ac9114515b3b920443a8cc4f3b3479a827f974a0
[openssl.git] / test / tocsp
1 #!/bin/sh
2
3 cmd='../util/shlib_wrap.sh ../apps/openssl'
4 OPENSSL_CONF=/dev/null ; export OPENSSL_CONF
5 ocspdir="ocsp-tests"
6 # 17 December 2012 so we don't get certificate expiry errors.
7 check_time="-attime 1355875200"
8
9 test_ocsp () {
10
11         $cmd base64 -d -in $ocspdir/$1 | \
12                 $cmd ocsp -respin - -partial_chain $check_time \
13                 -CAfile $ocspdir/$2 -verify_other $ocspdir/$2 -CApath /dev/null
14         [ $? != $3 ] && exit 1
15 }
16
17
18 echo "=== VALID OCSP RESPONSES ==="
19 echo "NON-DELEGATED; Intermediate CA -> EE"
20 test_ocsp ND1.ors ND1_Issuer_ICA.pem 0
21 echo "NON-DELEGATED; Root CA -> Intermediate CA"
22 test_ocsp ND2.ors ND2_Issuer_Root.pem 0
23 echo "NON-DELEGATED; Root CA -> EE"
24 test_ocsp ND3.ors ND3_Issuer_Root.pem 0
25 echo "DELEGATED; Intermediate CA -> EE"
26 test_ocsp D1.ors D1_Issuer_ICA.pem 0
27 echo "DELEGATED; Root CA -> Intermediate CA"
28 test_ocsp D2.ors D2_Issuer_Root.pem 0
29 echo "DELEGATED; Root CA -> EE"
30 test_ocsp D3.ors D3_Issuer_Root.pem 0
31
32 echo "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
33 echo "NON-DELEGATED; Intermediate CA -> EE"
34 test_ocsp ISOP_ND1.ors ND1_Issuer_ICA.pem 1
35 echo "NON-DELEGATED; Root CA -> Intermediate CA"
36 test_ocsp ISOP_ND2.ors ND2_Issuer_Root.pem 1
37 echo "NON-DELEGATED; Root CA -> EE"
38 test_ocsp ISOP_ND3.ors ND3_Issuer_Root.pem 1
39 echo "DELEGATED; Intermediate CA -> EE"
40 test_ocsp ISOP_D1.ors D1_Issuer_ICA.pem 1
41 echo "DELEGATED; Root CA -> Intermediate CA"
42 test_ocsp ISOP_D2.ors D2_Issuer_Root.pem 1
43 echo "DELEGATED; Root CA -> EE"
44 test_ocsp ISOP_D3.ors D3_Issuer_Root.pem 1
45
46 echo "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
47 echo "NON-DELEGATED; Intermediate CA -> EE"
48 test_ocsp WRID_ND1.ors ND1_Issuer_ICA.pem 1
49 echo "NON-DELEGATED; Root CA -> Intermediate CA"
50 test_ocsp WRID_ND2.ors ND2_Issuer_Root.pem 1
51 echo "NON-DELEGATED; Root CA -> EE"
52 test_ocsp WRID_ND3.ors ND3_Issuer_Root.pem 1
53 echo "DELEGATED; Intermediate CA -> EE"
54 test_ocsp WRID_D1.ors D1_Issuer_ICA.pem 1
55 echo "DELEGATED; Root CA -> Intermediate CA"
56 test_ocsp WRID_D2.ors D2_Issuer_Root.pem 1
57 echo "DELEGATED; Root CA -> EE"
58 test_ocsp WRID_D3.ors D3_Issuer_Root.pem 1
59
60 echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
61 echo "NON-DELEGATED; Intermediate CA -> EE"
62 test_ocsp WINH_ND1.ors ND1_Issuer_ICA.pem 1
63 echo "NON-DELEGATED; Root CA -> Intermediate CA"
64 test_ocsp WINH_ND2.ors ND2_Issuer_Root.pem 1
65 echo "NON-DELEGATED; Root CA -> EE"
66 test_ocsp WINH_ND3.ors ND3_Issuer_Root.pem 1
67 echo "DELEGATED; Intermediate CA -> EE"
68 test_ocsp WINH_D1.ors D1_Issuer_ICA.pem 1
69 echo "DELEGATED; Root CA -> Intermediate CA"
70 test_ocsp WINH_D2.ors D2_Issuer_Root.pem 1
71 echo "DELEGATED; Root CA -> EE"
72 test_ocsp WINH_D3.ors D3_Issuer_Root.pem 1
73
74 echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
75 echo "NON-DELEGATED; Intermediate CA -> EE"
76 test_ocsp WIKH_ND1.ors ND1_Issuer_ICA.pem 1
77 echo "NON-DELEGATED; Root CA -> Intermediate CA"
78 test_ocsp WIKH_ND2.ors ND2_Issuer_Root.pem 1
79 echo "NON-DELEGATED; Root CA -> EE"
80 test_ocsp WIKH_ND3.ors ND3_Issuer_Root.pem 1
81 echo "DELEGATED; Intermediate CA -> EE"
82 test_ocsp WIKH_D1.ors D1_Issuer_ICA.pem 1
83 echo "DELEGATED; Root CA -> Intermediate CA"
84 test_ocsp WIKH_D2.ors D2_Issuer_Root.pem 1
85 echo "DELEGATED; Root CA -> EE"
86 test_ocsp WIKH_D3.ors D3_Issuer_Root.pem 1
87
88 echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
89 echo "DELEGATED; Intermediate CA -> EE"
90 test_ocsp WKDOSC_D1.ors D1_Issuer_ICA.pem 1
91 echo "DELEGATED; Root CA -> Intermediate CA"
92 test_ocsp WKDOSC_D2.ors D2_Issuer_Root.pem 1
93 echo "DELEGATED; Root CA -> EE"
94 test_ocsp WKDOSC_D3.ors D3_Issuer_Root.pem 1
95
96 echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
97 echo "DELEGATED; Intermediate CA -> EE"
98 test_ocsp ISDOSC_D1.ors D1_Issuer_ICA.pem 1
99 echo "DELEGATED; Root CA -> Intermediate CA"
100 test_ocsp ISDOSC_D2.ors D2_Issuer_Root.pem 1
101 echo "DELEGATED; Root CA -> EE"
102 test_ocsp ISDOSC_D3.ors D3_Issuer_Root.pem 1
103
104 echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
105 echo "NON-DELEGATED; Intermediate CA -> EE"
106 test_ocsp ND1.ors WSNIC_ND1_Issuer_ICA.pem 1
107 echo "NON-DELEGATED; Root CA -> Intermediate CA"
108 test_ocsp ND2.ors WSNIC_ND2_Issuer_Root.pem 1
109 echo "NON-DELEGATED; Root CA -> EE"
110 test_ocsp ND3.ors WSNIC_ND3_Issuer_Root.pem 1
111 echo "DELEGATED; Intermediate CA -> EE"
112 test_ocsp D1.ors WSNIC_D1_Issuer_ICA.pem 1
113 echo "DELEGATED; Root CA -> Intermediate CA"
114 test_ocsp D2.ors WSNIC_D2_Issuer_Root.pem 1
115 echo "DELEGATED; Root CA -> EE"
116 test_ocsp D3.ors WSNIC_D3_Issuer_Root.pem 1
117
118 echo "=== WRONG KEY in the ISSUER CERTIFICATE ==="
119 echo "NON-DELEGATED; Intermediate CA -> EE"
120 test_ocsp ND1.ors WKIC_ND1_Issuer_ICA.pem 1
121 echo "NON-DELEGATED; Root CA -> Intermediate CA"
122 test_ocsp ND2.ors WKIC_ND2_Issuer_Root.pem 1
123 echo "NON-DELEGATED; Root CA -> EE"
124 test_ocsp ND3.ors WKIC_ND3_Issuer_Root.pem 1
125 echo "DELEGATED; Intermediate CA -> EE"
126 test_ocsp D1.ors WKIC_D1_Issuer_ICA.pem 1
127 echo "DELEGATED; Root CA -> Intermediate CA"
128 test_ocsp D2.ors WKIC_D2_Issuer_Root.pem 1
129 echo "DELEGATED; Root CA -> EE"
130 test_ocsp D3.ors WKIC_D3_Issuer_Root.pem 1
131
132 echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
133 # Expect success, because we're explicitly trusting the issuer certificate.
134 echo "NON-DELEGATED; Intermediate CA -> EE"
135 test_ocsp ND1.ors ISIC_ND1_Issuer_ICA.pem 0
136 echo "NON-DELEGATED; Root CA -> Intermediate CA"
137 test_ocsp ND2.ors ISIC_ND2_Issuer_Root.pem 0
138 echo "NON-DELEGATED; Root CA -> EE"
139 test_ocsp ND3.ors ISIC_ND3_Issuer_Root.pem 0
140 echo "DELEGATED; Intermediate CA -> EE"
141 test_ocsp D1.ors ISIC_D1_Issuer_ICA.pem 0
142 echo "DELEGATED; Root CA -> Intermediate CA"
143 test_ocsp D2.ors ISIC_D2_Issuer_Root.pem 0
144 echo "DELEGATED; Root CA -> EE"
145 test_ocsp D3.ors ISIC_D3_Issuer_Root.pem 0
146
147 echo "ALL OCSP TESTS SUCCESSFUL"
148 exit 0