Lines Matching +full:self +full:- +full:working
2 # Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
27 @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
29 @req_new = ("-new");
38 # Check for duplicate -addext parameters, and one "working" case.
39 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
40 "-key", srctop_file("test", "certs", "ee-key.pem"),
41 "-config", srctop_file("test", "test.cnf"), @req_new );
47 ok( run(app([@addext_args, "-addext", $val])));
48 ok( run(app([@addext_args, "-addext", $val1])));
50 ok(!run(app([@addext_args, "-addext", $val1])));
51 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
52 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
53 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
54 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
55 ok(run(app([@addext_args, "-addext", "SXNetID=1:one, 2:two, 3:three"])));
56 ok(run(app([@addext_args, "-addext", "subjectAltName=dirName:dirname_sec"])));
58 # If a CSR is provided with neither of -key or -CA/-CAkey, this should fail.
59 ok(!run(app(["openssl", "req", "-x509",
60 "-in", srctop_file(@certs, "x509-check.csr"),
61 "-out", "testreq.pem"])));
71 "-config", srctop_file("test", "test.cnf"),
72 "-section", "altreq",
73 "-new", "-out", "testreq-rsa.pem", "-utf8",
74 "-key", srctop_file("test", "testrsa.pem")])),
78 "-config", srctop_file("test", "test.cnf"),
79 "-verify", "-in", "testreq-rsa.pem", "-noout"])),
83 "-config", srctop_file("test", "test.cnf"),
84 "-section", "altreq",
85 "-verify", "-in", "testreq-rsa.pem", "-noout"])),
99 "-config", srctop_file("test", "test.cnf"),
100 "-new", "-out", "testreq-rsa.pem", "-utf8",
101 "-key", srctop_file("test", "testrsa.pem"),
102 "-keyform", "DER"])),
106 "-config", srctop_file("test", "test.cnf"),
107 "-new", "-out", "testreq-rsa.pem", "-utf8",
108 "-key", srctop_file("test", "testrsa.pem"),
109 "-keyform", "PEM"])),
113 "-config", srctop_file("test", "test.cnf"),
114 "-verify", "-in", "testreq-rsa.pem", "-noout"])),
118 "-config", srctop_file("test", "test.cnf"),
119 "-modulus", "-in", "testreq-rsa.pem", "-noout"])),
123 "-config", srctop_file("test", "test.cnf"),
124 "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
125 "-key", srctop_file("test", "testrsa_withattrs.pem")])),
126 "Generating request from a key with extra attributes - PEM");
129 "-config", srctop_file("test", "test.cnf"),
130 "-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
131 "Verifying signature on request from a key with extra attributes - PEM");
134 "-config", srctop_file("test", "test.cnf"),
135 "-new", "-out", "testreq_withattrs_der.pem", "-utf8",
136 "-key", srctop_file("test", "testrsa_withattrs.der"),
137 "-keyform", "DER"])),
138 "Generating request from a key with extra attributes - PEM");
141 "-config", srctop_file("test", "test.cnf"),
142 "-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
143 "Verifying signature on request from a key with extra attributes - PEM");
147 subtest "generating certificate requests with RSA-PSS" => sub {
155 "-config", srctop_file("test", "test.cnf"),
156 "-new", "-out", "testreq-rsapss.pem", "-utf8",
157 "-key", srctop_file("test", "testrsapss.pem")])),
160 "-config", srctop_file("test", "test.cnf"),
161 "-verify", "-in", "testreq-rsapss.pem", "-noout"])),
165 "-config", srctop_file("test", "test.cnf"),
166 "-new", "-out", "testreq-rsapss2.pem", "-utf8",
167 "-sigopt", "rsa_padding_mode:pss",
168 "-sigopt", "rsa_pss_saltlen:-1",
169 "-key", srctop_file("test", "testrsapss.pem")])),
172 "-config", srctop_file("test", "test.cnf"),
173 "-verify", "-in", "testreq-rsapss2.pem", "-noout"])),
177 "-config", srctop_file("test", "test.cnf"),
178 "-new", "-out", "testreq-rsapssmand.pem", "-utf8",
179 "-sigopt", "rsa_padding_mode:pss",
180 "-key", srctop_file("test", "testrsapssmandatory.pem")])),
183 "-config", srctop_file("test", "test.cnf"),
184 "-verify", "-in", "testreq-rsapssmand.pem", "-noout"])),
188 "-config", srctop_file("test", "test.cnf"),
189 "-new", "-out", "testreq-rsapssmand2.pem", "-utf8",
190 "-sigopt", "rsa_pss_saltlen:100",
191 "-key", srctop_file("test", "testrsapssmandatory.pem")])),
194 "-config", srctop_file("test", "test.cnf"),
195 "-verify", "-in", "testreq-rsapssmand2.pem", "-noout"])),
199 "-config", srctop_file("test", "test.cnf"),
200 "-new", "-out", "testreq-rsapss3.pem", "-utf8",
201 "-sigopt", "rsa_padding_mode:pkcs1",
202 "-key", srctop_file("test", "testrsapss.pem")])),
206 "-config", srctop_file("test", "test.cnf"),
207 "-new", "-out", "testreq-rsapss3.pem", "-utf8",
208 "-sigopt", "rsa_pss_saltlen:-4",
209 "-key", srctop_file("test", "testrsapss.pem")])),
213 "-config", srctop_file("test", "test.cnf"),
214 "-new", "-out", "testreq-rsapssmand3.pem", "-utf8",
215 "-sigopt", "rsa_pss_saltlen:10",
216 "-key", srctop_file("test", "testrsapssmandatory.pem")])),
220 "-config", srctop_file("test", "test.cnf"),
221 "-new", "-out", "testreq-rsapssmand3.pem", "-utf8",
222 "-sha256",
223 "-key", srctop_file("test", "testrsapssmandatory.pem")])),
236 "-config", srctop_file("test", "test.cnf"),
237 "-new", "-out", "testreq-dsa.pem", "-utf8",
238 "-key", srctop_file("test", "testdsa.pem")])),
242 "-config", srctop_file("test", "test.cnf"),
243 "-verify", "-in", "testreq-dsa.pem", "-noout"])),
256 "-config", srctop_file("test", "test.cnf"),
257 "-new", "-out", "testreq-ec.pem", "-utf8",
258 "-key", srctop_file("test", "testec-p256.pem")])),
262 "-config", srctop_file("test", "test.cnf"),
263 "-verify", "-in", "testreq-ec.pem", "-noout"])),
276 "-config", srctop_file("test", "test.cnf"),
277 "-new", "-out", "testreq-ed25519.pem", "-utf8",
278 "-key", srctop_file("test", "tested25519.pem")])),
282 "-config", srctop_file("test", "test.cnf"),
283 "-verify", "-in", "testreq-ed25519.pem", "-noout"])),
296 "-config", srctop_file("test", "test.cnf"),
297 "-new", "-out", "testreq-ed448.pem", "-utf8",
298 "-key", srctop_file("test", "tested448.pem")])),
302 "-config", srctop_file("test", "test.cnf"),
303 "-verify", "-in", "testreq-ed448.pem", "-noout"])),
311 ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
312 "-key", srctop_file("test", "certs", "ee-key.pem"),
313 @req_new, "-out", "testreq.pem"])),
316 ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
317 "-verify", "-in", "testreq.pem", "-noout"])),
328 "-config", srctop_file("test", "test.cnf"),
329 "-new", "-key", srctop_file(@certs, "sm2.key"),
330 "-sigopt", "distid:1234567812345678",
331 "-out", "testreq-sm2.pem", "-sm3"])),
335 "-config", srctop_file("test", "test.cnf"),
336 "-verify", "-in", "testreq-sm2.pem", "-noout",
337 "-vfyopt", "distid:1234567812345678", "-sm3"])),
341 "-config", srctop_file("test", "test.cnf"),
342 "-new", "-key", srctop_file(@certs, "sm2.key"),
343 "-sigopt", "hexdistid:DEADBEEF",
344 "-out", "testreq-sm2.pem", "-sm3"])),
348 "-config", srctop_file("test", "test.cnf"),
349 "-verify", "-in", "testreq-sm2.pem", "-noout",
350 "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),
355 my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
359 run_conversion('req conversions -- testreq2',
368 "-in", $reqfile, "-inform", "p",
369 "-noout", "-text"],
370 stderr => "req-check.err", stdout => undef));
371 open DATA, "req-check.err";
376 tconversion( -type => 'req', -in => $reqfile,
377 -args => [ @openssl_args ] );
380 unlink "req-check.err";
391 my $ss = $cert =~ m/self-signed/;
394 my $ca_key = srctop_file(@certs, "ca-key.pem");
395 my $key = $is_ca ? $ca_key : srctop_file(@certs, "ee-key.pem");
396 my @cmd = ("openssl", "req", "-config", "", "-x509",
397 "-subj", "/CN=$cn", @_, "-out", $cert);
398 push(@cmd, ("-key", $key)) if $ss;
399 push(@cmd, ("-CA", $ca_cert, "-CAkey", $ca_key)) unless $ss;
422 ok(run(app(["openssl", "verify", "-x509_strict", "-trusted", $trusted,
423 "-partial_chain", $cert])) == $expect,
427 my @v3_ca = ("-addext", "basicConstraints = critical,CA:true",
428 "-addext", "keyUsage = keyCertSign");
430 my $cert = "self-signed_v1_CA_no_KIDs.pem";
433 #TODO strict_verify($cert, 1); # self-signed v1 root cert should be accepted as CA
435 $ca_cert = "self-signed_v3_CA_default_SKID.pem";
441 $cert = "self-signed_v3_CA_no_SKID.pem";
442 generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = none");
446 $cert = "self-signed_v3_CA_both_KIDs.pem";
447 generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = hash",
448 "-addext", "authorityKeyIdentifier = keyid:always");
452 $cert = "self-signed_v3_EE_wrong_keyUsage.pem";
453 generate_cert($cert, "-addext", "keyUsage = keyCertSign");
457 generate_cert($cert, "-addext", "keyUsage = dataEncipherment",
458 "-key", srctop_file(@certs, "ee-key.pem"));
463 generate_cert($cert, "-addext", "authorityKeyIdentifier = none",
464 "-key", srctop_file(@certs, "ee-key.pem"));
469 $cert = "self-issued_v3_EE_default_KIDs.pem";
470 generate_cert($cert, "-addext", "keyUsage = dataEncipherment",
471 "-in", srctop_file(@certs, "x509-check.csr"));
475 my $cert = "self-signed_CA_no_keyUsage.pem";
476 generate_cert($cert, "-in", srctop_file(@certs, "ext-check.csr"));
478 my $cert = "self-signed_CA_with_keyUsages.pem";
479 generate_cert($cert, "-in", srctop_file(@certs, "ext-check.csr"),
480 "-copy_extensions", "copy");
483 # Generate cert using req with '-modulus'
484 ok(run(app(["openssl", "req", "-x509", "-new", "-days", "365",
485 "-key", srctop_file("test", "testrsa.pem"),
486 "-config", srctop_file('test', 'test.cnf'),
487 "-out", "testreq-cert.pem",
488 "-modulus"])), "cert req creation - with -modulus");
491 ok(run(app(["openssl", "x509", "-in", "testreq-cert.pem",
492 "-noout", "-text"])), "cert verification");