diff options
Diffstat (limited to 'deps/openssl/openssl/test/testtsa.com')
-rw-r--r-- | deps/openssl/openssl/test/testtsa.com | 255 |
1 files changed, 255 insertions, 0 deletions
diff --git a/deps/openssl/openssl/test/testtsa.com b/deps/openssl/openssl/test/testtsa.com new file mode 100644 index 0000000000..29fb1d0e63 --- /dev/null +++ b/deps/openssl/openssl/test/testtsa.com @@ -0,0 +1,255 @@ +$! +$! A few very basic tests for the 'ts' time stamping authority command. +$! +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'" +$ OPENSSL_CONF = "[-]CAtsa.cnf" +$ ! Because that's what ../apps/CA.sh really looks at +$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF +$ +$ error: +$ subroutine +$ write sys$error "TSA test failed!" +$ exit 3 +$ endsubroutine +$ +$ setup_dir: +$ subroutine +$ +$ if f$search("tsa.dir") .nes "" +$ then +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endif +$ +$ create/dir [.tsa] +$ set default [.tsa] +$ endsubroutine +$ +$ clean_up_dir: +$ subroutine +$ +$ set default [-] +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endsubroutine +$ +$ create_ca: +$ subroutine +$ +$ write sys$output "Creating a new CA for the TSA tests..." +$ TSDNSECT = "ts_ca_dn" +$ openssl req -new -x509 -nodes - + -out tsaca.pem -keyout tsacakey.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_tsa_cert: +$ subroutine +$ +$ INDEX=p1 +$ EXT=p2 +$ TSDNSECT = "ts_cert_dn" +$ +$ openssl req -new - + -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem +$ if $severity .ne. 1 then call error +$ +$ write sys$output "Using extension ''EXT'" +$ openssl x509 -req - + -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - + "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - + -extfile 'OPENSSL_CONF' -extensions "''EXT'" +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_request: +$ subroutine +$ +$ openssl ts -query -in 'p1' -text +$ endsubroutine +$ +$ create_time_stamp_request1: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - + -cert -out req1.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request2: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - + -no_nonce -out req2.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request3: subroutine +$ +$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_response: +$ subroutine +$ +$ openssl ts -reply -in 'p1' -text +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_response: +$ subroutine +$ +$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ time_stamp_response_token_test: +$ subroutine +$ +$ RESPONSE2 = p2+ "-copy_tsr" +$ TOKEN_DER = p2+ "-token_der" +$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' +$ if $severity .ne. 1 then call error +$ backup/compare 'RESPONSE2' 'p2' +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'p2' -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -queryfile 'p1' -text -token_out +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data 'p3' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_token: +$ subroutine +$ +$ ! create the token from the response first +$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data "''p3'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response_fail: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ ! Checks if the verification failed, as it should have. +$ if $severity .eq. 1 then call error +$ write sys$output "Ok" +$ endsubroutine +$ +$ ! Main body ---------------------------------------------------------- +$ +$ set noon +$ +$ write sys$output "Setting up TSA test directory..." +$ call setup_dir +$ +$ write sys$output "Creating CA for TSA tests..." +$ call create_ca +$ +$ write sys$output "Creating tsa_cert1.pem TSA server cert..." +$ call create_tsa_cert 1 "tsa_cert" +$ +$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." +$ call create_tsa_cert 2 "non_tsa_cert" +$ +$ write sys$output "Creating req1.req time stamp request for file testtsa..." +$ call create_time_stamp_request1 +$ +$ write sys$output "Printing req1.req..." +$ call print_request "req1.tsq" +$ +$ write sys$output "Generating valid response for req1.req..." +$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1" +$ +$ write sys$output "Printing response..." +$ call print_response "resp1.tsr" +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com" +$ +$ write sys$output "Verifying valid token..." +$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com" +$ +$ ! The tests below are commented out, because invalid signer certificates +$ ! can no longer be specified in the config file. +$ +$ ! write sys$output "Generating _invalid_ response for req1.req..." +$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2" +$ +$ ! write sys$output "Printing response..." +$ ! call print_response "resp1_bad.tsr" +$ +$ ! write sys$output "Verifying invalid response, it should fail..." +$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr" +$ +$ write sys$output "Creating req2.req time stamp request for file testtsa..." +$ call create_time_stamp_request2 +$ +$ write sys$output "Printing req2.req..." +$ call print_request "req2.tsq" +$ +$ write sys$output "Generating valid response for req2.req..." +$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1" +$ +$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." +$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr" +$ +$ write sys$output "Printing response..." +$ call print_response "resp2.tsr" +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr" +$ +$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." +$ call create_time_stamp_request3 +$ +$ write sys$output "Printing req3.req..." +$ call print_request "req3.tsq" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr" +$ +$ write sys$output "Cleaning up..." +$ call clean_up_dir +$ +$ set on +$ +$ exit |