test/testtsa - third_party/openssl - Git at Google

 #!/bin/sh

 #
 # A few very basic tests for the 'ts' time stamping authority command.
 #

 SH="/bin/sh"
 if test "$OSTYPE" = msdosdjgpp; then
     PATH="../apps\;$PATH"
 else
     PATH="../apps:$PATH"
 fi
 export SH PATH

 OPENSSL_CONF="../CAtsa.cnf"
 export OPENSSL_CONF
 # Because that's what ../apps/CA.sh really looks at
 SSLEAY_CONFIG="-config $OPENSSL_CONF"
 export SSLEAY_CONFIG

 OPENSSL="`pwd`/../util/opensslwrap.sh"
 export OPENSSL

 error () {

     echo "TSA test failed!" >&2
     exit 1
 }

 setup_dir () {

     rm -rf tsa 2>/dev/null
     mkdir tsa
     cd ./tsa
 }

 clean_up_dir () {

     cd ..
     rm -rf tsa
 }

 create_ca () {

     echo "Creating a new CA for the TSA tests..."
     TSDNSECT=ts_ca_dn
     export TSDNSECT
     ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
 	-out tsaca.pem -keyout tsacakey.pem
     test $? != 0 && error
 }

 create_tsa_cert () {

     INDEX=$1
     export INDEX
     EXT=$2
     TSDNSECT=ts_cert_dn
     export TSDNSECT

     ../../util/shlib_wrap.sh ../../apps/openssl req -new \
 	-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
     test $? != 0 && error
 echo Using extension $EXT
     ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
 	-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
 	-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
 	-extfile $OPENSSL_CONF -extensions $EXT
     test $? != 0 && error
 }

 print_request () {

     ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
 }

 create_time_stamp_request1 () {

     ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
     test $? != 0 && error
 }

 create_time_stamp_request2 () {

     ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
 	-out req2.tsq
     test $? != 0 && error
 }

 create_time_stamp_request3 () {

     ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
     test $? != 0 && error
 }

 print_response () {

     ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
     test $? != 0 && error
 }

 create_time_stamp_response () {

     ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
     test $? != 0 && error
 }

 time_stamp_response_token_test () {

     RESPONSE2=$2.copy.tsr
     TOKEN_DER=$2.token.der
     ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
     test $? != 0 && error
     ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
     test $? != 0 && error
     cmp $RESPONSE2 $2
     test $? != 0 && error
     ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
     test $? != 0 && error
     ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
     test $? != 0 && error
     ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
     test $? != 0 && error
 }

 verify_time_stamp_response () {

     ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem
     test $? != 0 && error
     ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem
     test $? != 0 && error
 }

 verify_time_stamp_token () {

     # create the token from the response first
     ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
     test $? != 0 && error
     ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
 	-CAfile tsaca.pem -untrusted tsa_cert1.pem
     test $? != 0 && error
     ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
 	-CAfile tsaca.pem -untrusted tsa_cert1.pem
     test $? != 0 && error
 }

 verify_time_stamp_response_fail () {

     ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem
     # Checks if the verification failed, as it should have.
     test $? = 0 && error
     echo Ok
 }

 # main functions

 echo "Setting up TSA test directory..."
 setup_dir

 echo "Creating CA for TSA tests..."
 create_ca

 echo "Creating tsa_cert1.pem TSA server cert..."
 create_tsa_cert 1 tsa_cert

 echo "Creating tsa_cert2.pem non-TSA server cert..."
 create_tsa_cert 2 non_tsa_cert

 echo "Creating req1.req time stamp request for file testtsa..."
 create_time_stamp_request1

 echo "Printing req1.req..."
 print_request req1.tsq

 echo "Generating valid response for req1.req..."
 create_time_stamp_response req1.tsq resp1.tsr tsa_config1

 echo "Printing response..."
 print_response resp1.tsr

 echo "Verifying valid response..."
 verify_time_stamp_response req1.tsq resp1.tsr ../testtsa

 echo "Verifying valid token..."
 verify_time_stamp_token req1.tsq resp1.tsr ../testtsa

 # The tests below are commented out, because invalid signer certificates
 # can no longer be specified in the config file.

 # echo "Generating _invalid_ response for req1.req..."
 # create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2

 # echo "Printing response..."
 # print_response resp1_bad.tsr

 # echo "Verifying invalid response, it should fail..."
 # verify_time_stamp_response_fail req1.tsq resp1_bad.tsr

 echo "Creating req2.req time stamp request for file testtsa..."
 create_time_stamp_request2

 echo "Printing req2.req..."
 print_request req2.tsq

 echo "Generating valid response for req2.req..."
 create_time_stamp_response req2.tsq resp2.tsr tsa_config1

 echo "Checking '-token_in' and '-token_out' options with '-reply'..."
 time_stamp_response_token_test req2.tsq resp2.tsr

 echo "Printing response..."
 print_response resp2.tsr

 echo "Verifying valid response..."
 verify_time_stamp_response req2.tsq resp2.tsr ../testtsa

 echo "Verifying response against wrong request, it should fail..."
 verify_time_stamp_response_fail req1.tsq resp2.tsr

 echo "Verifying response against wrong request, it should fail..."
 verify_time_stamp_response_fail req2.tsq resp1.tsr

 echo "Creating req3.req time stamp request for file CAtsa.cnf..."
 create_time_stamp_request3

 echo "Printing req3.req..."
 print_request req3.tsq

 echo "Verifying response against wrong request, it should fail..."
 verify_time_stamp_response_fail req3.tsq resp1.tsr

 echo "Cleaning up..."
 clean_up_dir

 exit 0
	#!/bin/sh

	#
	# A few very basic tests for the 'ts' time stamping authority command.
	#

	SH="/bin/sh"
	if test "$OSTYPE" = msdosdjgpp; then
	PATH="../apps\;$PATH"
	else
	PATH="../apps:$PATH"
	fi
	export SH PATH

	OPENSSL_CONF="../CAtsa.cnf"
	export OPENSSL_CONF
	# Because that's what ../apps/CA.sh really looks at
	SSLEAY_CONFIG="-config $OPENSSL_CONF"
	export SSLEAY_CONFIG

	OPENSSL="`pwd`/../util/opensslwrap.sh"
	export OPENSSL

	error () {

	echo "TSA test failed!" >&2
	exit 1
	}

	setup_dir () {

	rm -rf tsa 2>/dev/null
	mkdir tsa
	cd ./tsa
	}

	clean_up_dir () {

	cd ..
	rm -rf tsa
	}

	create_ca () {

	echo "Creating a new CA for the TSA tests..."
	TSDNSECT=ts_ca_dn
	export TSDNSECT
	../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
	-out tsaca.pem -keyout tsacakey.pem
	test $? != 0 && error
	}

	create_tsa_cert () {

	INDEX=$1
	export INDEX
	EXT=$2
	TSDNSECT=ts_cert_dn
	export TSDNSECT

	../../util/shlib_wrap.sh ../../apps/openssl req -new \
	-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
	test $? != 0 && error
	echo Using extension $EXT
	../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
	-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
	-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
	-extfile $OPENSSL_CONF -extensions $EXT
	test $? != 0 && error
	}

	print_request () {

	../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
	}

	create_time_stamp_request1 () {

	../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
	test $? != 0 && error
	}

	create_time_stamp_request2 () {

	../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
	-out req2.tsq
	test $? != 0 && error
	}

	create_time_stamp_request3 () {

	../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
	test $? != 0 && error
	}

	print_response () {

	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
	test $? != 0 && error
	}

	create_time_stamp_response () {

	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
	test $? != 0 && error
	}

	time_stamp_response_token_test () {

	RESPONSE2=$2.copy.tsr
	TOKEN_DER=$2.token.der
	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
	test $? != 0 && error
	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
	test $? != 0 && error
	cmp $RESPONSE2 $2
	test $? != 0 && error
	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
	test $? != 0 && error
	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
	test $? != 0 && error
	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
	test $? != 0 && error
	}

	verify_time_stamp_response () {

	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem
	test $? != 0 && error
	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem
	test $? != 0 && error
	}

	verify_time_stamp_token () {

	# create the token from the response first
	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
	test $? != 0 && error
	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
	-CAfile tsaca.pem -untrusted tsa_cert1.pem
	test $? != 0 && error
	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
	-CAfile tsaca.pem -untrusted tsa_cert1.pem
	test $? != 0 && error
	}

	verify_time_stamp_response_fail () {

	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem
	# Checks if the verification failed, as it should have.
	test $? = 0 && error
	echo Ok
	}

	# main functions

	echo "Setting up TSA test directory..."
	setup_dir

	echo "Creating CA for TSA tests..."
	create_ca

	echo "Creating tsa_cert1.pem TSA server cert..."
	create_tsa_cert 1 tsa_cert

	echo "Creating tsa_cert2.pem non-TSA server cert..."
	create_tsa_cert 2 non_tsa_cert

	echo "Creating req1.req time stamp request for file testtsa..."
	create_time_stamp_request1

	echo "Printing req1.req..."
	print_request req1.tsq

	echo "Generating valid response for req1.req..."
	create_time_stamp_response req1.tsq resp1.tsr tsa_config1

	echo "Printing response..."
	print_response resp1.tsr

	echo "Verifying valid response..."
	verify_time_stamp_response req1.tsq resp1.tsr ../testtsa

	echo "Verifying valid token..."
	verify_time_stamp_token req1.tsq resp1.tsr ../testtsa

	# The tests below are commented out, because invalid signer certificates
	# can no longer be specified in the config file.

	# echo "Generating _invalid_ response for req1.req..."
	# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2

	# echo "Printing response..."
	# print_response resp1_bad.tsr

	# echo "Verifying invalid response, it should fail..."
	# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr

	echo "Creating req2.req time stamp request for file testtsa..."
	create_time_stamp_request2

	echo "Printing req2.req..."
	print_request req2.tsq

	echo "Generating valid response for req2.req..."
	create_time_stamp_response req2.tsq resp2.tsr tsa_config1

	echo "Checking '-token_in' and '-token_out' options with '-reply'..."
	time_stamp_response_token_test req2.tsq resp2.tsr

	echo "Printing response..."
	print_response resp2.tsr

	echo "Verifying valid response..."
	verify_time_stamp_response req2.tsq resp2.tsr ../testtsa

	echo "Verifying response against wrong request, it should fail..."
	verify_time_stamp_response_fail req1.tsq resp2.tsr

	echo "Verifying response against wrong request, it should fail..."
	verify_time_stamp_response_fail req2.tsq resp1.tsr

	echo "Creating req3.req time stamp request for file CAtsa.cnf..."
	create_time_stamp_request3

	echo "Printing req3.req..."
	print_request req3.tsq

	echo "Verifying response against wrong request, it should fail..."
	verify_time_stamp_response_fail req3.tsq resp1.tsr

	echo "Cleaning up..."
	clean_up_dir

	exit 0