run(app(["openssl", "req", "-x509",
+ "-config", data_file("ca.cnf"), "-nodes",
+ "-out", "cacert.pem", "-keyout", "cakey.pem"]))
+ && runall(sub {
+ my $srckey = shift;
+ (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|;
+ (my $csr = $dstfile) =~ s|\.pem|.csr|;
+
+ (run(app(["openssl", "req", "-new",
+ "-config", data_file("user.cnf"),
+ "-key", $srckey, "-out", $csr]))
+ &&
+ run(app(["openssl", "x509", "-days", "3650",
+ "-CA", "cacert.pem",
+ "-CAkey", "cakey.pem",
+ "-set_serial", time(), "-req",
+ "-in", $csr, "-out", $dstfile])));
+ }, grep(/-key-pkcs8\.pem$/, @generated_files))
+ # *.p12
+ && runall(sub {
+ my $dstfile = shift;
+ my ($type, $certpbe_index, $keypbe_index,
+ $macalg_index) =
+ $dstfile =~ m{^(.*)-key-(?|
+ # cert and key PBE are same
+ () #
+ ([^-]*-[^-]*)- # key & cert PBE
+ ([^-]*) # MACalg
+ |
+ # cert and key PBE are not same
+ ([^-]*-[^-]*)- # cert PBE
+ ([^-]*-[^-]*)- # key PBE
+ ([^-]*) # MACalg
+ )\.}x;
+ if (!$certpbe_index) {
+ $certpbe_index = $keypbe_index;
+ }
+ my $srckey = "$type-key-pkcs8.pem";
+ my $srccert = "$type-cert.pem";
+ my %pbes =
+ (
+ "sha1-3des" => "pbeWithSHA1And3-KeyTripleDES-CBC",
+ "md5-des" => "pbeWithMD5AndDES-CBC",
+ "aes256-cbc" => "AES-256-CBC",
+ );
+ my %macalgs =
+ (
+ "sha1" => "SHA1",
+ "sha256" => "SHA256",
+ );
+ my $certpbe = $pbes{$certpbe_index};
+ my $keypbe = $pbes{$keypbe_index};
+ my $macalg = $macalgs{$macalg_index};
+ if (!defined($certpbe) || !defined($keypbe)
+ || !defined($macalg)) {
+ print STDERR "Cert PBE for $pbe_index not defined\n"
+ unless defined $certpbe;
+ print STDERR "Key PBE for $pbe_index not defined\n"
+ unless defined $keypbe;
+ print STDERR "MACALG for $macalg_index not defined\n"
+ unless defined $macalg;
+ print STDERR "(destination file was $dstfile)\n";
+ return 0;
+ }
+ run(app(["openssl", "pkcs12", "-inkey", $srckey,
+ "-in", $srccert, "-passout", "pass:password",
+ "-export", "-macalg", $macalg,
+ "-certpbe", $certpbe, "-keypbe", $keypbe,
+ "-out", $dstfile]));
+ }, grep(/\.p12/, @generated_files))
# *.der (the end all init)
&& runall(sub {
my $dstfile = shift;
--- /dev/null
+####################################################################
+[ req ]
+default_bits = 2432
+default_keyfile = cakey.pem
+default_md = sha256
+distinguished_name = req_DN
+string_mask = utf8only
+x509_extensions = v3_selfsign
+
+[ req_DN ]
+commonName = "Common Name"
+commonName_value = "CA"
+
+[ v3_selfsign ]
+basicConstraints = critical,CA:true
+keyUsage = keyCertSign
+subjectKeyIdentifier=hash
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA
+certificate = ./demoCA/cacert.pem
+serial = ./demoCA/serial
+private_key = ./demoCA/private/cakey.pem
+new_certs_dir = ./demoCA/newcerts
+
+certificate = cacert.pem
+private_key = cakey.pem
+
+x509_extensions = v3_user
+
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+policy = policy_anything
+
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ v3_user ]
+basicConstraints=critical,CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+issuerAltName=issuer:copy
+
projects / oweals / openssl.git / commitdiff