From c33a8fe36d340447641d4dc623c98d2bf9a2d650 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Thu, 24 Aug 2017 13:37:36 +1000
Subject: [PATCH] MS cert template: add tests

Part of: https://pagure.io/certmonger/issue/78
---
 tests/038-ms-v2-template/expected.out       | 19 ++++++++++
 tests/038-ms-v2-template/extract-extdata.py | 29 ++++++++++++++++
 tests/038-ms-v2-template/run.sh             | 54 +++++++++++++++++++++++++++++
 tests/Makefile.am                           |  8 +++--
 4 files changed, 108 insertions(+), 2 deletions(-)
 create mode 100644 tests/038-ms-v2-template/expected.out
 create mode 100755 tests/038-ms-v2-template/extract-extdata.py
 create mode 100755 tests/038-ms-v2-template/run.sh

diff --git a/tests/038-ms-v2-template/expected.out b/tests/038-ms-v2-template/expected.out
new file mode 100644
index 0000000..7338a5f
--- /dev/null
+++ b/tests/038-ms-v2-template/expected.out
@@ -0,0 +1,19 @@
+[key]
+OK.
+[csr : bogus oid]
+extension not present
+[csr : bogus major version]
+extension not present
+[csr : missing major version]
+extension not present
+[csr : too many parts]
+extension not present
+[csr : oid, major version]
+    0:d=0  hl=2 l=   8 cons: SEQUENCE          
+    2:d=1  hl=2 l=   3 prim: OBJECT            :1.2.3.4
+    7:d=1  hl=2 l=   1 prim: INTEGER           :2A
+[csr : oid, major version, minor version]
+    0:d=0  hl=2 l=  11 cons: SEQUENCE          
+    2:d=1  hl=2 l=   3 prim: OBJECT            :1.2.3.4
+    7:d=1  hl=2 l=   1 prim: INTEGER           :2A
+   10:d=1  hl=2 l=   1 prim: INTEGER           :11
diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py
new file mode 100755
index 0000000..cd96f99
--- /dev/null
+++ b/tests/038-ms-v2-template/extract-extdata.py
@@ -0,0 +1,29 @@
+#!/bin/python2
+
+# Given `openssl asn1parse` output of a CSR, look for the V2 Template
+# extension and output its data if found.  Nonzero exit status if
+# not found.
+
+import binascii
+import re
+import sys
+
+STATE_SEARCH, STATE_FOUND, STATE_DONE = range(3)
+
+state = STATE_SEARCH
+
+for line in sys.stdin:
+    if state == STATE_SEARCH and ':1.3.6.1.4.1.311.21.7' in line:
+        state = STATE_FOUND
+        continue
+
+    # look for first OCTET STRING once we're in STATE_FOUND
+    #
+    if state == STATE_FOUND and 'OCTET STRING' in line:
+        result = re.search(r'\[HEX DUMP\]:(\w*)', line)
+        sys.stdout.write(binascii.unhexlify(result.group(1)))
+        state = STATE_DONE
+        break
+
+if state != STATE_DONE:
+    sys.exit(1)
diff --git a/tests/038-ms-v2-template/run.sh b/tests/038-ms-v2-template/run.sh
new file mode 100755
index 0000000..0eeb7f9
--- /dev/null
+++ b/tests/038-ms-v2-template/run.sh
@@ -0,0 +1,54 @@
+#!/bin/bash -e
+
+srcdir=$PWD
+cd $tmpdir
+
+mkconfig() {
+	cat > request <<- EOF
+	key_storage_type=FILE
+	key_storage_location=$tmpdir/key
+	cert_storage_type=FILE
+	cert_storage_location=$tmpdir/cert
+	template_subject=CN=MS V2 Certificate Template test
+	EOF
+}
+
+echo "[key]"
+mkconfig
+$toolsdir/keygen request
+
+echo "[csr : bogus oid]"
+mkconfig
+echo "template_certificate_template=NotAnOid:42" >> request
+$toolsdir/csrgen request | openssl asn1parse \
+	| $srcdir/extract-extdata.py || echo "extension not present"
+
+echo "[csr : bogus major version]"
+mkconfig
+echo "template_certificate_template=1.2.3.4:wat" >> request
+$toolsdir/csrgen request | openssl asn1parse \
+	| $srcdir/extract-extdata.py || echo "extension not present"
+
+echo "[csr : missing major version]"
+mkconfig
+echo "template_certificate_template=1.2.3.4" >> request
+$toolsdir/csrgen request | openssl asn1parse \
+	| $srcdir/extract-extdata.py || echo "extension not present"
+
+echo "[csr : too many parts]"
+mkconfig
+echo "template_certificate_template=1.2.3.4:1:1:1" >> request
+$toolsdir/csrgen request | openssl asn1parse \
+	| $srcdir/extract-extdata.py || echo "extension not present"
+
+echo "[csr : oid, major version]"
+mkconfig
+echo "template_certificate_template=1.2.3.4:42" >> request
+$toolsdir/csrgen request | openssl asn1parse \
+	| $srcdir/extract-extdata.py | openssl asn1parse -inform DER
+
+echo "[csr : oid, major version, minor version]"
+mkconfig
+echo "template_certificate_template=1.2.3.4:42:17" >> request
+$toolsdir/csrgen request | openssl asn1parse \
+	| $srcdir/extract-extdata.py | openssl asn1parse -inform DER
diff --git a/tests/Makefile.am b/tests/Makefile.am
index bbcd06e..562b027 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -148,7 +148,10 @@ EXTRA_DIST = \
 	036-getcert/expected.out \
 	036-getcert/run.sh \
 	037-rekey2/expected.out \
-	037-rekey2/run.sh
+	037-rekey2/run.sh \
+	038-ms-v2-template/expected.out \
+	038-ms-v2-template/extract-extdata.py \
+	038-ms-v2-template/run.sh
 
 subdirs = \
 	001-keyiread \
@@ -189,7 +192,8 @@ subdirs = \
 	034-perms \
 	035-json \
 	036-getcert \
-	037-rekey2
+	037-rekey2 \
+	038-ms-v2-template
 
 if HAVE_DBM_NSSDB
 subdirs += \
-- 
2.14.4