1*e7be843bSPierre Pronchery#! /usr/bin/env perl 2*e7be843bSPierre Pronchery# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. 3*e7be843bSPierre Pronchery# 4*e7be843bSPierre Pronchery# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e7be843bSPierre Pronchery# this file except in compliance with the License. You can obtain a copy 6*e7be843bSPierre Pronchery# in the file LICENSE in the source distribution or at 7*e7be843bSPierre Pronchery# https://www.openssl.org/source/license.html 8*e7be843bSPierre Pronchery 9*e7be843bSPierre Proncheryuse strict; 10*e7be843bSPierre Proncheryuse warnings; 11*e7be843bSPierre Pronchery 12*e7be843bSPierre Proncheryuse POSIX; 13*e7be843bSPierre Proncheryuse OpenSSL::Test qw/:DEFAULT data_file/; 14*e7be843bSPierre Proncheryuse File::Copy; 15*e7be843bSPierre Pronchery 16*e7be843bSPierre Proncherysetup('test_ca_internals'); 17*e7be843bSPierre Pronchery 18*e7be843bSPierre Proncherymy @updatedb_tests = ( 19*e7be843bSPierre Pronchery { 20*e7be843bSPierre Pronchery description => 'updatedb called before the first certificate expires', 21*e7be843bSPierre Pronchery filename => 'index.txt', 22*e7be843bSPierre Pronchery copydb => 1, 23*e7be843bSPierre Pronchery testdate => '990101000000Z', 24*e7be843bSPierre Pronchery need64bit => 0, 25*e7be843bSPierre Pronchery expirelist => [ ] 26*e7be843bSPierre Pronchery }, 27*e7be843bSPierre Pronchery { 28*e7be843bSPierre Pronchery description => 'updatedb called before Y2k', 29*e7be843bSPierre Pronchery filename => 'index.txt', 30*e7be843bSPierre Pronchery copydb => 0, 31*e7be843bSPierre Pronchery testdate => '991201000000Z', 32*e7be843bSPierre Pronchery need64bit => 0, 33*e7be843bSPierre Pronchery expirelist => [ '1000' ] 34*e7be843bSPierre Pronchery }, 35*e7be843bSPierre Pronchery { 36*e7be843bSPierre Pronchery description => 'updatedb called after year 2020', 37*e7be843bSPierre Pronchery filename => 'index.txt', 38*e7be843bSPierre Pronchery copydb => 0, 39*e7be843bSPierre Pronchery testdate => '211201000000Z', 40*e7be843bSPierre Pronchery need64bit => 0, 41*e7be843bSPierre Pronchery expirelist => [ '1001' ] 42*e7be843bSPierre Pronchery }, 43*e7be843bSPierre Pronchery { 44*e7be843bSPierre Pronchery description => 'updatedb called in year 2049 (last year with 2 digits)', 45*e7be843bSPierre Pronchery filename => 'index.txt', 46*e7be843bSPierre Pronchery copydb => 0, 47*e7be843bSPierre Pronchery testdate => '491201000000Z', 48*e7be843bSPierre Pronchery need64bit => 1, 49*e7be843bSPierre Pronchery expirelist => [ '1002' ] 50*e7be843bSPierre Pronchery }, 51*e7be843bSPierre Pronchery { 52*e7be843bSPierre Pronchery description => 'updatedb called in year 2050 (first year with 4 digits) before the last certificate expires', 53*e7be843bSPierre Pronchery filename => 'index.txt', 54*e7be843bSPierre Pronchery copydb => 0, 55*e7be843bSPierre Pronchery testdate => '20500101000000Z', 56*e7be843bSPierre Pronchery need64bit => 1, 57*e7be843bSPierre Pronchery expirelist => [ ] 58*e7be843bSPierre Pronchery }, 59*e7be843bSPierre Pronchery { 60*e7be843bSPierre Pronchery description => 'updatedb called after the last certificate expired', 61*e7be843bSPierre Pronchery filename => 'index.txt', 62*e7be843bSPierre Pronchery copydb => 0, 63*e7be843bSPierre Pronchery testdate => '20501201000000Z', 64*e7be843bSPierre Pronchery need64bit => 1, 65*e7be843bSPierre Pronchery expirelist => [ '1003' ] 66*e7be843bSPierre Pronchery }, 67*e7be843bSPierre Pronchery { 68*e7be843bSPierre Pronchery description => 'updatedb called for the first time after the last certificate expired', 69*e7be843bSPierre Pronchery filename => 'index.txt', 70*e7be843bSPierre Pronchery copydb => 1, 71*e7be843bSPierre Pronchery testdate => '20501201000000Z', 72*e7be843bSPierre Pronchery need64bit => 1, 73*e7be843bSPierre Pronchery expirelist => [ '1000', 74*e7be843bSPierre Pronchery '1001', 75*e7be843bSPierre Pronchery '1002', 76*e7be843bSPierre Pronchery '1003' ] 77*e7be843bSPierre Pronchery } 78*e7be843bSPierre Pronchery); 79*e7be843bSPierre Pronchery 80*e7be843bSPierre Proncherymy @unsupported_commands = ( 81*e7be843bSPierre Pronchery { 82*e7be843bSPierre Pronchery command => 'unsupported' 83*e7be843bSPierre Pronchery } 84*e7be843bSPierre Pronchery); 85*e7be843bSPierre Pronchery 86*e7be843bSPierre Pronchery# every "test_updatedb" makes 3 checks 87*e7be843bSPierre Proncheryplan tests => 3 * scalar(@updatedb_tests) + 88*e7be843bSPierre Pronchery 1 * scalar(@unsupported_commands); 89*e7be843bSPierre Pronchery 90*e7be843bSPierre Pronchery 91*e7be843bSPierre Proncheryforeach my $test (@updatedb_tests) { 92*e7be843bSPierre Pronchery test_updatedb($test); 93*e7be843bSPierre Pronchery} 94*e7be843bSPierre Proncheryforeach my $test (@unsupported_commands) { 95*e7be843bSPierre Pronchery test_unsupported_commands($test); 96*e7be843bSPierre Pronchery} 97*e7be843bSPierre Pronchery 98*e7be843bSPierre Pronchery 99*e7be843bSPierre Pronchery################### subs to do tests per supported command ################ 100*e7be843bSPierre Pronchery 101*e7be843bSPierre Proncherysub test_unsupported_commands { 102*e7be843bSPierre Pronchery my ($opts) = @_; 103*e7be843bSPierre Pronchery 104*e7be843bSPierre Pronchery run( 105*e7be843bSPierre Pronchery test(['ca_internals_test', 106*e7be843bSPierre Pronchery $opts->{command} 107*e7be843bSPierre Pronchery ]), 108*e7be843bSPierre Pronchery capture => 0, 109*e7be843bSPierre Pronchery statusvar => \my $exit 110*e7be843bSPierre Pronchery ); 111*e7be843bSPierre Pronchery 112*e7be843bSPierre Pronchery is($exit, 0, "command '".$opts->{command}."' completed without an error"); 113*e7be843bSPierre Pronchery} 114*e7be843bSPierre Pronchery 115*e7be843bSPierre Proncherysub test_updatedb { 116*e7be843bSPierre Pronchery my ($opts) = @_; 117*e7be843bSPierre Pronchery my $amtexpectedexpired = scalar(@{$opts->{expirelist}}); 118*e7be843bSPierre Pronchery my @output; 119*e7be843bSPierre Pronchery my $expirelistcorrect = 1; 120*e7be843bSPierre Pronchery my $cert; 121*e7be843bSPierre Pronchery my $amtexpired = 0; 122*e7be843bSPierre Pronchery my $skipped = 0; 123*e7be843bSPierre Pronchery 124*e7be843bSPierre Pronchery if ($opts->{copydb}) { 125*e7be843bSPierre Pronchery copy(data_file('index.txt'), 'index.txt'); 126*e7be843bSPierre Pronchery } 127*e7be843bSPierre Pronchery 128*e7be843bSPierre Pronchery @output = run( 129*e7be843bSPierre Pronchery test(['ca_internals_test', 130*e7be843bSPierre Pronchery "do_updatedb", 131*e7be843bSPierre Pronchery $opts->{filename}, 132*e7be843bSPierre Pronchery $opts->{testdate}, 133*e7be843bSPierre Pronchery $opts->{need64bit} 134*e7be843bSPierre Pronchery ]), 135*e7be843bSPierre Pronchery capture => 1, 136*e7be843bSPierre Pronchery statusvar => \my $exit 137*e7be843bSPierre Pronchery ); 138*e7be843bSPierre Pronchery 139*e7be843bSPierre Pronchery foreach my $tmp (@output) { 140*e7be843bSPierre Pronchery ($cert) = $tmp =~ /^[\x20\x23]*[^0-9A-Fa-f]*([0-9A-Fa-f]+)=Expired/; 141*e7be843bSPierre Pronchery if ($tmp =~ /^[\x20\x23]*skipping test/) { 142*e7be843bSPierre Pronchery $skipped = 1; 143*e7be843bSPierre Pronchery } 144*e7be843bSPierre Pronchery if (defined($cert) && (length($cert) > 0)) { 145*e7be843bSPierre Pronchery $amtexpired++; 146*e7be843bSPierre Pronchery my $expirefound = 0; 147*e7be843bSPierre Pronchery foreach my $expire (@{$opts->{expirelist}}) { 148*e7be843bSPierre Pronchery if ($expire eq $cert) { 149*e7be843bSPierre Pronchery $expirefound = 1; 150*e7be843bSPierre Pronchery } 151*e7be843bSPierre Pronchery } 152*e7be843bSPierre Pronchery if ($expirefound != 1) { 153*e7be843bSPierre Pronchery $expirelistcorrect = 0; 154*e7be843bSPierre Pronchery } 155*e7be843bSPierre Pronchery } 156*e7be843bSPierre Pronchery } 157*e7be843bSPierre Pronchery 158*e7be843bSPierre Pronchery if ($skipped) { 159*e7be843bSPierre Pronchery $amtexpired = $amtexpectedexpired; 160*e7be843bSPierre Pronchery $expirelistcorrect = 1; 161*e7be843bSPierre Pronchery } 162*e7be843bSPierre Pronchery is($exit, 1, "ca_internals_test: returned EXIT_FAILURE (".$opts->{description}.")"); 163*e7be843bSPierre Pronchery is($amtexpired, $amtexpectedexpired, "ca_internals_test: amount of expired certificates differs from expected amount (".$opts->{description}.")"); 164*e7be843bSPierre Pronchery is($expirelistcorrect, 1, "ca_internals_test: list of expired certificates differs from expected list (".$opts->{description}.")"); 165*e7be843bSPierre Pronchery} 166