1 files changed, 165 insertions, 0 deletions
diff --git a/test/recipes/80-test_ca_internals.t b/test/recipes/80-test_ca_internals.t
new file mode 100644
index 000000000000..b84abdfa66c9
--- /dev/null
+++ b/test/recipes/80-test_ca_internals.t
@@ -0,0 +1,165 @@
+#! /usr/bin/env perl
+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use POSIX;
+use OpenSSL::Test qw/:DEFAULT data_file/;
+use File::Copy;
+
+setup('test_ca_internals');
+
+my @updatedb_tests = (
+    {
+        description => 'updatedb called before the first certificate expires',
+        filename => 'index.txt',
+        copydb => 1,
+        testdate => '990101000000Z',
+        need64bit => 0,
+        expirelist => [ ]
+    },
+    {
+        description => 'updatedb called before Y2k',
+        filename => 'index.txt',
+        copydb => 0,
+        testdate => '991201000000Z',
+        need64bit => 0,
+        expirelist => [ '1000' ]
+    },
+    {
+        description => 'updatedb called after year 2020',
+        filename => 'index.txt',
+        copydb => 0,
+        testdate => '211201000000Z',
+        need64bit => 0,
+        expirelist => [ '1001' ]
+    },
+    {
+        description => 'updatedb called in year 2049 (last year with 2 digits)',
+        filename => 'index.txt',
+        copydb => 0,
+        testdate => '491201000000Z',
+        need64bit => 1,
+        expirelist => [ '1002' ]
+    },
+    {
+        description => 'updatedb called in year 2050 (first year with 4 digits) before the last certificate expires',
+        filename => 'index.txt',
+        copydb => 0,
+        testdate => '20500101000000Z',
+        need64bit => 1,
+        expirelist => [ ]
+    },
+    {
+        description => 'updatedb called after the last certificate expired',
+        filename => 'index.txt',
+        copydb => 0,
+        testdate => '20501201000000Z',
+        need64bit => 1,
+        expirelist => [ '1003' ]
+    },
+    {
+        description => 'updatedb called for the first time after the last certificate expired',
+        filename => 'index.txt',
+        copydb => 1,
+        testdate => '20501201000000Z',
+        need64bit => 1,
+        expirelist => [ '1000',
+                        '1001',
+                        '1002',
+                        '1003' ]
+    }
+);
+
+my @unsupported_commands = (
+    {
+        command => 'unsupported'
+    }
+);
+
+# every "test_updatedb" makes 3 checks
+plan tests => 3 * scalar(@updatedb_tests) +
+              1 * scalar(@unsupported_commands);
+
+
+foreach my $test (@updatedb_tests) {
+    test_updatedb($test);
+}
+foreach my $test (@unsupported_commands) {
+    test_unsupported_commands($test);
+}
+
+
+################### subs to do tests per supported command ################
+
+sub test_unsupported_commands {
+    my ($opts) = @_;
+
+    run(
+        test(['ca_internals_test',
+                $opts->{command}
+        ]),
+        capture => 0,
+        statusvar => \my $exit
+    );
+
+    is($exit, 0, "command '".$opts->{command}."' completed without an error");
+}
+
+sub test_updatedb {
+    my ($opts) = @_;
+    my $amtexpectedexpired = scalar(@{$opts->{expirelist}});
+    my @output;
+    my $expirelistcorrect = 1;
+    my $cert;
+    my $amtexpired = 0;
+    my $skipped = 0;
+
+    if ($opts->{copydb}) {
+        copy(data_file('index.txt'), 'index.txt');
+    }
+
+    @output = run(
+        test(['ca_internals_test',
+            "do_updatedb",
+            $opts->{filename},
+            $opts->{testdate},
+            $opts->{need64bit}
+        ]),
+        capture => 1,
+        statusvar => \my $exit
+    );
+
+    foreach my $tmp (@output) {
+        ($cert) = $tmp =~ /^[\x20\x23]*[^0-9A-Fa-f]*([0-9A-Fa-f]+)=Expired/;
+        if ($tmp =~ /^[\x20\x23]*skipping test/) {
+            $skipped = 1;
+        }
+        if (defined($cert) && (length($cert) > 0)) {
+            $amtexpired++;
+            my $expirefound = 0;
+            foreach my $expire (@{$opts->{expirelist}}) {
+                if ($expire eq $cert) {
+                    $expirefound = 1;
+                }
+            }
+            if ($expirefound != 1) {
+                $expirelistcorrect = 0;
+            }
+        }
+    }
+
+    if ($skipped) {
+        $amtexpired = $amtexpectedexpired;
+        $expirelistcorrect = 1;
+    }
+    is($exit, 1, "ca_internals_test: returned EXIT_FAILURE (".$opts->{description}.")");
+    is($amtexpired, $amtexpectedexpired, "ca_internals_test: amount of expired certificates differs from expected amount (".$opts->{description}.")");
+    is($expirelistcorrect, 1, "ca_internals_test: list of expired certificates differs from expected list (".$opts->{description}.")");
+}