From 4650de3e431d123e988821215f6473e93c3d4b17 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 17 Apr 2015 20:15:22 +0200 Subject: [PATCH] Add recipes for tests related to certificates Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz --- test/recipes/25-test_crl.t | 18 ++++++++++++++ test/recipes/25-test_gen.t | 44 +++++++++++++++++++++++++++++++++++ test/recipes/25-test_pkcs7.t | 21 +++++++++++++++++ test/recipes/25-test_req.t | 44 +++++++++++++++++++++++++++++++++++ test/recipes/25-test_sid.t | 18 ++++++++++++++ test/recipes/25-test_verify.t | 16 +++++++++++++ test/recipes/25-test_x509.t | 24 +++++++++++++++++++ 7 files changed, 185 insertions(+) create mode 100644 test/recipes/25-test_crl.t create mode 100644 test/recipes/25-test_gen.t create mode 100644 test/recipes/25-test_pkcs7.t create mode 100644 test/recipes/25-test_req.t create mode 100644 test/recipes/25-test_sid.t create mode 100644 test/recipes/25-test_verify.t create mode 100644 test/recipes/25-test_x509.t diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t new file mode 100644 index 0000000000..3bcd2d1e4a --- /dev/null +++ b/test/recipes/25-test_crl.t @@ -0,0 +1,18 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use File::Spec; +use Test::More; +use OpenSSL::Test qw/:DEFAULT top_file/; + +setup("test_crl"); + +plan tests => 2; + +require_ok(top_file('test','recipes','tconversion.pl')); + +subtest 'crl conversions' => sub { + tconversion("crl", top_file("test","testcrl.pem")); +}; diff --git a/test/recipes/25-test_gen.t b/test/recipes/25-test_gen.t new file mode 100644 index 0000000000..2f50ee4cb3 --- /dev/null +++ b/test/recipes/25-test_gen.t @@ -0,0 +1,44 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use File::Spec; +use Test::More; +use OpenSSL::Test qw/:DEFAULT top_file/; + +setup("test_gen"); + +plan tests => 1; + +my $T = "testcert"; +my $KEY = 512; +my $CA = top_file("certs", "testca.pem"); + +unlink "$T.1", "$T.2", "$T.key"; +open RND, ">>", ".rnd"; +print RND "string to make the random number generator think it has entropy"; +close RND; + +subtest "generating certificate requests" => sub { + my @req_new; + if (run(app(["openssl", "no-rsa"], stdout => undef))) { + @req_new = ("-newkey", "dsa:".top_file("apps", "dsa512.pem")); + } else { + @req_new = ("-new"); + note("There should be a 2 sequences of .'s and some +'s."); + note("There should not be more that at most 80 per line"); + } + + unlink "testkey.pem", "testreq.pem"; + + plan tests => 2; + + ok(run(app(["openssl", "req", "-config", top_file("test", "test.cnf"), + @req_new, "-out", "testreq.pem"])), + "Generating request"); + + ok(run(app(["openssl", "req", "-config", top_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); +}; diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t new file mode 100644 index 0000000000..586c9180fb --- /dev/null +++ b/test/recipes/25-test_pkcs7.t @@ -0,0 +1,21 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use File::Spec; +use Test::More; +use OpenSSL::Test qw/:DEFAULT top_file/; + +setup("test_pkcs7"); + +plan tests => 3; + +require_ok(top_file('test','recipes','tconversion.pl')); + +subtest 'pkcs7 conversions -- pkcs7' => sub { + tconversion("p7", top_file("test", "testp7.pem"), "pkcs7"); +}; +subtest 'pkcs7 conversions -- pkcs7d' => sub { + tconversion("p7d", top_file("test", "pkcs7-1.pem"), "pkcs7"); +}; diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t new file mode 100644 index 0000000000..50c18a9c1b --- /dev/null +++ b/test/recipes/25-test_req.t @@ -0,0 +1,44 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use File::Spec; +use Test::More; +use OpenSSL::Test qw/:DEFAULT top_file/; + +setup("test_req"); + +plan tests => 3; + +require_ok(top_file('test','recipes','tconversion.pl')); + +my @openssl_args = ("req", "-config", "../apps/openssl.cnf"); + +run_conversion('req conversions', + "testreq.pem"); +run_conversion('req conversions -- testreq2', + "testreq2.pem"); + +sub run_conversion { + my $title = shift; + my $reqfile = shift; + + subtest $title => sub { + run(app(["openssl", @openssl_args, + "-in", $reqfile, "-inform", "p", + "-noout", "-text"], + stderr => "req-check.err", stdout => undef)); + open DATA, "req-check.err"; + SKIP: { + plan skip_all => "skipping req conversion test for $reqfile" + if grep /Unknown Public Key/, map { chomp } ; + + tconversion("req", "testreq.pem", @openssl_args); + } + close DATA; + unlink "req-check.err"; + + done_testing(); + }; +} diff --git a/test/recipes/25-test_sid.t b/test/recipes/25-test_sid.t new file mode 100644 index 0000000000..710eab429a --- /dev/null +++ b/test/recipes/25-test_sid.t @@ -0,0 +1,18 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use File::Spec; +use Test::More; +use OpenSSL::Test qw/:DEFAULT top_file/; + +setup("test_sid"); + +plan tests => 2; + +require_ok(top_file('test','recipes','tconversion.pl')); + +subtest 'sid conversions' => sub { + tconversion("sid", top_file("test","testsid.pem"), "sess_id"); +}; diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t new file mode 100644 index 0000000000..032a932b46 --- /dev/null +++ b/test/recipes/25-test_verify.t @@ -0,0 +1,16 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use File::Spec::Functions qw/canonpath/; +use Test::More; +use OpenSSL::Test qw/:DEFAULT top_dir top_file/; + +setup("test_verify"); + +plan tests => 1; + +note("Expect some failures and expired certificate"); +ok(run(app(["openssl", "verify", "-CApath", top_dir("certs", "demo"), + glob(top_file("certs", "demo", "*.pem"))])), "verying demo certs"); diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t new file mode 100644 index 0000000000..5098db46f0 --- /dev/null +++ b/test/recipes/25-test_x509.t @@ -0,0 +1,24 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use File::Spec; +use Test::More; +use OpenSSL::Test qw/:DEFAULT top_file/; + +setup("test_x509"); + +plan tests => 4; + +require_ok(top_file('test','recipes','tconversion.pl')); + +subtest 'x509 -- x.509 v1 certificate' => sub { + tconversion("x509", top_file("test","testx509.pem")); +}; +subtest 'x509 -- first x.509 v3 certificate' => sub { + tconversion("x509", top_file("test","v3-cert1.pem")); +}; +subtest 'x509 -- second x.509 v3 certificate' => sub { + tconversion("x509", top_file("test","v3-cert2.pem")); +}; -- 2.25.1