add regression test for store:verify

author: William Ahern <william@25thandclement.com> 2016-10-29 15:06:45 -0700
committer: William Ahern <william@25thandclement.com> 2016-10-29 15:06:45 -0700
commit: 20afc608216ab2a09c91626f099e40928bd7fc58 (patch)
tree: 42fae3ff516ed5e1acade2e4bfd6e7c990f28ddb /regress
parent: d554b2ffccd22b5c345e8efe881811acfa644d27 (diff)
download: luaossl-20afc608216ab2a09c91626f099e40928bd7fc58.tar.gz
luaossl-20afc608216ab2a09c91626f099e40928bd7fc58.tar.bz2
luaossl-20afc608216ab2a09c91626f099e40928bd7fc58.zip
2 files changed, 180 insertions, 0 deletions
diff --git a/regress/00-store-verify.lua b/regress/00-store-verify.lua
new file mode 100755
index 0000000..f45ad7e
--- /dev/null
+++ b/regress/00-store-verify.lua
@@ -0,0 +1,19 @@
+#!/usr/bin/env lua
+require"regress".export".*"
+local st = store.new()
+local ca_key, ca_crt = genkey()
+st:add(ca_crt)
+local key, crt = genkey("RSA", ca_key, ca_crt)
+local ok, proof_or_reason = st:verify(crt)
+check(ok, "%s", proof_or_reason)
+--for _,crt in pairs(proof_or_reason) do
+--      print(crt:text())
+--end
+say"OK"
diff --git a/regress/regress.lua b/regress/regress.lua
new file mode 100644
index 0000000..8d955ea
--- /dev/null
+++ b/regress/regress.lua
@@ -0,0 +1,161 @@
+local regress = {
+        openssl = require"openssl",
+        pkey = require"openssl.pkey",
+        x509 = require"openssl.x509",
+        name = require"openssl.x509.name",
+        altname = require"openssl.x509.altname",
+        store = require"openssl.x509.store",
+        pack = table.pack or function (...)
+                local t = { ... }
+                t.n = select("#", ...)
+                return t
+        end,
+        unpack = table.unpack or unpack,
+}
+local emit_progname = os.getenv"REGRESS_PROGNAME" or "regress"
+local emit_verbose = tonumber(os.getenv"REGRESS_VERBOSE" or 1)
+local emit_info = {}
+local emit_ll = 0
+local function emit(fmt, ...)
+        local msg = string.format(fmt, ...)
+        for txt, nl in msg:gmatch("([^\n]*)(\n?)") do
+                if emit_ll == 0 and #txt > 0 then
+                        io.stderr:write(emit_progname, ": ")
+                        emit_ll = #emit_progname + 2
+                end
+                io.stderr:write(txt, nl)
+                if nl == "\n" then
+                        emit_ll = 0
+                else
+                        emit_ll = emit_ll + #txt
+                end
+        end
+end -- emit
+local function emitln(fmt, ...)
+        if emit_ll > 0 then
+                emit"\n"
+        end
+        emit(fmt .. "\n", ...)
+end -- emitln
+local function emitinfo()
+        for _, txt in ipairs(emit_info) do
+                emitln("%s", txt)
+        end
+end -- emitinfo
+function regress.say(...)
+        emitln(...)
+end -- say
+function regress.panic(...)
+        emitinfo()
+        emitln(...)
+        os.exit(1)
+end -- panic
+function regress.info(...)
+        if emit_verbose > 1 then
+                emitln(...)
+        else
+                emit_info[#emit_info + 1] = string.format(...)
+                if emit_verbose > 0 then
+                        if emit_ll > 78 then
+                                emit"\n."
+                        else
+                                emit"."
+                        end
+                end
+        end
+end -- info
+function regress.check(v, ...)
+        if v then
+                return v, ...
+        else
+                regress.panic(...)
+        end
+end -- check
+function regress.export(...)
+        for _, pat in ipairs{ ... } do
+                for k, v in pairs(regress) do
+                        if string.match(k, pat) then
+                                _G[k] = v
+                        end
+                end
+        end
+        return regress
+end -- export
+local counter = 0
+function regress.genkey(type, ca_key, ca_crt)
+        local pkey = require"openssl.pkey"
+        local x509 = require"openssl.x509"
+        local name = require"openssl.x509.name"
+        local altname = require"openssl.x509.altname"
+        local key
+        type = string.upper(type or "RSA")
+        if type == "EC" then
+                key = regress.check(pkey.new{ type = "EC",  curve = "prime192v1" })
+        else
+                key = regress.check(pkey.new{ type = type, bits = 1024 })
+        end
+        local dn = name.new()
+        dn:add("C", "US")
+        dn:add("ST", "California")
+        dn:add("L", "San Francisco")
+        dn:add("O", "Acme, Inc.")
+        dn:add("CN", string.format("acme%d.inc", counter))
+        counter = counter + 1
+        local alt = altname.new()
+        alt:add("DNS", "acme.inc")
+        alt:add("DNS", "localhost")
+        local crt = x509.new()
+        crt:setVersion(3)
+        crt:setSerial(47)
+        crt:setSubject(dn)
+        crt:setIssuer((ca_crt or crt):getSubject())
+        crt:setSubjectAlt(alt)
+        local issued, expires = crt:getLifetime()
+        crt:setLifetime(issued, expires + 60)
+        crt:setBasicConstraints{ CA = true, pathLen = 2 }
+        crt:setBasicConstraintsCritical(true)
+        crt:setPublicKey(key)
+        crt:sign(ca_key or key)
+        return key, crt
+end -- regress.genkey
+local function getsubtable(t, name, ...)
+        name = name or false -- cannot be nil
+        if not t[name] then
+                t[name] = {}
+        end
+        if select('#', ...) > 0 then
+                return getsubtable(t[name], ...)
+        else
+                return t[name]
+        end
+end -- getsubtable
+return regress
author	William Ahern <william@25thandclement.com>	2016-10-29 15:06:45 -0700
committer	William Ahern <william@25thandclement.com>	2016-10-29 15:06:45 -0700
commit	20afc608216ab2a09c91626f099e40928bd7fc58 (patch)
tree	42fae3ff516ed5e1acade2e4bfd6e7c990f28ddb /regress
parent	d554b2ffccd22b5c345e8efe881811acfa644d27 (diff)
download	luaossl-20afc608216ab2a09c91626f099e40928bd7fc58.tar.gz luaossl-20afc608216ab2a09c91626f099e40928bd7fc58.tar.bz2 luaossl-20afc608216ab2a09c91626f099e40928bd7fc58.zip

diff --git a/regress/00-store-verify.lua b/regress/00-store-verify.lua new file mode 100755 index 0000000..f45ad7e --- /dev/null +++ b/regress/00-store-verify.lua
@@ -0,0 +1,19 @@
	1	#!/usr/bin/env lua
	2
	3	require"regress".export".*"
	4
	5	local st = store.new()
	6
	7	local ca_key, ca_crt = genkey()
	8	st:add(ca_crt)
	9
	10	local key, crt = genkey("RSA", ca_key, ca_crt)
	11
	12	local ok, proof_or_reason = st:verify(crt)
	13	check(ok, "%s", proof_or_reason)
	14
	15	--for _,crt in pairs(proof_or_reason) do
	16	-- print(crt:text())
	17	--end
	18
	19	say"OK"


diff --git a/regress/regress.lua b/regress/regress.lua new file mode 100644 index 0000000..8d955ea --- /dev/null +++ b/regress/regress.lua
@@ -0,0 +1,161 @@
	1	local regress = {
	2	openssl = require"openssl",
	3	pkey = require"openssl.pkey",
	4	x509 = require"openssl.x509",
	5	name = require"openssl.x509.name",
	6	altname = require"openssl.x509.altname",
	7	store = require"openssl.x509.store",
	8	pack = table.pack or function (...)
	9	local t = { ... }
	10	t.n = select("#", ...)
	11	return t
	12	end,
	13	unpack = table.unpack or unpack,
	14	}
	15
	16	local emit_progname = os.getenv"REGRESS_PROGNAME" or "regress"
	17	local emit_verbose = tonumber(os.getenv"REGRESS_VERBOSE" or 1)
	18	local emit_info = {}
	19	local emit_ll = 0
	20
	21	local function emit(fmt, ...)
	22	local msg = string.format(fmt, ...)
	23
	24	for txt, nl in msg:gmatch("([^\n]*)(\n?)") do
	25	if emit_ll == 0 and #txt > 0 then
	26	io.stderr:write(emit_progname, ": ")
	27	emit_ll = #emit_progname + 2
	28	end
	29
	30	io.stderr:write(txt, nl)
	31
	32	if nl == "\n" then
	33	emit_ll = 0
	34	else
	35	emit_ll = emit_ll + #txt
	36	end
	37	end
	38	end -- emit
	39
	40	local function emitln(fmt, ...)
	41	if emit_ll > 0 then
	42	emit"\n"
	43	end
	44
	45	emit(fmt .. "\n", ...)
	46	end -- emitln
	47
	48	local function emitinfo()
	49	for _, txt in ipairs(emit_info) do
	50	emitln("%s", txt)
	51	end
	52	end -- emitinfo
	53
	54	function regress.say(...)
	55	emitln(...)
	56	end -- say
	57
	58	function regress.panic(...)
	59	emitinfo()
	60	emitln(...)
	61	os.exit(1)
	62	end -- panic
	63
	64	function regress.info(...)
	65	if emit_verbose > 1 then
	66	emitln(...)
	67	else
	68	emit_info[#emit_info + 1] = string.format(...)
	69
	70	if emit_verbose > 0 then
	71	if emit_ll > 78 then
	72	emit"\n."
	73	else
	74	emit"."
	75	end
	76	end
	77	end
	78	end -- info
	79
	80	function regress.check(v, ...)
	81	if v then
	82	return v, ...
	83	else
	84	regress.panic(...)
	85	end
	86	end -- check
	87
	88	function regress.export(...)
	89	for _, pat in ipairs{ ... } do
	90	for k, v in pairs(regress) do
	91	if string.match(k, pat) then
	92	_G[k] = v
	93	end
	94	end
	95	end
	96
	97	return regress
	98	end -- export
	99
	100	local counter = 0
	101	function regress.genkey(type, ca_key, ca_crt)
	102	local pkey = require"openssl.pkey"
	103	local x509 = require"openssl.x509"
	104	local name = require"openssl.x509.name"
	105	local altname = require"openssl.x509.altname"
	106	local key
	107
	108	type = string.upper(type or "RSA")
	109
	110	if type == "EC" then
	111	key = regress.check(pkey.new{ type = "EC", curve = "prime192v1" })
	112	else
	113	key = regress.check(pkey.new{ type = type, bits = 1024 })
	114	end
	115
	116	local dn = name.new()
	117	dn:add("C", "US")
	118	dn:add("ST", "California")
	119	dn:add("L", "San Francisco")
	120	dn:add("O", "Acme, Inc.")
	121	dn:add("CN", string.format("acme%d.inc", counter))
	122	counter = counter + 1
	123
	124	local alt = altname.new()
	125	alt:add("DNS", "acme.inc")
	126	alt:add("DNS", "localhost")
	127
	128	local crt = x509.new()
	129	crt:setVersion(3)
	130	crt:setSerial(47)
	131	crt:setSubject(dn)
	132	crt:setIssuer((ca_crt or crt):getSubject())
	133	crt:setSubjectAlt(alt)
	134
	135	local issued, expires = crt:getLifetime()
	136	crt:setLifetime(issued, expires + 60)
	137
	138	crt:setBasicConstraints{ CA = true, pathLen = 2 }
	139	crt:setBasicConstraintsCritical(true)
	140
	141	crt:setPublicKey(key)
	142	crt:sign(ca_key or key)
	143
	144	return key, crt
	145	end -- regress.genkey
	146
	147	local function getsubtable(t, name, ...)
	148	name = name or false -- cannot be nil
	149
	150	if not t[name] then
	151	t[name] = {}
	152	end
	153
	154	if select('#', ...) > 0 then
	155	return getsubtable(t[name], ...)
	156	else
	157	return t[name]
	158	end
	159	end -- getsubtable
	160
	161	return regress