dockerfile/examples/openssl/openssl-3.2.1-src/test/recipes/25-test_verify_store.t

#! /usr/bin/env perl
# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;
use warnings;

use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
use OpenSSL::Test::Utils;

setup("test_verify_store");

plan tests => 10;

my $dummycnf = srctop_file("apps", "openssl.cnf");
my $cakey = srctop_file("test", "certs", "ca-key.pem");
my $ukey = srctop_file("test", "certs", "ee-key.pem");

my $cnf = srctop_file("test", "ca-and-certs.cnf");
my $CAkey = "keyCA.ss";
my $CAcert="certCA.ss";
my $CAserial="certCA.srl";
my $CAreq="reqCA.ss";
my $CAreq2="req2CA.ss"; # temp
my $Ukey="keyU.ss";
my $Ureq="reqU.ss";
my $Ucert="certU.ss";

SKIP: {
    req( 'make cert request',
         qw(-new -section userreq),
         -config       => $cnf,
         -out          => $CAreq,
         -key          => $cakey,
         -keyout       => $CAkey );

    skip 'failure', 8 unless
        x509( 'convert request into self-signed cert',
              qw(-req -CAcreateserial -days 30),
              qw(-extensions v3_ca),
              -in       => $CAreq,
              -out      => $CAcert,
              -signkey  => $CAkey,
              -extfile  => $cnf );

    skip 'failure', 7 unless
        x509( 'convert cert into a cert request',
              qw(-x509toreq),
              -in       => $CAcert,
              -out      => $CAreq2,
              -signkey  => $CAkey );

    skip 'failure', 6 unless
        req( 'verify request 1',
             qw(-verify -noout -section userreq),
             -config    => $dummycnf,
             -in        => $CAreq );

    skip 'failure', 5 unless
        req( 'verify request 2',
             qw(-verify -noout -section userreq),
             -config    => $dummycnf,
             -in        => $CAreq2 );

    skip 'failure', 4 unless
        verify( 'verify signature',
                -CAstore => $CAcert,
                $CAcert );

    skip 'failure', 3 unless
        req( 'make a user cert request',
             qw(-new -section userreq),
             -config  => $cnf,
             -out     => $Ureq,
             -key     => $ukey,
             -keyout  => $Ukey );

    skip 'failure', 2 unless
        x509( 'sign user cert request',
              qw(-req -CAcreateserial -days 30 -extensions v3_ee),
              -in     => $Ureq,
              -out    => $Ucert,
              -CA     => $CAcert,
              -CAkey  => $CAkey,
              -CAserial => $CAserial,
              -extfile => $cnf )
        && verify( undef,
                   -CAstore => $CAcert,
                   $Ucert );

    skip 'failure', 0 unless
        x509( 'Certificate details',
              qw(-subject -issuer -startdate -enddate -noout),
              -in     => $Ucert );
}

sub verify {
    my $title = shift;

    ok(run(app([qw(openssl verify), @_])), $title);
}

sub req {
    my $title = shift;

    ok(run(app([qw(openssl req), @_])), $title);
}

sub x509 {
    my $title = shift;

    ok(run(app([qw(openssl x509), @_])), $title);
}
更新构建openssl镜像相关文件 2024-03-22 14:58:37 +08:00			`#! /usr/bin/env perl`
			`# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.`
			`#`
			`# Licensed under the Apache License 2.0 (the "License"). You may not use`
			`# this file except in compliance with the License. You can obtain a copy`
			`# in the file LICENSE in the source distribution or at`
			`# https://www.openssl.org/source/license.html`

			`use strict;`
			`use warnings;`

			`use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;`
			`use OpenSSL::Test::Utils;`

			`setup("test_verify_store");`

			`plan tests => 10;`

			`my $dummycnf = srctop_file("apps", "openssl.cnf");`
			`my $cakey = srctop_file("test", "certs", "ca-key.pem");`
			`my $ukey = srctop_file("test", "certs", "ee-key.pem");`

			`my $cnf = srctop_file("test", "ca-and-certs.cnf");`
			`my $CAkey = "keyCA.ss";`
			`my $CAcert="certCA.ss";`
			`my $CAserial="certCA.srl";`
			`my $CAreq="reqCA.ss";`
			`my $CAreq2="req2CA.ss"; # temp`
			`my $Ukey="keyU.ss";`
			`my $Ureq="reqU.ss";`
			`my $Ucert="certU.ss";`

			`SKIP: {`
			`req( 'make cert request',`
			`qw(-new -section userreq),`
			`-config => $cnf,`
			`-out => $CAreq,`
			`-key => $cakey,`
			`-keyout => $CAkey );`

			`skip 'failure', 8 unless`
			`x509( 'convert request into self-signed cert',`
			`qw(-req -CAcreateserial -days 30),`
			`qw(-extensions v3_ca),`
			`-in => $CAreq,`
			`-out => $CAcert,`
			`-signkey => $CAkey,`
			`-extfile => $cnf );`

			`skip 'failure', 7 unless`
			`x509( 'convert cert into a cert request',`
			`qw(-x509toreq),`
			`-in => $CAcert,`
			`-out => $CAreq2,`
			`-signkey => $CAkey );`

			`skip 'failure', 6 unless`
			`req( 'verify request 1',`
			`qw(-verify -noout -section userreq),`
			`-config => $dummycnf,`
			`-in => $CAreq );`

			`skip 'failure', 5 unless`
			`req( 'verify request 2',`
			`qw(-verify -noout -section userreq),`
			`-config => $dummycnf,`
			`-in => $CAreq2 );`

			`skip 'failure', 4 unless`
			`verify( 'verify signature',`
			`-CAstore => $CAcert,`
			`$CAcert );`

			`skip 'failure', 3 unless`
			`req( 'make a user cert request',`
			`qw(-new -section userreq),`
			`-config => $cnf,`
			`-out => $Ureq,`
			`-key => $ukey,`
			`-keyout => $Ukey );`

			`skip 'failure', 2 unless`
			`x509( 'sign user cert request',`
			`qw(-req -CAcreateserial -days 30 -extensions v3_ee),`
			`-in => $Ureq,`
			`-out => $Ucert,`
			`-CA => $CAcert,`
			`-CAkey => $CAkey,`
			`-CAserial => $CAserial,`
			`-extfile => $cnf )`
			`&& verify( undef,`
			`-CAstore => $CAcert,`
			`$Ucert );`

			`skip 'failure', 0 unless`
			`x509( 'Certificate details',`
			`qw(-subject -issuer -startdate -enddate -noout),`
			`-in => $Ucert );`
			`}`

			`sub verify {`
			`my $title = shift;`

			`ok(run(app([qw(openssl verify), @_])), $title);`
			`}`

			`sub req {`
			`my $title = shift;`

			`ok(run(app([qw(openssl req), @_])), $title);`
			`}`

			`sub x509 {`
			`my $title = shift;`

			`ok(run(app([qw(openssl x509), @_])), $title);`
			`}`