- plan tests => 20;
-
- SKIP: {
- skip "failed", 19
- if !subtest 'creating CA for TSA tests' => sub { create_ca };
-
- skip "failed", 18
- if !subtest 'creating tsa_cert1.pem TSA server cert' => sub {
- create_tsa_cert("1", "tsa_cert")
- };
-
- skip "failed", 17
- if !subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
- create_tsa_cert("2", "non_tsa_cert")
- };
-
- skip "failed", 16
- if !subtest 'creating req1.req time stamp request for file testtsa' => sub {
- create_time_stamp_request1()
- };
-
- subtest 'printing req1.req' => sub {
- print_request("req1.tsq")
- };
-
- subtest 'generating valid response for req1.req' => sub {
- create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
- };
-
- subtest 'printing response' => sub {
- print_response("resp1.tsr")
- };
-
- subtest 'verifying valid response' => sub {
- verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
- };
-
- subtest 'verifying valid token' => sub {
- verify_time_stamp_token("req1.tsq", "resp1.tsr", $testtsa)
- };
-
- subtest 'creating req2.req time stamp request for file testtsa' => sub {
- create_time_stamp_request2()
- };
-
- subtest 'printing req2.req' => sub {
- print_request("req2.tsq")
- };
-
- subtest 'generating valid response for req2.req' => sub {
- create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
- };
-
- subtest 'checking -token_in and -token_out options with -reply' => sub {
- time_stamp_response_token_test("req2.tsq", "resp2.tsr")
- };
-
- subtest 'printing response' => sub {
- print_response("resp2.tsr")
- };
-
- subtest 'verifying valid response' => sub {
- verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
- };
-
- subtest 'verifying response against wrong request, it should fail' => sub {
- verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
- };
-
- subtest 'verifying response against wrong request, it should fail' => sub {
- verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
- };
-
- subtest 'creating req3.req time stamp request for file CAtsa.cnf' => sub {
- create_time_stamp_request3()
- };
-
- subtest 'printing req3.req' => sub {
- print_request("req3.tsq")
- };
-
- subtest 'verifying response against wrong request, it should fail' => sub {
- verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
- };
+ SKIP: {
+ $ENV{TSDNSECT} = "ts_ca_dn";
+ skip "failed", 19
+ unless ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
+ "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
+ 'creating a new CA for the TSA tests');
+
+ skip "failed", 18
+ unless subtest 'creating tsa_cert1.pem TSA server cert' => sub {
+ create_tsa_cert("1", "tsa_cert")
+ };
+
+ skip "failed", 17
+ unless subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
+ create_tsa_cert("2", "non_tsa_cert")
+ };
+
+ skip "failed", 16
+ unless ok(run(app([@RUN, "-query", "-data", $testtsa,
+ "-policy", "tsa_policy1", "-cert",
+ "-out", "req1.tsq"])),
+ 'creating req1.req time stamp request for file testtsa');
+
+ ok(run(app([@RUN, "-query", "-in", "req1.tsq", "-text"])),
+ 'printing req1.req');
+
+ subtest 'generating valid response for req1.req' => sub {
+ create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
+ };
+
+ ok(run(app([@RUN, "-reply", "-in", "resp1.tsr", "-text"])),
+ 'printing response');
+
+ subtest 'verifying valid response' => sub {
+ verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
+ };
+
+ skip "failed", 11
+ unless subtest 'verifying valid token' => sub {
+ ok(run(app([@RUN, "-reply", "-in", "resp1.tsr",
+ "-out", "resp1.tsr.token", "-token_out"])));
+ ok(run(app([@RUN, "-verify", "-queryfile", "req1.tsq",
+ "-in", "resp1.tsr.token", "-token_in",
+ "-CAfile", "tsaca.pem",
+ "-untrusted", "tsa_cert1.pem"])));
+ ok(run(app([@RUN, "-verify", "-data", $testtsa,
+ "-in", "resp1.tsr.token", "-token_in",
+ "-CAfile", "tsaca.pem",
+ "-untrusted", "tsa_cert1.pem"])));
+ };
+
+ skip "failed", 10
+ unless ok(run(app([@RUN, "-query", "-data", $testtsa,
+ "-policy", "tsa_policy2", "-no_nonce",
+ "-out", "req2.tsq"])),
+ 'creating req2.req time stamp request for file testtsa');
+
+ ok(run(app([@RUN, "-query", "-in", "req2.tsq", "-text"])),
+ 'printing req2.req');
+
+ skip "failed", 8
+ unless subtest 'generating valid response for req2.req' => sub {
+ create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
+ };
+
+ skip "failed", 7
+ unless subtest 'checking -token_in and -token_out options with -reply' => sub {
+ my $RESPONSE2="resp2.tsr.copy.tsr";
+ my $TOKEN_DER="resp2.tsr.token.der";
+
+ ok(run(app([@RUN, "-reply", "-in", "resp2.tsr",
+ "-out", "$TOKEN_DER", "-token_out"])));
+ ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER",
+ "-token_in", "-out", "$RESPONSE2"])));
+ is(compare($RESPONSE2, "resp2.tsr"), 0);
+ ok(run(app([@RUN, "-reply", "-in", "resp2.tsr",
+ "-text", "-token_out"])));
+ ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER",
+ "-token_in", "-text", "-token_out"])));
+ ok(run(app([@RUN, "-reply", "-queryfile", "req2.tsq",
+ "-text", "-token_out"])));
+ };
+
+ ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", "-text"])),
+ 'printing response');
+
+ subtest 'verifying valid response' => sub {
+ verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
+ };
+
+ subtest 'verifying response against wrong request, it should fail' => sub {
+ verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
+ };
+
+ subtest 'verifying response against wrong request, it should fail' => sub {
+ verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
+ };
+
+ skip "failure", 2
+ unless ok(run(app([@RUN, "-query", "-data", $CAtsa,
+ "-no_nonce", "-out", "req3.tsq"])),
+ "creating req3.req time stamp request for file CAtsa.cnf");
+
+ ok(run(app([@RUN, "-query", "-in", "req3.tsq", "-text"])),
+ 'printing req3.req');
+
+ subtest 'verifying response against wrong request, it should fail' => sub {
+ verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
+ };