t/local/34_x509_crl.t - metacpan.org

#!/usr/bin/perl

use strict;
use warnings;
use Test::More tests => 41;
use Net::SSLeay;
use File::Spec;

#use File::Slurp;

Net::SSLeay::randomize();
Net::SSLeay::load_error_strings();
Net::SSLeay::ERR_load_crypto_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();

my $ca_crt_pem = File::Spec->catfile('t', 'data', 'test_CA1.crt.pem');
my $ca_key_pem = File::Spec->catfile('t', 'data', 'test_CA1.key.pem');
ok(my $bio1 = Net::SSLeay::BIO_new_file($ca_crt_pem, 'r'), "BIO_new_file 1");
ok(my $ca_cert = Net::SSLeay::PEM_read_bio_X509($bio1), "PEM_read_bio_X509");
ok(my $bio2 = Net::SSLeay::BIO_new_file($ca_key_pem, 'r'), "BIO_new_file 2");
ok(my $ca_pk = Net::SSLeay::PEM_read_bio_PrivateKey($bio2), "PEM_read_bio_PrivateKey");

{ ### X509_CRL show info
  my $crl_der = File::Spec->catfile('t', 'data', 'verisign.crl.der');
  my $crl_pem = File::Spec->catfile('t', 'data', 'verisign.crl.pem');

  ok(my $bio1 = Net::SSLeay::BIO_new_file($crl_der, 'rb'), "BIO_new_file 1");
  ok(my $bio2 = Net::SSLeay::BIO_new_file($crl_pem, 'r'), "BIO_new_file 2");

  ok(my $crl1 = Net::SSLeay::d2i_X509_CRL_bio($bio1), "d2i_X509_CRL_bio");
  ok(my $crl2 = Net::SSLeay::PEM_read_bio_X509_CRL($bio2), "PEM_read_bio_X509_CRL");

  ok(my $name1 = Net::SSLeay::X509_CRL_get_issuer($crl1), "X509_CRL_get_issuer 1");
  ok(my $name2 = Net::SSLeay::X509_CRL_get_issuer($crl2), "X509_CRL_get_issuer 2");
  is(Net::SSLeay::X509_NAME_cmp($name1, $name2), 0, "X509_NAME_cmp");

  is(Net::SSLeay::X509_NAME_print_ex($name1), 'CN=VeriSign Class 3 Extended Validation SSL CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US', "X509_NAME_print_ex");
  
  ok(my $time_last = Net::SSLeay::X509_CRL_get_lastUpdate($crl1), "X509_CRL_get_lastUpdate");
  ok(my $time_next = Net::SSLeay::X509_CRL_get_nextUpdate($crl1), "X509_CRL_get_nextUpdate");
  SKIP: {
    skip 'openssl-0.9.7e required', 2 unless Net::SSLeay::SSLeay >= 0x0090705f; 
    is(Net::SSLeay::P_ASN1_TIME_get_isotime($time_last), "2012-03-08T21:00:13Z", "P_ASN1_TIME_get_isotime last");
    is(Net::SSLeay::P_ASN1_TIME_get_isotime($time_next), "2012-03-15T21:00:13Z", "P_ASN1_TIME_get_isotime next");
  }
  
  is(Net::SSLeay::X509_CRL_get_version($crl1), 0, "X509_CRL_get_version");
  ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname");
  is(unpack("H*",Net::SSLeay::X509_CRL_digest($crl1, $sha1_digest)), "2a49fa78444070d2bce08b2ea5213099b3e065fd", "X509_CRL_digest");  
}

{ ### X509_CRL create
  ok(my $crl = Net::SSLeay::X509_CRL_new(), "X509_CRL_new");
  
  ok(my $name = Net::SSLeay::X509_get_subject_name($ca_cert), "X509_get_subject_name");
  SKIP: {
    skip('requires openssl-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f;
    ok(Net::SSLeay::X509_CRL_set_issuer_name($crl, $name), "X509_CRL_set_issuer_name");
  }
  
  if (Net::SSLeay::SSLeay >= 0x0090705f) {
    Net::SSLeay::P_ASN1_TIME_set_isotime(Net::SSLeay::X509_CRL_get_lastUpdate($crl), "2010-02-01T00:00:00Z");
    Net::SSLeay::P_ASN1_TIME_set_isotime(Net::SSLeay::X509_CRL_get_nextUpdate($crl), "2011-02-01T00:00:00Z");
  }
  else {
    # P_ASN1_TIME_set_isotime not available before openssl-0.9.7e
    Net::SSLeay::X509_gmtime_adj(Net::SSLeay::X509_CRL_get_lastUpdate($crl), 0);
    Net::SSLeay::X509_gmtime_adj(Net::SSLeay::X509_CRL_get_lastUpdate($crl), 0);
  }
  
  SKIP: {
    skip('requires openssl-0.9.7', 2) unless Net::SSLeay::SSLeay >= 0x0090700f;
    ok(Net::SSLeay::X509_CRL_set_version($crl, 1), "X509_CRL_set_version");
    my $ser = Net::SSLeay::ASN1_INTEGER_new();
    Net::SSLeay::P_ASN1_INTEGER_set_hex($ser, "4AFED5654654BCEDED4AFED5654654BCEDED");
    ok(Net::SSLeay::P_X509_CRL_set_serial($crl, $ser), "P_X509_CRL_set_serial");
    Net::SSLeay::ASN1_INTEGER_free($ser);
  }
  
  my @rev_table = (
    { serial_hex=>'1A2B3D', rev_datetime=>"2011-02-01T00:00:00Z", comp_datetime=>"2911-11-11T00:00:00Z", reason=>2 }, # 2 = cACompromise
    { serial_hex=>'2A2B3D', rev_datetime=>"2011-03-01T00:00:00Z", comp_datetime=>"2911-11-11T00:00:00Z", reason=>3 }, # 3 = affiliationChanged
  );
  
  my $rev_datetime = Net::SSLeay::ASN1_TIME_new();
  my $comp_datetime = Net::SSLeay::ASN1_TIME_new();
  for my $item (@rev_table) {  
    if (Net::SSLeay::SSLeay >= 0x0090705f) { 
      Net::SSLeay::P_ASN1_TIME_set_isotime($rev_datetime, $item->{rev_datetime});
      Net::SSLeay::P_ASN1_TIME_set_isotime($comp_datetime, $item->{comp_datetime});
    }
    else {
      # P_ASN1_TIME_set_isotime not available before openssl-0.9.7e
      Net::SSLeay::X509_gmtime_adj($rev_datetime, 0);
      Net::SSLeay::X509_gmtime_adj($comp_datetime, 0);
    }
    SKIP: {
      skip('requires openssl-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f;
      ok(Net::SSLeay::P_X509_CRL_add_revoked_serial_hex($crl, $item->{serial_hex}, $rev_datetime, $item->{reason}, $comp_datetime), "P_X509_CRL_add_revoked_serial_hex");        
    }
  }
  Net::SSLeay::ASN1_TIME_free($rev_datetime);
  Net::SSLeay::ASN1_TIME_free($comp_datetime);
  
  ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname");
  SKIP: {
    skip('requires openssl-0.9.7', 1) unless Net::SSLeay::SSLeay >= 0x0090700f;
    ok(Net::SSLeay::X509_CRL_sort($crl), "X509_CRL_sort");
  }
  ok(Net::SSLeay::X509_CRL_sign($crl, $ca_pk, $sha1_digest), "X509_CRL_sign");
  
  like(my $crl_pem = Net::SSLeay::PEM_get_string_X509_CRL($crl), qr/-----BEGIN X509 CRL-----/, "PEM_get_string_X509_CRL");
    
  #write_file("tmp.crl.pem", $crl_pem);
  
  is(Net::SSLeay::X509_CRL_free($crl), undef, "X509_CRL_free");
}

{ ### special tests
  my $crl_der = File::Spec->catfile('t', 'data', 'test_CA1.crl.der');
  ok(my $bio = Net::SSLeay::BIO_new_file($crl_der, 'rb'), "BIO_new_file");
  ok(my $crl = Net::SSLeay::d2i_X509_CRL_bio($bio), "d2i_X509_CRL_bio");
  is(Net::SSLeay::X509_CRL_verify($crl, Net::SSLeay::X509_get_pubkey($ca_cert)), 1, "X509_CRL_verify");

  ok(my $time_last = Net::SSLeay::X509_CRL_get_lastUpdate($crl), "X509_CRL_get_lastUpdate");
  ok(my $time_next = Net::SSLeay::X509_CRL_get_nextUpdate($crl), "X509_CRL_get_nextUpdate");
  
  SKIP: {
    skip('requires openssl-0.9.7', 2) unless Net::SSLeay::SSLeay >= 0x0090700f;
    ok(my $sn = Net::SSLeay::P_X509_CRL_get_serial($crl), "P_X509_CRL_get_serial");
    is(Net::SSLeay::ASN1_INTEGER_get($sn), 2, "ASN1_INTEGER_get"); 
  }
  
  SKIP: {
    skip('requires openssl-0.9.7', 3) unless Net::SSLeay::SSLeay >= 0x0090700f;
    ok(my $crl2 = Net::SSLeay::X509_CRL_new(), "X509_CRL_new");
    ok(Net::SSLeay::X509_CRL_set_lastUpdate($crl2, $time_last), "X509_CRL_set_lastUpdate");
    ok(Net::SSLeay::X509_CRL_set_nextUpdate($crl2, $time_next), "X509_CRL_set_nextUpdate");
    Net::SSLeay::X509_CRL_free($crl2);
  }
}
	Global
`s`	Focus search bar
`?`	Bring up this help dialog
	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)
	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse
	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)