1*e0c4386eSCy Schubert#! /usr/bin/env perl 2*e0c4386eSCy Schubert# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. 3*e0c4386eSCy Schubert# 4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8*e0c4386eSCy Schubert 9*e0c4386eSCy Schubertuse strict; 10*e0c4386eSCy Schubertuse warnings; 11*e0c4386eSCy Schubert 12*e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/; 13*e0c4386eSCy Schubertuse OpenSSL::Test::Utils; 14*e0c4386eSCy Schubert 15*e0c4386eSCy Schubertsetup("test_verify_store"); 16*e0c4386eSCy Schubert 17*e0c4386eSCy Schubertplan tests => 10; 18*e0c4386eSCy Schubert 19*e0c4386eSCy Schubertmy $dummycnf = srctop_file("apps", "openssl.cnf"); 20*e0c4386eSCy Schubertmy $cakey = srctop_file("test", "certs", "ca-key.pem"); 21*e0c4386eSCy Schubertmy $ukey = srctop_file("test", "certs", "ee-key.pem"); 22*e0c4386eSCy Schubert 23*e0c4386eSCy Schubertmy $cnf = srctop_file("test", "ca-and-certs.cnf"); 24*e0c4386eSCy Schubertmy $CAkey = "keyCA.ss"; 25*e0c4386eSCy Schubertmy $CAcert="certCA.ss"; 26*e0c4386eSCy Schubertmy $CAserial="certCA.srl"; 27*e0c4386eSCy Schubertmy $CAreq="reqCA.ss"; 28*e0c4386eSCy Schubertmy $CAreq2="req2CA.ss"; # temp 29*e0c4386eSCy Schubertmy $Ukey="keyU.ss"; 30*e0c4386eSCy Schubertmy $Ureq="reqU.ss"; 31*e0c4386eSCy Schubertmy $Ucert="certU.ss"; 32*e0c4386eSCy Schubert 33*e0c4386eSCy SchubertSKIP: { 34*e0c4386eSCy Schubert req( 'make cert request', 35*e0c4386eSCy Schubert qw(-new -section userreq), 36*e0c4386eSCy Schubert -config => $cnf, 37*e0c4386eSCy Schubert -out => $CAreq, 38*e0c4386eSCy Schubert -key => $cakey, 39*e0c4386eSCy Schubert -keyout => $CAkey ); 40*e0c4386eSCy Schubert 41*e0c4386eSCy Schubert skip 'failure', 8 unless 42*e0c4386eSCy Schubert x509( 'convert request into self-signed cert', 43*e0c4386eSCy Schubert qw(-req -CAcreateserial -days 30), 44*e0c4386eSCy Schubert qw(-extensions v3_ca), 45*e0c4386eSCy Schubert -in => $CAreq, 46*e0c4386eSCy Schubert -out => $CAcert, 47*e0c4386eSCy Schubert -signkey => $CAkey, 48*e0c4386eSCy Schubert -extfile => $cnf ); 49*e0c4386eSCy Schubert 50*e0c4386eSCy Schubert skip 'failure', 7 unless 51*e0c4386eSCy Schubert x509( 'convert cert into a cert request', 52*e0c4386eSCy Schubert qw(-x509toreq), 53*e0c4386eSCy Schubert -in => $CAcert, 54*e0c4386eSCy Schubert -out => $CAreq2, 55*e0c4386eSCy Schubert -signkey => $CAkey ); 56*e0c4386eSCy Schubert 57*e0c4386eSCy Schubert skip 'failure', 6 unless 58*e0c4386eSCy Schubert req( 'verify request 1', 59*e0c4386eSCy Schubert qw(-verify -noout -section userreq), 60*e0c4386eSCy Schubert -config => $dummycnf, 61*e0c4386eSCy Schubert -in => $CAreq ); 62*e0c4386eSCy Schubert 63*e0c4386eSCy Schubert skip 'failure', 5 unless 64*e0c4386eSCy Schubert req( 'verify request 2', 65*e0c4386eSCy Schubert qw(-verify -noout -section userreq), 66*e0c4386eSCy Schubert -config => $dummycnf, 67*e0c4386eSCy Schubert -in => $CAreq2 ); 68*e0c4386eSCy Schubert 69*e0c4386eSCy Schubert skip 'failure', 4 unless 70*e0c4386eSCy Schubert verify( 'verify signature', 71*e0c4386eSCy Schubert -CAstore => $CAcert, 72*e0c4386eSCy Schubert $CAcert ); 73*e0c4386eSCy Schubert 74*e0c4386eSCy Schubert skip 'failure', 3 unless 75*e0c4386eSCy Schubert req( 'make a user cert request', 76*e0c4386eSCy Schubert qw(-new -section userreq), 77*e0c4386eSCy Schubert -config => $cnf, 78*e0c4386eSCy Schubert -out => $Ureq, 79*e0c4386eSCy Schubert -key => $ukey, 80*e0c4386eSCy Schubert -keyout => $Ukey ); 81*e0c4386eSCy Schubert 82*e0c4386eSCy Schubert skip 'failure', 2 unless 83*e0c4386eSCy Schubert x509( 'sign user cert request', 84*e0c4386eSCy Schubert qw(-req -CAcreateserial -days 30 -extensions v3_ee), 85*e0c4386eSCy Schubert -in => $Ureq, 86*e0c4386eSCy Schubert -out => $Ucert, 87*e0c4386eSCy Schubert -CA => $CAcert, 88*e0c4386eSCy Schubert -CAkey => $CAkey, 89*e0c4386eSCy Schubert -CAserial => $CAserial, 90*e0c4386eSCy Schubert -extfile => $cnf ) 91*e0c4386eSCy Schubert && verify( undef, 92*e0c4386eSCy Schubert -CAstore => $CAcert, 93*e0c4386eSCy Schubert $Ucert ); 94*e0c4386eSCy Schubert 95*e0c4386eSCy Schubert skip 'failure', 0 unless 96*e0c4386eSCy Schubert x509( 'Certificate details', 97*e0c4386eSCy Schubert qw(-subject -issuer -startdate -enddate -noout), 98*e0c4386eSCy Schubert -in => $Ucert ); 99*e0c4386eSCy Schubert} 100*e0c4386eSCy Schubert 101*e0c4386eSCy Schubertsub verify { 102*e0c4386eSCy Schubert my $title = shift; 103*e0c4386eSCy Schubert 104*e0c4386eSCy Schubert ok(run(app([qw(openssl verify), @_])), $title); 105*e0c4386eSCy Schubert} 106*e0c4386eSCy Schubert 107*e0c4386eSCy Schubertsub req { 108*e0c4386eSCy Schubert my $title = shift; 109*e0c4386eSCy Schubert 110*e0c4386eSCy Schubert ok(run(app([qw(openssl req), @_])), $title); 111*e0c4386eSCy Schubert} 112*e0c4386eSCy Schubert 113*e0c4386eSCy Schubertsub x509 { 114*e0c4386eSCy Schubert my $title = shift; 115*e0c4386eSCy Schubert 116*e0c4386eSCy Schubert ok(run(app([qw(openssl x509), @_])), $title); 117*e0c4386eSCy Schubert} 118