test/Attic/testtsa - third_party/openssl - Git at Google

 #!/bin/sh

 #
 # A few very basic tests for the 'ts' time stamping authority command.
 #

 SH="/bin/sh"
 if test "$OSTYPE" = msdosdjgpp; then
     PATH="../apps\;$PATH"
 else
     PATH="../apps:$PATH"
 fi
 export SH PATH

 OPENSSL_CONF="../CAtsa.cnf"
 export OPENSSL_CONF
 # Because that's what ../apps/CA.pl really looks at
 SSLEAY_CONFIG="-config $OPENSSL_CONF"
 export SSLEAY_CONFIG

 OPENSSL="`pwd`/../util/opensslwrap.sh"
 export OPENSSL

 RUN () {
     ../../util/shlib_wrap.sh ../../apps/openssl ts $*
 }

 create_tsa_cert () {
     INDEX=$1
     export INDEX
     EXT=$2
     TSDNSECT=ts_cert_dn
     export TSDNSECT

     ../../util/shlib_wrap.sh ../../apps/openssl req -new \
 	-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1
     echo using extension $EXT
     ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
 	-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
 	-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
 	-extfile $OPENSSL_CONF -extensions $EXT || exit 1
 }

 create_time_stamp_response () {
     RUN -reply -section $3 -queryfile $1 -out $2 || exit 1
 }

 verify_time_stamp_response () {
     RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem || exit 1
     RUN -verify -data $3 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem || exit 1
 }

 verify_time_stamp_response_fail () {
     RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem && exit 1
     echo ok
 }

 # main functions

 echo setting up TSA test directory
 rm -rf tsa 2>/dev/null
 mkdir tsa
 cd ./tsa

 echo creating a new CA for the TSA tests
 TSDNSECT=ts_ca_dn
 export TSDNSECT
 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
 	-out tsaca.pem -keyout tsacakey.pem || exit 1

 echo creating tsa_cert1.pem TSA server cert
 create_tsa_cert 1 tsa_cert

 echo creating tsa_cert2.pem non-TSA server cert
 create_tsa_cert 2 non_tsa_cert

 echo creating req1.req time stamp request for file testtsa
 RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1

 echo printing req1.req
 RUN -query -in req1.tsq -text

 echo generating valid response for req1.req
 create_time_stamp_response req1.tsq resp1.tsr tsa_config1

 echo printing response
 RUN -reply -in resp1.tsr -text || exit 1

 echo verifying valid response
 verify_time_stamp_response req1.tsq resp1.tsr ../testtsa

 echo verifying valid token
 RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out || exit 1
 RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \
     -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
 RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \
     -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1

 echo creating req2.req time stamp request for file testtsa
 RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \
     -out req2.tsq || exit 1

 echo printing req2.req
 RUN -query -in req2.tsq -text

 echo generating valid response for req2.req
 create_time_stamp_response req2.tsq resp2.tsr tsa_config1

 echo checking -token_in and -token_out options with -reply
 RESPONSE2=resp2.tsr.copy.tsr
 TOKEN_DER=resp2.tsr.token.der
 RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out || exit 1
 RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
 cmp $RESPONSE2 resp2.tsr || exit 1
 RUN -reply -in resp2.tsr -text -token_out || exit 1
 RUN -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
 RUN -reply -queryfile req2.tsq -text -token_out || exit 1

 echo printing response
 RUN -reply -in resp2.tsr -text || exit 1

 echo verifying valid response
 verify_time_stamp_response req2.tsq resp2.tsr ../testtsa

 echo verifying response against wrong request, it should fail
 verify_time_stamp_response_fail req1.tsq resp2.tsr

 echo verifying response against wrong request, it should fail
 verify_time_stamp_response_fail req2.tsq resp1.tsr

 echo creating req3.req time stamp request for file CAtsa.cnf
 RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1

 echo printing req3.req
 RUN -query -in req3.tsq -text

 echo verifying response against wrong request, it should fail
 verify_time_stamp_response_fail req3.tsq resp1.tsr

 echo cleaning up
 cd ..
 rm -rf tsa

 exit 0
	#!/bin/sh

	#
	# A few very basic tests for the 'ts' time stamping authority command.
	#

	SH="/bin/sh"
	if test "$OSTYPE" = msdosdjgpp; then
	PATH="../apps\;$PATH"
	else
	PATH="../apps:$PATH"
	fi
	export SH PATH

	OPENSSL_CONF="../CAtsa.cnf"
	export OPENSSL_CONF
	# Because that's what ../apps/CA.pl really looks at
	SSLEAY_CONFIG="-config $OPENSSL_CONF"
	export SSLEAY_CONFIG

	OPENSSL="`pwd`/../util/opensslwrap.sh"
	export OPENSSL

	RUN () {
	../../util/shlib_wrap.sh ../../apps/openssl ts $*
	}

	create_tsa_cert () {
	INDEX=$1
	export INDEX
	EXT=$2
	TSDNSECT=ts_cert_dn
	export TSDNSECT

	../../util/shlib_wrap.sh ../../apps/openssl req -new \
	-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem \|\| exit 1
	echo using extension $EXT
	../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
	-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
	-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
	-extfile $OPENSSL_CONF -extensions $EXT \|\| exit 1
	}

	create_time_stamp_response () {
	RUN -reply -section $3 -queryfile $1 -out $2 \|\| exit 1
	}

	verify_time_stamp_response () {
	RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem \|\| exit 1
	RUN -verify -data $3 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem \|\| exit 1
	}

	verify_time_stamp_response_fail () {
	RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem && exit 1
	echo ok
	}

	# main functions

	echo setting up TSA test directory
	rm -rf tsa 2>/dev/null
	mkdir tsa
	cd ./tsa

	echo creating a new CA for the TSA tests
	TSDNSECT=ts_ca_dn
	export TSDNSECT
	../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
	-out tsaca.pem -keyout tsacakey.pem \|\| exit 1

	echo creating tsa_cert1.pem TSA server cert
	create_tsa_cert 1 tsa_cert

	echo creating tsa_cert2.pem non-TSA server cert
	create_tsa_cert 2 non_tsa_cert

	echo creating req1.req time stamp request for file testtsa
	RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq \|\| exit 1

	echo printing req1.req
	RUN -query -in req1.tsq -text

	echo generating valid response for req1.req
	create_time_stamp_response req1.tsq resp1.tsr tsa_config1

	echo printing response
	RUN -reply -in resp1.tsr -text \|\| exit 1

	echo verifying valid response
	verify_time_stamp_response req1.tsq resp1.tsr ../testtsa

	echo verifying valid token
	RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out \|\| exit 1
	RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \
	-CAfile tsaca.pem -untrusted tsa_cert1.pem \|\| exit 1
	RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \
	-CAfile tsaca.pem -untrusted tsa_cert1.pem \|\| exit 1

	echo creating req2.req time stamp request for file testtsa
	RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \
	-out req2.tsq \|\| exit 1

	echo printing req2.req
	RUN -query -in req2.tsq -text

	echo generating valid response for req2.req
	create_time_stamp_response req2.tsq resp2.tsr tsa_config1

	echo checking -token_in and -token_out options with -reply
	RESPONSE2=resp2.tsr.copy.tsr
	TOKEN_DER=resp2.tsr.token.der
	RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out \|\| exit 1
	RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 \|\| exit 1
	cmp $RESPONSE2 resp2.tsr \|\| exit 1
	RUN -reply -in resp2.tsr -text -token_out \|\| exit 1
	RUN -reply -in $TOKEN_DER -token_in -text -token_out \|\| exit 1
	RUN -reply -queryfile req2.tsq -text -token_out \|\| exit 1

	echo printing response
	RUN -reply -in resp2.tsr -text \|\| exit 1

	echo verifying valid response
	verify_time_stamp_response req2.tsq resp2.tsr ../testtsa

	echo verifying response against wrong request, it should fail
	verify_time_stamp_response_fail req1.tsq resp2.tsr

	echo verifying response against wrong request, it should fail
	verify_time_stamp_response_fail req2.tsq resp1.tsr

	echo creating req3.req time stamp request for file CAtsa.cnf
	RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq \|\| exit 1

	echo printing req3.req
	RUN -query -in req3.tsq -text

	echo verifying response against wrong request, it should fail
	verify_time_stamp_response_fail req3.tsq resp1.tsr

	echo cleaning up
	cd ..
	rm -rf tsa

	exit 0