From b76a6c26a254b4cc428275fc0ced56759dd5088a Mon Sep 17 00:00:00 2001 From: "Jonathan M. Wilbur" Date: Mon, 24 Jun 2024 20:23:23 +0000 Subject: [PATCH] test: add tests for acceptable policies exts Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/24663) --- test/certs/ext-acceptableCertPolicies.pem | 11 ++++++++ .../certs/ext-acceptablePrivilegePolicies.pem | 11 ++++++++ test/recipes/25-test_x509.t | 26 ++++++++++++++++++- 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 test/certs/ext-acceptableCertPolicies.pem create mode 100644 test/certs/ext-acceptablePrivilegePolicies.pem diff --git a/test/certs/ext-acceptableCertPolicies.pem b/test/certs/ext-acceptableCertPolicies.pem new file mode 100644 index 0000000000..2930235887 --- /dev/null +++ b/test/certs/ext-acceptableCertPolicies.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBkDCCAXygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy +MDM4WhgPMjAyMTA4MzEwMjIwMzhaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB +CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq +nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir +Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI +qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06 +GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus +pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxcwFTATBgNVHTQEDDAKBgNVBAsG +A1UEDTALBgkqhkiG9w0BAQUDAQA= +-----END CERTIFICATE----- diff --git a/test/certs/ext-acceptablePrivilegePolicies.pem b/test/certs/ext-acceptablePrivilegePolicies.pem new file mode 100644 index 0000000000..804086d83a --- /dev/null +++ b/test/certs/ext-acceptablePrivilegePolicies.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBkDCCAXygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMTI1 +NjEyWhgPMjAyMTA4MzAxMjU2MTJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB +CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq +nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir +Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI +qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06 +GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus +pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxcwFTATBgNVHTkEDDAKBgNVBAMG +A1UECjALBgkqhkiG9w0BAQUDAQA= +-----END CERTIFICATE----- diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 579f90278d..22379ec5f9 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 82; +plan tests => 88; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -245,6 +245,30 @@ cert_contains($ass_info_cert, "localityName", 1, 'X509v3 Associated Information'); +my $acc_cert_pol = srctop_file(@certs, "ext-acceptableCertPolicies.pem"); +cert_contains($acc_cert_pol, + "X509v3 Acceptable Certification Policies", + 1, 'X509v3 Acceptable Certification Policies'); +# Yes, I know these OIDs make no sense in a policies extension. It's just a test. +cert_contains($acc_cert_pol, + "organizationalUnitName", + 1, 'X509v3 Acceptable Certification Policies'); +cert_contains($acc_cert_pol, + "description", + 1, 'X509v3 Acceptable Certification Policies'); + +my $acc_priv_pol = srctop_file(@certs, "ext-acceptablePrivilegePolicies.pem"); +cert_contains($acc_priv_pol, + "X509v3 Acceptable Privilege Policies", + 1, 'X509v3 Acceptable Privilege Policies'); +# Yes, I know these OIDs make no sense in a policies extension. It's just a test. +cert_contains($acc_priv_pol, + "commonName", + 1, 'X509v3 Acceptable Certification Policies'); +cert_contains($acc_priv_pol, + "organizationName", + 1, 'X509v3 Acceptable Certification Policies'); + sub test_errors { # actually tests diagnostics of OSSL_STORE my ($expected, $cert, @opts) = @_; my $infile = srctop_file(@certs, $cert);