diff options
author | Paul Yang <paulyang.inf@gmail.com> | 2017-06-05 03:16:40 +0800 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-06 17:50:06 +0100 |
commit | 6d2523e0378edabad236bf052d465448dc387c9d (patch) | |
tree | da3b17ce0b75018d655c516dcad7ac1de8da47b2 /test/x509_check_cert_pkey_test.c | |
parent | 7b9863392bff83e7822384a07a11a91feb4e003f (diff) | |
download | openssl-6d2523e0378edabad236bf052d465448dc387c9d.zip openssl-6d2523e0378edabad236bf052d465448dc387c9d.tar.gz openssl-6d2523e0378edabad236bf052d465448dc387c9d.tar.bz2 |
Add test cases for X509_check_private_key
To test X509_check_private_key and relatives.
Add a CSR and corresponding RSA private key to test
X509_REQ_check_private_key function.
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3614)
Diffstat (limited to 'test/x509_check_cert_pkey_test.c')
-rw-r--r-- | test/x509_check_cert_pkey_test.c | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/test/x509_check_cert_pkey_test.c b/test/x509_check_cert_pkey_test.c new file mode 100644 index 0000000..7151c17 --- /dev/null +++ b/test/x509_check_cert_pkey_test.c @@ -0,0 +1,138 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include <string.h> + +#include <openssl/pem.h> +#include <openssl/x509.h> +#include "testutil.h" + +/* + * c: path of a cert in PEM format + * k: path of a key in PEM format + * t: API type, "cert" for X509_ and "req" for X509_REQ_ APIs. + * e: expected, "ok" for success, "failed" for what should fail. + */ +static int test_x509_check_cert_pkey(const char *c, const char *k, + const char *t, const char *e) +{ + BIO *bio = NULL; + X509 *x509 = NULL; + X509_REQ *x509_req = NULL; + EVP_PKEY *pkey = NULL; + int ret = 0, type = 0, expected = 0, result; + + /* + * we check them first thus if fails we don't need to do + * those PEM parsing operations. + */ + if (strcmp(t, "cert") == 0) { + type = 1; + } else if (strcmp(t, "req") == 0) { + type = 2; + } else { + TEST_error("invalid 'type'"); + goto failed; + } + + if (strcmp(e, "ok") == 0) { + expected = 1; + } else if (strcmp(e, "failed") == 0) { + expected = 2; + } else { + TEST_error("invalid 'expected'"); + goto failed; + } + + /* process private key */ + bio = BIO_new_file(k, "r"); + if (bio == NULL) { + TEST_error("create BIO for private key failed"); + goto failed; + } + + pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); + if (pkey == NULL) { + TEST_error("read PEM private key failed"); + goto failed; + } + + BIO_free(bio); + + /* process cert or cert request, use the same local var */ + bio = BIO_new_file(c, "r"); + if (bio == NULL) { + TEST_error("create BIO for cert or cert req failed"); + goto failed; + } + + switch (type) { + case 1: + x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); + if (x509 == NULL) { + TEST_error("read PEM x509 failed"); + goto failed; + } + + result = X509_check_private_key(x509, pkey); + break; + case 2: + x509_req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL); + if (x509_req == NULL) { + TEST_error("read PEM x509 req failed"); + goto failed; + } + + result = X509_REQ_check_private_key(x509_req, pkey); + break; + default: + /* should never be here */ + break; + } + + if (expected == 1) { + /* expected == 1 means we expect an "ok" */ + if (!TEST_int_eq(result, 1)) { + TEST_error("check private key: expected: 1, got: %d", result); + goto failed; + } + } else { + if (!TEST_int_eq(result, 0)) { + TEST_error("check private key: expected: 0, got: %d", result); + goto failed; + } + } + +out: + if (bio) + BIO_free(bio); + if (x509) + X509_free(x509); + if (x509_req) + X509_REQ_free(x509_req); + if (pkey) + EVP_PKEY_free(pkey); + return ret; + +failed: + ret = 1; + goto out; +} + +int test_main(int argc, char **argv) +{ + if (!TEST_int_eq(argc, 5)) { + TEST_info("usage: x509_check_cert_pkey cert.pem|cert.req" + " key.pem cert|req <expected>"); + return 1; + } + + return test_x509_check_cert_pkey(argv[1], argv[2], argv[3], argv[4]); +} |