2
0

testtsa 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
  1. #!/bin/sh
  2. #
  3. # A few very basic tests for the 'ts' time stamping authority command.
  4. #
  5. SH="/bin/sh"
  6. if test "$OSTYPE" = msdosdjgpp; then
  7. PATH="../apps\;$PATH"
  8. else
  9. PATH="../apps:$PATH"
  10. fi
  11. export SH PATH
  12. OPENSSL_CONF="../CAtsa.cnf"
  13. export OPENSSL_CONF
  14. # Because that's what ../apps/CA.pl really looks at
  15. SSLEAY_CONFIG="-config $OPENSSL_CONF"
  16. export SSLEAY_CONFIG
  17. OPENSSL="`pwd`/../util/opensslwrap.sh"
  18. export OPENSSL
  19. RUN () {
  20. ../../util/shlib_wrap.sh ../../apps/openssl ts $*
  21. }
  22. create_tsa_cert () {
  23. INDEX=$1
  24. export INDEX
  25. EXT=$2
  26. TSDNSECT=ts_cert_dn
  27. export TSDNSECT
  28. ../../util/shlib_wrap.sh ../../apps/openssl req -new \
  29. -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1
  30. echo using extension $EXT
  31. ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
  32. -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
  33. -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
  34. -extfile $OPENSSL_CONF -extensions $EXT || exit 1
  35. }
  36. create_time_stamp_response () {
  37. RUN -reply -section $3 -queryfile $1 -out $2 || exit 1
  38. }
  39. verify_time_stamp_response () {
  40. RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
  41. -untrusted tsa_cert1.pem || exit 1
  42. RUN -verify -data $3 -in $2 -CAfile tsaca.pem \
  43. -untrusted tsa_cert1.pem || exit 1
  44. }
  45. verify_time_stamp_response_fail () {
  46. RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
  47. -untrusted tsa_cert1.pem && exit 1
  48. echo ok
  49. }
  50. # main functions
  51. echo setting up TSA test directory
  52. rm -rf tsa 2>/dev/null
  53. mkdir tsa
  54. cd ./tsa
  55. echo creating a new CA for the TSA tests
  56. TSDNSECT=ts_ca_dn
  57. export TSDNSECT
  58. ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
  59. -out tsaca.pem -keyout tsacakey.pem || exit 1
  60. echo creating tsa_cert1.pem TSA server cert
  61. create_tsa_cert 1 tsa_cert
  62. echo creating tsa_cert2.pem non-TSA server cert
  63. create_tsa_cert 2 non_tsa_cert
  64. echo creating req1.req time stamp request for file testtsa
  65. RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1
  66. echo printing req1.req
  67. RUN -query -in req1.tsq -text
  68. echo generating valid response for req1.req
  69. create_time_stamp_response req1.tsq resp1.tsr tsa_config1
  70. echo printing response
  71. RUN -reply -in resp1.tsr -text || exit 1
  72. echo verifying valid response
  73. verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
  74. echo verifying valid token
  75. RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out || exit 1
  76. RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \
  77. -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
  78. RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \
  79. -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
  80. echo creating req2.req time stamp request for file testtsa
  81. RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \
  82. -out req2.tsq || exit 1
  83. echo printing req2.req
  84. RUN -query -in req2.tsq -text
  85. echo generating valid response for req2.req
  86. create_time_stamp_response req2.tsq resp2.tsr tsa_config1
  87. echo checking -token_in and -token_out options with -reply
  88. RESPONSE2=resp2.tsr.copy.tsr
  89. TOKEN_DER=resp2.tsr.token.der
  90. RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out || exit 1
  91. RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
  92. cmp $RESPONSE2 resp2.tsr || exit 1
  93. RUN -reply -in resp2.tsr -text -token_out || exit 1
  94. RUN -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
  95. RUN -reply -queryfile req2.tsq -text -token_out || exit 1
  96. echo printing response
  97. RUN -reply -in resp2.tsr -text || exit 1
  98. echo verifying valid response
  99. verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
  100. echo verifying response against wrong request, it should fail
  101. verify_time_stamp_response_fail req1.tsq resp2.tsr
  102. echo verifying response against wrong request, it should fail
  103. verify_time_stamp_response_fail req2.tsq resp1.tsr
  104. echo creating req3.req time stamp request for file CAtsa.cnf
  105. RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1
  106. echo printing req3.req
  107. RUN -query -in req3.tsq -text
  108. echo verifying response against wrong request, it should fail
  109. verify_time_stamp_response_fail req3.tsq resp1.tsr
  110. echo cleaning up
  111. cd ..
  112. rm -rf tsa
  113. exit 0