3 cmd='../util/shlib_wrap.sh ../apps/openssl'
5 stdparams="-trust_other -CApath /dev/null"
7 for resp in `ls -1 $ocspdir/*.ors`
9 $cmd base64 -d -in $resp -out $resp.der
12 echo "=== VALID OCSP RESPONSES ==="
13 echo "NON-DELEGATED; Intermediate CA -> EE"
14 $cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
15 if [ $? != 0 ]; then exit 1; fi
16 echo "NON-DELEGATED; Root CA -> Intermediate CA"
17 $cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
18 if [ $? != 0 ]; then exit 1; fi
19 echo "NON-DELEGATED; Root CA -> EE"
20 $cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
21 if [ $? != 0 ]; then exit 1; fi
22 echo "DELEGATED; Intermediate CA -> EE"
23 $cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
24 if [ $? != 0 ]; then exit 1; fi
25 echo "DELEGATED; Root CA -> Intermediate CA"
26 $cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
27 if [ $? != 0 ]; then exit 1; fi
28 echo "DELEGATED; Root CA -> EE"
29 $cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
30 if [ $? != 0 ]; then exit 1; fi
32 echo "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
33 echo "NON-DELEGATED; Intermediate CA -> EE"
34 $cmd ocsp -respin $ocspdir/ISOP_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
35 if [ $? = 0 ]; then exit 1; fi
36 echo "NON-DELEGATED; Root CA -> Intermediate CA"
37 $cmd ocsp -respin $ocspdir/ISOP_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
38 if [ $? = 0 ]; then exit 1; fi
39 echo "NON-DELEGATED; Root CA -> EE"
40 $cmd ocsp -respin $ocspdir/ISOP_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
41 if [ $? = 0 ]; then exit 1; fi
42 echo "DELEGATED; Intermediate CA -> EE"
43 $cmd ocsp -respin $ocspdir/ISOP_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
44 if [ $? = 0 ]; then exit 1; fi
45 echo "DELEGATED; Root CA -> Intermediate CA"
46 $cmd ocsp -respin $ocspdir/ISOP_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
47 if [ $? = 0 ]; then exit 1; fi
48 echo "DELEGATED; Root CA -> EE"
49 $cmd ocsp -respin $ocspdir/ISOP_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
50 if [ $? = 0 ]; then exit 1; fi
52 echo "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
53 echo "NON-DELEGATED; Intermediate CA -> EE"
54 $cmd ocsp -respin $ocspdir/WRID_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
55 if [ $? = 0 ]; then exit 1; fi
56 echo "NON-DELEGATED; Root CA -> Intermediate CA"
57 $cmd ocsp -respin $ocspdir/WRID_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
58 if [ $? = 0 ]; then exit 1; fi
59 echo "NON-DELEGATED; Root CA -> EE"
60 $cmd ocsp -respin $ocspdir/WRID_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
61 if [ $? = 0 ]; then exit 1; fi
62 echo "DELEGATED; Intermediate CA -> EE"
63 $cmd ocsp -respin $ocspdir/WRID_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
64 if [ $? = 0 ]; then exit 1; fi
65 echo "DELEGATED; Root CA -> Intermediate CA"
66 $cmd ocsp -respin $ocspdir/WRID_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
67 if [ $? = 0 ]; then exit 1; fi
68 echo "DELEGATED; Root CA -> EE"
69 $cmd ocsp -respin $ocspdir/WRID_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
70 if [ $? = 0 ]; then exit 1; fi
72 echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
73 echo "NON-DELEGATED; Intermediate CA -> EE"
74 $cmd ocsp -respin $ocspdir/WINH_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
75 if [ $? = 0 ]; then exit 1; fi
76 echo "NON-DELEGATED; Root CA -> Intermediate CA"
77 $cmd ocsp -respin $ocspdir/WINH_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
78 if [ $? = 0 ]; then exit 1; fi
79 echo "NON-DELEGATED; Root CA -> EE"
80 $cmd ocsp -respin $ocspdir/WINH_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
81 if [ $? = 0 ]; then exit 1; fi
82 echo "DELEGATED; Intermediate CA -> EE"
83 $cmd ocsp -respin $ocspdir/WINH_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
84 if [ $? = 0 ]; then exit 1; fi
85 echo "DELEGATED; Root CA -> Intermediate CA"
86 $cmd ocsp -respin $ocspdir/WINH_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
87 if [ $? = 0 ]; then exit 1; fi
88 echo "DELEGATED; Root CA -> EE"
89 $cmd ocsp -respin $ocspdir/WINH_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
90 if [ $? = 0 ]; then exit 1; fi
92 echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
93 echo "NON-DELEGATED; Intermediate CA -> EE"
94 $cmd ocsp -respin $ocspdir/WIKH_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
95 if [ $? = 0 ]; then exit 1; fi
96 echo "NON-DELEGATED; Root CA -> Intermediate CA"
97 $cmd ocsp -respin $ocspdir/WIKH_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
98 if [ $? = 0 ]; then exit 1; fi
99 echo "NON-DELEGATED; Root CA -> EE"
100 $cmd ocsp -respin $ocspdir/WIKH_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
101 if [ $? = 0 ]; then exit 1; fi
102 echo "DELEGATED; Intermediate CA -> EE"
103 $cmd ocsp -respin $ocspdir/WIKH_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
104 if [ $? = 0 ]; then exit 1; fi
105 echo "DELEGATED; Root CA -> Intermediate CA"
106 $cmd ocsp -respin $ocspdir/WIKH_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
107 if [ $? = 0 ]; then exit 1; fi
108 echo "DELEGATED; Root CA -> EE"
109 $cmd ocsp -respin $ocspdir/WIKH_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
110 if [ $? = 0 ]; then exit 1; fi
112 echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
113 echo "DELEGATED; Intermediate CA -> EE"
114 $cmd ocsp -respin $ocspdir/WKDOSC_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $std_params
115 if [ $? = 0 ]; then exit 1; fi
116 echo "DELEGATED; Root CA -> Intermediate CA"
117 $cmd ocsp -respin $ocspdir/WKDOSC_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $std_params
118 if [ $? = 0 ]; then exit 1; fi
119 echo "DELEGATED; Root CA -> EE"
120 $cmd ocsp -respin $ocspdir/WKDOSC_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $std_params
121 if [ $? = 0 ]; then exit 1; fi
123 echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
124 echo "DELEGATED; Intermediate CA -> EE"
125 $cmd ocsp -respin $ocspdir/ISDOSC_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
126 if [ $? = 0 ]; then exit 1; fi
127 echo "DELEGATED; Root CA -> Intermediate CA"
128 $cmd ocsp -respin $ocspdir/ISDOSC_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
129 if [ $? = 0 ]; then exit 1; fi
130 echo "DELEGATED; Root CA -> EE"
131 $cmd ocsp -respin $ocspdir/ISDOSC_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
132 if [ $? = 0 ]; then exit 1; fi
134 echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
135 echo "NON-DELEGATED; Intermediate CA -> EE"
136 $cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/WSNIC_ND1_Issuer_ICA.pem $stdparams
137 if [ $? = 0 ]; then exit 1; fi
138 echo "NON-DELEGATED; Root CA -> Intermediate CA"
139 $cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/WSNIC_ND2_Issuer_Root.pem $stdparams
140 if [ $? = 0 ]; then exit 1; fi
141 echo "NON-DELEGATED; Root CA -> EE"
142 $cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/WSNIC_ND3_Issuer_Root.pem $stdparams
143 if [ $? = 0 ]; then exit 1; fi
144 echo "DELEGATED; Intermediate CA -> EE"
145 $cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/WSNIC_D1_Issuer_ICA.pem $stdparams
146 if [ $? = 0 ]; then exit 1; fi
147 echo "DELEGATED; Root CA -> Intermediate CA"
148 $cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/WSNIC_D2_Issuer_Root.pem $stdparams
149 if [ $? = 0 ]; then exit 1; fi
150 echo "DELEGATED; Root CA -> EE"
151 $cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/WSNIC_D3_Issuer_Root.pem $stdparams
152 if [ $? = 0 ]; then exit 1; fi
154 echo "=== WRONG KEY in the ISSUER CERTIFICATE ==="
155 echo "NON-DELEGATED; Intermediate CA -> EE"
156 $cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/WKIC_ND1_Issuer_ICA.pem $stdparams
157 if [ $? = 0 ]; then exit 1; fi
158 echo "NON-DELEGATED; Root CA -> Intermediate CA"
159 $cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/WKIC_ND2_Issuer_Root.pem $stdparams
160 if [ $? = 0 ]; then exit 1; fi
161 echo "NON-DELEGATED; Root CA -> EE"
162 $cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/WKIC_ND3_Issuer_Root.pem $stdparams
163 if [ $? = 0 ]; then exit 1; fi
164 echo "DELEGATED; Intermediate CA -> EE"
165 $cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/WKIC_D1_Issuer_ICA.pem $stdparams
166 if [ $? = 0 ]; then exit 1; fi
167 echo "DELEGATED; Root CA -> Intermediate CA"
168 $cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/WKIC_D2_Issuer_Root.pem $stdparams
169 if [ $? = 0 ]; then exit 1; fi
170 echo "DELEGATED; Root CA -> EE"
171 $cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/WKIC_D3_Issuer_Root.pem $stdparams
172 if [ $? = 0 ]; then exit 1; fi
174 echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
175 # Expect success, because we're explicitly trusting the issuer certificate.
176 echo "NON-DELEGATED; Intermediate CA -> EE"
177 $cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/ISIC_ND1_Issuer_ICA.pem $stdparams
178 if [ $? != 0 ]; then exit 1; fi
179 echo "NON-DELEGATED; Root CA -> Intermediate CA"
180 $cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/ISIC_ND2_Issuer_Root.pem $stdparams
181 if [ $? != 0 ]; then exit 1; fi
182 echo "NON-DELEGATED; Root CA -> EE"
183 $cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/ISIC_ND3_Issuer_Root.pem $stdparams
184 if [ $? != 0 ]; then exit 1; fi
185 echo "DELEGATED; Intermediate CA -> EE"
186 $cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/ISIC_D1_Issuer_ICA.pem $stdparams
187 if [ $? != 0 ]; then exit 1; fi
188 echo "DELEGATED; Root CA -> Intermediate CA"
189 $cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/ISIC_D2_Issuer_Root.pem $stdparams
190 if [ $? != 0 ]; then exit 1; fi
191 echo "DELEGATED; Root CA -> EE"
192 $cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/ISIC_D3_Issuer_Root.pem $stdparams
193 if [ $? != 0 ]; then exit 1; fi
195 /bin/rm $ocspdir/*.ors.der
196 echo "ALL OCSP TESTS SUCCESSFUL"
200 cmd='../util/shlib_wrap.sh ../apps/openssl'
202 stdparams="-trust_other -CApath /dev/null"
204 for resp in `ls -1 $ocspdir/*.ors`
206 $cmd base64 -d -in $resp -out $resp.der
209 echo "=== VALID OCSP RESPONSES ==="
210 echo "NON-DELEGATED; Intermediate CA -> EE"
211 $cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
212 if [ $? != 0 ]; then exit 1; fi
213 echo "NON-DELEGATED; Root CA -> Intermediate CA"
214 $cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
215 if [ $? != 0 ]; then exit 1; fi
216 echo "NON-DELEGATED; Root CA -> EE"
217 $cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
218 if [ $? != 0 ]; then exit 1; fi
219 echo "DELEGATED; Intermediate CA -> EE"
220 $cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
221 if [ $? != 0 ]; then exit 1; fi
222 echo "DELEGATED; Root CA -> Intermediate CA"
223 $cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
224 if [ $? != 0 ]; then exit 1; fi
225 echo "DELEGATED; Root CA -> EE"
226 $cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
227 if [ $? != 0 ]; then exit 1; fi
229 echo "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
230 echo "NON-DELEGATED; Intermediate CA -> EE"
231 $cmd ocsp -respin $ocspdir/ISOP_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
232 if [ $? = 0 ]; then exit 1; fi
233 echo "NON-DELEGATED; Root CA -> Intermediate CA"
234 $cmd ocsp -respin $ocspdir/ISOP_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
235 if [ $? = 0 ]; then exit 1; fi
236 echo "NON-DELEGATED; Root CA -> EE"
237 $cmd ocsp -respin $ocspdir/ISOP_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
238 if [ $? = 0 ]; then exit 1; fi
239 echo "DELEGATED; Intermediate CA -> EE"
240 $cmd ocsp -respin $ocspdir/ISOP_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
241 if [ $? = 0 ]; then exit 1; fi
242 echo "DELEGATED; Root CA -> Intermediate CA"
243 $cmd ocsp -respin $ocspdir/ISOP_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
244 if [ $? = 0 ]; then exit 1; fi
245 echo "DELEGATED; Root CA -> EE"
246 $cmd ocsp -respin $ocspdir/ISOP_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
247 if [ $? = 0 ]; then exit 1; fi
249 echo "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
250 echo "NON-DELEGATED; Intermediate CA -> EE"
251 $cmd ocsp -respin $ocspdir/WRID_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
252 if [ $? = 0 ]; then exit 1; fi
253 echo "NON-DELEGATED; Root CA -> Intermediate CA"
254 $cmd ocsp -respin $ocspdir/WRID_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
255 if [ $? = 0 ]; then exit 1; fi
256 echo "NON-DELEGATED; Root CA -> EE"
257 $cmd ocsp -respin $ocspdir/WRID_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
258 if [ $? = 0 ]; then exit 1; fi
259 echo "DELEGATED; Intermediate CA -> EE"
260 $cmd ocsp -respin $ocspdir/WRID_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
261 if [ $? = 0 ]; then exit 1; fi
262 echo "DELEGATED; Root CA -> Intermediate CA"
263 $cmd ocsp -respin $ocspdir/WRID_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
264 if [ $? = 0 ]; then exit 1; fi
265 echo "DELEGATED; Root CA -> EE"
266 $cmd ocsp -respin $ocspdir/WRID_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
267 if [ $? = 0 ]; then exit 1; fi
269 echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
270 echo "NON-DELEGATED; Intermediate CA -> EE"
271 $cmd ocsp -respin $ocspdir/WINH_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
272 if [ $? = 0 ]; then exit 1; fi
273 echo "NON-DELEGATED; Root CA -> Intermediate CA"
274 $cmd ocsp -respin $ocspdir/WINH_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
275 if [ $? = 0 ]; then exit 1; fi
276 echo "NON-DELEGATED; Root CA -> EE"
277 $cmd ocsp -respin $ocspdir/WINH_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
278 if [ $? = 0 ]; then exit 1; fi
279 echo "DELEGATED; Intermediate CA -> EE"
280 $cmd ocsp -respin $ocspdir/WINH_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
281 if [ $? = 0 ]; then exit 1; fi
282 echo "DELEGATED; Root CA -> Intermediate CA"
283 $cmd ocsp -respin $ocspdir/WINH_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
284 if [ $? = 0 ]; then exit 1; fi
285 echo "DELEGATED; Root CA -> EE"
286 $cmd ocsp -respin $ocspdir/WINH_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
287 if [ $? = 0 ]; then exit 1; fi
289 echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
290 echo "NON-DELEGATED; Intermediate CA -> EE"
291 $cmd ocsp -respin $ocspdir/WIKH_ND1.ors.der -verify_other $ocspdir/ND1_Issuer_ICA.pem $stdparams
292 if [ $? = 0 ]; then exit 1; fi
293 echo "NON-DELEGATED; Root CA -> Intermediate CA"
294 $cmd ocsp -respin $ocspdir/WIKH_ND2.ors.der -verify_other $ocspdir/ND2_Issuer_Root.pem $stdparams
295 if [ $? = 0 ]; then exit 1; fi
296 echo "NON-DELEGATED; Root CA -> EE"
297 $cmd ocsp -respin $ocspdir/WIKH_ND3.ors.der -verify_other $ocspdir/ND3_Issuer_Root.pem $stdparams
298 if [ $? = 0 ]; then exit 1; fi
299 echo "DELEGATED; Intermediate CA -> EE"
300 $cmd ocsp -respin $ocspdir/WIKH_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
301 if [ $? = 0 ]; then exit 1; fi
302 echo "DELEGATED; Root CA -> Intermediate CA"
303 $cmd ocsp -respin $ocspdir/WIKH_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
304 if [ $? = 0 ]; then exit 1; fi
305 echo "DELEGATED; Root CA -> EE"
306 $cmd ocsp -respin $ocspdir/WIKH_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
307 if [ $? = 0 ]; then exit 1; fi
309 echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
310 echo "DELEGATED; Intermediate CA -> EE"
311 $cmd ocsp -respin $ocspdir/WKDOSC_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $std_params
312 if [ $? = 0 ]; then exit 1; fi
313 echo "DELEGATED; Root CA -> Intermediate CA"
314 $cmd ocsp -respin $ocspdir/WKDOSC_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $std_params
315 if [ $? = 0 ]; then exit 1; fi
316 echo "DELEGATED; Root CA -> EE"
317 $cmd ocsp -respin $ocspdir/WKDOSC_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $std_params
318 if [ $? = 0 ]; then exit 1; fi
320 echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
321 echo "DELEGATED; Intermediate CA -> EE"
322 $cmd ocsp -respin $ocspdir/ISDOSC_D1.ors.der -verify_other $ocspdir/D1_Issuer_ICA.pem $stdparams
323 if [ $? = 0 ]; then exit 1; fi
324 echo "DELEGATED; Root CA -> Intermediate CA"
325 $cmd ocsp -respin $ocspdir/ISDOSC_D2.ors.der -verify_other $ocspdir/D2_Issuer_Root.pem $stdparams
326 if [ $? = 0 ]; then exit 1; fi
327 echo "DELEGATED; Root CA -> EE"
328 $cmd ocsp -respin $ocspdir/ISDOSC_D3.ors.der -verify_other $ocspdir/D3_Issuer_Root.pem $stdparams
329 if [ $? = 0 ]; then exit 1; fi
331 echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
332 echo "NON-DELEGATED; Intermediate CA -> EE"
333 $cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/WSNIC_ND1_Issuer_ICA.pem $stdparams
334 if [ $? = 0 ]; then exit 1; fi
335 echo "NON-DELEGATED; Root CA -> Intermediate CA"
336 $cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/WSNIC_ND2_Issuer_Root.pem $stdparams
337 if [ $? = 0 ]; then exit 1; fi
338 echo "NON-DELEGATED; Root CA -> EE"
339 $cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/WSNIC_ND3_Issuer_Root.pem $stdparams
340 if [ $? = 0 ]; then exit 1; fi
341 echo "DELEGATED; Intermediate CA -> EE"
342 $cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/WSNIC_D1_Issuer_ICA.pem $stdparams
343 if [ $? = 0 ]; then exit 1; fi
344 echo "DELEGATED; Root CA -> Intermediate CA"
345 $cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/WSNIC_D2_Issuer_Root.pem $stdparams
346 if [ $? = 0 ]; then exit 1; fi
347 echo "DELEGATED; Root CA -> EE"
348 $cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/WSNIC_D3_Issuer_Root.pem $stdparams
349 if [ $? = 0 ]; then exit 1; fi
351 echo "=== WRONG KEY in the ISSUER CERTIFICATE ==="
352 echo "NON-DELEGATED; Intermediate CA -> EE"
353 $cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/WKIC_ND1_Issuer_ICA.pem $stdparams
354 if [ $? = 0 ]; then exit 1; fi
355 echo "NON-DELEGATED; Root CA -> Intermediate CA"
356 $cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/WKIC_ND2_Issuer_Root.pem $stdparams
357 if [ $? = 0 ]; then exit 1; fi
358 echo "NON-DELEGATED; Root CA -> EE"
359 $cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/WKIC_ND3_Issuer_Root.pem $stdparams
360 if [ $? = 0 ]; then exit 1; fi
361 echo "DELEGATED; Intermediate CA -> EE"
362 $cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/WKIC_D1_Issuer_ICA.pem $stdparams
363 if [ $? = 0 ]; then exit 1; fi
364 echo "DELEGATED; Root CA -> Intermediate CA"
365 $cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/WKIC_D2_Issuer_Root.pem $stdparams
366 if [ $? = 0 ]; then exit 1; fi
367 echo "DELEGATED; Root CA -> EE"
368 $cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/WKIC_D3_Issuer_Root.pem $stdparams
369 if [ $? = 0 ]; then exit 1; fi
371 echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
372 # Expect success, because we're explicitly trusting the issuer certificate.
373 echo "NON-DELEGATED; Intermediate CA -> EE"
374 $cmd ocsp -respin $ocspdir/ND1.ors.der -verify_other $ocspdir/ISIC_ND1_Issuer_ICA.pem $stdparams
375 if [ $? != 0 ]; then exit 1; fi
376 echo "NON-DELEGATED; Root CA -> Intermediate CA"
377 $cmd ocsp -respin $ocspdir/ND2.ors.der -verify_other $ocspdir/ISIC_ND2_Issuer_Root.pem $stdparams
378 if [ $? != 0 ]; then exit 1; fi
379 echo "NON-DELEGATED; Root CA -> EE"
380 $cmd ocsp -respin $ocspdir/ND3.ors.der -verify_other $ocspdir/ISIC_ND3_Issuer_Root.pem $stdparams
381 if [ $? != 0 ]; then exit 1; fi
382 echo "DELEGATED; Intermediate CA -> EE"
383 $cmd ocsp -respin $ocspdir/D1.ors.der -verify_other $ocspdir/ISIC_D1_Issuer_ICA.pem $stdparams
384 if [ $? != 0 ]; then exit 1; fi
385 echo "DELEGATED; Root CA -> Intermediate CA"
386 $cmd ocsp -respin $ocspdir/D2.ors.der -verify_other $ocspdir/ISIC_D2_Issuer_Root.pem $stdparams
387 if [ $? != 0 ]; then exit 1; fi
388 echo "DELEGATED; Root CA -> EE"
389 $cmd ocsp -respin $ocspdir/D3.ors.der -verify_other $ocspdir/ISIC_D3_Issuer_Root.pem $stdparams
390 if [ $? != 0 ]; then exit 1; fi
392 /bin/rm $ocspdir/*.ors.der
393 echo "ALL OCSP TESTS SUCCESSFUL"
projects / openssl.git / blob