Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 6d737ea0 编写于 作者: R Richard Levitte
浏览文件
操作

STORE tests: add PKCS#12 tests 

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
上级 a09003ea
隐藏空白更改
内联 并排
Showing with 153 addition and 12 deletion
test/recipes/90-test_store.t
浏览文件 @ 6d737ea0
......@@ -8,7 +8,7 @@
use File::Spec;
use MIME::Base64;
use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file);
use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_file data_file);
my $test_name = "test_store";
setup($test_name);
......@@ -85,17 +85,12 @@ indir "store_$$" => sub {
"dummy")])));
}
foreach (@generated_files) {
SKIP:
{
skip "PKCS#12 files not currently supported", 3 if m|\.p12$|;
ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
$_])));
ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
to_file_uri($_)])));
ok(!run(app(["openssl", "storeutl", "-passin", "pass:password",
to_rel_file_uri($_)])));
}
ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
$_])));
ok(run(app(["openssl", "storeutl", "-passin", "pass:password",
to_file_uri($_)])));
ok(!run(app(["openssl", "storeutl", "-passin", "pass:password",
to_rel_file_uri($_)])));
}
}
}, create => 1, cleanup => 1;
......@@ -175,6 +170,77 @@ sub init {
"-v2", "aes256", "-v2prf", "hmacWithSHA256",
"-in", $srcfile, "-out", $dstfile]));
}, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
# *-cert.pem (intermediary for the .p12 inits)
&& run(app(["openssl", "req", "-x509",
"-config", data_file("ca.cnf"), "-nodes",
"-out", "cacert.pem", "-keyout", "cakey.pem"]))
&& runall(sub {
my $srckey = shift;
(my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|;
(my $csr = $dstfile) =~ s|\.pem|.csr|;
(run(app(["openssl", "req", "-new",
"-config", data_file("user.cnf"),
"-key", $srckey, "-out", $csr]))
&&
run(app(["openssl", "x509", "-days", "3650",
"-CA", "cacert.pem",
"-CAkey", "cakey.pem",
"-set_serial", time(), "-req",
"-in", $csr, "-out", $dstfile])));
}, grep(/-key-pkcs8\.pem$/, @generated_files))
# *.p12
&& runall(sub {
my $dstfile = shift;
my ($type, $certpbe_index, $keypbe_index,
$macalg_index) =
$dstfile =~ m{^(.*)-key-(?|
# cert and key PBE are same
() #
([^-]*-[^-]*)- # key & cert PBE
([^-]*) # MACalg
|
# cert and key PBE are not same
([^-]*-[^-]*)- # cert PBE
([^-]*-[^-]*)- # key PBE
([^-]*) # MACalg
)\.}x;
if (!$certpbe_index) {
$certpbe_index = $keypbe_index;
}
my $srckey = "$type-key-pkcs8.pem";
my $srccert = "$type-cert.pem";
my %pbes =
(
"sha1-3des" => "pbeWithSHA1And3-KeyTripleDES-CBC",
"md5-des" => "pbeWithMD5AndDES-CBC",
"aes256-cbc" => "AES-256-CBC",
);
my %macalgs =
(
"sha1" => "SHA1",
"sha256" => "SHA256",
);
my $certpbe = $pbes{$certpbe_index};
my $keypbe = $pbes{$keypbe_index};
my $macalg = $macalgs{$macalg_index};
if (!defined($certpbe) || !defined($keypbe)
|| !defined($macalg)) {
print STDERR "Cert PBE for $pbe_index not defined\n"
unless defined $certpbe;
print STDERR "Key PBE for $pbe_index not defined\n"
unless defined $keypbe;
print STDERR "MACALG for $macalg_index not defined\n"
unless defined $macalg;
print STDERR "(destination file was $dstfile)\n";
return 0;
}
run(app(["openssl", "pkcs12", "-inkey", $srckey,
"-in", $srccert, "-passout", "pass:password",
"-export", "-macalg", $macalg,
"-certpbe", $certpbe, "-keypbe", $keypbe,
"-out", $dstfile]));
}, grep(/\.p12/, @generated_files))
# *.der (the end all init)
&& runall(sub {
my $dstfile = shift;
......
test/recipes/90-test_store_data/ca.cnf 0 → 100644
浏览文件 @ 6d737ea0
####################################################################
[ req ]
default_bits = 2432
default_keyfile = cakey.pem
default_md = sha256
distinguished_name = req_DN
string_mask = utf8only
x509_extensions = v3_selfsign
[ req_DN ]
commonName = "Common Name"
commonName_value = "CA"
[ v3_selfsign ]
basicConstraints = critical,CA:true
keyUsage = keyCertSign
subjectKeyIdentifier=hash
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA
certificate = ./demoCA/cacert.pem
serial = ./demoCA/serial
private_key = ./demoCA/private/cakey.pem
new_certs_dir = ./demoCA/newcerts
certificate = cacert.pem
private_key = cakey.pem
x509_extensions = v3_user
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ v3_user ]
basicConstraints=critical,CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
issuerAltName=issuer:copy
test/recipes/90-test_store_data/user.cnf 0 → 100644
浏览文件 @ 6d737ea0
####################################################################
[ req ]
default_bits = 2432
default_md = sha256
distinguished_name = req_DN
string_mask = utf8only
req_extensions = v3_req # The extensions to add to a certificate request
[ req_DN ]
commonName = "Common Name"
commonName_value = "A user"
userId = "User ID"
userId_value = "test"
[ v3_req ]
extendedKeyUsage = clientAuth
subjectKeyIdentifier = hash
basicConstraints = CA:false
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册