Blame SOURCES/0018-MS-cert-template-add-tests.patch

7a8c6d
From c33a8fe36d340447641d4dc623c98d2bf9a2d650 Mon Sep 17 00:00:00 2001
7a8c6d
From: Fraser Tweedale <ftweedal@redhat.com>
7a8c6d
Date: Thu, 24 Aug 2017 13:37:36 +1000
7a8c6d
Subject: [PATCH] MS cert template: add tests
7a8c6d
7a8c6d
Part of: https://pagure.io/certmonger/issue/78
7a8c6d
---
7a8c6d
 tests/038-ms-v2-template/expected.out       | 19 ++++++++++
7a8c6d
 tests/038-ms-v2-template/extract-extdata.py | 29 ++++++++++++++++
7a8c6d
 tests/038-ms-v2-template/run.sh             | 54 +++++++++++++++++++++++++++++
7a8c6d
 tests/Makefile.am                           |  8 +++--
7a8c6d
 4 files changed, 108 insertions(+), 2 deletions(-)
7a8c6d
 create mode 100644 tests/038-ms-v2-template/expected.out
7a8c6d
 create mode 100755 tests/038-ms-v2-template/extract-extdata.py
7a8c6d
 create mode 100755 tests/038-ms-v2-template/run.sh
7a8c6d
7a8c6d
diff --git a/tests/038-ms-v2-template/expected.out b/tests/038-ms-v2-template/expected.out
7a8c6d
new file mode 100644
7a8c6d
index 0000000..7338a5f
7a8c6d
--- /dev/null
7a8c6d
+++ b/tests/038-ms-v2-template/expected.out
7a8c6d
@@ -0,0 +1,19 @@
7a8c6d
+[key]
7a8c6d
+OK.
7a8c6d
+[csr : bogus oid]
7a8c6d
+extension not present
7a8c6d
+[csr : bogus major version]
7a8c6d
+extension not present
7a8c6d
+[csr : missing major version]
7a8c6d
+extension not present
7a8c6d
+[csr : too many parts]
7a8c6d
+extension not present
7a8c6d
+[csr : oid, major version]
7a8c6d
+    0:d=0  hl=2 l=   8 cons: SEQUENCE          
7a8c6d
+    2:d=1  hl=2 l=   3 prim: OBJECT            :1.2.3.4
7a8c6d
+    7:d=1  hl=2 l=   1 prim: INTEGER           :2A
7a8c6d
+[csr : oid, major version, minor version]
7a8c6d
+    0:d=0  hl=2 l=  11 cons: SEQUENCE          
7a8c6d
+    2:d=1  hl=2 l=   3 prim: OBJECT            :1.2.3.4
7a8c6d
+    7:d=1  hl=2 l=   1 prim: INTEGER           :2A
7a8c6d
+   10:d=1  hl=2 l=   1 prim: INTEGER           :11
7a8c6d
diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py
7a8c6d
new file mode 100755
7a8c6d
index 0000000..cd96f99
7a8c6d
--- /dev/null
7a8c6d
+++ b/tests/038-ms-v2-template/extract-extdata.py
7a8c6d
@@ -0,0 +1,29 @@
7a8c6d
+#!/bin/python2
7a8c6d
+
7a8c6d
+# Given `openssl asn1parse` output of a CSR, look for the V2 Template
7a8c6d
+# extension and output its data if found.  Nonzero exit status if
7a8c6d
+# not found.
7a8c6d
+
7a8c6d
+import binascii
7a8c6d
+import re
7a8c6d
+import sys
7a8c6d
+
7a8c6d
+STATE_SEARCH, STATE_FOUND, STATE_DONE = range(3)
7a8c6d
+
7a8c6d
+state = STATE_SEARCH
7a8c6d
+
7a8c6d
+for line in sys.stdin:
7a8c6d
+    if state == STATE_SEARCH and ':1.3.6.1.4.1.311.21.7' in line:
7a8c6d
+        state = STATE_FOUND
7a8c6d
+        continue
7a8c6d
+
7a8c6d
+    # look for first OCTET STRING once we're in STATE_FOUND
7a8c6d
+    #
7a8c6d
+    if state == STATE_FOUND and 'OCTET STRING' in line:
7a8c6d
+        result = re.search(r'\[HEX DUMP\]:(\w*)', line)
7a8c6d
+        sys.stdout.write(binascii.unhexlify(result.group(1)))
7a8c6d
+        state = STATE_DONE
7a8c6d
+        break
7a8c6d
+
7a8c6d
+if state != STATE_DONE:
7a8c6d
+    sys.exit(1)
7a8c6d
diff --git a/tests/038-ms-v2-template/run.sh b/tests/038-ms-v2-template/run.sh
7a8c6d
new file mode 100755
7a8c6d
index 0000000..0eeb7f9
7a8c6d
--- /dev/null
7a8c6d
+++ b/tests/038-ms-v2-template/run.sh
7a8c6d
@@ -0,0 +1,54 @@
7a8c6d
+#!/bin/bash -e
7a8c6d
+
7a8c6d
+srcdir=$PWD
7a8c6d
+cd $tmpdir
7a8c6d
+
7a8c6d
+mkconfig() {
7a8c6d
+	cat > request <<- EOF
7a8c6d
+	key_storage_type=FILE
7a8c6d
+	key_storage_location=$tmpdir/key
7a8c6d
+	cert_storage_type=FILE
7a8c6d
+	cert_storage_location=$tmpdir/cert
7a8c6d
+	template_subject=CN=MS V2 Certificate Template test
7a8c6d
+	EOF
7a8c6d
+}
7a8c6d
+
7a8c6d
+echo "[key]"
7a8c6d
+mkconfig
7a8c6d
+$toolsdir/keygen request
7a8c6d
+
7a8c6d
+echo "[csr : bogus oid]"
7a8c6d
+mkconfig
7a8c6d
+echo "template_certificate_template=NotAnOid:42" >> request
7a8c6d
+$toolsdir/csrgen request | openssl asn1parse \
7a8c6d
+	| $srcdir/extract-extdata.py || echo "extension not present"
7a8c6d
+
7a8c6d
+echo "[csr : bogus major version]"
7a8c6d
+mkconfig
7a8c6d
+echo "template_certificate_template=1.2.3.4:wat" >> request
7a8c6d
+$toolsdir/csrgen request | openssl asn1parse \
7a8c6d
+	| $srcdir/extract-extdata.py || echo "extension not present"
7a8c6d
+
7a8c6d
+echo "[csr : missing major version]"
7a8c6d
+mkconfig
7a8c6d
+echo "template_certificate_template=1.2.3.4" >> request
7a8c6d
+$toolsdir/csrgen request | openssl asn1parse \
7a8c6d
+	| $srcdir/extract-extdata.py || echo "extension not present"
7a8c6d
+
7a8c6d
+echo "[csr : too many parts]"
7a8c6d
+mkconfig
7a8c6d
+echo "template_certificate_template=1.2.3.4:1:1:1" >> request
7a8c6d
+$toolsdir/csrgen request | openssl asn1parse \
7a8c6d
+	| $srcdir/extract-extdata.py || echo "extension not present"
7a8c6d
+
7a8c6d
+echo "[csr : oid, major version]"
7a8c6d
+mkconfig
7a8c6d
+echo "template_certificate_template=1.2.3.4:42" >> request
7a8c6d
+$toolsdir/csrgen request | openssl asn1parse \
7a8c6d
+	| $srcdir/extract-extdata.py | openssl asn1parse -inform DER
7a8c6d
+
7a8c6d
+echo "[csr : oid, major version, minor version]"
7a8c6d
+mkconfig
7a8c6d
+echo "template_certificate_template=1.2.3.4:42:17" >> request
7a8c6d
+$toolsdir/csrgen request | openssl asn1parse \
7a8c6d
+	| $srcdir/extract-extdata.py | openssl asn1parse -inform DER
7a8c6d
diff --git a/tests/Makefile.am b/tests/Makefile.am
7a8c6d
index bbcd06e..562b027 100644
7a8c6d
--- a/tests/Makefile.am
7a8c6d
+++ b/tests/Makefile.am
7a8c6d
@@ -148,7 +148,10 @@ EXTRA_DIST = \
7a8c6d
 	036-getcert/expected.out \
7a8c6d
 	036-getcert/run.sh \
7a8c6d
 	037-rekey2/expected.out \
7a8c6d
-	037-rekey2/run.sh
7a8c6d
+	037-rekey2/run.sh \
7a8c6d
+	038-ms-v2-template/expected.out \
7a8c6d
+	038-ms-v2-template/extract-extdata.py \
7a8c6d
+	038-ms-v2-template/run.sh
7a8c6d
 
7a8c6d
 subdirs = \
7a8c6d
 	001-keyiread \
7a8c6d
@@ -189,7 +192,8 @@ subdirs = \
7a8c6d
 	034-perms \
7a8c6d
 	035-json \
7a8c6d
 	036-getcert \
7a8c6d
-	037-rekey2
7a8c6d
+	037-rekey2 \
7a8c6d
+	038-ms-v2-template
7a8c6d
 
7a8c6d
 if HAVE_DBM_NSSDB
7a8c6d
 subdirs += \
7a8c6d
-- 
7a8c6d
2.14.4
7a8c6d