1#! /usr/bin/env perl 2# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use OpenSSL::Test::Utils; 14use OpenSSL::Test qw/:DEFAULT srctop_file/; 15 16setup("test_req"); 17 18plan tests => 14; 19 20require_ok(srctop_file('test','recipes','tconversion.pl')); 21 22open RND, ">>", ".rnd"; 23print RND "string to make the random number generator think it has randomness"; 24close RND; 25 26# What type of key to generate? 27my @req_new; 28if (disabled("rsa")) { 29 @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem")); 30} else { 31 @req_new = ("-new"); 32 note("There should be a 2 sequences of .'s and some +'s."); 33 note("There should not be more that at most 80 per line"); 34} 35 36# Check for duplicate -addext parameters, and one "working" case. 37my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", 38 "-config", srctop_file("test", "test.cnf"), @req_new ); 39my $val = "subjectAltName=DNS:example.com"; 40my $val2 = " " . $val; 41my $val3 = $val; 42$val3 =~ s/=/ =/; 43ok( run(app([@addext_args, "-addext", $val]))); 44ok(!run(app([@addext_args, "-addext", $val, "-addext", $val]))); 45ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); 46ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); 47ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); 48 49subtest "generating certificate requests with RSA" => sub { 50 plan tests => 6; 51 52 SKIP: { 53 skip "RSA is not supported by this OpenSSL build", 2 54 if disabled("rsa"); 55 56 ok(run(app(["openssl", "req", 57 "-config", srctop_file("test", "test.cnf"), 58 "-new", "-out", "testreq.pem", "-utf8", 59 "-key", srctop_file("test", "testrsa.pem")])), 60 "Generating request"); 61 62 ok(run(app(["openssl", "req", 63 "-config", srctop_file("test", "test.cnf"), 64 "-verify", "-in", "testreq.pem", "-noout"])), 65 "Verifying signature on request"); 66 67 ok(run(app(["openssl", "req", 68 "-config", srctop_file("test", "test.cnf"), 69 "-new", "-out", "testreq_withattrs_pem.pem", "-utf8", 70 "-key", srctop_file("test", "testrsa_withattrs.pem")])), 71 "Generating request from a key with extra attributes - PEM"); 72 73 ok(run(app(["openssl", "req", 74 "-config", srctop_file("test", "test.cnf"), 75 "-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])), 76 "Verifying signature on request from a key with extra attributes - PEM"); 77 78 ok(run(app(["openssl", "req", 79 "-config", srctop_file("test", "test.cnf"), 80 "-new", "-out", "testreq_withattrs_der.pem", "-utf8", 81 "-key", srctop_file("test", "testrsa_withattrs.der"), 82 "-keyform", "DER"])), 83 "Generating request from a key with extra attributes - PEM"); 84 85 ok(run(app(["openssl", "req", 86 "-config", srctop_file("test", "test.cnf"), 87 "-verify", "-in", "testreq_withattrs_der.pem", "-noout"])), 88 "Verifying signature on request from a key with extra attributes - PEM"); 89 } 90}; 91 92subtest "generating certificate requests with DSA" => sub { 93 plan tests => 2; 94 95 SKIP: { 96 skip "DSA is not supported by this OpenSSL build", 2 97 if disabled("dsa"); 98 99 ok(run(app(["openssl", "req", 100 "-config", srctop_file("test", "test.cnf"), 101 "-new", "-out", "testreq.pem", "-utf8", 102 "-key", srctop_file("test", "testdsa.pem")])), 103 "Generating request"); 104 105 ok(run(app(["openssl", "req", 106 "-config", srctop_file("test", "test.cnf"), 107 "-verify", "-in", "testreq.pem", "-noout"])), 108 "Verifying signature on request"); 109 } 110}; 111 112subtest "generating certificate requests with ECDSA" => sub { 113 plan tests => 2; 114 115 SKIP: { 116 skip "ECDSA is not supported by this OpenSSL build", 2 117 if disabled("ec"); 118 119 ok(run(app(["openssl", "req", 120 "-config", srctop_file("test", "test.cnf"), 121 "-new", "-out", "testreq.pem", "-utf8", 122 "-key", srctop_file("test", "testec-p256.pem")])), 123 "Generating request"); 124 125 ok(run(app(["openssl", "req", 126 "-config", srctop_file("test", "test.cnf"), 127 "-verify", "-in", "testreq.pem", "-noout"])), 128 "Verifying signature on request"); 129 } 130}; 131 132subtest "generating certificate requests with Ed25519" => sub { 133 plan tests => 2; 134 135 SKIP: { 136 skip "Ed25519 is not supported by this OpenSSL build", 2 137 if disabled("ec"); 138 139 ok(run(app(["openssl", "req", 140 "-config", srctop_file("test", "test.cnf"), 141 "-new", "-out", "testreq.pem", "-utf8", 142 "-key", srctop_file("test", "tested25519.pem")])), 143 "Generating request"); 144 145 ok(run(app(["openssl", "req", 146 "-config", srctop_file("test", "test.cnf"), 147 "-verify", "-in", "testreq.pem", "-noout"])), 148 "Verifying signature on request"); 149 } 150}; 151 152subtest "generating certificate requests with Ed448" => sub { 153 plan tests => 2; 154 155 SKIP: { 156 skip "Ed448 is not supported by this OpenSSL build", 2 157 if disabled("ec"); 158 159 ok(run(app(["openssl", "req", 160 "-config", srctop_file("test", "test.cnf"), 161 "-new", "-out", "testreq.pem", "-utf8", 162 "-key", srctop_file("test", "tested448.pem")])), 163 "Generating request"); 164 165 ok(run(app(["openssl", "req", 166 "-config", srctop_file("test", "test.cnf"), 167 "-verify", "-in", "testreq.pem", "-noout"])), 168 "Verifying signature on request"); 169 } 170}; 171 172subtest "generating certificate requests" => sub { 173 plan tests => 2; 174 175 ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), 176 @req_new, "-out", "testreq.pem"])), 177 "Generating request"); 178 179 ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), 180 "-verify", "-in", "testreq.pem", "-noout"])), 181 "Verifying signature on request"); 182}; 183 184my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf")); 185 186run_conversion('req conversions', 187 "testreq.pem"); 188run_conversion('req conversions -- testreq2', 189 srctop_file("test", "testreq2.pem")); 190 191unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem"; 192 193sub run_conversion { 194 my $title = shift; 195 my $reqfile = shift; 196 197 subtest $title => sub { 198 run(app(["openssl", @openssl_args, 199 "-in", $reqfile, "-inform", "p", 200 "-noout", "-text"], 201 stderr => "req-check.err", stdout => undef)); 202 open DATA, "req-check.err"; 203 SKIP: { 204 plan skip_all => "skipping req conversion test for $reqfile" 205 if grep /Unknown Public Key/, map { s/\R//; } <DATA>; 206 207 tconversion("req", $reqfile, @openssl_args); 208 } 209 close DATA; 210 unlink "req-check.err"; 211 212 done_testing(); 213 }; 214} 215