$!
$
$ __arch := VAX
-$ if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch := UNK
$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
$
-$ openssl := mcr 'exe_dir'openssl
+$ openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
$ OPENSSL_CONF := [-]CAtsa.cnf
+$ ! Because that's what ../apps/CA.sh really looks at
+$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF
$
$ error:
$ subroutine
$ setup_dir:
$ subroutine
$
-$ @[-.utils]deltree [.tsa]*.*
-$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$ delete tsa.dir;*
+$ if f$search("tsa.dir") .nes ""
+$ then
+$ @[-.util]deltree [.tsa]*.*
+$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$ delete tsa.dir;*
+$ endif
$
$ create/dir [.tsa]
$ set default [.tsa]
$ subroutine
$
$ set default [-]
-$ @[-.utils]deltree [.tsa]*.*
+$ @[-.util]deltree [.tsa]*.*
$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
$ delete tsa.dir;*
$ endsubroutine
$ subroutine
$
$ write sys$output "Creating a new CA for the TSA tests..."
-$ @[--.utils]deltree [.demoCA]*.*
-$
-$ open/write file VMStsa-response.create_ca
-$ write file ""
-$ write file "HU"
-$ write file "Budapest"
-$ write file "Budapest"
-$ write file "Gov-CA Ltd."
-$ write file "ca1"
-$ close file
-$ open/read sys$ca_input VMStsa-response.create_ca
-$ @[--.apps]CA.com -input sys$ca_input -newca
-$ save_severity = $severity
-$ close sys$ca_input
-$ if save_severity .ne. 1 then call error
+$ TSDNSECT = "ts_ca_dn"
+$ openssl req -new -x509 -nodes -
+ -out tsaca.pem -keyout tsacakey.pem
+$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ create_tsa_cert:
$
$ INDEX=p1
$ EXT=p2
-$ open/write file VMStsa-response1.create_tsa_cert
-$ write file "HU"
-$ write file "Budapest"
-$ write file "Buda"
-$ write file "Hun-TSA Ltd."
-$ write file "tsa",INDEX
-$ close file
-$ define/user sys$input VMStsa-response.create_tsa_cert
+$ TSDNSECT = "ts_cert_dn"
+$
$ openssl req -new -
-out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
$ if $severity .ne. 1 then call error
$
-$ open/write file VMStsa-response2.create_tsa_cert
-$ write file "y"
-$ write file "y"
-$ close file
-$ define/user sys$input VMStsa-response.create_tsa_cert
-$ openssl ca -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
- -extensions "''EXT'"
+$ write sys$output "Using extension ''EXT'"
+$ openssl x509 -req -
+ -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
+ "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
+ -extfile 'OPENSSL_CONF' -extensions "''EXT'"
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ subroutine
$
$ openssl ts -verify -queryfile 'p1' -in 'p2' -
- -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
+ "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ if $severity .ne. 1 then call error
$ openssl ts -verify -data 'p3' -in 'p2' -
- -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
+ "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ verify_time_stamp_token:
$ subroutine
$
-$ # create the token from the response first
+$ ! create the token from the response first
$ openssl ts -reply -in 'p2' -out 'p2'.token -token_out
$ if $severity .ne. 1 then call error
-$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in \
- -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
+$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
+ "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ if $severity .ne. 1 then call error
-$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in \
- -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
+$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
+ "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
$ if $severity .ne. 1 then call error
$ endsubroutine
$
$ subroutine
$
$ openssl ts -verify -queryfile 'p1' -in 'p2' -
- -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
-$ # Checks if the verification failed, as it should have.
-$ if $severity .ne. 1 then call error
+ "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$ ! Checks if the verification failed, as it should have.
+$ if $severity .eq. 1 then call error
$ write sys$output "Ok"
$ endsubroutine
$
$ ! Main body ----------------------------------------------------------
$
+$ set noon
+$
$ write sys$output "Setting up TSA test directory..."
$ call setup_dir
$
$ call create_ca
$
$ write sys$output "Creating tsa_cert1.pem TSA server cert..."
-$ call create_tsa_cert 1 tsa_cert
+$ call create_tsa_cert 1 "tsa_cert"
$
$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
-$ call create_tsa_cert 2 non_tsa_cert
+$ call create_tsa_cert 2 "non_tsa_cert"
$
$ write sys$output "Creating req1.req time stamp request for file testtsa..."
$ call create_time_stamp_request1
$ call print_response resp1.tsr
$
$ write sys$output "Verifying valid response..."
-$ call verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
+$ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
$
$ write sys$output "Verifying valid token..."
-$ call verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
+$ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
$
$ ! The tests below are commented out, because invalid signer certificates
$ ! can no longer be specified in the config file.
$ call print_response resp2.tsr
$
$ write sys$output "Verifying valid response..."
-$ call verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
+$ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
$
$ write sys$output "Verifying response against wrong request, it should fail..."
$ call verify_time_stamp_response_fail req1.tsq resp2.tsr
$ write sys$output "Cleaning up..."
$ call clean_up_dir
$
+$ set on
+$
$ exit
projects / openssl.git / blobdiff