From 4a954b56c9db99c7644b40630a02865a98123e9c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 1 May 2008 23:30:06 +0000 Subject: [PATCH] Use "cont" consistently in cms-examples.pl Add a -certsout option to output any certificates in a message. Add test for example 4.11 --- apps/cms.c | 22 ++++++++++++++++++++++ doc/apps/cms.pod | 5 +++++ test/cms-examples.pl | 26 +++++++++++++++++++++++--- 3 files changed, 50 insertions(+), 3 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index b1ffb382ad..42bdb69eb2 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -107,6 +107,7 @@ int MAIN(int argc, char **argv) char *signerfile = NULL, *recipfile = NULL; STACK *sksigners = NULL, *skkeys = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; + char *certsoutfile = NULL; const EVP_CIPHER *cipher = NULL; CMS_ContentInfo *cms = NULL, *rcms = NULL; X509_STORE *store = NULL; @@ -397,6 +398,12 @@ int MAIN(int argc, char **argv) goto argerr; recipfile = *++args; } + else if (!strcmp (*args, "-certsout")) + { + if (!args[1]) + goto argerr; + certsoutfile = *++args; + } else if (!strcmp (*args, "-md")) { if (!args[1]) @@ -602,6 +609,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); BIO_printf (bio_err, "-binary don't translate message to text\n"); BIO_printf (bio_err, "-certfile file other certificates file\n"); + BIO_printf (bio_err, "-certsout file certificate output file\n"); BIO_printf (bio_err, "-signer file signer certificate file\n"); BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); BIO_printf (bio_err, "-skeyid use subject key identifier\n"); @@ -797,6 +805,20 @@ int MAIN(int argc, char **argv) goto end; } } + if (certsoutfile) + { + STACK_OF(X509) *allcerts; + allcerts = CMS_get1_certs(cms); + if (!save_certs(certsoutfile, allcerts)) + { + BIO_printf(bio_err, + "Error writing certs to %s\n", + certsoutfile); + ret = 5; + goto end; + } + sk_X509_pop_free(allcerts, X509_free); + } } if (rctfile) diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index b2505c6948..9690194f38 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -55,6 +55,7 @@ B B [B<-binary>] [B<-nodetach>] [B<-certfile file>] +[B<-certsout file>] [B<-signer file>] [B<-recip file>] [B<-keyid>] @@ -312,6 +313,10 @@ allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in PEM format. +=item B<-certsout file> + +any certificates contained in to the message are written to B. + =item B<-signer file> a signing certificate when signing or resigning a message, this option can be diff --git a/test/cms-examples.pl b/test/cms-examples.pl index 62290db275..2e95b48ba4 100644 --- a/test/cms-examples.pl +++ b/test/cms-examples.pl @@ -78,17 +78,17 @@ elsif (-f "..\\out32\\openssl.exe") my @test_list = ( [ "3.1.bin" => "dataout" ], [ "3.2.bin" => "encode, dataout" ], - [ "4.1.bin" => "encode, verifyder, content, dss" ], + [ "4.1.bin" => "encode, verifyder, cont, dss" ], [ "4.2.bin" => "encode, verifyder, cont, rsa" ], [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], [ "4.4.bin" => "encode, verifyder, cont, dss" ], - [ "4.5.bin" => "verifyder, content, rsa" ], + [ "4.5.bin" => "verifyder, cont, rsa" ], [ "4.6.bin" => "encode, verifyder, cont, dss" ], [ "4.7.bin" => "encode, verifyder, cont, dss" ], [ "4.8.eml" => "verifymime, dss" ], [ "4.9.eml" => "verifymime, dss" ], [ "4.10.bin" => "encode, verifyder, cont, dss" ], - [ "4.11.bin" => "encode" ], + [ "4.11.bin" => "encode, certsout" ], [ "5.1.bin" => "encode, envelopeder, cont" ], [ "5.2.bin" => "encode, envelopeder, cont" ], [ "5.3.eml" => "envelopemime, cont" ], @@ -151,6 +151,9 @@ foreach (@test_list) { if ( $tlist =~ /encode/ ) { run_reencode_test( $exdir, $file ); } + if ( $tlist =~ /certsout/ ) { + run_certsout_test( $exdir, $file ); + } if ( $tlist =~ /dataout/ ) { run_dataout_test( $exdir, $file ); } @@ -216,6 +219,23 @@ sub run_reencode_test { } } +sub run_certsout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + unlink "tmp.pem"; + + system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tCertificate output command FAILED!!\n"; + $badtest++; + } + else { + print "\tCertificate output passed\n" if $verbose; + } +} + sub run_dataout_test { my ( $cmsdir, $tfile ) = @_; unlink "tmp.txt"; -- 2.25.1