Remove the special list-xxxx commands
[openssl.git] / test / tocsp.com
1 $! TOCSP.COM  --  Test ocsp
2 $
3 $       __arch = "VAX"
4 $       if f$getsyi("cpu") .ge. 128 then -
5            __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
6 $       if __arch .eqs. "" then __arch = "UNK"
7 $!
8 $       if (p2 .eqs. "64") then __arch = __arch+ "_64"
9 $!
10 $       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
11 $
12 $       cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
13 $       ocspdir = "ocsp-tests"
14 $
15 $!      17 December 2012 so we don't get certificate expiry errors.
16 $       check_time="-attime 1355875200"
17 $
18 $ test_ocsp:
19 $       subroutine
20 $               'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
21 $               'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
22                       "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
23 $               if $severity .ne. p3+1
24 $               then
25 $                   write sys$error "OCSP test failed!"
26 $                   exit 3
27 $               endif
28 $       endsubroutine
29 $
30 $       set noon
31 $
32 $       write sys$output "=== VALID OCSP RESPONSES ==="
33 $       write sys$output "NON-DELEGATED; Intermediate CA -> EE"
34 $       call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
35 $       write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
36 $       call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
37 $       write sys$output "NON-DELEGATED; Root CA -> EE"
38 $       call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
39 $       write sys$output "DELEGATED; Intermediate CA -> EE"
40 $       call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
41 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
42 $       call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
43 $       write sys$output "DELEGATED; Root CA -> EE"
44 $       call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
45 $       
46 $       write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
47 $       write sys$output "NON-DELEGATED; Intermediate CA -> EE"
48 $       call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
49 $       write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
50 $       call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
51 $       write sys$output "NON-DELEGATED; Root CA -> EE"
52 $       call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
53 $       write sys$output "DELEGATED; Intermediate CA -> EE"
54 $       call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
55 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
56 $       call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
57 $       write sys$output "DELEGATED; Root CA -> EE"
58 $       call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
59 $       
60 $       write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
61 $       write sys$output "NON-DELEGATED; Intermediate CA -> EE"
62 $       call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
63 $       write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
64 $       call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
65 $       write sys$output "NON-DELEGATED; Root CA -> EE"
66 $       call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
67 $       write sys$output "DELEGATED; Intermediate CA -> EE"
68 $       call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
69 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
70 $       call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
71 $       write sys$output "DELEGATED; Root CA -> EE"
72 $       call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
73 $       
74 $       write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
75 $       write sys$output "NON-DELEGATED; Intermediate CA -> EE"
76 $       call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
77 $       write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
78 $       call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
79 $       write sys$output "NON-DELEGATED; Root CA -> EE"
80 $       call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
81 $       write sys$output "DELEGATED; Intermediate CA -> EE"
82 $       call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
83 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
84 $       call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
85 $       write sys$output "DELEGATED; Root CA -> EE"
86 $       call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
87 $       
88 $       write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
89 $       write sys$output "NON-DELEGATED; Intermediate CA -> EE"
90 $       call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
91 $       write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
92 $       call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
93 $       write sys$output "NON-DELEGATED; Root CA -> EE"
94 $       call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
95 $       write sys$output "DELEGATED; Intermediate CA -> EE"
96 $       call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
97 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
98 $       call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
99 $       write sys$output "DELEGATED; Root CA -> EE"
100 $       call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
101 $       
102 $       write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
103 $       write sys$output "DELEGATED; Intermediate CA -> EE"
104 $       call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
105 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
106 $       call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
107 $       write sys$output "DELEGATED; Root CA -> EE"
108 $       call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
109 $       
110 $       write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
111 $       write sys$output "DELEGATED; Intermediate CA -> EE"
112 $       call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
113 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
114 $       call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
115 $       write sys$output "DELEGATED; Root CA -> EE"
116 $       call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
117 $       
118 $       write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
119 $       write sys$output "NON-DELEGATED; Intermediate CA -> EE"
120 $       call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
121 $       write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
122 $       call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
123 $       write sys$output "NON-DELEGATED; Root CA -> EE"
124 $       call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
125 $       write sys$output "DELEGATED; Intermediate CA -> EE"
126 $       call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
127 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
128 $       call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
129 $       write sys$output "DELEGATED; Root CA -> EE"
130 $       call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
131 $       
132 $       write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
133 $       write sys$output "NON-DELEGATED; Intermediate CA -> EE"
134 $       call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
135 $       write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
136 $       call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
137 $       write sys$output "NON-DELEGATED; Root CA -> EE"
138 $       call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
139 $       write sys$output "DELEGATED; Intermediate CA -> EE"
140 $       call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
141 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
142 $       call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
143 $       write sys$output "DELEGATED; Root CA -> EE"
144 $       call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
145 $       
146 $       write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
147 $!      Expect success, because we're explicitly trusting the issuer certificate.
148 $       write sys$output "NON-DELEGATED; Intermediate CA -> EE"
149 $       call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
150 $       write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
151 $       call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
152 $       write sys$output "NON-DELEGATED; Root CA -> EE"
153 $       call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
154 $       write sys$output "DELEGATED; Intermediate CA -> EE"
155 $       call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
156 $       write sys$output "DELEGATED; Root CA -> Intermediate CA"
157 $       call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
158 $       write sys$output "DELEGATED; Root CA -> EE"
159 $       call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
160 $       
161 $       write sys$output "ALL OCSP TESTS SUCCESSFUL"
162 $
163 $       set on
164 $       
165 $       exit