diff options
author | William Ahern <william@25thandclement.com> | 2016-06-24 21:53:51 -0700 |
---|---|---|
committer | William Ahern <william@25thandclement.com> | 2016-06-24 21:53:51 -0700 |
commit | 81bbb1fa5e14a1911cfd99f4ee791ed1e340602e (patch) | |
tree | fd7f6c21f630422e1492b4c303897bea002c821d /regress | |
parent | c429c7d4945d2cddf43d31bd59b45cadea617f82 (diff) | |
download | luaossl-81bbb1fa5e14a1911cfd99f4ee791ed1e340602e.tar.gz luaossl-81bbb1fa5e14a1911cfd99f4ee791ed1e340602e.tar.bz2 luaossl-81bbb1fa5e14a1911cfd99f4ee791ed1e340602e.zip |
forgot to actually add regression test
Diffstat (limited to 'regress')
-rw-r--r-- | regress/53-csr-extensions.lua | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/regress/53-csr-extensions.lua b/regress/53-csr-extensions.lua new file mode 100644 index 0000000..38346da --- /dev/null +++ b/regress/53-csr-extensions.lua | |||
@@ -0,0 +1,168 @@ | |||
1 | local auxlib = require"openssl.auxlib" | ||
2 | local pkey = require "openssl.pkey" | ||
3 | local x509_csr = require"_openssl.x509.csr" | ||
4 | local x509_altname = require"openssl.x509.altname" | ||
5 | local x509_name = require"openssl.x509.name" | ||
6 | |||
7 | local _basename = arg and arg[0] and arg[0]:match"([^/]+)$" or "UNKNOWN" | ||
8 | |||
9 | local function cluck(fmt, ...) | ||
10 | io.stderr:write(_basename, ": ", string.format(fmt, ...), "\n") | ||
11 | end | ||
12 | |||
13 | local function croak(fmt, ...) | ||
14 | io.stderr:write(_basename, ": ", string.format(fmt, ...), "\n") | ||
15 | os.exit(1) | ||
16 | end | ||
17 | |||
18 | local function OK() | ||
19 | cluck("OK") | ||
20 | return true | ||
21 | end | ||
22 | |||
23 | local _testno = 0 | ||
24 | local function testnames(altnames, expected) | ||
25 | local matched = {} | ||
26 | |||
27 | _testno = _testno + 1 | ||
28 | |||
29 | for type,data in auxlib.pairs(altnames) do | ||
30 | local found | ||
31 | |||
32 | for i,e in ipairs(expected) do | ||
33 | if not matched[i] and e.type == type and e.data == data then | ||
34 | cluck("expected match #%d.%d found (%s=%s)", _testno, i, type,data) | ||
35 | |||
36 | matched[i] = true | ||
37 | found = true | ||
38 | end | ||
39 | end | ||
40 | |||
41 | if not found then | ||
42 | return false, string.format("extra name in test #%d (%s=%s)", _testno, type, data) | ||
43 | end | ||
44 | end | ||
45 | |||
46 | for i,e in ipairs(expected) do | ||
47 | if not matched[i] then | ||
48 | return false, string.format("expected match #%d.%d not found (%s=%s)", _testno, i, e.type, e.data) | ||
49 | end | ||
50 | end | ||
51 | |||
52 | return true | ||
53 | end | ||
54 | |||
55 | local function checknames(altnames, expected) | ||
56 | local ok, why = testnames(altnames, expected) | ||
57 | |||
58 | if not ok then | ||
59 | croak(why or "UNKNOWN") | ||
60 | end | ||
61 | |||
62 | return true | ||
63 | end | ||
64 | |||
65 | key = pkey.new({ bits = 4096 }) | ||
66 | |||
67 | data = [[ | ||
68 | -----BEGIN CERTIFICATE REQUEST----- | ||
69 | MIIFQjCCAyoCAQAwUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1OMRQwEgYDVQQH | ||
70 | DAtNaW5uZWFwb2xpczEhMB8GA1UECwwYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVk | ||
71 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4sXzE3GQtpFKiuGe389k | ||
72 | MB0OaGXQxiI/yl6zm9PyYWe5aMpx1THDVhkWXemDVkduEqtLfa8GSNT0ps3BPdTx | ||
73 | qxNwZ3J9xiVfNZZYO5ZSxs1g32M1lw20wIezLpbQ1ggyt01o9VTQDY6kA+D0G87B | ||
74 | 4FtIZxVaXM2z5HVaGYyivxAygDukDsO+RU0NC9mYOfAP4rt/u/xp8LsW0b4aIFqx | ||
75 | gPcBZj92B+Wi2B4sKSe1m5kMfmh+e8v981hbY7V8FUMebB63iRGF6GU4kjXiMMW6 | ||
76 | gSoc+usq9li8VxjxPngql9pyLqFIa/2gW0c9sKKB2X9tB0nmudjAUrjZjHZEDlNr | ||
77 | yx15JHhEIT31yP9xGQpy5H+jBldp/shqaV4Alsou9Hn9W71ap7VHOWLrIcaZGKTn | ||
78 | CVSSYPygn4Rm8Cgwbv5mP6G+SqGHAFqirEysAARUFxsjBLlkNaVFOA38l2cufH8n | ||
79 | 1NE/B4iOG/ETvQDR/aKrbyKKo2k/hO941h3J9pwJcCikE0NsRcH6WAm8ifJ0Zd/q | ||
80 | u8fqI8g9mYPbMWy11+njnfNOVFVhNOmM1/ZM66ac9zgGYncaHu4UzYnvWw75tDbF | ||
81 | vA+oIJlcxBUtWeTcYRf4xEcRL8IcHEwh1BZq7bgP42Wu+0aBuaa3eYXNBApCNP39 | ||
82 | QmnHlo0iGH2rVeOfcq/wULcCAwEAAaCBqTCBpgYJKoZIhvcNAQkOMYGYMIGVMAkG | ||
83 | A1UdEwQCMAAwCwYDVR0PBAQDAgXgMHsGA1UdEQR0MHKCE3NlcnZlcjEuZXhhbXBs | ||
84 | ZS5jb22CEG1haWwuZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYITd3d3LnN1 | ||
85 | Yi5leGFtcGxlLmNvbYIObXguZXhhbXBsZS5jb22CE3N1cHBvcnQuZXhhbXBsZS5j | ||
86 | b20wDQYJKoZIhvcNAQEFBQADggIBAMiFPtDKVsy4HBhVkHSnbbIl41baaGGFjI/O | ||
87 | MG8fI7P9jplq5rNZcLxSW2zLzMVuYzCoC+q5roRE5zVVyJlB+5dY0A8e2xKaWVOT | ||
88 | AB9WvgepPvXDoGNViMBoX/idj3J2BU3e/cX08QWRPjKigwQWQWvUGsZYitGJv+Yv | ||
89 | /LbIDlxr8Jr+1Txcm1EdXcff6Owlh6Nu59bgCMRdZvABmWfU5ULmUDTJnmc3P9St | ||
90 | onz07v8ku8/XL7wwOfLJWVSVOk7RONySIJiPfVkgrU3YWiT64JaluDbFEIwnEgJS | ||
91 | 04xL6Pl66bADXCaeG3pZ8ypCs41+4bqFvCnOYma0Sk8fv8hSCWvJfMQI+nQslPJu | ||
92 | UuGK4C4EEnYvoh/Qs/XEshfrVaNcG0zER3XtsRPAjhZjTPTcRgEjpOI0w3TJAvlN | ||
93 | LSQV4mXN6E2bcU+cRYvNSgqITwJ7c6wpsONwApIQwFryLsFSCHaIdSLpAZbEPNEW | ||
94 | UPa3uWXk5lWrBBPPkxyPbt8D3zpzahY4ycYEFKdz8MLdgA7pDalI2XpwgmoUybkw | ||
95 | AJnsFg7fnFc03R4FsqxCqvbRYj3Bccb8Uhg1zTeXU+7nxjP2yYdT+In16L9SYOsU | ||
96 | 4ozEPqnGY9aI11i6C7hBwrUTvHYD6ZSDlylsUXKw/VZXQvS3+C0h6NuRmjBx8jNU | ||
97 | RG1EyxL4 | ||
98 | -----END CERTIFICATE REQUEST----- | ||
99 | ]] | ||
100 | |||
101 | -- baseline | ||
102 | do | ||
103 | local expected = { | ||
104 | { type = "DNS", data = "server1.example.com" }, | ||
105 | { type = "DNS", data = "mail.example.com" }, | ||
106 | { type = "DNS", data = "www.example.com" }, | ||
107 | { type = "DNS", data = "www.sub.example.com" }, | ||
108 | { type = "DNS", data = "mx.example.com" }, | ||
109 | { type = "DNS", data = "support.example.com" }, | ||
110 | } | ||
111 | |||
112 | checknames((x509_csr.new(data)):getSubjectAlt(), expected) | ||
113 | end | ||
114 | |||
115 | -- modifying existing altnames | ||
116 | do | ||
117 | local expected = { | ||
118 | { type = "DNS", data = "foo.com" }, | ||
119 | { type = "DNS", data = "*.foo.com" }, | ||
120 | } | ||
121 | |||
122 | local csr = x509_csr.new(data) | ||
123 | local gn = x509_altname.new() | ||
124 | gn:add("DNS", "foo.com") | ||
125 | gn:add("DNS", "*.foo.com") | ||
126 | csr:setSubjectAlt(gn) | ||
127 | csr:setPublicKey(key) | ||
128 | csr:sign(key) | ||
129 | |||
130 | -- check modified object | ||
131 | checknames(csr:getSubjectAlt(), expected) | ||
132 | -- check after a round-trip through PEM | ||
133 | checknames(x509_csr.new(tostring(csr)):getSubjectAlt(), expected) | ||
134 | end | ||
135 | |||
136 | -- adding altnames where none existed | ||
137 | do | ||
138 | local expected = { | ||
139 | name = { | ||
140 | { type = "CN", data = "example.com" }, | ||
141 | }, | ||
142 | altname = { | ||
143 | { type = "DNS", data = "foo.com" }, | ||
144 | { type = "DNS", data = "*.foo.com" }, | ||
145 | }, | ||
146 | } | ||
147 | |||
148 | local csr = x509_csr.new() | ||
149 | local name = x509_name.new() | ||
150 | name:add("CN", "example.com") | ||
151 | csr:setSubject(name) | ||
152 | local gn = x509_altname.new() | ||
153 | gn:add("DNS", "foo.com") | ||
154 | gn:add("DNS", "*.foo.com") | ||
155 | csr:setSubjectAlt(gn) | ||
156 | csr:setPublicKey(key) | ||
157 | csr:sign(key) | ||
158 | |||
159 | checknames(csr:getSubject(), expected.name) | ||
160 | checknames(csr:getSubjectAlt(), expected.altname) | ||
161 | |||
162 | local csr1 = x509_csr.new(tostring(csr)) | ||
163 | checknames(csr1:getSubject(), expected.name) | ||
164 | checknames(csr1:getSubjectAlt(), expected.altname) | ||
165 | end | ||
166 | |||
167 | return OK() | ||
168 | |||