summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authorWilliam Ahern <william@25thandclement.com>2016-06-24 21:53:51 -0700
committerWilliam Ahern <william@25thandclement.com>2016-06-24 21:53:51 -0700
commit81bbb1fa5e14a1911cfd99f4ee791ed1e340602e (patch)
treefd7f6c21f630422e1492b4c303897bea002c821d /regress
parentc429c7d4945d2cddf43d31bd59b45cadea617f82 (diff)
downloadluaossl-81bbb1fa5e14a1911cfd99f4ee791ed1e340602e.tar.gz
luaossl-81bbb1fa5e14a1911cfd99f4ee791ed1e340602e.tar.bz2
luaossl-81bbb1fa5e14a1911cfd99f4ee791ed1e340602e.zip
forgot to actually add regression test
Diffstat (limited to 'regress')
-rw-r--r--regress/53-csr-extensions.lua168
1 files changed, 168 insertions, 0 deletions
diff --git a/regress/53-csr-extensions.lua b/regress/53-csr-extensions.lua
new file mode 100644
index 0000000..38346da
--- /dev/null
+++ b/regress/53-csr-extensions.lua
@@ -0,0 +1,168 @@
1local auxlib = require"openssl.auxlib"
2local pkey = require "openssl.pkey"
3local x509_csr = require"_openssl.x509.csr"
4local x509_altname = require"openssl.x509.altname"
5local x509_name = require"openssl.x509.name"
6
7local _basename = arg and arg[0] and arg[0]:match"([^/]+)$" or "UNKNOWN"
8
9local function cluck(fmt, ...)
10 io.stderr:write(_basename, ": ", string.format(fmt, ...), "\n")
11end
12
13local function croak(fmt, ...)
14 io.stderr:write(_basename, ": ", string.format(fmt, ...), "\n")
15 os.exit(1)
16end
17
18local function OK()
19 cluck("OK")
20 return true
21end
22
23local _testno = 0
24local function testnames(altnames, expected)
25 local matched = {}
26
27 _testno = _testno + 1
28
29 for type,data in auxlib.pairs(altnames) do
30 local found
31
32 for i,e in ipairs(expected) do
33 if not matched[i] and e.type == type and e.data == data then
34 cluck("expected match #%d.%d found (%s=%s)", _testno, i, type,data)
35
36 matched[i] = true
37 found = true
38 end
39 end
40
41 if not found then
42 return false, string.format("extra name in test #%d (%s=%s)", _testno, type, data)
43 end
44 end
45
46 for i,e in ipairs(expected) do
47 if not matched[i] then
48 return false, string.format("expected match #%d.%d not found (%s=%s)", _testno, i, e.type, e.data)
49 end
50 end
51
52 return true
53end
54
55local function checknames(altnames, expected)
56 local ok, why = testnames(altnames, expected)
57
58 if not ok then
59 croak(why or "UNKNOWN")
60 end
61
62 return true
63end
64
65key = pkey.new({ bits = 4096 })
66
67data = [[
68-----BEGIN CERTIFICATE REQUEST-----
69MIIFQjCCAyoCAQAwUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1OMRQwEgYDVQQH
70DAtNaW5uZWFwb2xpczEhMB8GA1UECwwYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVk
71MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4sXzE3GQtpFKiuGe389k
72MB0OaGXQxiI/yl6zm9PyYWe5aMpx1THDVhkWXemDVkduEqtLfa8GSNT0ps3BPdTx
73qxNwZ3J9xiVfNZZYO5ZSxs1g32M1lw20wIezLpbQ1ggyt01o9VTQDY6kA+D0G87B
744FtIZxVaXM2z5HVaGYyivxAygDukDsO+RU0NC9mYOfAP4rt/u/xp8LsW0b4aIFqx
75gPcBZj92B+Wi2B4sKSe1m5kMfmh+e8v981hbY7V8FUMebB63iRGF6GU4kjXiMMW6
76gSoc+usq9li8VxjxPngql9pyLqFIa/2gW0c9sKKB2X9tB0nmudjAUrjZjHZEDlNr
77yx15JHhEIT31yP9xGQpy5H+jBldp/shqaV4Alsou9Hn9W71ap7VHOWLrIcaZGKTn
78CVSSYPygn4Rm8Cgwbv5mP6G+SqGHAFqirEysAARUFxsjBLlkNaVFOA38l2cufH8n
791NE/B4iOG/ETvQDR/aKrbyKKo2k/hO941h3J9pwJcCikE0NsRcH6WAm8ifJ0Zd/q
80u8fqI8g9mYPbMWy11+njnfNOVFVhNOmM1/ZM66ac9zgGYncaHu4UzYnvWw75tDbF
81vA+oIJlcxBUtWeTcYRf4xEcRL8IcHEwh1BZq7bgP42Wu+0aBuaa3eYXNBApCNP39
82QmnHlo0iGH2rVeOfcq/wULcCAwEAAaCBqTCBpgYJKoZIhvcNAQkOMYGYMIGVMAkG
83A1UdEwQCMAAwCwYDVR0PBAQDAgXgMHsGA1UdEQR0MHKCE3NlcnZlcjEuZXhhbXBs
84ZS5jb22CEG1haWwuZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYITd3d3LnN1
85Yi5leGFtcGxlLmNvbYIObXguZXhhbXBsZS5jb22CE3N1cHBvcnQuZXhhbXBsZS5j
86b20wDQYJKoZIhvcNAQEFBQADggIBAMiFPtDKVsy4HBhVkHSnbbIl41baaGGFjI/O
87MG8fI7P9jplq5rNZcLxSW2zLzMVuYzCoC+q5roRE5zVVyJlB+5dY0A8e2xKaWVOT
88AB9WvgepPvXDoGNViMBoX/idj3J2BU3e/cX08QWRPjKigwQWQWvUGsZYitGJv+Yv
89/LbIDlxr8Jr+1Txcm1EdXcff6Owlh6Nu59bgCMRdZvABmWfU5ULmUDTJnmc3P9St
90onz07v8ku8/XL7wwOfLJWVSVOk7RONySIJiPfVkgrU3YWiT64JaluDbFEIwnEgJS
9104xL6Pl66bADXCaeG3pZ8ypCs41+4bqFvCnOYma0Sk8fv8hSCWvJfMQI+nQslPJu
92UuGK4C4EEnYvoh/Qs/XEshfrVaNcG0zER3XtsRPAjhZjTPTcRgEjpOI0w3TJAvlN
93LSQV4mXN6E2bcU+cRYvNSgqITwJ7c6wpsONwApIQwFryLsFSCHaIdSLpAZbEPNEW
94UPa3uWXk5lWrBBPPkxyPbt8D3zpzahY4ycYEFKdz8MLdgA7pDalI2XpwgmoUybkw
95AJnsFg7fnFc03R4FsqxCqvbRYj3Bccb8Uhg1zTeXU+7nxjP2yYdT+In16L9SYOsU
964ozEPqnGY9aI11i6C7hBwrUTvHYD6ZSDlylsUXKw/VZXQvS3+C0h6NuRmjBx8jNU
97RG1EyxL4
98-----END CERTIFICATE REQUEST-----
99]]
100
101-- baseline
102do
103 local expected = {
104 { type = "DNS", data = "server1.example.com" },
105 { type = "DNS", data = "mail.example.com" },
106 { type = "DNS", data = "www.example.com" },
107 { type = "DNS", data = "www.sub.example.com" },
108 { type = "DNS", data = "mx.example.com" },
109 { type = "DNS", data = "support.example.com" },
110 }
111
112 checknames((x509_csr.new(data)):getSubjectAlt(), expected)
113end
114
115-- modifying existing altnames
116do
117 local expected = {
118 { type = "DNS", data = "foo.com" },
119 { type = "DNS", data = "*.foo.com" },
120 }
121
122 local csr = x509_csr.new(data)
123 local gn = x509_altname.new()
124 gn:add("DNS", "foo.com")
125 gn:add("DNS", "*.foo.com")
126 csr:setSubjectAlt(gn)
127 csr:setPublicKey(key)
128 csr:sign(key)
129
130 -- check modified object
131 checknames(csr:getSubjectAlt(), expected)
132 -- check after a round-trip through PEM
133 checknames(x509_csr.new(tostring(csr)):getSubjectAlt(), expected)
134end
135
136-- adding altnames where none existed
137do
138 local expected = {
139 name = {
140 { type = "CN", data = "example.com" },
141 },
142 altname = {
143 { type = "DNS", data = "foo.com" },
144 { type = "DNS", data = "*.foo.com" },
145 },
146 }
147
148 local csr = x509_csr.new()
149 local name = x509_name.new()
150 name:add("CN", "example.com")
151 csr:setSubject(name)
152 local gn = x509_altname.new()
153 gn:add("DNS", "foo.com")
154 gn:add("DNS", "*.foo.com")
155 csr:setSubjectAlt(gn)
156 csr:setPublicKey(key)
157 csr:sign(key)
158
159 checknames(csr:getSubject(), expected.name)
160 checknames(csr:getSubjectAlt(), expected.altname)
161
162 local csr1 = x509_csr.new(tostring(csr))
163 checknames(csr1:getSubject(), expected.name)
164 checknames(csr1:getSubjectAlt(), expected.altname)
165end
166
167return OK()
168