This commit was generated by cvs2git to track changes on a CVS vendor

branch.
author: djm <> 2010-10-01 22:54:19 +0000
committer: djm <> 2010-10-01 22:54:19 +0000
commit: 6ddfb710ab14b10183ff3a6a32f643554c80065e (patch)
tree: 03b202b49e2c6367ae5dec12d939ea99c9ca36b3 /src/lib/libssl/test
parent: b204ac0374903f9d6a2fcc50cfd94578e357d00a (diff)
parent: 242690ab2a8e991b85b4735c4e0bac0ec7bd3481 (diff)
download: openbsd-6ddfb710ab14b10183ff3a6a32f643554c80065e.tar.gz
openbsd-6ddfb710ab14b10183ff3a6a32f643554c80065e.tar.bz2
openbsd-6ddfb710ab14b10183ff3a6a32f643554c80065e.zip
1 files changed, 248 insertions, 0 deletions
diff --git a/src/lib/libssl/test/testtsa.com b/src/lib/libssl/test/testtsa.com
new file mode 100644
index 0000000000..e3c586f14a
--- /dev/null
+++ b/src/lib/libssl/test/testtsa.com
@@ -0,0 +1,248 @@
+$!
+$! A few very basic tests for the 'ts' time stamping authority command.
+$!
+$
+$       __arch := VAX
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
+$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$       openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
+$       OPENSSL_CONF := [-]CAtsa.cnf
+$       ! Because that's what ../apps/CA.sh really looks at
+$       SSLEAY_CONFIG = "-config " + OPENSSL_CONF
+$
+$ error:
+$       subroutine
+$               write sys$error "TSA test failed!"
+$               exit 3
+$       endsubroutine
+$
+$ setup_dir:
+$       subroutine
+$
+$               if f$search("tsa.dir") .nes ""
+$               then
+$                       @[-.util]deltree [.tsa]*.*
+$                       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$                       delete tsa.dir;*
+$               endif
+$
+$               create/dir [.tsa]
+$               set default [.tsa]
+$       endsubroutine
+$
+$ clean_up_dir:
+$       subroutine
+$
+$               set default [-]
+$               @[-.util]deltree [.tsa]*.*
+$               set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$               delete tsa.dir;*
+$       endsubroutine
+$
+$ create_ca:
+$       subroutine
+$
+$               write sys$output "Creating a new CA for the TSA tests..."
+$               TSDNSECT = "ts_ca_dn"
+$               openssl req -new -x509 -nodes -
+                        -out tsaca.pem -keyout tsacakey.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_tsa_cert:
+$       subroutine
+$
+$               INDEX=p1
+$               EXT=p2
+$               TSDNSECT = "ts_cert_dn"
+$
+$               openssl req -new -
+                        -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
+$               if $severity .ne. 1 then call error
+$
+$               write sys$output "Using extension ''EXT'"
+$               openssl x509 -req -
+                        -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
+                        "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
+                        -extfile 'OPENSSL_CONF' -extensions "''EXT'"
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ print_request:
+$       subroutine
+$
+$               openssl ts -query -in 'p1' -text
+$       endsubroutine
+$
+$ create_time_stamp_request1: subroutine
+$
+$               openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
+                        -cert -out req1.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_request2: subroutine
+$
+$               openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
+                        -no_nonce -out req2.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_request3: subroutine
+$
+$               openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ print_response:
+$       subroutine
+$
+$               openssl ts -reply -in 'p1' -text
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_response:
+$       subroutine
+$
+$               openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ time_stamp_response_token_test:
+$       subroutine
+$
+$               RESPONSE2:='p2'.copy_tsr
+$               TOKEN_DER:='p2'.token_der
+$               openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
+$               if $severity .ne. 1 then call error
+$               backup/compare 'RESPONSE2' 'p2'
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'p2' -text -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -queryfile 'p1' -text -token_out
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_response:
+$       subroutine
+$
+$               openssl ts -verify -queryfile 'p1' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -data 'p3' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_token:
+$       subroutine
+$
+$               ! create the token from the response first
+$               openssl ts -reply -in 'p2' -out 'p2'.token -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_response_fail:
+$       subroutine
+$
+$               openssl ts -verify -queryfile 'p1' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               ! Checks if the verification failed, as it should have.
+$               if $severity .eq. 1 then call error
+$               write sys$output "Ok"
+$       endsubroutine
+$
+$       ! Main body ----------------------------------------------------------
+$
+$       write sys$output "Setting up TSA test directory..."
+$       call setup_dir
+$
+$       write sys$output "Creating CA for TSA tests..."
+$       call create_ca
+$
+$       write sys$output "Creating tsa_cert1.pem TSA server cert..."
+$       call create_tsa_cert 1 "tsa_cert"
+$
+$       write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
+$       call create_tsa_cert 2 "non_tsa_cert"
+$
+$       write sys$output "Creating req1.req time stamp request for file testtsa..."
+$       call create_time_stamp_request1
+$
+$       write sys$output "Printing req1.req..."
+$       call print_request req1.tsq
+$
+$       write sys$output "Generating valid response for req1.req..."
+$       call create_time_stamp_response req1.tsq resp1.tsr tsa_config1
+$
+$       write sys$output "Printing response..."
+$       call print_response resp1.tsr
+$
+$       write sys$output "Verifying valid response..."
+$       call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
+$
+$       write sys$output "Verifying valid token..."
+$       call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
+$
+$       ! The tests below are commented out, because invalid signer certificates
+$       ! can no longer be specified in the config file.
+$
+$       ! write sys$output "Generating _invalid_ response for req1.req..."
+$       ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
+$
+$       ! write sys$output "Printing response..."
+$       ! call print_response resp1_bad.tsr
+$
+$       ! write sys$output "Verifying invalid response, it should fail..."
+$       ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
+$
+$       write sys$output "Creating req2.req time stamp request for file testtsa..."
+$       call create_time_stamp_request2
+$
+$       write sys$output "Printing req2.req..."
+$       call print_request req2.tsq
+$
+$       write sys$output "Generating valid response for req2.req..."
+$       call create_time_stamp_response req2.tsq resp2.tsr tsa_config1
+$
+$       write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
+$       call time_stamp_response_token_test req2.tsq resp2.tsr
+$
+$       write sys$output "Printing response..."
+$       call print_response resp2.tsr
+$
+$       write sys$output "Verifying valid response..."
+$       call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req1.tsq resp2.tsr
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req2.tsq resp1.tsr
+$
+$       write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
+$       call create_time_stamp_request3
+$
+$       write sys$output "Printing req3.req..."
+$       call print_request req3.tsq
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req3.tsq resp1.tsr
+$
+$       write sys$output "Cleaning up..."
+$       call clean_up_dir
+$
+$       exit
author	djm <>	2010-10-01 22:54:19 +0000
committer	djm <>	2010-10-01 22:54:19 +0000
commit	6ddfb710ab14b10183ff3a6a32f643554c80065e (patch)
tree	03b202b49e2c6367ae5dec12d939ea99c9ca36b3 /src/lib/libssl/test
parent	b204ac0374903f9d6a2fcc50cfd94578e357d00a (diff)
parent	242690ab2a8e991b85b4735c4e0bac0ec7bd3481 (diff)
download	openbsd-6ddfb710ab14b10183ff3a6a32f643554c80065e.tar.gz openbsd-6ddfb710ab14b10183ff3a6a32f643554c80065e.tar.bz2 openbsd-6ddfb710ab14b10183ff3a6a32f643554c80065e.zip

diff --git a/src/lib/libssl/test/testtsa.com b/src/lib/libssl/test/testtsa.com new file mode 100644 index 0000000000..e3c586f14a --- /dev/null +++ b/src/lib/libssl/test/testtsa.com
@@ -0,0 +1,248 @@
	1	$!
	2	$! A few very basic tests for the 'ts' time stamping authority command.
	3	$!
	4	$
	5	$ __arch := VAX
	6	$ if f$getsyi("cpu") .ge. 128 then -
	7	__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
	8	$ if __arch .eqs. "" then __arch := UNK
	9	$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
	10	$
	11	$ openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
	12	$ OPENSSL_CONF := [-]CAtsa.cnf
	13	$ ! Because that's what ../apps/CA.sh really looks at
	14	$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF
	15	$
	16	$ error:
	17	$ subroutine
	18	$ write sys$error "TSA test failed!"
	19	$ exit 3
	20	$ endsubroutine
	21	$
	22	$ setup_dir:
	23	$ subroutine
	24	$
	25	$ if f$search("tsa.dir") .nes ""
	26	$ then
	27	$ @[-.util]deltree [.tsa].
	28	$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
	29	$ delete tsa.dir;*
	30	$ endif
	31	$
	32	$ create/dir [.tsa]
	33	$ set default [.tsa]
	34	$ endsubroutine
	35	$
	36	$ clean_up_dir:
	37	$ subroutine
	38	$
	39	$ set default [-]
	40	$ @[-.util]deltree [.tsa].
	41	$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
	42	$ delete tsa.dir;*
	43	$ endsubroutine
	44	$
	45	$ create_ca:
	46	$ subroutine
	47	$
	48	$ write sys$output "Creating a new CA for the TSA tests..."
	49	$ TSDNSECT = "ts_ca_dn"
	50	$ openssl req -new -x509 -nodes -
	51	-out tsaca.pem -keyout tsacakey.pem
	52	$ if $severity .ne. 1 then call error
	53	$ endsubroutine
	54	$
	55	$ create_tsa_cert:
	56	$ subroutine
	57	$
	58	$ INDEX=p1
	59	$ EXT=p2
	60	$ TSDNSECT = "ts_cert_dn"
	61	$
	62	$ openssl req -new -
	63	-out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
	64	$ if $severity .ne. 1 then call error
	65	$
	66	$ write sys$output "Using extension ''EXT'"
	67	$ openssl x509 -req -
	68	-in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
	69	"-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
	70	-extfile 'OPENSSL_CONF' -extensions "''EXT'"
	71	$ if $severity .ne. 1 then call error
	72	$ endsubroutine
	73	$
	74	$ print_request:
	75	$ subroutine
	76	$
	77	$ openssl ts -query -in 'p1' -text
	78	$ endsubroutine
	79	$
	80	$ create_time_stamp_request1: subroutine
	81	$
	82	$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
	83	-cert -out req1.tsq
	84	$ if $severity .ne. 1 then call error
	85	$ endsubroutine
	86	$
	87	$ create_time_stamp_request2: subroutine
	88	$
	89	$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
	90	-no_nonce -out req2.tsq
	91	$ if $severity .ne. 1 then call error
	92	$ endsubroutine
	93	$
	94	$ create_time_stamp_request3: subroutine
	95	$
	96	$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
	97	$ if $severity .ne. 1 then call error
	98	$ endsubroutine
	99	$
	100	$ print_response:
	101	$ subroutine
	102	$
	103	$ openssl ts -reply -in 'p1' -text
	104	$ if $severity .ne. 1 then call error
	105	$ endsubroutine
	106	$
	107	$ create_time_stamp_response:
	108	$ subroutine
	109	$
	110	$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
	111	$ if $severity .ne. 1 then call error
	112	$ endsubroutine
	113	$
	114	$ time_stamp_response_token_test:
	115	$ subroutine
	116	$
	117	$ RESPONSE2:='p2'.copy_tsr
	118	$ TOKEN_DER:='p2'.token_der
	119	$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
	120	$ if $severity .ne. 1 then call error
	121	$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
	122	$ if $severity .ne. 1 then call error
	123	$ backup/compare 'RESPONSE2' 'p2'
	124	$ if $severity .ne. 1 then call error
	125	$ openssl ts -reply -in 'p2' -text -token_out
	126	$ if $severity .ne. 1 then call error
	127	$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
	128	$ if $severity .ne. 1 then call error
	129	$ openssl ts -reply -queryfile 'p1' -text -token_out
	130	$ if $severity .ne. 1 then call error
	131	$ endsubroutine
	132	$
	133	$ verify_time_stamp_response:
	134	$ subroutine
	135	$
	136	$ openssl ts -verify -queryfile 'p1' -in 'p2' -
	137	"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
	138	$ if $severity .ne. 1 then call error
	139	$ openssl ts -verify -data 'p3' -in 'p2' -
	140	"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
	141	$ if $severity .ne. 1 then call error
	142	$ endsubroutine
	143	$
	144	$ verify_time_stamp_token:
	145	$ subroutine
	146	$
	147	$ ! create the token from the response first
	148	$ openssl ts -reply -in 'p2' -out 'p2'.token -token_out
	149	$ if $severity .ne. 1 then call error
	150	$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
	151	"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
	152	$ if $severity .ne. 1 then call error
	153	$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
	154	"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
	155	$ if $severity .ne. 1 then call error
	156	$ endsubroutine
	157	$
	158	$ verify_time_stamp_response_fail:
	159	$ subroutine
	160	$
	161	$ openssl ts -verify -queryfile 'p1' -in 'p2' -
	162	"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
	163	$ ! Checks if the verification failed, as it should have.
	164	$ if $severity .eq. 1 then call error
	165	$ write sys$output "Ok"
	166	$ endsubroutine
	167	$
	168	$ ! Main body ----------------------------------------------------------
	169	$
	170	$ write sys$output "Setting up TSA test directory..."
	171	$ call setup_dir
	172	$
	173	$ write sys$output "Creating CA for TSA tests..."
	174	$ call create_ca
	175	$
	176	$ write sys$output "Creating tsa_cert1.pem TSA server cert..."
	177	$ call create_tsa_cert 1 "tsa_cert"
	178	$
	179	$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
	180	$ call create_tsa_cert 2 "non_tsa_cert"
	181	$
	182	$ write sys$output "Creating req1.req time stamp request for file testtsa..."
	183	$ call create_time_stamp_request1
	184	$
	185	$ write sys$output "Printing req1.req..."
	186	$ call print_request req1.tsq
	187	$
	188	$ write sys$output "Generating valid response for req1.req..."
	189	$ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1
	190	$
	191	$ write sys$output "Printing response..."
	192	$ call print_response resp1.tsr
	193	$
	194	$ write sys$output "Verifying valid response..."
	195	$ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
	196	$
	197	$ write sys$output "Verifying valid token..."
	198	$ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
	199	$
	200	$ ! The tests below are commented out, because invalid signer certificates
	201	$ ! can no longer be specified in the config file.
	202	$
	203	$ ! write sys$output "Generating _invalid_ response for req1.req..."
	204	$ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
	205	$
	206	$ ! write sys$output "Printing response..."
	207	$ ! call print_response resp1_bad.tsr
	208	$
	209	$ ! write sys$output "Verifying invalid response, it should fail..."
	210	$ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
	211	$
	212	$ write sys$output "Creating req2.req time stamp request for file testtsa..."
	213	$ call create_time_stamp_request2
	214	$
	215	$ write sys$output "Printing req2.req..."
	216	$ call print_request req2.tsq
	217	$
	218	$ write sys$output "Generating valid response for req2.req..."
	219	$ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1
	220	$
	221	$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
	222	$ call time_stamp_response_token_test req2.tsq resp2.tsr
	223	$
	224	$ write sys$output "Printing response..."
	225	$ call print_response resp2.tsr
	226	$
	227	$ write sys$output "Verifying valid response..."
	228	$ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
	229	$
	230	$ write sys$output "Verifying response against wrong request, it should fail..."
	231	$ call verify_time_stamp_response_fail req1.tsq resp2.tsr
	232	$
	233	$ write sys$output "Verifying response against wrong request, it should fail..."
	234	$ call verify_time_stamp_response_fail req2.tsq resp1.tsr
	235	$
	236	$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
	237	$ call create_time_stamp_request3
	238	$
	239	$ write sys$output "Printing req3.req..."
	240	$ call print_request req3.tsq
	241	$
	242	$ write sys$output "Verifying response against wrong request, it should fail..."
	243	$ call verify_time_stamp_response_fail req3.tsq resp1.tsr
	244	$
	245	$ write sys$output "Cleaning up..."
	246	$ call clean_up_dir
	247	$
	248	$ exit