Add recipes for tests related to certificates

Some of them make use of recipes/tconversion.pl. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-17 20:15:22 +02:00 · 2015-04-17 20:15:22 +02:00 · 4650de3e43
commit 4650de3e43
parent 0c85cc5069
7 changed files with 185 additions and 0 deletions
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@ -0,0 +1,18 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_crl");
+
+plan tests => 2;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+subtest 'crl conversions' => sub {
+    tconversion("crl", top_file("test","testcrl.pem"));
+};
--- a/test/recipes/25-test_gen.t
+++ b/test/recipes/25-test_gen.t
@ -0,0 +1,44 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_gen");
+
+plan tests => 1;
+
+my $T = "testcert";
+my $KEY = 512;
+my $CA = top_file("certs", "testca.pem");
+
+unlink "$T.1", "$T.2", "$T.key";
+open RND, ">>", ".rnd";
+print RND "string to make the random number generator think it has entropy";
+close RND;
+
+subtest "generating certificate requests" => sub {
+    my @req_new;
+    if (run(app(["openssl", "no-rsa"], stdout => undef))) {
+	@req_new = ("-newkey", "dsa:".top_file("apps", "dsa512.pem"));
+    } else {
+	@req_new = ("-new");
+	note("There should be a 2 sequences of .'s and some +'s.");
+	note("There should not be more that at most 80 per line");
+    }
+
+    unlink "testkey.pem", "testreq.pem";
+
+    plan tests => 2;
+
+    ok(run(app(["openssl", "req", "-config", top_file("test", "test.cnf"),
+		@req_new, "-out", "testreq.pem"])),
+       "Generating request");
+
+    ok(run(app(["openssl", "req", "-config", top_file("test", "test.cnf"),
+		"-verify", "-in", "testreq.pem", "-noout"])),
+       "Verifying signature on request");
+};
--- a/test/recipes/25-test_pkcs7.t
+++ b/test/recipes/25-test_pkcs7.t
@ -0,0 +1,21 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_pkcs7");
+
+plan tests => 3;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+subtest 'pkcs7 conversions -- pkcs7' => sub {
+    tconversion("p7", top_file("test", "testp7.pem"), "pkcs7");
+};
+subtest 'pkcs7 conversions -- pkcs7d' => sub {
+    tconversion("p7d", top_file("test", "pkcs7-1.pem"), "pkcs7");
+};
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@ -0,0 +1,44 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_req");
+
+plan tests => 3;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+my @openssl_args = ("req", "-config", "../apps/openssl.cnf");
+
+run_conversion('req conversions',
+	       "testreq.pem");
+run_conversion('req conversions -- testreq2',
+	       "testreq2.pem");
+
+sub run_conversion {
+    my $title = shift;
+    my $reqfile = shift;
+
+    subtest $title => sub {
+	run(app(["openssl", @openssl_args,
+		 "-in", $reqfile, "-inform", "p",
+		 "-noout", "-text"],
+		stderr => "req-check.err", stdout => undef));
+	open DATA, "req-check.err";
+      SKIP: {
+	  plan skip_all => "skipping req conversion test for $reqfile"
+	      if grep /Unknown Public Key/, map { chomp } <DATA>;
+
+	  tconversion("req", "testreq.pem", @openssl_args);
+	}
+	close DATA;
+	unlink "req-check.err";
+
+	done_testing();
+    };
+}
--- a/test/recipes/25-test_sid.t
+++ b/test/recipes/25-test_sid.t
@ -0,0 +1,18 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_sid");
+
+plan tests => 2;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+subtest 'sid conversions' => sub {
+    tconversion("sid", top_file("test","testsid.pem"), "sess_id");
+};
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@ -0,0 +1,16 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec::Functions qw/canonpath/;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_dir top_file/;
+
+setup("test_verify");
+
+plan tests => 1;
+
+note("Expect some failures and expired certificate");
+ok(run(app(["openssl", "verify", "-CApath", top_dir("certs", "demo"),
+	    glob(top_file("certs", "demo", "*.pem"))])), "verying demo certs");
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@ -0,0 +1,24 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_x509");
+
+plan tests => 4;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+subtest 'x509 -- x.509 v1 certificate' => sub {
+    tconversion("x509", top_file("test","testx509.pem"));
+};
+subtest 'x509 -- first x.509 v3 certificate' => sub {
+    tconversion("x509", top_file("test","v3-cert1.pem"));
+};
+subtest 'x509 -- second x.509 v3 certificate' => sub {
+    tconversion("x509", top_file("test","v3-cert2.pem"));
+};