Google Git
Sign in
flutter / third_party / openssl / fb0e87fb67a358b40a1d56d2df3a611a09899780 / . / test / testtsa
blob: bb653b5f73d6f5761ab564e02ddc035bd4cecb01 [file] [log] [blame]
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]1#!/bin/sh
2
3#
4# A few very basic tests for the 'ts' time stamping authority command.
5#
6
7SH="/bin/sh"
Richard Levitte28f7e602007-12-03 09:02:29 +0000[diff] [blame]8if test "$OSTYPE" = msdosdjgpp; then
9 PATH="../apps\;$PATH"
10else
11 PATH="../apps:$PATH"
12fi
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]13export SH PATH
14
15OPENSSL_CONF="../CAtsa.cnf"
16export OPENSSL_CONF
Richard Levitted505d1e2006-03-28 10:26:12 +0000[diff] [blame]17# Because that's what ../apps/CA.sh really looks at
Richard Levitte7ce1d9e2006-03-30 04:29:38 +0000[diff] [blame]18SSLEAY_CONFIG="-config $OPENSSL_CONF"
Richard Levitted505d1e2006-03-28 10:26:12 +0000[diff] [blame]19export SSLEAY_CONFIG
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]20
Ulf Möller9eb87942006-02-16 20:30:58 +0000[diff] [blame]21OPENSSL="`pwd`/../util/opensslwrap.sh"
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]22export OPENSSL
23
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]24error () {
25
Ulf Möller4e397d02006-02-16 20:33:47 +0000[diff] [blame]26 echo "TSA test failed!" >&2
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]27 exit 1
28}
29
30setup_dir () {
31
32 rm -rf tsa 2>/dev/null
33 mkdir tsa
34 cd ./tsa
35}
36
37clean_up_dir () {
38
39 cd ..
40 rm -rf tsa
41}
42
43create_ca () {
44
45 echo "Creating a new CA for the TSA tests..."
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]46 TSDNSECT=ts_ca_dn
47 export TSDNSECT
48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49 -out tsaca.pem -keyout tsacakey.pem
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]50 test $? != 0 && error
51}
52
53create_tsa_cert () {
54
55 INDEX=$1
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]56 export INDEX
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]57 EXT=$2
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]58 TSDNSECT=ts_cert_dn
59 export TSDNSECT
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]60
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63 test $? != 0 && error
64echo Using extension $EXT
65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68 -extfile $OPENSSL_CONF -extensions $EXT
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]69 test $? != 0 && error
70}
71
72print_request () {
73
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]75}
76
77create_time_stamp_request1 () {
78
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]80 test $? != 0 && error
81}
82
83create_time_stamp_request2 () {
84
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]86 -out req2.tsq
87 test $? != 0 && error
88}
89
90create_time_stamp_request3 () {
91
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]93 test $? != 0 && error
94}
95
96print_response () {
97
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]99 test $? != 0 && error
100}
101
102create_time_stamp_response () {
103
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]105 test $? != 0 && error
106}
107
108time_stamp_response_token_test () {
109
110 RESPONSE2=$2.copy.tsr
111 TOKEN_DER=$2.token.der
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]113 test $? != 0 && error
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]115 test $? != 0 && error
116 cmp $RESPONSE2 $2
117 test $? != 0 && error
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]119 test $? != 0 && error
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]121 test $? != 0 && error
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]123 test $? != 0 && error
124}
125
126verify_time_stamp_response () {
127
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]129 -untrusted tsa_cert1.pem
130 test $? != 0 && error
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]132 -untrusted tsa_cert1.pem
133 test $? != 0 && error
134}
135
136verify_time_stamp_token () {
137
138 # create the token from the response first
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]140 test $? != 0 && error
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]142 -CAfile tsaca.pem -untrusted tsa_cert1.pem
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]143 test $? != 0 && error
Ulf Möllerdc241102006-02-16 20:20:24 +0000[diff] [blame]144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]145 -CAfile tsaca.pem -untrusted tsa_cert1.pem
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]146 test $? != 0 && error
147}
148
149verify_time_stamp_response_fail () {
150
Dr. Stephen Hensoncf32ad72006-11-07 16:21:16 +0000[diff] [blame]151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]152 -untrusted tsa_cert1.pem
153 # Checks if the verification failed, as it should have.
Andy Polyakov0209d162006-08-01 16:12:10 +0000[diff] [blame]154 test $? = 0 && error
Ulf Möller4e397d02006-02-16 20:33:47 +0000[diff] [blame]155 echo Ok
Ulf Möller85735522006-02-12 23:19:25 +0000[diff] [blame]156}
157
158# main functions
159
160echo "Setting up TSA test directory..."
161setup_dir
162
163echo "Creating CA for TSA tests..."
164create_ca
165
166echo "Creating tsa_cert1.pem TSA server cert..."
167create_tsa_cert 1 tsa_cert
168
169echo "Creating tsa_cert2.pem non-TSA server cert..."
170create_tsa_cert 2 non_tsa_cert
171
172echo "Creating req1.req time stamp request for file testtsa..."
173create_time_stamp_request1
174
175echo "Printing req1.req..."
176print_request req1.tsq
177
178echo "Generating valid response for req1.req..."
179create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181echo "Printing response..."
182print_response resp1.tsr
183
184echo "Verifying valid response..."
185verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187echo "Verifying valid token..."
188verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190# The tests below are commented out, because invalid signer certificates
191# can no longer be specified in the config file.
192
193# echo "Generating _invalid_ response for req1.req..."
194# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196# echo "Printing response..."
197# print_response resp1_bad.tsr
198
199# echo "Verifying invalid response, it should fail..."
200# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202echo "Creating req2.req time stamp request for file testtsa..."
203create_time_stamp_request2
204
205echo "Printing req2.req..."
206print_request req2.tsq
207
208echo "Generating valid response for req2.req..."
209create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212time_stamp_response_token_test req2.tsq resp2.tsr
213
214echo "Printing response..."
215print_response resp2.tsr
216
217echo "Verifying valid response..."
218verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220echo "Verifying response against wrong request, it should fail..."
221verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223echo "Verifying response against wrong request, it should fail..."
224verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227create_time_stamp_request3
228
229echo "Printing req3.req..."
230print_request req3.tsq
231
232echo "Verifying response against wrong request, it should fail..."
233verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235echo "Cleaning up..."
236clean_up_dir
237
238exit 0