STORE tests: add PKCS#12 tests (6d737ea0) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

test/recipes/90-test_store.t

+78 −12

Original line number	Diff line number	Diff line
		@@ -8,7 +8,7 @@

		use File::Spec;
		use MIME::Base64;
		use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file);
		use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file data_file);

		my $test_name = "test_store";
		setup($test_name);
		@@ -85,10 +85,6 @@ indir "store_$$" => sub {
		"dummy")])));
		}
		foreach (@generated_files) {
		SKIP:
		{
		skip "PKCS#12 files not currently supported", 3 if m\|\.p12$\|;

		ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
		$_])));
		ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
		@@ -97,7 +93,6 @@ indir "store_$$" => sub {
		to_rel_file_uri($_)])));
		}
		}
		}
		}, create => 1, cleanup => 1;

		sub init {
		@@ -175,6 +170,77 @@ sub init {
		"-v2", "aes256", "-v2prf", "hmacWithSHA256",
		"-in", $srcfile, "-out", $dstfile]));
		}, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
		# *-cert.pem (intermediary for the .p12 inits)
		&& run(app(["openssl", "req", "-x509",
		"-config", data_file("ca.cnf"), "-nodes",
		"-out", "cacert.pem", "-keyout", "cakey.pem"]))
		&& runall(sub {
		my $srckey = shift;
		(my $dstfile = $srckey) =~ s\|-key-pkcs8\.\|-cert.\|;
		(my $csr = $dstfile) =~ s\|\.pem\|.csr\|;

		(run(app(["openssl", "req", "-new",
		"-config", data_file("user.cnf"),
		"-key", $srckey, "-out", $csr]))
		&&
		run(app(["openssl", "x509", "-days", "3650",
		"-CA", "cacert.pem",
		"-CAkey", "cakey.pem",
		"-set_serial", time(), "-req",
		"-in", $csr, "-out", $dstfile])));
		}, grep(/-key-pkcs8\.pem$/, @generated_files))
		# *.p12
		&& runall(sub {
		my $dstfile = shift;
		my ($type, $certpbe_index, $keypbe_index,
		$macalg_index) =
		$dstfile =~ m{^(.*)-key-(?\|
		# cert and key PBE are same
		() #
		([^-]-[^-])- # key & cert PBE
		([^-]*) # MACalg
		\|
		# cert and key PBE are not same
		([^-]-[^-])- # cert PBE
		([^-]-[^-])- # key PBE
		([^-]*) # MACalg
		)\.}x;
		if (!$certpbe_index) {
		$certpbe_index = $keypbe_index;
		}
		my $srckey = "$type-key-pkcs8.pem";
		my $srccert = "$type-cert.pem";
		my %pbes =
		(
		"sha1-3des" => "pbeWithSHA1And3-KeyTripleDES-CBC",
		"md5-des" => "pbeWithMD5AndDES-CBC",
		"aes256-cbc" => "AES-256-CBC",
		);
		my %macalgs =
		(
		"sha1" => "SHA1",
		"sha256" => "SHA256",
		);
		my $certpbe = $pbes{$certpbe_index};
		my $keypbe = $pbes{$keypbe_index};
		my $macalg = $macalgs{$macalg_index};
		if (!defined($certpbe) \|\| !defined($keypbe)
		\|\| !defined($macalg)) {
		print STDERR "Cert PBE for $pbe_index not defined\n"
		unless defined $certpbe;
		print STDERR "Key PBE for $pbe_index not defined\n"
		unless defined $keypbe;
		print STDERR "MACALG for $macalg_index not defined\n"
		unless defined $macalg;
		print STDERR "(destination file was $dstfile)\n";
		return 0;
		}
		run(app(["openssl", "pkcs12", "-inkey", $srckey,
		"-in", $srccert, "-passout", "pass:password",
		"-export", "-macalg", $macalg,
		"-certpbe", $certpbe, "-keypbe", $keypbe,
		"-out", $dstfile]));
		}, grep(/\.p12/, @generated_files))
		# *.der (the end all init)
		&& runall(sub {
		my $dstfile = shift;

test/recipes/90-test_store_data/ca.cnf

0 → 100644

+56 −0

Original line number	Diff line number	Diff line
		####################################################################
		[ req ]
		default_bits = 2432
		default_keyfile = cakey.pem
		default_md = sha256
		distinguished_name = req_DN
		string_mask = utf8only
		x509_extensions = v3_selfsign

		[ req_DN ]
		commonName = "Common Name"
		commonName_value = "CA"

		[ v3_selfsign ]
		basicConstraints = critical,CA:true
		keyUsage = keyCertSign
		subjectKeyIdentifier=hash

		####################################################################
		[ ca ]
		default_ca = CA_default # The default ca section

		####################################################################
		[ CA_default ]

		dir = ./demoCA
		certificate = ./demoCA/cacert.pem
		serial = ./demoCA/serial
		private_key = ./demoCA/private/cakey.pem
		new_certs_dir = ./demoCA/newcerts

		certificate = cacert.pem
		private_key = cakey.pem

		x509_extensions = v3_user

		name_opt = ca_default # Subject Name options
		cert_opt = ca_default # Certificate field options

		policy = policy_anything

		[ policy_anything ]
		countryName = optional
		stateOrProvinceName = optional
		localityName = optional
		organizationName = optional
		organizationalUnitName = optional
		commonName = supplied
		emailAddress = optional

		[ v3_user ]
		basicConstraints=critical,CA:FALSE
		subjectKeyIdentifier=hash
		authorityKeyIdentifier=keyid,issuer
		issuerAltName=issuer:copy

test/recipes/90-test_store_data/user.cnf

0 → 100644

+19 −0

Original line number	Diff line number	Diff line
		####################################################################
		[ req ]
		default_bits = 2432
		default_md = sha256
		distinguished_name = req_DN
		string_mask = utf8only

		req_extensions = v3_req # The extensions to add to a certificate request

		[ req_DN ]
		commonName = "Common Name"
		commonName_value = "A user"
		userId = "User ID"
		userId_value = "test"

		[ v3_req ]
		extendedKeyUsage = clientAuth
		subjectKeyIdentifier = hash
		basicConstraints = CA:false