Add lower level test to load certs via store

This allows to proprely test that certs load correctly even when no PIN
is provided.

Signed-off-by: Simo Sorce <[email protected]>

tests/ccerts.c

@@ -0,0 +1,81 @@
+/* Copyright (C) 2025 Simo Sorce <[email protected]>
+   SPDX-License-Identifier: Apache-2.0 */
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
+#include "util.h"
+
+struct ui_data {
+    bool nopin;
+};
+
+static int ui_read_string(UI *ui, UI_STRING *uis)
+{
+    struct ui_data *user_data;
+    const char *pinvalue;
+    enum UI_string_types type;
+
+    user_data = (struct ui_data *)UI_get0_user_data(ui);
+    if (user_data->nopin) {
+        fprintf(stderr, "Unexpected request for PIN value");
+        exit(EXIT_FAILURE);
+    }
+
+    pinvalue = getenv("PINVALUE");
+    if (!pinvalue) {
+        fprintf(stderr, "PINVALUE not defined\n");
+        exit(EXIT_FAILURE);
+    }
+
+    type = UI_get_string_type(uis);
+    switch (type) {
+    case UIT_PROMPT:
+        fprintf(stderr, "Prompt: \"%s\"\n", UI_get0_output_string(uis));
+        fprintf(stderr, "Returning: %s\n", pinvalue);
+        UI_set_result(ui, uis, pinvalue);
+        return 1;
+    default:
+        fprintf(stderr, "Unexpected UI type: %d\n", (int)type);
+        exit(EXIT_FAILURE);
+    }
+
+    return 0;
+}
+
+int main(int argc, char *argv[])
+{
+    struct ui_data user_data = { 0 };
+    UI_METHOD *ui_method = NULL;
+    X509 *cert = NULL;
+
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: %s [certuri] <nopin>\n", argv[0]);
+        exit(EXIT_FAILURE);
+    }
+
+    if (argc > 2) {
+        if (strcmp(argv[2], "nopin")) {
+            fprintf(stderr, "Invalid argument: '%s'\n", argv[2]);
+            fprintf(stderr, "Usage: %s [certuri] <nopin>\n", argv[0]);
+            exit(EXIT_FAILURE);
+        } else {
+            user_data.nopin = true;
+        }
+    }
+
+    ui_method = UI_create_method("Load cert test");
+    if (!ui_method) {
+        fprintf(stderr, "Failed to set up UI_METHOD\n");
+        exit(EXIT_FAILURE);
+    }
+    (void)UI_method_set_reader(ui_method, ui_read_string);
+
+    cert = load_cert(argv[1], ui_method, &user_data);
+
+    fprintf(stderr, "Cert load successfully\n");
+
+    X509_free(cert);
+    exit(EXIT_SUCCESS);
+}

tests/meson.build

@@ -116,6 +116,7 @@ test_programs = {
   'tfork': ['tfork.c', 'util.c'],
   'tpkey': ['tpkey.c', 'util.c'],
   'pincache': ['pincache.c'],
+  'ccerts': ['ccerts.c', 'util.c'],
 }
 
 test_executables = []

tests/tcerts

@@ -49,5 +49,8 @@ sed "s/^pkcs11-module-token-pin.*$/##nopin/" "${OPENSSL_CONF}" > "${OPENSSL_CONF
 OPENSSL_CONF=${OPENSSL_CONF}.nopin
 ossl 'x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt'
 
+title PARA "Test fetching certificate via STORE api"
+$CHECKER "${TESTBLDDIR}/ccerts" "${CRTURI}" nopin
+
 OPENSSL_CONF=${ORIG_OPENSSL_CONF}
 exit 0

tests/tlssetkey.c

@@ -20,7 +20,7 @@ int main(int argc, char *argv[])
         fprintf(stderr, "Usage: tlssetkey [certuri] [pkeyuri]\n");
         exit(EXIT_FAILURE);
     }
-    cert = load_cert(argv[1]);
+    cert = load_cert(argv[1], NULL, NULL);
     pkey = load_key(argv[2]);
 
     ctx = SSL_CTX_new(TLS_client_method());

tests/util.c

@@ -97,7 +97,7 @@ EVP_PKEY *load_key(const char *uri)
     return key;
 }
 
-X509 *load_cert(const char *uri)
+X509 *load_cert(const char *uri, const UI_METHOD *ui_method, void *ui_data)
 {
     OSSL_STORE_CTX *store;
     OSSL_STORE_INFO *info;
@@ -109,7 +109,7 @@ X509 *load_cert(const char *uri)
         exit(EXIT_FAILURE);
     }
 
-    store = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL);
+    store = OSSL_STORE_open(uri, ui_method, ui_data, NULL, NULL);
     if (store == NULL) {
         fprintf(stderr, "Failed to open store: %s\n", uri);
         ossl_err_print();

tests/util.h

@@ -18,6 +18,6 @@
 
 void ossl_err_print(void);
 EVP_PKEY *load_key(const char *uri);
-X509 *load_cert(const char *uri);
+X509 *load_cert(const char *uri, const UI_METHOD *ui_method, void *ui_data);
 void hexify(char *out, unsigned char *byte, size_t len);
 EVP_PKEY *util_gen_key(const char *label);