X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=lib%2Fopenssl%2Ftest%2Ftesttsa.com;fp=lib%2Fopenssl%2Ftest%2Ftesttsa.com;h=0000000000000000000000000000000000000000;hb=02ed66432c92de70694700164f986190aad3cbc5;hp=29fb1d0e63ea746a252104e9d809dead9feec251;hpb=89016837dcbf2775cd15dc8cbaba00dc6379f86e;p=cassiopeia.git diff --git a/lib/openssl/test/testtsa.com b/lib/openssl/test/testtsa.com deleted file mode 100644 index 29fb1d0..0000000 --- a/lib/openssl/test/testtsa.com +++ /dev/null @@ -1,255 +0,0 @@ -$! -$! A few very basic tests for the 'ts' time stamping authority command. -$! -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p4 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'" -$ OPENSSL_CONF = "[-]CAtsa.cnf" -$ ! Because that's what ../apps/CA.sh really looks at -$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF -$ -$ error: -$ subroutine -$ write sys$error "TSA test failed!" -$ exit 3 -$ endsubroutine -$ -$ setup_dir: -$ subroutine -$ -$ if f$search("tsa.dir") .nes "" -$ then -$ @[-.util]deltree [.tsa]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* -$ delete tsa.dir;* -$ endif -$ -$ create/dir [.tsa] -$ set default [.tsa] -$ endsubroutine -$ -$ clean_up_dir: -$ subroutine -$ -$ set default [-] -$ @[-.util]deltree [.tsa]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* -$ delete tsa.dir;* -$ endsubroutine -$ -$ create_ca: -$ subroutine -$ -$ write sys$output "Creating a new CA for the TSA tests..." -$ TSDNSECT = "ts_ca_dn" -$ openssl req -new -x509 -nodes - - -out tsaca.pem -keyout tsacakey.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_tsa_cert: -$ subroutine -$ -$ INDEX=p1 -$ EXT=p2 -$ TSDNSECT = "ts_cert_dn" -$ -$ openssl req -new - - -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem -$ if $severity .ne. 1 then call error -$ -$ write sys$output "Using extension ''EXT'" -$ openssl x509 -req - - -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - - "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - - -extfile 'OPENSSL_CONF' -extensions "''EXT'" -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ print_request: -$ subroutine -$ -$ openssl ts -query -in 'p1' -text -$ endsubroutine -$ -$ create_time_stamp_request1: subroutine -$ -$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - - -cert -out req1.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_request2: subroutine -$ -$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - - -no_nonce -out req2.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_request3: subroutine -$ -$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ print_response: -$ subroutine -$ -$ openssl ts -reply -in 'p1' -text -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_response: -$ subroutine -$ -$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ time_stamp_response_token_test: -$ subroutine -$ -$ RESPONSE2 = p2+ "-copy_tsr" -$ TOKEN_DER = p2+ "-token_der" -$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' -$ if $severity .ne. 1 then call error -$ backup/compare 'RESPONSE2' 'p2' -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'p2' -text -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -queryfile 'p1' -text -token_out -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_response: -$ subroutine -$ -$ openssl ts -verify -queryfile 'p1' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ openssl ts -verify -data 'p3' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_token: -$ subroutine -$ -$ ! create the token from the response first -$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" - - -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ openssl ts -verify -data "''p3'" -in "''p2'-token" - - -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_response_fail: -$ subroutine -$ -$ openssl ts -verify -queryfile 'p1' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ ! Checks if the verification failed, as it should have. -$ if $severity .eq. 1 then call error -$ write sys$output "Ok" -$ endsubroutine -$ -$ ! Main body ---------------------------------------------------------- -$ -$ set noon -$ -$ write sys$output "Setting up TSA test directory..." -$ call setup_dir -$ -$ write sys$output "Creating CA for TSA tests..." -$ call create_ca -$ -$ write sys$output "Creating tsa_cert1.pem TSA server cert..." -$ call create_tsa_cert 1 "tsa_cert" -$ -$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." -$ call create_tsa_cert 2 "non_tsa_cert" -$ -$ write sys$output "Creating req1.req time stamp request for file testtsa..." -$ call create_time_stamp_request1 -$ -$ write sys$output "Printing req1.req..." -$ call print_request "req1.tsq" -$ -$ write sys$output "Generating valid response for req1.req..." -$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1" -$ -$ write sys$output "Printing response..." -$ call print_response "resp1.tsr" -$ -$ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com" -$ -$ write sys$output "Verifying valid token..." -$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com" -$ -$ ! The tests below are commented out, because invalid signer certificates -$ ! can no longer be specified in the config file. -$ -$ ! write sys$output "Generating _invalid_ response for req1.req..." -$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2" -$ -$ ! write sys$output "Printing response..." -$ ! call print_response "resp1_bad.tsr" -$ -$ ! write sys$output "Verifying invalid response, it should fail..." -$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr" -$ -$ write sys$output "Creating req2.req time stamp request for file testtsa..." -$ call create_time_stamp_request2 -$ -$ write sys$output "Printing req2.req..." -$ call print_request "req2.tsq" -$ -$ write sys$output "Generating valid response for req2.req..." -$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1" -$ -$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." -$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr" -$ -$ write sys$output "Printing response..." -$ call print_response "resp2.tsr" -$ -$ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com" -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr" -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr" -$ -$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." -$ call create_time_stamp_request3 -$ -$ write sys$output "Printing req3.req..." -$ call print_request "req3.tsq" -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr" -$ -$ write sys$output "Cleaning up..." -$ call clean_up_dir -$ -$ set on -$ -$ exit