• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#! /usr/bin/env perl
2# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the OpenSSL license (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use OpenSSL::Test::Utils;
14use OpenSSL::Test qw/:DEFAULT srctop_file/;
15
16setup("test_req");
17
18plan tests => 14;
19
20require_ok(srctop_file('test','recipes','tconversion.pl'));
21
22open RND, ">>", ".rnd";
23print RND "string to make the random number generator think it has randomness";
24close RND;
25
26# What type of key to generate?
27my @req_new;
28if (disabled("rsa")) {
29    @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
30} else {
31    @req_new = ("-new");
32    note("There should be a 2 sequences of .'s and some +'s.");
33    note("There should not be more that at most 80 per line");
34}
35
36# Check for duplicate -addext parameters, and one "working" case.
37my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
38    "-config", srctop_file("test", "test.cnf"), @req_new );
39my $val = "subjectAltName=DNS:example.com";
40my $val2 = " " . $val;
41my $val3 = $val;
42$val3 =~ s/=/    =/;
43ok( run(app([@addext_args, "-addext", $val])));
44ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
45ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
46ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
47ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
48
49subtest "generating certificate requests with RSA" => sub {
50    plan tests => 2;
51
52    SKIP: {
53        skip "RSA is not supported by this OpenSSL build", 2
54            if disabled("rsa");
55
56        ok(run(app(["openssl", "req",
57                    "-config", srctop_file("test", "test.cnf"),
58                    "-new", "-out", "testreq.pem", "-utf8",
59                    "-key", srctop_file("test", "testrsa.pem")])),
60           "Generating request");
61
62        ok(run(app(["openssl", "req",
63                    "-config", srctop_file("test", "test.cnf"),
64                    "-verify", "-in", "testreq.pem", "-noout"])),
65           "Verifying signature on request");
66    }
67};
68
69subtest "generating certificate requests with DSA" => sub {
70    plan tests => 2;
71
72    SKIP: {
73        skip "DSA is not supported by this OpenSSL build", 2
74            if disabled("dsa");
75
76        ok(run(app(["openssl", "req",
77                    "-config", srctop_file("test", "test.cnf"),
78                    "-new", "-out", "testreq.pem", "-utf8",
79                    "-key", srctop_file("test", "testdsa.pem")])),
80           "Generating request");
81
82        ok(run(app(["openssl", "req",
83                    "-config", srctop_file("test", "test.cnf"),
84                    "-verify", "-in", "testreq.pem", "-noout"])),
85           "Verifying signature on request");
86    }
87};
88
89subtest "generating certificate requests with ECDSA" => sub {
90    plan tests => 2;
91
92    SKIP: {
93        skip "ECDSA is not supported by this OpenSSL build", 2
94            if disabled("ec");
95
96        ok(run(app(["openssl", "req",
97                    "-config", srctop_file("test", "test.cnf"),
98                    "-new", "-out", "testreq.pem", "-utf8",
99                    "-key", srctop_file("test", "testec-p256.pem")])),
100           "Generating request");
101
102        ok(run(app(["openssl", "req",
103                    "-config", srctop_file("test", "test.cnf"),
104                    "-verify", "-in", "testreq.pem", "-noout"])),
105           "Verifying signature on request");
106    }
107};
108
109subtest "generating certificate requests with Ed25519" => sub {
110    plan tests => 2;
111
112    SKIP: {
113        skip "Ed25519 is not supported by this OpenSSL build", 2
114            if disabled("ec");
115
116        ok(run(app(["openssl", "req",
117                    "-config", srctop_file("test", "test.cnf"),
118                    "-new", "-out", "testreq.pem", "-utf8",
119                    "-key", srctop_file("test", "tested25519.pem")])),
120           "Generating request");
121
122        ok(run(app(["openssl", "req",
123                    "-config", srctop_file("test", "test.cnf"),
124                    "-verify", "-in", "testreq.pem", "-noout"])),
125           "Verifying signature on request");
126    }
127};
128
129subtest "generating certificate requests with Ed448" => sub {
130    plan tests => 2;
131
132    SKIP: {
133        skip "Ed448 is not supported by this OpenSSL build", 2
134            if disabled("ec");
135
136        ok(run(app(["openssl", "req",
137                    "-config", srctop_file("test", "test.cnf"),
138                    "-new", "-out", "testreq.pem", "-utf8",
139                    "-key", srctop_file("test", "tested448.pem")])),
140           "Generating request");
141
142        ok(run(app(["openssl", "req",
143                    "-config", srctop_file("test", "test.cnf"),
144                    "-verify", "-in", "testreq.pem", "-noout"])),
145           "Verifying signature on request");
146    }
147};
148
149subtest "generating certificate requests" => sub {
150    plan tests => 2;
151
152    ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
153                @req_new, "-out", "testreq.pem"])),
154       "Generating request");
155
156    ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
157                "-verify", "-in", "testreq.pem", "-noout"])),
158       "Verifying signature on request");
159};
160
161my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
162
163run_conversion('req conversions',
164               "testreq.pem");
165run_conversion('req conversions -- testreq2',
166               srctop_file("test", "testreq2.pem"));
167
168unlink "testkey.pem", "testreq.pem";
169
170sub run_conversion {
171    my $title = shift;
172    my $reqfile = shift;
173
174    subtest $title => sub {
175        run(app(["openssl", @openssl_args,
176                 "-in", $reqfile, "-inform", "p",
177                 "-noout", "-text"],
178                stderr => "req-check.err", stdout => undef));
179        open DATA, "req-check.err";
180        SKIP: {
181            plan skip_all => "skipping req conversion test for $reqfile"
182                if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
183
184            tconversion("req", $reqfile, @openssl_args);
185        }
186        close DATA;
187        unlink "req-check.err";
188
189        done_testing();
190    };
191}
192