From fe89f308aec9193f90f3b8215a049e37e38da84d Mon Sep 17 00:00:00 2001
From: "Jonathan M. Wilbur" <jonathan@wilbur.space>
Date: Mon, 16 Sep 2024 23:39:01 +0000
Subject: [PATCH] test: the timeSpecification X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25476)
---
 test/certs/ext-timeSpecification-absolute.pem | 12 ++++++
 test/certs/ext-timeSpecification-periodic.pem | 14 +++++++
 test/recipes/25-test_x509.t                   | 39 ++++++++++++++++++-
 3 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 test/certs/ext-timeSpecification-absolute.pem
 create mode 100644 test/certs/ext-timeSpecification-periodic.pem

diff --git a/test/certs/ext-timeSpecification-absolute.pem b/test/certs/ext-timeSpecification-absolute.pem
new file mode 100644
index 0000000000..01d9b4bb80
--- /dev/null
+++ b/test/certs/ext-timeSpecification-absolute.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB2jCCAcSgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEyMjAxMzA3MjFaGA8yMDIyMTIyMDEzMDcyMVowETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABozgwNjA0BgNVHSsELTArMCagERgPMjAyMjEyMjAx
+MzA3MjFaoREYDzIwMjIxMjIwMTMwNzIxWgIB+zANBgkqhkiG9w0BAQUFAAMBAA==
+-----END CERTIFICATE-----
diff --git a/test/certs/ext-timeSpecification-periodic.pem b/test/certs/ext-timeSpecification-periodic.pem
new file mode 100644
index 0000000000..c93a8c30eb
--- /dev/null
+++ b/test/certs/ext-timeSpecification-periodic.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNjCCAiCgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEyMjExNDQ5NDJaGA8yMDIyMTIyMTE0NDk0MlowETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABo4GTMIGQMIGNBgNVHSsEgYUwgYIxejBWoCoxKDAm
+oBEwD6ADAgEFoQMCASuiAwIBFaERMA+gAwIBDKEDAgEiogMCATihCDEGAgEBAgEC
+oggxBgIBAwIBBKMIMQYCAQUCAQakCjEIAgIH5gICB+cwIKEIMQYCAQMCAQSjCDEG
+AgEHAgEIpAoxCAICB+cCAgfoAQH/AgH7MA0GCSqGSIb3DQEBBQUAAwEA
+-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index 664ba5425c..d07abbad1d 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 111;
+plan tests => 122;
 
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -354,6 +354,43 @@ cert_contains($attr_desc_cert,
               "Algorithm: sha256",
               1, 'X.509 Attribute Descriptor');
 
+my $time_spec_abs_cert = srctop_file(@certs, "ext-timeSpecification-absolute.pem");
+cert_contains($time_spec_abs_cert,
+              "Timezone: UTC-05:00",
+              1, 'X.509 Time Specification (Absolute)');
+cert_contains($time_spec_abs_cert,
+              "Absolute: Any time between Dec 20 13:07:21 2022 GMT and Dec 20 13:07:21 2022 GMT",
+              1, 'X.509 Time Specification (Absolute)');
+
+my $time_spec_per_cert = srctop_file(@certs, "ext-timeSpecification-periodic.pem");
+cert_contains($time_spec_per_cert,
+              "Timezone: UTC-05:00",
+              1, 'X.509 Time Specification (Periodic)');
+cert_contains($time_spec_per_cert,
+              "NOT this time:",
+              1, 'X.509 Time Specification (Periodic)');
+cert_contains($time_spec_per_cert,
+              "05:43:21 - 12:34:56",
+              1, 'X.509 Time Specification (Periodic)');
+cert_contains($time_spec_per_cert,
+              "Days of the week: SUN, MON",
+              1, 'X.509 Time Specification (Periodic)');
+cert_contains($time_spec_per_cert,
+              "Weeks of the month: 3, 4",
+              1, 'X.509 Time Specification (Periodic)');
+cert_contains($time_spec_per_cert,
+              "Months: MAY, JUN",
+              1, 'X.509 Time Specification (Periodic)');
+cert_contains($time_spec_per_cert,
+              "Years: 2022, 2023",
+              1, 'X.509 Time Specification (Periodic)');
+cert_contains($time_spec_per_cert,
+              "Months: JUL, AUG",
+              1, 'X.509 Time Specification (Periodic)');
+cert_contains($time_spec_per_cert,
+              "Years: 2023, 2024",
+              1, 'X.509 Time Specification (Periodic)');
+
 sub test_errors { # actually tests diagnostics of OSSL_STORE
     my ($expected, $cert, @opts) = @_;
     my $infile = srctop_file(@certs, $cert);