X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Ftesttsa.com;h=29fb1d0e63ea746a252104e9d809dead9feec251;hp=846e8c162df5c5be6ccd76c706b84ef00ac44b9d;hb=dbb7654dc189992966ecd95ca66f7a3bb011ab9b;hpb=95e362c6da159eb10be1498a0959ea5acacb59f5 diff --git a/test/testtsa.com b/test/testtsa.com index 846e8c162d..29fb1d0e63 100644 --- a/test/testtsa.com +++ b/test/testtsa.com @@ -2,12 +2,19 @@ $! $! A few very basic tests for the 'ts' time stamping authority command. $! $ -$ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" $ -$ openssl := mcr 'exe_dir'openssl -$ OPENSSL_CONF := [-]CAtsa.cnf +$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'" +$ OPENSSL_CONF = "[-]CAtsa.cnf" +$ ! Because that's what ../apps/CA.sh really looks at +$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF $ $ error: $ subroutine @@ -18,9 +25,12 @@ $ $ setup_dir: $ subroutine $ -$ @[-.util]deltree [.tsa]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* -$ delete tsa.dir;* +$ if f$search("tsa.dir") .nes "" +$ then +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endif $ $ create/dir [.tsa] $ set default [.tsa] @@ -39,21 +49,10 @@ $ create_ca: $ subroutine $ $ write sys$output "Creating a new CA for the TSA tests..." -$ @[--.util]deltree [.demoCA]*.* -$ -$ open/write file VMStsa-response.create_ca -$ write file "" -$ write file "HU" -$ write file "Budapest" -$ write file "Budapest" -$ write file "Gov-CA Ltd." -$ write file "ca1" -$ close file -$ open/read sys$ca_input VMStsa-response.create_ca -$ @[--.apps]CA.com -input sys$ca_input -newca -$ save_severity = $severity -$ close sys$ca_input -$ if save_severity .ne. 1 then call error +$ TSDNSECT = "ts_ca_dn" +$ openssl req -new -x509 -nodes - + -out tsaca.pem -keyout tsacakey.pem +$ if $severity .ne. 1 then call error $ endsubroutine $ $ create_tsa_cert: @@ -61,25 +60,17 @@ $ subroutine $ $ INDEX=p1 $ EXT=p2 -$ open/write file VMStsa-response1.create_tsa_cert -$ write file "HU" -$ write file "Budapest" -$ write file "Buda" -$ write file "Hun-TSA Ltd." -$ write file "tsa",INDEX -$ close file -$ define/user sys$input VMStsa-response.create_tsa_cert +$ TSDNSECT = "ts_cert_dn" +$ $ openssl req -new - -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem $ if $severity .ne. 1 then call error $ -$ open/write file VMStsa-response2.create_tsa_cert -$ write file "y" -$ write file "y" -$ close file -$ define/user sys$input VMStsa-response.create_tsa_cert -$ openssl ca -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - - -extensions "''EXT'" +$ write sys$output "Using extension ''EXT'" +$ openssl x509 -req - + -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - + "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - + -extfile 'OPENSSL_CONF' -extensions "''EXT'" $ if $severity .ne. 1 then call error $ endsubroutine $ @@ -126,8 +117,8 @@ $ $ time_stamp_response_token_test: $ subroutine $ -$ RESPONSE2:='p2'.copy_tsr -$ TOKEN_DER:='p2'.token_der +$ RESPONSE2 = p2+ "-copy_tsr" +$ TOKEN_DER = p2+ "-token_der" $ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out $ if $severity .ne. 1 then call error $ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' @@ -146,24 +137,24 @@ $ verify_time_stamp_response: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2' - - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_token: $ subroutine $ -$ # create the token from the response first -$ openssl ts -reply -in 'p2' -out 'p2'.token -token_out +$ ! create the token from the response first +$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out $ if $severity .ne. 1 then call error -$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in \ - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem +$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error -$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in \ - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem +$ openssl ts -verify -data "''p3'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ @@ -171,14 +162,16 @@ $ verify_time_stamp_response_fail: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem -$ # Checks if the verification failed, as it should have. -$ if $severity .ne. 1 then call error + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ ! Checks if the verification failed, as it should have. +$ if $severity .eq. 1 then call error $ write sys$output "Ok" $ endsubroutine $ $ ! Main body ---------------------------------------------------------- $ +$ set noon +$ $ write sys$output "Setting up TSA test directory..." $ call setup_dir $ @@ -186,75 +179,77 @@ $ write sys$output "Creating CA for TSA tests..." $ call create_ca $ $ write sys$output "Creating tsa_cert1.pem TSA server cert..." -$ call create_tsa_cert 1 tsa_cert +$ call create_tsa_cert 1 "tsa_cert" $ $ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." -$ call create_tsa_cert 2 non_tsa_cert +$ call create_tsa_cert 2 "non_tsa_cert" $ $ write sys$output "Creating req1.req time stamp request for file testtsa..." $ call create_time_stamp_request1 $ $ write sys$output "Printing req1.req..." -$ call print_request req1.tsq +$ call print_request "req1.tsq" $ $ write sys$output "Generating valid response for req1.req..." -$ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1 +$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1" $ $ write sys$output "Printing response..." -$ call print_response resp1.tsr +$ call print_response "resp1.tsr" $ $ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response req1.tsq resp1.tsr ../testtsa +$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com" $ $ write sys$output "Verifying valid token..." -$ call verify_time_stamp_token req1.tsq resp1.tsr ../testtsa +$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com" $ $ ! The tests below are commented out, because invalid signer certificates $ ! can no longer be specified in the config file. $ $ ! write sys$output "Generating _invalid_ response for req1.req..." -$ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 +$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2" $ $ ! write sys$output "Printing response..." -$ ! call print_response resp1_bad.tsr +$ ! call print_response "resp1_bad.tsr" $ $ ! write sys$output "Verifying invalid response, it should fail..." -$ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr +$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr" $ $ write sys$output "Creating req2.req time stamp request for file testtsa..." $ call create_time_stamp_request2 $ $ write sys$output "Printing req2.req..." -$ call print_request req2.tsq +$ call print_request "req2.tsq" $ $ write sys$output "Generating valid response for req2.req..." -$ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1 +$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1" $ $ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." -$ call time_stamp_response_token_test req2.tsq resp2.tsr +$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr" $ $ write sys$output "Printing response..." -$ call print_response resp2.tsr +$ call print_response "resp2.tsr" $ $ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response req2.tsq resp2.tsr ../testtsa +$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com" $ $ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req1.tsq resp2.tsr +$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr" $ $ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req2.tsq resp1.tsr +$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr" $ $ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." $ call create_time_stamp_request3 $ $ write sys$output "Printing req3.req..." -$ call print_request req3.tsq +$ call print_request "req3.tsq" $ $ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail req3.tsq resp1.tsr +$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr" $ $ write sys$output "Cleaning up..." $ call clean_up_dir $ +$ set on +$ $ exit