net/nginx-util/src/test-px5g.sh

   1 #!/bin/bash
   2
   3 PRINT_PASSED=2
   4
   5 printf "Initializing tests ...\n"
   6
   7 OPENSSL_PEM="$(mktemp)"
   8 OPENSSL_DER="$(mktemp)"
   9
  10 NONCE=$(dd if=/dev/urandom bs=1 count=4 2>/dev/null | hexdump -e '1/1 "%02x"')
  11 SUBJECT=/C="ZZ"/ST="Somewhere"/L="None"/O="OpenWrt'$NONCE'"/CN="OpenWrt"
  12
  13 openssl req -x509 -nodes -days 1 -keyout /dev/null 2>/dev/null \
  14     -out "$OPENSSL_PEM" -subj "$SUBJECT" \
  15 || ( printf "error: generating PEM certificate with openssl"; return 1)
  16 openssl req -x509 -nodes -days 1 -keyout /dev/null 2>/dev/null \
  17     -out "$OPENSSL_DER" -outform der -subj "$SUBJECT" \
  18 || ( printf "error: generating DER certificate with openssl"; return 1)
  19
  20
  21 function test() {
  22     eval "$1 >/dev/null "
  23     if [ $? -eq $2 ]
  24     then
  25         [ "${PRINT_PASSED}" -gt 0 ] \
  26         && printf "%-72s%-1s\n" "$1" ">/dev/null (-> $2?) passed."
  27     else
  28         printf "%-72s%-1s\n" "$1" ">/dev/null (-> $2?) failed!!!"
  29         [ "${PRINT_PASSED}" -gt 1 ] && exit 1
  30     fi
  31 }
  32
  33
  34 [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting openssl itself ...\n"
  35
  36 [ "$PRINT_PASSED" -gt 1 ] && printf "  * right PEM:\n"
  37 test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 0                         ' 0
  38 test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 86300                     ' 0
  39 test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 86400                     ' 1
  40
  41 [ "$PRINT_PASSED" -gt 1 ] && printf "  * right DER:\n"
  42 test 'cat "$OPENSSL_DER" | openssl x509 -checkend 0    -inform der          ' 0
  43 test 'cat "$OPENSSL_DER" | openssl x509 -checkend 86300 -inform der         ' 0
  44 test 'cat "$OPENSSL_DER" | openssl x509 -checkend 86400 -inform der         ' 1
  45
  46 [ "$PRINT_PASSED" -gt 1 ] && printf "  * wrong:\n"
  47 test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 0 -inform der  2>/dev/null' 1
  48 test 'cat "$OPENSSL_DER" | openssl x509 -checkend 0              2>/dev/null' 1
  49
  50
  51 [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g checkend ...\n"
  52
  53 [ "$PRINT_PASSED" -gt 1 ] && printf "  * right PEM:\n"
  54 test 'cat "$OPENSSL_PEM" | ./px5g checkend 0                                ' 0
  55 test 'cat "$OPENSSL_PEM" | ./px5g checkend 86300                            ' 0
  56 test 'cat "$OPENSSL_PEM" | ./px5g checkend 86400                            ' 1
  57
  58 [ "$PRINT_PASSED" -gt 1 ] && printf "  * right DER:\n"
  59 test 'cat "$OPENSSL_DER" | ./px5g checkend -der 0                           ' 0
  60 test 'cat "$OPENSSL_DER" | ./px5g checkend -der 86300                       ' 0
  61 test 'cat "$OPENSSL_DER" | ./px5g checkend -der 86400                       ' 1
  62
  63 [ "$PRINT_PASSED" -gt 1 ] && printf "  * in option:\n"
  64 test 'cat "$OPENSSL_DER" | ./px5g checkend -in /proc/self/fd/0 -der 0       ' 0
  65 test 'cat "$OPENSSL_DER" | ./px5g checkend -der -in /proc/self/fd/0 99      ' 0
  66
  67 [ "$PRINT_PASSED" -gt 1 ] && printf "  * wrong:\n"
  68 test 'cat "$OPENSSL_PEM" | ./px5g checkend -der 0                2>/dev/null' 1
  69 test 'cat "$OPENSSL_DER" | ./px5g checkend 0                     2>/dev/null' 1
  70
  71
  72 [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g eckey ...\n"
  73
  74 [ "$PRINT_PASSED" -gt 1 ] && printf "  * standard curves:\n"
  75 test './px5g eckey P-256        | openssl ec -check              2>/dev/null' 0
  76 test './px5g eckey P-384        | openssl ec -check              2>/dev/null' 0
  77 test './px5g eckey secp384r1    | openssl ec -check              2>/dev/null' 0
  78 test './px5g eckey secp256r1    | openssl ec -check              2>/dev/null' 0
  79 test './px5g eckey secp256k1    | openssl ec -check              2>/dev/null' 0
  80
  81 [ "$PRINT_PASSED" -gt 1 ] && printf "  * more curves:\n"
  82 test './px5g eckey P-521        | openssl ec -check              2>/dev/null' 0
  83 test './px5g eckey secp521r1    | openssl ec -check              2>/dev/null' 0
  84 test './px5g eckey secp224r1    | openssl ec -check              2>/dev/null' 0
  85 test './px5g eckey secp224k1    | openssl ec -check              2>/dev/null' 0
  86 test './px5g eckey secp192r1    | openssl ec -check              2>/dev/null' 0
  87 test './px5g eckey secp192k1    | openssl ec -check              2>/dev/null' 0
  88 test './px5g eckey brainpoolP512r1        | openssl ec -check    2>/dev/null' 0
  89 test './px5g eckey brainpoolP384r1        | openssl ec -check    2>/dev/null' 0
  90 test './px5g eckey brainpoolP256r1        | openssl ec -check    2>/dev/null' 0
  91
  92 [ "$PRINT_PASSED" -gt 1 ] && printf "  * other options:\n"
  93 test './px5g eckey -out /proc/self/fd/1   | openssl ec -check    2>/dev/null' 0
  94 test './px5g eckey -der         | openssl ec -check -inform der  2>/dev/null' 0
  95
  96
  97 [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g rsakey ...\n"
  98
  99 [ "$PRINT_PASSED" -gt 1 ] && printf "  * standard exponent:\n"
 100 test './px5g rsakey             | openssl rsa -check             2>/dev/null' 0
 101 test './px5g rsakey 512         | openssl rsa -check             2>/dev/null' 0
 102 test './px5g rsakey 1024        | openssl rsa -check             2>/dev/null' 0
 103 test './px5g rsakey 2048        | openssl rsa -check             2>/dev/null' 0
 104 test './px5g rsakey 4096        | openssl rsa -check             2>/dev/null' 0
 105 test './px5g rsakey 1111        | openssl rsa -check             2>/dev/null' 0
 106 test './px5g rsakey 0                                            2>/dev/null' 1
 107
 108 [ "$PRINT_PASSED" -gt 1 ] && printf "  * small exponent:\n"
 109 test './px5g rsakey -3          | openssl rsa -check             2>/dev/null' 0
 110 test './px5g rsakey -3 512      | openssl rsa -check             2>/dev/null' 0
 111 test './px5g rsakey -3 1024     | openssl rsa -check             2>/dev/null' 0
 112 test './px5g rsakey -3 2048     | openssl rsa -check             2>/dev/null' 0
 113 test './px5g rsakey -3 4096     | openssl rsa -check             2>/dev/null' 0
 114 test './px5g rsakey -3 1111     | openssl rsa -check             2>/dev/null' 0
 115 test './px5g rsakey -3 0                                         2>/dev/null' 1
 116
 117 [ "$PRINT_PASSED" -gt 1 ] && printf "  * other options:\n"
 118 test './px5g rsakey -out /proc/self/fd/1  | openssl rsa -check   2>/dev/null' 0
 119 test './px5g rsakey -der        | openssl rsa -check -inform der 2>/dev/null' 0
 120
 121
 122 [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g selfsigned ...\n"
 123
 124 test './px5g selfsigned -der | openssl x509 -checkend 0 -inform der         ' 0
 125 test './px5g selfsigned -days 1               | openssl x509 -checkend 0    ' 0
 126 test './px5g selfsigned -days 1               | openssl x509 -checkend 86300' 0
 127 test './px5g selfsigned -days 1               | openssl x509 -checkend 86400' 1
 128 test './px5g selfsigned -out /proc/self/fd/1  | openssl x509 -checkend 0    ' 0
 129 test './px5g selfsigned -newkey rsa:666       | openssl x509 -checkend 0    ' 0
 130 test './px5g selfsigned -newkey ec            | openssl x509 -checkend 0    ' 0
 131 test './px5g selfsigned -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 \
 132       | openssl x509 -checkend 0                                        ' 0
 133 test './px5g selfsigned -subj $SUBJECT | openssl x509 -noout \
 134       -subject -nameopt compat | grep -q subject=$SUBJECT    2>/dev/null' 0
 135 test './px5g selfsigned -out /dev/null -keyout /proc/self/fd/1 \
 136       | openssl rsa -check 2>/dev/null                                  ' 0
 137
 138
 139 rm "$OPENSSL_PEM" "$OPENSSL_DER"