[Opensc-devel] [PATCH 9/9] Add load_ssl_client_cert test

[Petr P. <pet...@at...>]

The best way is to execute

cd test && OPENSSL_CONF=./openssl.cnf ./load_ssl_client_cert [CA_FILE...]

This allows you to test code working with issuing CA names too.
---
 Makefile.am                 |  2 +-
 configure.ac                |  1 +
 test/Makefile.am            | 15 +++++++
 test/load_ssl_client_cert.c | 98 +++++++++++++++++++++++++++++++++++++++++++++
 test/openssl.cnf            | 20 +++++++++
 5 files changed, 135 insertions(+), 1 deletion(-)
 create mode 100644 test/Makefile.am
 create mode 100644 test/load_ssl_client_cert.c
 create mode 100644 test/openssl.cnf

diff --git a/Makefile.am b/Makefile.am
index 6c3f91c..2a0b3b5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,7 +15,7 @@ MAINTAINERCLEANFILES = \
 	$(srcdir)/packaged
 EXTRA_DIST = svnignore
 
-SUBDIRS = src doc
+SUBDIRS = src doc test
 
 dist_noinst_SCRIPTS = bootstrap
 dist_doc_DATA = NEWS
diff --git a/configure.ac b/configure.ac
index 484f509..0bcc8ba 100644
--- a/configure.ac
+++ b/configure.ac
@@ -308,6 +308,7 @@ AC_CONFIG_FILES([
 	doc/nonpersistent/Makefile
 	src/Makefile
 	src/versioninfo.rc
+    test/Makefile
 ])
 AC_OUTPUT
 
diff --git a/test/Makefile.am b/test/Makefile.am
new file mode 100644
index 0000000..d9679b2
--- /dev/null
+++ b/test/Makefile.am
@@ -0,0 +1,15 @@
+MAINTAINERCLEANFILES = \
+	Makefile.in
+
+OPENSSL_EXTRA_CFLAGS = \
+	-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H \
+	-DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIO -DENGINE_DYNAMIC_SUPPORT \
+	-DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+AM_CFLAGS = $(OPENSSL_EXTRA_CFLAGS) $(OPENSSL_CFLAGS)
+LDADD = $(OPENSSL_LIBS)
+AM_LDFLAGS = $(OPENSSL_EXTRA_LDFLAGS)
+
+noinst_PROGRAMS = load_ssl_client_cert
+
+load_ssl_client_cert_SOURCES = load_ssl_client_cert.c
+
diff --git a/test/load_ssl_client_cert.c b/test/load_ssl_client_cert.c
new file mode 100644
index 0000000..21dfe2f
--- /dev/null
+++ b/test/load_ssl_client_cert.c
@@ -0,0 +1,98 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+#include <openssl/pem.h>
+
+STACK_OF(X509_NAME) *load_ca_dns(int argc, char **argv) {
+    STACK_OF(X509_NAME) *ca_dns = NULL;
+    BIO *in;
+    X509 *cert;
+    X509_NAME *name;
+    int i;
+    
+    for (i = 1; i < argc; i++) {
+        in = BIO_new_file(argv[i], "r");
+        if (NULL == in) {
+            fprintf(stderr, "Could not read %s\n", argv[i]);
+            continue;
+        }
+        cert = PEM_read_bio_X509(in, NULL, 0, NULL);
+        BIO_free(in);
+        if (NULL == cert) {
+            fprintf(stderr, "Could not read %s\n", argv[i]);
+            continue;
+        }
+        name = X509_NAME_dup(X509_get_subject_name(cert));
+        X509_free(cert);
+        if (NULL == name) {
+            fprintf(stderr, "Could not get issuer from %s\n", argv[i]);
+            X509_free(cert);
+            continue;
+        }
+        if (NULL == ca_dns)
+            ca_dns = sk_X509_NAME_new_null();
+        sk_X509_NAME_push(ca_dns, name);
+    }
+    return ca_dns;
+}
+
+
+int main(int argc, char ** argv) {
+    ENGINE *e;
+    const char *engine_id = "pkcs11";
+    STACK_OF(X509_NAME) *ca_dns;
+    X509 *cert = NULL;
+    EVP_PKEY *pkey = NULL;
+    int retval;
+
+    printf("Testing %s\n", argv[0]);
+
+    ENGINE_load_builtin_engines();
+    OPENSSL_load_builtin_modules();
+    if (CONF_modules_load_file(getenv("OPENSSL_CONF"), NULL, 0) <= 0) {
+        fprintf(stderr, "Could not load modules defined in the "
+                "configuration file\n");
+        exit(EXIT_FAILURE);
+    }
+
+    e = ENGINE_by_id(engine_id);
+    if(!e) {
+        fprintf(stderr, "The engine isn't available\n");
+        exit(EXIT_FAILURE);
+    }
+    if(!ENGINE_init(e)) {
+        fprintf(stderr, "The engine couldn't ne initilized\n");
+        ENGINE_free(e);
+        exit(EXIT_FAILURE);
+    }
+
+    ca_dns = load_ca_dns(argc, argv);
+    retval = ENGINE_load_ssl_client_cert(e, NULL, ca_dns, &cert, &pkey, NULL, NULL, NULL);
+    sk_X509_NAME_free(ca_dns);
+
+    if (!retval) {
+        fprintf(stderr, "ENGINE_load_ssl_client_cert() failed\n");
+        ENGINE_finish(e);
+        ENGINE_free(e);
+        exit(EXIT_FAILURE);
+    }
+    if (NULL != cert) {
+        printf("A certificate returned:\n");
+        X509_print_fp(stdout, cert);
+        X509_free(cert);
+    } else {
+        printf("No certificate returned\n");
+    }
+    if (NULL != pkey) {
+        printf("A private key returned\n");
+        /*EVP_PKEY_free(pkey);*/
+    } else {
+        printf("No private key returned\n");
+    }
+
+    ENGINE_finish(e);
+    ENGINE_free(e);
+    printf("Ok.\n");
+    exit(EXIT_SUCCESS);
+}
diff --git a/test/openssl.cnf b/test/openssl.cnf
new file mode 100644
index 0000000..c4fd1e4
--- /dev/null
+++ b/test/openssl.cnf
@@ -0,0 +1,20 @@
+#HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+openssl_conf = openssl_def
+
+[openssl_def]
+engines = engine_section
+
+[engine_section]
+pkcs11 = pkcs11_engine
+
+[pkcs11_engine]
+engine_id = pkcs11
+#dynamic_path = /usr/lib/engines/engine_pkcs11.so
+dynamic_path = $ENV::HOME/engine_pkcs11/src/.libs/engine_pkcs11.so
+MODULE_PATH = /usr/lib/opensc-pkcs11.so
+#PIN = Bar
+#VERBOSE = 1
+init = 0
+
-- 
1.8.1.5