test/recipes/25-test_verify_store.t - third_party/openssl - Git at Google

 #! /usr/bin/env perl
 # Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html

 use strict;
 use warnings;

 use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
 use OpenSSL::Test::Utils;

 setup("test_verify_store");

 plan tests => 10;

 my $dummycnf = srctop_file("apps", "openssl.cnf");
 my $cakey = srctop_file("test", "certs", "ca-key.pem");
 my $ukey = srctop_file("test", "certs", "ee-key.pem");

 my $cnf = srctop_file("test", "ca-and-certs.cnf");
 my $CAkey = "keyCA.ss";
 my $CAcert="certCA.ss";
 my $CAserial="certCA.srl";
 my $CAreq="reqCA.ss";
 my $CAreq2="req2CA.ss"; # temp
 my $Ukey="keyU.ss";
 my $Ureq="reqU.ss";
 my $Ucert="certU.ss";

 SKIP: {
     req( 'make cert request',
          qw(-new -section userreq),
          -config       => $cnf,
          -out          => $CAreq,
          -key          => $cakey,
          -keyout       => $CAkey );

     skip 'failure', 8 unless
         x509( 'convert request into self-signed cert',
               qw(-req -CAcreateserial -days 30),
               qw(-extensions v3_ca),
               -in       => $CAreq,
               -out      => $CAcert,
               -signkey  => $CAkey,
               -extfile  => $cnf );

     skip 'failure', 7 unless
         x509( 'convert cert into a cert request',
               qw(-x509toreq),
               -in       => $CAcert,
               -out      => $CAreq2,
               -signkey  => $CAkey );

     skip 'failure', 6 unless
         req( 'verify request 1',
              qw(-verify -noout -section userreq),
              -config    => $dummycnf,
              -in        => $CAreq );

     skip 'failure', 5 unless
         req( 'verify request 2',
              qw(-verify -noout -section userreq),
              -config    => $dummycnf,
              -in        => $CAreq2 );

     skip 'failure', 4 unless
         verify( 'verify signature',
                 -CAstore => $CAcert,
                 $CAcert );

     skip 'failure', 3 unless
         req( 'make a user cert request',
              qw(-new -section userreq),
              -config  => $cnf,
              -out     => $Ureq,
              -key     => $ukey,
              -keyout  => $Ukey );

     skip 'failure', 2 unless
         x509( 'sign user cert request',
               qw(-req -CAcreateserial -days 30 -extensions v3_ee),
               -in     => $Ureq,
               -out    => $Ucert,
               -CA     => $CAcert,
               -CAkey  => $CAkey,
               -CAserial => $CAserial,
               -extfile => $cnf )
         && verify( undef,
                    -CAstore => $CAcert,
                    $Ucert );

     skip 'failure', 0 unless
         x509( 'Certificate details',
               qw(-subject -issuer -startdate -enddate -noout),
               -in     => $Ucert );
 }

 sub verify {
     my $title = shift;

     ok(run(app([qw(openssl verify), @_])), $title);
 }

 sub req {
     my $title = shift;

     ok(run(app([qw(openssl req), @_])), $title);
 }

 sub x509 {
     my $title = shift;

     ok(run(app([qw(openssl x509), @_])), $title);
 }
	#! /usr/bin/env perl
	# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	#
	# Licensed under the Apache License 2.0 (the "License"). You may not use
	# this file except in compliance with the License. You can obtain a copy
	# in the file LICENSE in the source distribution or at
	# https://www.openssl.org/source/license.html

	use strict;
	use warnings;

	use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
	use OpenSSL::Test::Utils;

	setup("test_verify_store");

	plan tests => 10;

	my $dummycnf = srctop_file("apps", "openssl.cnf");
	my $cakey = srctop_file("test", "certs", "ca-key.pem");
	my $ukey = srctop_file("test", "certs", "ee-key.pem");

	my $cnf = srctop_file("test", "ca-and-certs.cnf");
	my $CAkey = "keyCA.ss";
	my $CAcert="certCA.ss";
	my $CAserial="certCA.srl";
	my $CAreq="reqCA.ss";
	my $CAreq2="req2CA.ss"; # temp
	my $Ukey="keyU.ss";
	my $Ureq="reqU.ss";
	my $Ucert="certU.ss";

	SKIP: {
	req( 'make cert request',
	qw(-new -section userreq),
	-config => $cnf,
	-out => $CAreq,
	-key => $cakey,
	-keyout => $CAkey );

	skip 'failure', 8 unless
	x509( 'convert request into self-signed cert',
	qw(-req -CAcreateserial -days 30),
	qw(-extensions v3_ca),
	-in => $CAreq,
	-out => $CAcert,
	-signkey => $CAkey,
	-extfile => $cnf );

	skip 'failure', 7 unless
	x509( 'convert cert into a cert request',
	qw(-x509toreq),
	-in => $CAcert,
	-out => $CAreq2,
	-signkey => $CAkey );

	skip 'failure', 6 unless
	req( 'verify request 1',
	qw(-verify -noout -section userreq),
	-config => $dummycnf,
	-in => $CAreq );

	skip 'failure', 5 unless
	req( 'verify request 2',
	qw(-verify -noout -section userreq),
	-config => $dummycnf,
	-in => $CAreq2 );

	skip 'failure', 4 unless
	verify( 'verify signature',
	-CAstore => $CAcert,
	$CAcert );

	skip 'failure', 3 unless
	req( 'make a user cert request',
	qw(-new -section userreq),
	-config => $cnf,
	-out => $Ureq,
	-key => $ukey,
	-keyout => $Ukey );

	skip 'failure', 2 unless
	x509( 'sign user cert request',
	qw(-req -CAcreateserial -days 30 -extensions v3_ee),
	-in => $Ureq,
	-out => $Ucert,
	-CA => $CAcert,
	-CAkey => $CAkey,
	-CAserial => $CAserial,
	-extfile => $cnf )
	&& verify( undef,
	-CAstore => $CAcert,
	$Ucert );

	skip 'failure', 0 unless
	x509( 'Certificate details',
	qw(-subject -issuer -startdate -enddate -noout),
	-in => $Ucert );
	}

	sub verify {
	my $title = shift;

	ok(run(app([qw(openssl verify), @_])), $title);
	}

	sub req {
	my $title = shift;

	ok(run(app([qw(openssl req), @_])), $title);
	}

	sub x509 {
	my $title = shift;

	ok(run(app([qw(openssl x509), @_])), $title);
	}