Add support for targetingInformation X.509v3 extension

Support for the targetingInformation X.509v3 extension defined in ITU-T
Recommendation X.509 (2019), Section 17.1.2.2. This extension is used
in attribute certificates.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22206)

2 files changed, 44 insertions, 1 deletions

diff --git a/test/certs/ext-targetingInformation.pem b/test/certs/ext-targetingInformation.pem
new file mode 100644
index 0000000..0ce3998
--- /dev/null
+++ b/test/certs/ext-targetingInformation.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKzCCAhegAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMTI1
+NDEzWhgPMjAyMTA4MzAxMjU0MTNaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABo4GxMIGuMIGrBgNVHTcEgaMwgaAw
+OqAgpB4wHDEaMBgGA1UEAwwRV2lsZGJvYXIgU29mdHdhcmWhFoIUd2lsZGJvYXJz
+b2Z0d2FyZS5jb20wYqJgMDEwJaQeMBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3
+YXJliANVBAMCBAECAwQDAgOwgRVqb25hdGhhbkB3aWxidXIuc3BhY2UwFAoBADAL
+BgkqhkiG9w0BAQUDAgIkMAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index c727e5c..2ae13df 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 51;
+plan tests => 60;
 
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -143,6 +143,35 @@ cert_contains(srctop_file(@certs, "ext-indirectIssuer.pem"),
               "Indirect Issuer",
               1, 'X.509 Indirect Issuer');
 
+my $tgt_info_cert = srctop_file(@certs, "ext-targetingInformation.pem");
+cert_contains($tgt_info_cert,
+              "AC Targeting",
+              1, 'X.509 Targeting Information Extension');
+cert_contains($tgt_info_cert,
+              "Targets:",
+              1, 'X.509 Targeting Information Targets');
+cert_contains($tgt_info_cert,
+              "Target:",
+              1, 'X.509 Targeting Information Target');
+cert_contains($tgt_info_cert,
+              "Target Name: DirName:CN = W",
+              1, 'X.509 Targeting Information Target Name');
+cert_contains($tgt_info_cert,
+              "Target Group: DNS:wildboarsoftware.com",
+              1, 'X.509 Targeting Information Target Name');
+cert_contains($tgt_info_cert,
+              "Issuer Names:",
+              1, 'X.509 Targeting Information Issuer Names');
+cert_contains($tgt_info_cert,
+              "Issuer Serial: 01020304",
+              1, 'X.509 Targeting Information Issuer Serial');
+cert_contains($tgt_info_cert,
+              "Issuer UID: B0",
+              1, 'X.509 Targeting Information Issuer UID');
+cert_contains($tgt_info_cert,
+              "Digest Type: Public Key",
+              1, 'X.509 Targeting Information Object Digest Type');
+
 sub test_errors { # actually tests diagnostics of OSSL_STORE
     my ($expected, $cert, @opts) = @_;
     my $infile = srctop_file(@certs, $cert);