Lines Matching refs:cert
541 my $cert = shift @_;
542 my $ss = $cert =~ m/self-signed/;
543 my $is_ca = $cert =~ m/CA/;
548 "-subj", "/CN=$cn", @_, "-out", $cert);
551 ok(run(app([@cmd])), "generate $cert");
555 my $cert = shift @_;
557 cert_contains($cert, "Key Usage", $expect);
560 my $cert = shift @_;
563 $trusted = $cert unless $trusted;
565 "-partial_chain", $cert])) == $expect,
566 "strict verify allow $cert");
575 my $cert = "self-signed_default_SKID_no_explicit_exts.pem";
576 generate_cert($cert);
577 has_version($cert, 3);
578 has_SKID($cert, 1); # SKID added, though no explicit extensions given
579 has_AKID($cert, 0);
581 my $cert = "self-signed_v3_CA_hash_SKID.pem";
582 generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = hash");
583 has_SKID($cert, 1); # explicit hash SKID
585 $cert = "self-signed_v3_CA_no_SKID.pem";
586 generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = none");
587 cert_ext_has_n_different_lines($cert, 0, $SKID_AKID); # no SKID and no AKID
590 $cert = "self-signed_v3_CA_given_SKID.pem";
591 generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = 45");
592 cert_contains($cert, "Subject Key Identifier: 45 ", 1); # given SKID
593 strict_verify($cert, 1);
597 $cert = "self-signed_v1_CA_no_KIDs.pem";
598 generate_cert($cert, "-x509v1");
599 has_version($cert, 1);
600 cert_ext_has_n_different_lines($cert, 0, $SKID_AKID); # no SKID and no AKID
609 $cert = "self-signed_v3_CA_no_AKID.pem";
610 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = none");
611 has_AKID($cert, 0); # forced no AKID
613 $cert = "self-signed_v3_CA_explicit_AKID.pem";
614 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid");
615 has_AKID($cert, 0); # for self-signed cert, AKID suppressed and not forced
617 $cert = "self-signed_v3_CA_forced_AKID.pem";
618 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid:always");
619 cert_ext_has_n_different_lines($cert, 3, $SKID_AKID); # forced AKID, AKID == SKID
620 strict_verify($cert, 1);
622 $cert = "self-signed_v3_CA_issuer_AKID.pem";
623 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer");
624 has_AKID($cert, 0); # suppressed AKID since not forced
626 $cert = "self-signed_v3_CA_forced_issuer_AKID.pem";
627 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer:always");
628 cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # forced issuer AKID
630 $cert = "self-signed_v3_CA_nonforced_keyid_issuer_AKID.pem";
631 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid, issuer");
632 has_AKID($cert, 0); # AKID not present because not forced and cert self-signed
634 $cert = "self-signed_v3_CA_keyid_forced_issuer_AKID.pem";
635 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid, issuer:always");
636 cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # issuer AKID forced, …
638 $cert = "self-signed_v3_CA_forced_keyid_issuer_AKID.pem";
639 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid:always, issuer");
640 has_AKID($cert, 1); # AKID with keyid forced
641 cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 0); # no issuer AKID
643 $cert = "self-signed_v3_CA_forced_keyid_forced_issuer_AKID.pem";
644 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid:always, issuer:always");
645 cert_contains($cert, "Authority Key Identifier: keyid(:[0-9A-Fa-f]{2})+ DirName:/CN=CA serial:", 1)…
647 $cert = "self-signed_v3_EE_wrong_keyUsage.pem";
648 generate_cert($cert, "-addext", "keyUsage = keyCertSign");
653 $cert = "self-issued_x509_v3_CA_default_KIDs.pem";
658 "-out", $cert)])), "generate using x509: $cert");
659 cert_contains($cert, "Issuer: CN=test .*? Subject: CN=test", 1);
660 cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID
661 strict_verify($cert, 1);
663 $cert = "self-issued_v3_CA_default_KIDs.pem";
664 generate_cert($cert, "-addext", "keyUsage = dataEncipherment",
666 cert_contains($cert, "Issuer: CN=CA .*? Subject: CN=CA", 1);
667 cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID
668 strict_verify($cert, 1);
670 $cert = "self-issued_v3_CA_no_AKID.pem";
671 generate_cert($cert, "-addext", "authorityKeyIdentifier = none",
673 has_version($cert, 3);
674 has_SKID($cert, 1); # SKID added, though no explicit extensions given
675 has_AKID($cert, 0);
676 strict_verify($cert, 1);
678 $cert = "self-issued_v3_CA_explicit_AKID.pem";
679 generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid",
681 cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID
682 strict_verify($cert, 1);
684 $cert = "self-issued_v3_CA_forced_AKID.pem";
685 generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid:always",
687 cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID
689 $cert = "self-issued_v3_CA_issuer_AKID.pem";
690 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer",
692 cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # just issuer AKID
694 $cert = "self-issued_v3_CA_forced_issuer_AKID.pem";
695 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer:always",
697 cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # just issuer AKID
699 $cert = "self-issued_v3_CA_keyid_issuer_AKID.pem";
700 generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid, issuer",
702 cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID, not forced
704 $cert = "self-issued_v3_CA_keyid_forced_issuer_AKID.pem";
705 generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid, issuer:always",
707 cert_ext_has_n_different_lines($cert, 6, $SKID_AKID); # SKID != AKID, with forced issuer
709 $cert = "self-issued_v3_CA_forced_keyid_and_issuer_AKID.pem";
710 generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid:always, issuer:always",
712 cert_ext_has_n_different_lines($cert, 6, $SKID_AKID); # SKID != AKID, both forced
716 $cert = "regular_v3_EE_default_KIDs_no_other_exts.pem";
717 generate_cert($cert, "-key", srctop_file(@certs, "ee-key.pem"));
718 has_version($cert, 3);
719 cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID
721 $cert = "regular_v3_EE_default_KIDs.pem";
722 generate_cert($cert, "-addext", "keyUsage = dataEncipherment",
724 cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID
725 strict_verify($cert, 1, $ca_cert);
727 $cert = "regular_v3_EE_copied_exts_default_KIDs.pem";
728 generate_cert($cert, "-copy_extensions", "copy",
730 cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID
731 strict_verify($cert, 1);
733 $cert = "v3_EE_no_AKID.pem";
734 generate_cert($cert, "-addext", "authorityKeyIdentifier = none",
736 has_SKID($cert, 1);
737 has_AKID($cert, 0);
738 strict_verify($cert, 0, $ca_cert);
743 $cert = "self-signed_CA_no_keyUsage.pem";
744 generate_cert($cert, "-in", srctop_file(@certs, "ext-check.csr"));
745 has_keyUsage($cert, 0);
746 $cert = "self-signed_CA_with_keyUsages.pem";
747 generate_cert($cert, "-in", srctop_file(@certs, "ext-check.csr"),
749 has_keyUsage($cert, 1);
764 my $cert = "self-signed_explicit_date.pem";
770 "-out", $cert]))
772 && (grep { defined $today{$_} } get_not_before_date($cert))
773 && (grep { defined $today{$_} } get_not_after_date($cert)), "explicit start and end dates");