head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.24 perseant-exfatfs-base:1.2 cjep_sun2x:1.2.0.22 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.20 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 pgoyette-compat-0728:1.2 pgoyette-compat-0625:1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 pgoyette-compat:1.2.0.18 pgoyette-compat-base:1.2 perseant-stdc-iso10646:1.2.0.16 perseant-stdc-iso10646-base:1.2 prg-localcount2-base3:1.2 prg-localcount2-base2:1.2 prg-localcount2-base1:1.2 prg-localcount2:1.2.0.14 prg-localcount2-base:1.2 pgoyette-localcount-20170426:1.2 bouyer-socketcan-base1:1.2 pgoyette-localcount-20170320:1.2 bouyer-socketcan:1.2.0.12 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 pgoyette-localcount-20161104:1.2 localcount-20160914:1.2 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.10 pgoyette-localcount-base:1.2 netbsd-5-2-3-RELEASE:1.1.1.1 netbsd-5-1-5-RELEASE:1.1.1.1 yamt-pagecache-base9:1.2 yamt-pagecache-tag8:1.2 tls-earlyentropy:1.2.0.6 tls-earlyentropy-base:1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2 riastradh-drm2-base3:1.2 netbsd-5-2-2-RELEASE:1.1.1.1 netbsd-5-1-4-RELEASE:1.1.1.1 netbsd-5-2-1-RELEASE:1.1.1.1 netbsd-5-1-3-RELEASE:1.1.1.1 agc-symver:1.2.0.8 agc-symver-base:1.2 tls-maxphys-base:1.2 yamt-pagecache-base8:1.2 netbsd-5-2:1.1.1.1.0.6 yamt-pagecache-base7:1.2 netbsd-5-2-RELEASE:1.1.1.1 netbsd-5-2-RC1:1.1.1.1 yamt-pagecache-base6:1.2 yamt-pagecache-base5:1.2 yamt-pagecache-base4:1.2 netbsd-5-1-2-RELEASE:1.1.1.1 netbsd-5-1-1-RELEASE:1.1.1.1 yamt-pagecache-base3:1.2 yamt-pagecache-base2:1.2 yamt-pagecache:1.2.0.4 yamt-pagecache-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.2 bouyer-quota2-base:1.2 matt-nb5-mips64-premerge-20101231:1.1.1.1 matt-nb5-pq3:1.1.1.1.0.18 matt-nb5-pq3-base:1.1.1.1 netbsd-5-1:1.1.1.1.0.16 netbsd-5-1-RELEASE:1.1.1.1 netbsd-5-1-RC4:1.1.1.1 matt-nb5-mips64-k15:1.1.1.1 netbsd-5-1-RC3:1.1.1.1 netbsd-5-1-RC2:1.1.1.1 netbsd-5-1-RC1:1.1.1.1 netbsd-5-0-2-RELEASE:1.1.1.1 matt-nb5-mips64-premerge-20091211:1.1.1.1 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.1.1.1 matt-nb4-mips64-k7-u2a-k9b:1.1.1.1 matt-nb5-mips64-u1-k1-k5:1.1.1.1 matt-nb5-mips64:1.1.1.1.0.14 netbsd-5-0-1-RELEASE:1.1.1.1 jym-xensuspend-nbase:1.1.1.1 netbsd-5-0:1.1.1.1.0.12 netbsd-5-0-RELEASE:1.1.1.1 netbsd-5-0-RC4:1.1.1.1 netbsd-5-0-RC3:1.1.1.1 netbsd-5-0-RC2:1.1.1.1 jym-xensuspend:1.1.1.1.0.10 jym-xensuspend-base:1.1.1.1 netbsd-5-0-RC1:1.1.1.1 netbsd-5:1.1.1.1.0.8 netbsd-5-base:1.1.1.1 matt-mips64-base2:1.1.1.1 wrstuden-revivesa-base-3:1.1.1.1 wrstuden-revivesa-base:1.1.1.1 wrstuden-revivesa-base-2:1.1.1.1 wrstuden-revivesa:1.1.1.1.0.4 wrstuden-revivesa-base-1:1.1.1.1 yamt-pf42-base4:1.1.1.1 yamt-pf42-base3:1.1.1.1 hpcarm-cleanup-nbase:1.1.1.1 yamt-pf42:1.1.1.1.0.2 yamt-pf42-base2:1.1.1.1 yamt-pf42-base:1.1.1.1 OPENSSL_SNAP_20080509:1.1.1.1 OPENSSL:1.1.1; locks; strict; comment @# @; 1.2 date 2009.07.20.22.56.55; author christos; state dead; branches; next 1.1; 1.1 date 2008.05.09.21.34.47; author christos; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2008.05.09.21.34.47; author christos; state Exp; branches 1.1.1.1.2.1 1.1.1.1.4.1; next ; 1.1.1.1.2.1 date 2008.05.09.21.34.47; author yamt; state dead; branches; next 1.1.1.1.2.2; 1.1.1.1.2.2 date 2008.05.18.12.29.08; author yamt; state Exp; branches; next ; 1.1.1.1.4.1 date 2008.05.09.21.34.47; author wrstuden; state dead; branches; next 1.1.1.1.4.2; 1.1.1.1.4.2 date 2008.06.23.05.02.03; author wrstuden; state Exp; branches; next ; desc @@ 1.2 log @Don't lets this linger around forever. Causes hidden bugs. @ text @#!/bin/sh # # A few very basic tests for the 'ts' time stamping authority command. # SH="/bin/sh" if test "$OSTYPE" = msdosdjgpp; then PATH="../apps\;$PATH" else PATH="../apps:$PATH" fi export SH PATH OPENSSL_CONF="../CAtsa.cnf" export OPENSSL_CONF # Because that's what ../apps/CA.sh really looks at SSLEAY_CONFIG="-config $OPENSSL_CONF" export SSLEAY_CONFIG OPENSSL="`pwd`/../util/opensslwrap.sh" export OPENSSL error () { echo "TSA test failed!" >&2 exit 1 } setup_dir () { rm -rf tsa 2>/dev/null mkdir tsa cd ./tsa } clean_up_dir () { cd .. rm -rf tsa } create_ca () { echo "Creating a new CA for the TSA tests..." TSDNSECT=ts_ca_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ -out tsaca.pem -keyout tsacakey.pem test $? != 0 && error } create_tsa_cert () { INDEX=$1 export INDEX EXT=$2 TSDNSECT=ts_cert_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl req -new \ -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem test $? != 0 && error echo Using extension $EXT ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ -extfile $OPENSSL_CONF -extensions $EXT test $? != 0 && error } print_request () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text } create_time_stamp_request1 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq test $? != 0 && error } create_time_stamp_request2 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ -out req2.tsq test $? != 0 && error } create_time_stamp_request3 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq test $? != 0 && error } print_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text test $? != 0 && error } create_time_stamp_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 test $? != 0 && error } time_stamp_response_token_test () { RESPONSE2=$2.copy.tsr TOKEN_DER=$2.token.der ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 test $? != 0 && error cmp $RESPONSE2 $2 test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out test $? != 0 && error } verify_time_stamp_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error } verify_time_stamp_token () { # create the token from the response first ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error } verify_time_stamp_response_fail () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem # Checks if the verification failed, as it should have. test $? = 0 && error echo Ok } # main functions echo "Setting up TSA test directory..." setup_dir echo "Creating CA for TSA tests..." create_ca echo "Creating tsa_cert1.pem TSA server cert..." create_tsa_cert 1 tsa_cert echo "Creating tsa_cert2.pem non-TSA server cert..." create_tsa_cert 2 non_tsa_cert echo "Creating req1.req time stamp request for file testtsa..." create_time_stamp_request1 echo "Printing req1.req..." print_request req1.tsq echo "Generating valid response for req1.req..." create_time_stamp_response req1.tsq resp1.tsr tsa_config1 echo "Printing response..." print_response resp1.tsr echo "Verifying valid response..." verify_time_stamp_response req1.tsq resp1.tsr ../testtsa echo "Verifying valid token..." verify_time_stamp_token req1.tsq resp1.tsr ../testtsa # The tests below are commented out, because invalid signer certificates # can no longer be specified in the config file. # echo "Generating _invalid_ response for req1.req..." # create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 # echo "Printing response..." # print_response resp1_bad.tsr # echo "Verifying invalid response, it should fail..." # verify_time_stamp_response_fail req1.tsq resp1_bad.tsr echo "Creating req2.req time stamp request for file testtsa..." create_time_stamp_request2 echo "Printing req2.req..." print_request req2.tsq echo "Generating valid response for req2.req..." create_time_stamp_response req2.tsq resp2.tsr tsa_config1 echo "Checking '-token_in' and '-token_out' options with '-reply'..." time_stamp_response_token_test req2.tsq resp2.tsr echo "Printing response..." print_response resp2.tsr echo "Verifying valid response..." verify_time_stamp_response req2.tsq resp2.tsr ../testtsa echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req1.tsq resp2.tsr echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req2.tsq resp1.tsr echo "Creating req3.req time stamp request for file CAtsa.cnf..." create_time_stamp_request3 echo "Printing req3.req..." print_request req3.tsq echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req3.tsq resp1.tsr echo "Cleaning up..." clean_up_dir exit 0 @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @import today's snapshot! Hi @ text @@ 1.1.1.1.4.1 log @file testtsa was added on branch wrstuden-revivesa on 2008-06-23 05:02:03 +0000 @ text @d1 238 @ 1.1.1.1.4.2 log @Add files to branch that were added on -current. After this, all that's left of update is to merge some changes that had conflicts. @ text @a0 238 #!/bin/sh # # A few very basic tests for the 'ts' time stamping authority command. # SH="/bin/sh" if test "$OSTYPE" = msdosdjgpp; then PATH="../apps\;$PATH" else PATH="../apps:$PATH" fi export SH PATH OPENSSL_CONF="../CAtsa.cnf" export OPENSSL_CONF # Because that's what ../apps/CA.sh really looks at SSLEAY_CONFIG="-config $OPENSSL_CONF" export SSLEAY_CONFIG OPENSSL="`pwd`/../util/opensslwrap.sh" export OPENSSL error () { echo "TSA test failed!" >&2 exit 1 } setup_dir () { rm -rf tsa 2>/dev/null mkdir tsa cd ./tsa } clean_up_dir () { cd .. rm -rf tsa } create_ca () { echo "Creating a new CA for the TSA tests..." TSDNSECT=ts_ca_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ -out tsaca.pem -keyout tsacakey.pem test $? != 0 && error } create_tsa_cert () { INDEX=$1 export INDEX EXT=$2 TSDNSECT=ts_cert_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl req -new \ -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem test $? != 0 && error echo Using extension $EXT ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ -extfile $OPENSSL_CONF -extensions $EXT test $? != 0 && error } print_request () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text } create_time_stamp_request1 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq test $? != 0 && error } create_time_stamp_request2 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ -out req2.tsq test $? != 0 && error } create_time_stamp_request3 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq test $? != 0 && error } print_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text test $? != 0 && error } create_time_stamp_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 test $? != 0 && error } time_stamp_response_token_test () { RESPONSE2=$2.copy.tsr TOKEN_DER=$2.token.der ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 test $? != 0 && error cmp $RESPONSE2 $2 test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out test $? != 0 && error } verify_time_stamp_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error } verify_time_stamp_token () { # create the token from the response first ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error } verify_time_stamp_response_fail () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem # Checks if the verification failed, as it should have. test $? = 0 && error echo Ok } # main functions echo "Setting up TSA test directory..." setup_dir echo "Creating CA for TSA tests..." create_ca echo "Creating tsa_cert1.pem TSA server cert..." create_tsa_cert 1 tsa_cert echo "Creating tsa_cert2.pem non-TSA server cert..." create_tsa_cert 2 non_tsa_cert echo "Creating req1.req time stamp request for file testtsa..." create_time_stamp_request1 echo "Printing req1.req..." print_request req1.tsq echo "Generating valid response for req1.req..." create_time_stamp_response req1.tsq resp1.tsr tsa_config1 echo "Printing response..." print_response resp1.tsr echo "Verifying valid response..." verify_time_stamp_response req1.tsq resp1.tsr ../testtsa echo "Verifying valid token..." verify_time_stamp_token req1.tsq resp1.tsr ../testtsa # The tests below are commented out, because invalid signer certificates # can no longer be specified in the config file. # echo "Generating _invalid_ response for req1.req..." # create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 # echo "Printing response..." # print_response resp1_bad.tsr # echo "Verifying invalid response, it should fail..." # verify_time_stamp_response_fail req1.tsq resp1_bad.tsr echo "Creating req2.req time stamp request for file testtsa..." create_time_stamp_request2 echo "Printing req2.req..." print_request req2.tsq echo "Generating valid response for req2.req..." create_time_stamp_response req2.tsq resp2.tsr tsa_config1 echo "Checking '-token_in' and '-token_out' options with '-reply'..." time_stamp_response_token_test req2.tsq resp2.tsr echo "Printing response..." print_response resp2.tsr echo "Verifying valid response..." verify_time_stamp_response req2.tsq resp2.tsr ../testtsa echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req1.tsq resp2.tsr echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req2.tsq resp1.tsr echo "Creating req3.req time stamp request for file CAtsa.cnf..." create_time_stamp_request3 echo "Printing req3.req..." print_request req3.tsq echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req3.tsq resp1.tsr echo "Cleaning up..." clean_up_dir exit 0 @ 1.1.1.1.2.1 log @file testtsa was added on branch yamt-pf42 on 2008-05-18 12:29:08 +0000 @ text @d1 238 @ 1.1.1.1.2.2 log @sync with head. @ text @a0 238 #!/bin/sh # # A few very basic tests for the 'ts' time stamping authority command. # SH="/bin/sh" if test "$OSTYPE" = msdosdjgpp; then PATH="../apps\;$PATH" else PATH="../apps:$PATH" fi export SH PATH OPENSSL_CONF="../CAtsa.cnf" export OPENSSL_CONF # Because that's what ../apps/CA.sh really looks at SSLEAY_CONFIG="-config $OPENSSL_CONF" export SSLEAY_CONFIG OPENSSL="`pwd`/../util/opensslwrap.sh" export OPENSSL error () { echo "TSA test failed!" >&2 exit 1 } setup_dir () { rm -rf tsa 2>/dev/null mkdir tsa cd ./tsa } clean_up_dir () { cd .. rm -rf tsa } create_ca () { echo "Creating a new CA for the TSA tests..." TSDNSECT=ts_ca_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ -out tsaca.pem -keyout tsacakey.pem test $? != 0 && error } create_tsa_cert () { INDEX=$1 export INDEX EXT=$2 TSDNSECT=ts_cert_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl req -new \ -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem test $? != 0 && error echo Using extension $EXT ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ -extfile $OPENSSL_CONF -extensions $EXT test $? != 0 && error } print_request () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text } create_time_stamp_request1 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq test $? != 0 && error } create_time_stamp_request2 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ -out req2.tsq test $? != 0 && error } create_time_stamp_request3 () { ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq test $? != 0 && error } print_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text test $? != 0 && error } create_time_stamp_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 test $? != 0 && error } time_stamp_response_token_test () { RESPONSE2=$2.copy.tsr TOKEN_DER=$2.token.der ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 test $? != 0 && error cmp $RESPONSE2 $2 test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out test $? != 0 && error } verify_time_stamp_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error } verify_time_stamp_token () { # create the token from the response first ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error } verify_time_stamp_response_fail () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem # Checks if the verification failed, as it should have. test $? = 0 && error echo Ok } # main functions echo "Setting up TSA test directory..." setup_dir echo "Creating CA for TSA tests..." create_ca echo "Creating tsa_cert1.pem TSA server cert..." create_tsa_cert 1 tsa_cert echo "Creating tsa_cert2.pem non-TSA server cert..." create_tsa_cert 2 non_tsa_cert echo "Creating req1.req time stamp request for file testtsa..." create_time_stamp_request1 echo "Printing req1.req..." print_request req1.tsq echo "Generating valid response for req1.req..." create_time_stamp_response req1.tsq resp1.tsr tsa_config1 echo "Printing response..." print_response resp1.tsr echo "Verifying valid response..." verify_time_stamp_response req1.tsq resp1.tsr ../testtsa echo "Verifying valid token..." verify_time_stamp_token req1.tsq resp1.tsr ../testtsa # The tests below are commented out, because invalid signer certificates # can no longer be specified in the config file. # echo "Generating _invalid_ response for req1.req..." # create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 # echo "Printing response..." # print_response resp1_bad.tsr # echo "Verifying invalid response, it should fail..." # verify_time_stamp_response_fail req1.tsq resp1_bad.tsr echo "Creating req2.req time stamp request for file testtsa..." create_time_stamp_request2 echo "Printing req2.req..." print_request req2.tsq echo "Generating valid response for req2.req..." create_time_stamp_response req2.tsq resp2.tsr tsa_config1 echo "Checking '-token_in' and '-token_out' options with '-reply'..." time_stamp_response_token_test req2.tsq resp2.tsr echo "Printing response..." print_response resp2.tsr echo "Verifying valid response..." verify_time_stamp_response req2.tsq resp2.tsr ../testtsa echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req1.tsq resp2.tsr echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req2.tsq resp1.tsr echo "Creating req3.req time stamp request for file CAtsa.cnf..." create_time_stamp_request3 echo "Printing req3.req..." print_request req3.tsq echo "Verifying response against wrong request, it should fail..." verify_time_stamp_response_fail req3.tsq resp1.tsr echo "Cleaning up..." clean_up_dir exit 0 @