Add recipes for tests related to certificates

Some of them make use of recipes/tconversion.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
new file mode 100644 (file)
index 0000000..3bcd2d1
--- /dev/null
+++ b/test/recipes/25-test_crl.t
@@ -0,0 +1,18 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_crl");
+
+plan tests => 2;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+subtest 'crl conversions' => sub {
+    tconversion("crl", top_file("test","testcrl.pem"));
+};

diff --git a/test/recipes/25-test_gen.t b/test/recipes/25-test_gen.t
new file mode 100644 (file)
index 0000000..2f50ee4
--- /dev/null
+++ b/test/recipes/25-test_gen.t
@@ -0,0 +1,44 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_gen");
+
+plan tests => 1;
+
+my $T = "testcert";
+my $KEY = 512;
+my $CA = top_file("certs", "testca.pem");
+
+unlink "$T.1", "$T.2", "$T.key";
+open RND, ">>", ".rnd";
+print RND "string to make the random number generator think it has entropy";
+close RND;
+
+subtest "generating certificate requests" => sub {
+    my @req_new;
+    if (run(app(["openssl", "no-rsa"], stdout => undef))) {
+       @req_new = ("-newkey", "dsa:".top_file("apps", "dsa512.pem"));
+    } else {
+       @req_new = ("-new");
+       note("There should be a 2 sequences of .'s and some +'s.");
+       note("There should not be more that at most 80 per line");
+    }
+
+    unlink "testkey.pem", "testreq.pem";
+
+    plan tests => 2;
+
+    ok(run(app(["openssl", "req", "-config", top_file("test", "test.cnf"),
+               @req_new, "-out", "testreq.pem"])),
+       "Generating request");
+
+    ok(run(app(["openssl", "req", "-config", top_file("test", "test.cnf"),
+               "-verify", "-in", "testreq.pem", "-noout"])),
+       "Verifying signature on request");
+};

diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t
new file mode 100644 (file)
index 0000000..586c918
--- /dev/null
+++ b/test/recipes/25-test_pkcs7.t
@@ -0,0 +1,21 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_pkcs7");
+
+plan tests => 3;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+subtest 'pkcs7 conversions -- pkcs7' => sub {
+    tconversion("p7", top_file("test", "testp7.pem"), "pkcs7");
+};
+subtest 'pkcs7 conversions -- pkcs7d' => sub {
+    tconversion("p7d", top_file("test", "pkcs7-1.pem"), "pkcs7");
+};

diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
new file mode 100644 (file)
index 0000000..50c18a9
--- /dev/null
+++ b/test/recipes/25-test_req.t
@@ -0,0 +1,44 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_req");
+
+plan tests => 3;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+my @openssl_args = ("req", "-config", "../apps/openssl.cnf");
+
+run_conversion('req conversions',
+              "testreq.pem");
+run_conversion('req conversions -- testreq2',
+              "testreq2.pem");
+
+sub run_conversion {
+    my $title = shift;
+    my $reqfile = shift;
+
+    subtest $title => sub {
+       run(app(["openssl", @openssl_args,
+                "-in", $reqfile, "-inform", "p",
+                "-noout", "-text"],
+               stderr => "req-check.err", stdout => undef));
+       open DATA, "req-check.err";
+      SKIP: {
+         plan skip_all => "skipping req conversion test for $reqfile"
+             if grep /Unknown Public Key/, map { chomp } <DATA>;
+
+         tconversion("req", "testreq.pem", @openssl_args);
+       }
+       close DATA;
+       unlink "req-check.err";
+
+       done_testing();
+    };
+}

diff --git a/test/recipes/25-test_sid.t b/test/recipes/25-test_sid.t
new file mode 100644 (file)
index 0000000..710eab4
--- /dev/null
+++ b/test/recipes/25-test_sid.t
@@ -0,0 +1,18 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_sid");
+
+plan tests => 2;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+subtest 'sid conversions' => sub {
+    tconversion("sid", top_file("test","testsid.pem"), "sess_id");
+};

diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
new file mode 100644 (file)
index 0000000..032a932
--- /dev/null
+++ b/test/recipes/25-test_verify.t
@@ -0,0 +1,16 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec::Functions qw/canonpath/;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_dir top_file/;
+
+setup("test_verify");
+
+plan tests => 1;
+
+note("Expect some failures and expired certificate");
+ok(run(app(["openssl", "verify", "-CApath", top_dir("certs", "demo"),
+           glob(top_file("certs", "demo", "*.pem"))])), "verying demo certs");

diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
new file mode 100644 (file)
index 0000000..5098db4
--- /dev/null
+++ b/test/recipes/25-test_x509.t
@@ -0,0 +1,24 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Spec;
+use Test::More;
+use OpenSSL::Test qw/:DEFAULT top_file/;
+
+setup("test_x509");
+
+plan tests => 4;
+
+require_ok(top_file('test','recipes','tconversion.pl'));
+
+subtest 'x509 -- x.509 v1 certificate' => sub {
+    tconversion("x509", top_file("test","testx509.pem"));
+};
+subtest 'x509 -- first x.509 v3 certificate' => sub {
+    tconversion("x509", top_file("test","v3-cert1.pem"));
+};
+subtest 'x509 -- second x.509 v3 certificate' => sub {
+    tconversion("x509", top_file("test","v3-cert2.pem"));
+};