#
SH="/bin/sh"
-PATH=../../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+ PATH="../apps\;$PATH"
+else
+ PATH="../apps:$PATH"
+fi
export SH PATH
OPENSSL_CONF="../CAtsa.cnf"
export OPENSSL_CONF
+# Because that's what ../apps/CA.pl really looks at
+SSLEAY_CONFIG="-config $OPENSSL_CONF"
+export SSLEAY_CONFIG
-error () {
-
- echo "ERROR DURING TSA TESTS!!!!!!!!!!!!!!!!" >&2
- exit 1
-}
+OPENSSL="`pwd`/../util/opensslwrap.sh"
+export OPENSSL
setup_dir () {
-
rm -rf tsa 2>/dev/null
mkdir tsa
cd ./tsa
}
clean_up_dir () {
-
cd ..
rm -rf tsa
}
create_ca () {
-
- echo "Creating a new CA for the TSA tests..."
- /bin/rm -fr demoCA
- $SH ../../apps/CA.sh -newca <<EOF
-
-HU
-Budapest
-Budapest
-Gov-CA Ltd.
-ca1
-EOF
- test $? != 0 && error
+ echo creating a new CA for the TSA tests
+ TSDNSECT=ts_ca_dn
+ export TSDNSECT
+ ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
+ -out tsaca.pem -keyout tsacakey.pem || exit 1
}
create_tsa_cert () {
INDEX=$1
+ export INDEX
EXT=$2
- openssl req -new -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem <<EOF
-HU
-Budapest
-Buda
-Hun-TSA Ltd.
-tsa${INDEX}
-EOF
- test $? != 0 && error
-
- openssl ca -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
- -extensions $EXT <<EOF
-y
-y
-EOF
- test $? != 0 && error
+ TSDNSECT=ts_cert_dn
+ export TSDNSECT
+
+ ../../util/shlib_wrap.sh ../../apps/openssl req -new \
+ -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1
+ echo using extension $EXT
+ ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
+ -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
+ -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
+ -extfile $OPENSSL_CONF -extensions $EXT || exit 1
}
print_request () {
- openssl ts -query -in $1 -text
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
}
create_time_stamp_request1 () {
- openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
- test $? != 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1
}
create_time_stamp_request2 () {
- openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
- -out req2.tsq
- test $? != 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
+ -out req2.tsq || exit 1
}
create_time_stamp_request3 () {
- openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
- test $? != 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1
}
print_response () {
- openssl ts -reply -in $1 -text
- test $? != 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text || exit 1
}
create_time_stamp_response () {
- openssl ts -reply -section $3 -queryfile $1 -out $2
- test $? != 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 || exit 1
}
time_stamp_response_token_test () {
RESPONSE2=$2.copy.tsr
TOKEN_DER=$2.token.der
- openssl ts -reply -in $2 -out $TOKEN_DER -token_out
- test $? != 0 && error
- openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
- test $? != 0 && error
- cmp $RESPONSE2 $2
- test $? != 0 && error
- openssl ts -reply -in $2 -text -token_out
- test $? != 0 && error
- openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
- test $? != 0 && error
- openssl ts -reply -queryfile $1 -text -token_out
- test $? != 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out || exit 1
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
+ cmp $RESPONSE2 $2 || exit 1
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out || exit 1
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out || exit 1
}
verify_time_stamp_response () {
- openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \
- -untrusted tsa_cert1.pem
- test $? != 0 && error
- openssl ts -verify -data $3 -in $2 -CAfile demoCA/cacert.pem \
- -untrusted tsa_cert1.pem
- test $? != 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
+ -untrusted tsa_cert1.pem || exit 1
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
+ -untrusted tsa_cert1.pem || exit 1
}
verify_time_stamp_token () {
# create the token from the response first
- openssl ts -reply -in $2 -out $2.token -token_out
- test $? != 0 && error
- openssl ts -verify -queryfile $1 -in $2.token -token_in \
- -CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem
- test $? != 0 && error
- openssl ts -verify -data $3 -in $2.token -token_in \
- -CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem
- test $? != 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out || exit 1
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
+ -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
+ -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
}
verify_time_stamp_response_fail () {
- openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \
- -untrusted tsa_cert1.pem
- # Checks if the verification failed, as it should have.
- test $? == 0 && error
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
+ -untrusted tsa_cert1.pem && exit 1
+ echo ok
}
# main functions
-echo "Setting up TSA test directory..."
+echo setting up TSA test directory
setup_dir
-echo "Creating CA for TSA tests..."
+echo creating CA for TSA tests
create_ca
-echo "Creating tsa_cert1.pem TSA server cert..."
+echo creating tsa_cert1.pem TSA server cert
create_tsa_cert 1 tsa_cert
-echo "Creating tsa_cert2.pem non-TSA server cert..."
+echo creating tsa_cert2.pem non-TSA server cert
create_tsa_cert 2 non_tsa_cert
-echo "Creating req1.req time stamp request for file testtsa..."
+echo creating req1.req time stamp request for file testtsa
create_time_stamp_request1
-echo "Printing req1.req..."
+echo printing req1.req
print_request req1.tsq
-echo "Generating valid response for req1.req..."
+echo generating valid response for req1.req
create_time_stamp_response req1.tsq resp1.tsr tsa_config1
-echo "Printing response..."
+echo printing response
print_response resp1.tsr
-echo "Verifying valid response..."
+echo verifying valid response
verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
-echo "Verifying valid token..."
+echo verifying valid token
verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
-# The tests below are commented out, because invalid signer certificates
-# can no longer be specified in the config file.
-
-# echo "Generating _invalid_ response for req1.req..."
-# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
-
-# echo "Printing response..."
-# print_response resp1_bad.tsr
-
-# echo "Verifying invalid response, it should fail..."
-# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
-
-echo "Creating req2.req time stamp request for file testtsa..."
+echo creating req2.req time stamp request for file testtsa
create_time_stamp_request2
-echo "Printing req2.req..."
+echo printing req2.req
print_request req2.tsq
-echo "Generating valid response for req2.req..."
+echo generating valid response for req2.req
create_time_stamp_response req2.tsq resp2.tsr tsa_config1
-echo "Checking '-token_in' and '-token_out' options with '-reply'..."
+echo checking -token_in and -token_out options with -reply
time_stamp_response_token_test req2.tsq resp2.tsr
-echo "Printing response..."
+echo printing response
print_response resp2.tsr
-echo "Verifying valid response..."
+echo verifying valid response
verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
-echo "Verifying response against wrong request, it should fail..."
+echo verifying response against wrong request, it should fail
verify_time_stamp_response_fail req1.tsq resp2.tsr
-echo "Verifying response against wrong request, it should fail..."
+echo verifying response against wrong request, it should fail
verify_time_stamp_response_fail req2.tsq resp1.tsr
-echo "Creating req3.req time stamp request for file CAtsa.cnf..."
+echo creating req3.req time stamp request for file CAtsa.cnf
create_time_stamp_request3
-echo "Printing req3.req..."
+echo printing req3.req
print_request req3.tsq
-echo "Verifying response against wrong request, it should fail..."
+echo verifying response against wrong request, it should fail
verify_time_stamp_response_fail req3.tsq resp1.tsr
-echo "Cleaning up..."
+echo cleaning up
clean_up_dir
exit 0
projects / openssl.git / blobdiff