#! /usr/bin/env perl # Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html use strict; use warnings; use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/; use OpenSSL::Test::Utils; setup("test_verify_store"); plan tests => 10; my $dummycnf = srctop_file("apps", "openssl.cnf"); my $cakey = srctop_file("test", "certs", "ca-key.pem"); my $ukey = srctop_file("test", "certs", "ee-key.pem"); my $cnf = srctop_file("test", "ca-and-certs.cnf"); my $CAkey = "keyCA.ss"; my $CAcert="certCA.ss"; my $CAserial="certCA.srl"; my $CAreq="reqCA.ss"; my $CAreq2="req2CA.ss"; # temp my $Ukey="keyU.ss"; my $Ureq="reqU.ss"; my $Ucert="certU.ss"; SKIP: { req( 'make cert request', qw(-new -section userreq), -config => $cnf, -out => $CAreq, -key => $cakey, -keyout => $CAkey ); skip 'failure', 8 unless x509( 'convert request into self-signed cert', qw(-req -CAcreateserial -days 30), qw(-extensions v3_ca), -in => $CAreq, -out => $CAcert, -signkey => $CAkey, -extfile => $cnf ); skip 'failure', 7 unless x509( 'convert cert into a cert request', qw(-x509toreq), -in => $CAcert, -out => $CAreq2, -signkey => $CAkey ); skip 'failure', 6 unless req( 'verify request 1', qw(-verify -noout -section userreq), -config => $dummycnf, -in => $CAreq ); skip 'failure', 5 unless req( 'verify request 2', qw(-verify -noout -section userreq), -config => $dummycnf, -in => $CAreq2 ); skip 'failure', 4 unless verify( 'verify signature', -CAstore => $CAcert, $CAcert ); skip 'failure', 3 unless req( 'make a user cert request', qw(-new -section userreq), -config => $cnf, -out => $Ureq, -key => $ukey, -keyout => $Ukey ); skip 'failure', 2 unless x509( 'sign user cert request', qw(-req -CAcreateserial -days 30 -extensions v3_ee), -in => $Ureq, -out => $Ucert, -CA => $CAcert, -CAkey => $CAkey, -CAserial => $CAserial, -extfile => $cnf ) && verify( undef, -CAstore => $CAcert, $Ucert ); skip 'failure', 0 unless x509( 'Certificate details', qw(-subject -issuer -startdate -enddate -noout), -in => $Ucert ); } sub verify { my $title = shift; ok(run(app([qw(openssl verify), @_])), $title); } sub req { my $title = shift; ok(run(app([qw(openssl req), @_])), $title); } sub x509 { my $title = shift; ok(run(app([qw(openssl x509), @_])), $title); }