diff options
Diffstat (limited to 'third_party/heimdal/lib/hx509/test_req.in')
-rw-r--r-- | third_party/heimdal/lib/hx509/test_req.in | 211 |
1 files changed, 211 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/hx509/test_req.in b/third_party/heimdal/lib/hx509/test_req.in new file mode 100644 index 0000000..1d553db --- /dev/null +++ b/third_party/heimdal/lib/hx509/test_req.in @@ -0,0 +1,211 @@ +#!/bin/sh +# +# Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +srcdir="@srcdir@" +objdir="@objdir@" + +stat="--statistic-file=${objdir}/statfile" + +hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" + +if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then + exit 77 +fi +if ${hxtool} info | grep 'rand: not available' > /dev/null ; then + exit 77 +fi + +${hxtool} request-create \ + --subject="CN=Love,DC=it,DC=su,DC=se" \ + --key="FILE:$srcdir/data/key.der" \ + "${objdir}/request.out" || exit 1 + +${hxtool} request-print \ + PKCS10:request.out > /dev/null || exit 1 + +${hxtool} request-create \ + --subject="CN=Love,DC=it,DC=su,DC=se" \ + --eku=1.2.3.4.5.6.7 --eku=1.2.3.4.5.6.8 \ + --registered=1.2.3.4.5.6.9 --eku=1.2.3.4.5.6.10 \ + --dnsname=nutcracker.test.h5l.se \ + --dnsname=foo.nutcracker.test.h5l.se \ + --kerberos=HTTP/foo.nutcracker.it.su.se@TEST.H5L.SE \ + --kerberos=host/foo.nutcracker.it.su.se@TEST.H5L.SE \ + --email=foo@test.h5l.se \ + --key="FILE:$srcdir/data/key.der" \ + "${objdir}/request.out" || exit 1 + +cat > "$objdir/expected" <<EOF +request print +PKCS#10 CertificationRequest: + name: CN=Love,DC=it,DC=su,DC=se + eku: {1.2.3.4.5.6.7}, {1.2.3.4.5.6.8}, {1.2.3.4.5.6.10} + san: rfc822Name: foo@test.h5l.se + san: dNSName: nutcracker.test.h5l.se + san: dNSName: foo.nutcracker.test.h5l.se + san: pkinit: HTTP/foo.nutcracker.it.su.se@TEST.H5L.SE + san: pkinit: host/foo.nutcracker.it.su.se@TEST.H5L.SE + san: registeredID: 1.2.3.4.5.6.9 +EOF + +# Check that we got what we wanted: +${hxtool} request-print \ + PKCS10:request.out > "${objdir}/actual" || exit 1 + +diff "$objdir/expected" "${objdir}/actual" || exit 1 + +# Check that OpenSSL can parse our request: +if openssl version > /dev/null; then + openssl req -inform DER -in "${objdir}/request.out" -text | head -25 > "${objdir}/actual" + + # Various versions of openssl differ slightly in their text output for our + # CSR. Figure out what to expect: + if grep "Version: 0" "${objdir}/actual" > /dev/null; then + v=0 + else + v=1 + fi + if grep "RSA Public-Key:" "${objdir}/actual" > /dev/null; then + k="RSA " + else + k="" + fi + # Note interpolation of $v and $k in the here doc below: + cat > "$objdir/expected" <<EOF +Certificate Request: + Data: + Version: $v (0x0) + Subject: DC = se, DC = su, DC = it, CN = Love + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + ${k}Public-Key: (1024 bit) + Modulus: + 00:c2:aa:a2:42:b7:5b:99:a3:fd:ba:f0:9b:75:db: + ef:3c:9b:8c:cf:63:5f:46:d8:95:be:09:4a:a7:76: + 79:77:61:30:ef:0b:98:d2:47:ea:9c:09:b9:b9:b7: + 15:ac:4b:9c:2d:3f:f0:d9:99:9d:4d:5a:68:67:24: + 58:5e:65:60:13:9f:4d:dc:2f:03:1d:cd:e9:b6:33: + c2:5c:c6:de:c9:93:6c:ec:8d:9a:67:0e:dd:31:20: + ac:91:39:7a:c1:8f:39:65:ff:b3:1f:cf:7a:aa:79: + 8b:ed:eb:ad:a0:be:01:10:4c:5a:a7:47:1d:c6:ee: + 79:39:5c:c7:11:6c:b9:e7:2b + Exponent: 65537 (0x10001) + Attributes: + Requested Extensions: + X509v3 Extended Key Usage: critical + 1.2.3.4.5.6.7, 1.2.3.4.5.6.8, 1.2.3.4.5.6.10 + X509v3 Subject Alternative Name: + email:foo@test.h5l.se, DNS:nutcracker.test.h5l.se, DNS:foo.nutcracker.test.h5l.se, othername:<unsupported>, othername:<unsupported>, Registered ID:1.2.3.4.5.6.9 + Signature Algorithm: sha256WithRSAEncryption +EOF + if ! diff -u -w "${objdir}/expected" "${objdir}/actual"; then + cat > "$objdir/expected" <<EOF +Certificate Request: + Data: + Version: $v (0x0) + Subject: DC = se, DC = su, DC = it, CN = Love + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + ${k}Public-Key: (1024 bit) + Modulus: + 00:c2:aa:a2:42:b7:5b:99:a3:fd:ba:f0:9b:75:db: + ef:3c:9b:8c:cf:63:5f:46:d8:95:be:09:4a:a7:76: + 79:77:61:30:ef:0b:98:d2:47:ea:9c:09:b9:b9:b7: + 15:ac:4b:9c:2d:3f:f0:d9:99:9d:4d:5a:68:67:24: + 58:5e:65:60:13:9f:4d:dc:2f:03:1d:cd:e9:b6:33: + c2:5c:c6:de:c9:93:6c:ec:8d:9a:67:0e:dd:31:20: + ac:91:39:7a:c1:8f:39:65:ff:b3:1f:cf:7a:aa:79: + 8b:ed:eb:ad:a0:be:01:10:4c:5a:a7:47:1d:c6:ee: + 79:39:5c:c7:11:6c:b9:e7:2b + Exponent: 65537 (0x10001) + Attributes: + Requested Extensions: + X509v3 Extended Key Usage: critical + 1.2.3.4.5.6.7, 1.2.3.4.5.6.8, 1.2.3.4.5.6.10 + X509v3 Subject Alternative Name: + email:foo@test.h5l.se, DNS:nutcracker.test.h5l.se, DNS:foo.nutcracker.test.h5l.se, othername: 1.3.6.1.5.2.2::<unsupported>, othername: 1.3.6.1.5.2.2::<unsupported>, Registered ID:1.2.3.4.5.6.9 + Signature Algorithm: sha256WithRSAEncryption +EOF + fi +fi + +${hxtool} request-create \ + --ca \ + --ca-path-length=3 \ + --subject="cn=ca-cert" \ + --key=FILE:$srcdir/data/key.der \ + pkcs10-request.der || exit 1 +${hxtool} request-print PKCS10:pkcs10-request.der > "${objdir}/actual"|| exit 1 +cat > "$objdir/expected" <<EOF +request print +PKCS#10 CertificationRequest: + cA: yes + pathLenConstraint: 3 + name: CN=ca-cert +EOF +diff "$objdir/expected" "${objdir}/actual" || exit 1 + +${hxtool} request-create \ + --ca \ + --subject="cn=ca-cert" \ + --key=FILE:$srcdir/data/key.der \ + pkcs10-request.der || exit 1 +${hxtool} request-print PKCS10:pkcs10-request.der > "${objdir}/actual"|| exit 1 +cat > "$objdir/expected" <<EOF +request print +PKCS#10 CertificationRequest: + cA: yes + pathLenConstraint: unspecified + name: CN=ca-cert +EOF +diff "$objdir/expected" "${objdir}/actual" || exit 1 + +${hxtool} request-create \ + --ee \ + --subject="cn=ca-cert" \ + --key=FILE:$srcdir/data/key.der \ + pkcs10-request.der || exit 1 +${hxtool} request-print PKCS10:pkcs10-request.der > "${objdir}/actual" || exit 1 +cat > "$objdir/expected" <<EOF +request print +PKCS#10 CertificationRequest: + cA: no + pathLenConstraint: unspecified + name: CN=ca-cert +EOF +diff "$objdir/expected" "${objdir}/actual" || exit 1 + +exit 0 |