#! /usr/bin/env perl # Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html use strict; use warnings; use POSIX; use OpenSSL::Test qw/:DEFAULT data_file/; use File::Copy; setup('test_ca_internals'); my @updatedb_tests = ( { description => 'updatedb called before the first certificate expires', filename => 'index.txt', copydb => 1, testdate => '990101000000Z', need64bit => 0, expirelist => [ ] }, { description => 'updatedb called before Y2k', filename => 'index.txt', copydb => 0, testdate => '991201000000Z', need64bit => 0, expirelist => [ '1000' ] }, { description => 'updatedb called after year 2020', filename => 'index.txt', copydb => 0, testdate => '211201000000Z', need64bit => 0, expirelist => [ '1001' ] }, { description => 'updatedb called in year 2049 (last year with 2 digits)', filename => 'index.txt', copydb => 0, testdate => '491201000000Z', need64bit => 1, expirelist => [ '1002' ] }, { description => 'updatedb called in year 2050 (first year with 4 digits) before the last certificate expires', filename => 'index.txt', copydb => 0, testdate => '20500101000000Z', need64bit => 1, expirelist => [ ] }, { description => 'updatedb called after the last certificate expired', filename => 'index.txt', copydb => 0, testdate => '20501201000000Z', need64bit => 1, expirelist => [ '1003' ] }, { description => 'updatedb called for the first time after the last certificate expired', filename => 'index.txt', copydb => 1, testdate => '20501201000000Z', need64bit => 1, expirelist => [ '1000', '1001', '1002', '1003' ] } ); my @unsupported_commands = ( { command => 'unsupported' } ); # every "test_updatedb" makes 3 checks plan tests => 3 * scalar(@updatedb_tests) + 1 * scalar(@unsupported_commands); foreach my $test (@updatedb_tests) { test_updatedb($test); } foreach my $test (@unsupported_commands) { test_unsupported_commands($test); } ################### subs to do tests per supported command ################ sub test_unsupported_commands { my ($opts) = @_; run( test(['ca_internals_test', $opts->{command} ]), capture => 0, statusvar => \my $exit ); is($exit, 0, "command '".$opts->{command}."' completed without an error"); } sub test_updatedb { my ($opts) = @_; my $amtexpectedexpired = scalar(@{$opts->{expirelist}}); my @output; my $expirelistcorrect = 1; my $cert; my $amtexpired = 0; my $skipped = 0; if ($opts->{copydb}) { copy(data_file('index.txt'), 'index.txt'); } @output = run( test(['ca_internals_test', "do_updatedb", $opts->{filename}, $opts->{testdate}, $opts->{need64bit} ]), capture => 1, statusvar => \my $exit ); foreach my $tmp (@output) { ($cert) = $tmp =~ /^[\x20\x23]*[^0-9A-Fa-f]*([0-9A-Fa-f]+)=Expired/; if ($tmp =~ /^[\x20\x23]*skipping test/) { $skipped = 1; } if (defined($cert) && (length($cert) > 0)) { $amtexpired++; my $expirefound = 0; foreach my $expire (@{$opts->{expirelist}}) { if ($expire eq $cert) { $expirefound = 1; } } if ($expirefound != 1) { $expirelistcorrect = 0; } } } if ($skipped) { $amtexpired = $amtexpectedexpired; $expirelistcorrect = 1; } is($exit, 1, "ca_internals_test: returned EXIT_FAILURE (".$opts->{description}.")"); is($amtexpired, $amtexpectedexpired, "ca_internals_test: amount of expired certificates differs from expected amount (".$opts->{description}.")"); is($expirelistcorrect, 1, "ca_internals_test: list of expired certificates differs from expected list (".$opts->{description}.")"); }