2 files changed, 0 insertions, 493 deletions
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
deleted file mode 100644
index bb653b5f73..0000000000
--- a/src/lib/libssl/test/testtsa
+++ /dev/null
@@ -1,238 +0,0 @@
-#!/bin/sh
-#
-# A few very basic tests for the 'ts' time stamping authority command.
-#
-SH="/bin/sh"
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH="../apps\;$PATH"
-else
-    PATH="../apps:$PATH"
-fi
-export SH PATH
-OPENSSL_CONF="../CAtsa.cnf"
-export OPENSSL_CONF
-# Because that's what ../apps/CA.sh really looks at
-SSLEAY_CONFIG="-config $OPENSSL_CONF"
-export SSLEAY_CONFIG
-OPENSSL="`pwd`/../util/opensslwrap.sh"
-export OPENSSL
-error () {
-    echo "TSA test failed!" >&2
-    exit 1
-}
-setup_dir () {
-    rm -rf tsa 2>/dev/null
-    mkdir tsa
-    cd ./tsa
-}
-clean_up_dir () {
-    cd ..
-    rm -rf tsa
-}
-create_ca () {
-    echo "Creating a new CA for the TSA tests..."
-    TSDNSECT=ts_ca_dn
-    export TSDNSECT   
-    ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
-        -out tsaca.pem -keyout tsacakey.pem
-    test $? != 0 && error
-}
-create_tsa_cert () {
-    INDEX=$1
-    export INDEX
-    EXT=$2
-    TSDNSECT=ts_cert_dn
-    export TSDNSECT   
-    ../../util/shlib_wrap.sh ../../apps/openssl req -new \
-        -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
-    test $? != 0 && error
-echo Using extension $EXT
-    ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
-        -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
-        -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
-        -extfile $OPENSSL_CONF -extensions $EXT
-    test $? != 0 && error
-}
-print_request () {
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
-}
-create_time_stamp_request1 () {
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
-    test $? != 0 && error
-}
-create_time_stamp_request2 () {
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
-        -out req2.tsq
-    test $? != 0 && error
-}
-create_time_stamp_request3 () {
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
-    test $? != 0 && error
-}
-print_response () {
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
-    test $? != 0 && error
-}
-create_time_stamp_response () {
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
-    test $? != 0 && error
-}
-time_stamp_response_token_test () {
-    RESPONSE2=$2.copy.tsr
-    TOKEN_DER=$2.token.der
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
-    test $? != 0 && error
-    cmp $RESPONSE2 $2
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
-    test $? != 0 && error
-}
-verify_time_stamp_response () {
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
-        -untrusted tsa_cert1.pem
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
-        -untrusted tsa_cert1.pem
-    test $? != 0 && error
-}
-verify_time_stamp_token () {
-    # create the token from the response first
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
-        -CAfile tsaca.pem -untrusted tsa_cert1.pem
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
-        -CAfile tsaca.pem -untrusted tsa_cert1.pem
-    test $? != 0 && error
-}
-verify_time_stamp_response_fail () {
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
-        -untrusted tsa_cert1.pem
-    # Checks if the verification failed, as it should have.
-    test $? = 0 && error
-    echo Ok
-}
-# main functions
-echo "Setting up TSA test directory..."
-setup_dir
-echo "Creating CA for TSA tests..."
-create_ca
-echo "Creating tsa_cert1.pem TSA server cert..."
-create_tsa_cert 1 tsa_cert
-echo "Creating tsa_cert2.pem non-TSA server cert..."
-create_tsa_cert 2 non_tsa_cert
-echo "Creating req1.req time stamp request for file testtsa..."
-create_time_stamp_request1
-echo "Printing req1.req..."
-print_request req1.tsq
-echo "Generating valid response for req1.req..."
-create_time_stamp_response req1.tsq resp1.tsr tsa_config1
-echo "Printing response..."
-print_response resp1.tsr
-echo "Verifying valid response..."
-verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
-echo "Verifying valid token..."
-verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
-# The tests below are commented out, because invalid signer certificates
-# can no longer be specified in the config file.
-# echo "Generating _invalid_ response for req1.req..."
-# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
-# echo "Printing response..."
-# print_response resp1_bad.tsr
-# echo "Verifying invalid response, it should fail..."
-# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
-echo "Creating req2.req time stamp request for file testtsa..."
-create_time_stamp_request2
-echo "Printing req2.req..."
-print_request req2.tsq
-echo "Generating valid response for req2.req..."
-create_time_stamp_response req2.tsq resp2.tsr tsa_config1
-echo "Checking '-token_in' and '-token_out' options with '-reply'..."
-time_stamp_response_token_test req2.tsq resp2.tsr
-echo "Printing response..."
-print_response resp2.tsr
-echo "Verifying valid response..."
-verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
-echo "Verifying response against wrong request, it should fail..."
-verify_time_stamp_response_fail req1.tsq resp2.tsr
-echo "Verifying response against wrong request, it should fail..."
-verify_time_stamp_response_fail req2.tsq resp1.tsr
-echo "Creating req3.req time stamp request for file CAtsa.cnf..."
-create_time_stamp_request3
-echo "Printing req3.req..."
-print_request req3.tsq
-echo "Verifying response against wrong request, it should fail..."
-verify_time_stamp_response_fail req3.tsq resp1.tsr
-echo "Cleaning up..."
-clean_up_dir
-exit 0
diff --git a/src/lib/libssl/test/testtsa.com b/src/lib/libssl/test/testtsa.com
deleted file mode 100644
index 29fb1d0e63..0000000000
--- a/src/lib/libssl/test/testtsa.com
+++ /dev/null
@@ -1,255 +0,0 @@
-$!
-$! A few very basic tests for the 'ts' time stamping authority command.
-$!
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p4 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
-$       OPENSSL_CONF = "[-]CAtsa.cnf"
-$       ! Because that's what ../apps/CA.sh really looks at
-$       SSLEAY_CONFIG = "-config " + OPENSSL_CONF
-$
-$ error:
-$       subroutine
-$               write sys$error "TSA test failed!"
-$               exit 3
-$       endsubroutine
-$
-$ setup_dir:
-$       subroutine
-$
-$               if f$search("tsa.dir") .nes ""
-$               then
-$                       @[-.util]deltree [.tsa]*.*
-$                       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$                       delete tsa.dir;*
-$               endif
-$
-$               create/dir [.tsa]
-$               set default [.tsa]
-$       endsubroutine
-$
-$ clean_up_dir:
-$       subroutine
-$
-$               set default [-]
-$               @[-.util]deltree [.tsa]*.*
-$               set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$               delete tsa.dir;*
-$       endsubroutine
-$
-$ create_ca:
-$       subroutine
-$
-$               write sys$output "Creating a new CA for the TSA tests..."
-$               TSDNSECT = "ts_ca_dn"
-$               openssl req -new -x509 -nodes -
-                        -out tsaca.pem -keyout tsacakey.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_tsa_cert:
-$       subroutine
-$
-$               INDEX=p1
-$               EXT=p2
-$               TSDNSECT = "ts_cert_dn"
-$
-$               openssl req -new -
-                        -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
-$               if $severity .ne. 1 then call error
-$
-$               write sys$output "Using extension ''EXT'"
-$               openssl x509 -req -
-                        -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
-                        "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
-                        -extfile 'OPENSSL_CONF' -extensions "''EXT'"
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ print_request:
-$       subroutine
-$
-$               openssl ts -query -in 'p1' -text
-$       endsubroutine
-$
-$ create_time_stamp_request1: subroutine
-$
-$               openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
-                        -cert -out req1.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_request2: subroutine
-$
-$               openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
-                        -no_nonce -out req2.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_request3: subroutine
-$
-$               openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ print_response:
-$       subroutine
-$
-$               openssl ts -reply -in 'p1' -text
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_response:
-$       subroutine
-$
-$               openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ time_stamp_response_token_test:
-$       subroutine
-$
-$               RESPONSE2 = p2+ "-copy_tsr"
-$               TOKEN_DER = p2+ "-token_der"
-$               openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
-$               if $severity .ne. 1 then call error
-$               backup/compare 'RESPONSE2' 'p2'
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'p2' -text -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -queryfile 'p1' -text -token_out
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_response:
-$       subroutine
-$
-$               openssl ts -verify -queryfile 'p1' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -data 'p3' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_token:
-$       subroutine
-$
-$               ! create the token from the response first
-$               openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
-                 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -data "''p3'" -in "''p2'-token" -
-                 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_response_fail:
-$       subroutine
-$
-$               openssl ts -verify -queryfile 'p1' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               ! Checks if the verification failed, as it should have.
-$               if $severity .eq. 1 then call error
-$               write sys$output "Ok"
-$       endsubroutine
-$
-$       ! Main body ----------------------------------------------------------
-$
-$       set noon
-$
-$       write sys$output "Setting up TSA test directory..."
-$       call setup_dir
-$
-$       write sys$output "Creating CA for TSA tests..."
-$       call create_ca
-$
-$       write sys$output "Creating tsa_cert1.pem TSA server cert..."
-$       call create_tsa_cert 1 "tsa_cert"
-$
-$       write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
-$       call create_tsa_cert 2 "non_tsa_cert"
-$
-$       write sys$output "Creating req1.req time stamp request for file testtsa..."
-$       call create_time_stamp_request1
-$
-$       write sys$output "Printing req1.req..."
-$       call print_request "req1.tsq"
-$
-$       write sys$output "Generating valid response for req1.req..."
-$       call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
-$
-$       write sys$output "Printing response..."
-$       call print_response "resp1.tsr"
-$
-$       write sys$output "Verifying valid response..."
-$       call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
-$
-$       write sys$output "Verifying valid token..."
-$       call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
-$
-$       ! The tests below are commented out, because invalid signer certificates
-$       ! can no longer be specified in the config file.
-$
-$       ! write sys$output "Generating _invalid_ response for req1.req..."
-$       ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
-$
-$       ! write sys$output "Printing response..."
-$       ! call print_response "resp1_bad.tsr"
-$
-$       ! write sys$output "Verifying invalid response, it should fail..."
-$       ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
-$
-$       write sys$output "Creating req2.req time stamp request for file testtsa..."
-$       call create_time_stamp_request2
-$
-$       write sys$output "Printing req2.req..."
-$       call print_request "req2.tsq"
-$
-$       write sys$output "Generating valid response for req2.req..."
-$       call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
-$
-$       write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
-$       call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
-$
-$       write sys$output "Printing response..."
-$       call print_response "resp2.tsr"
-$
-$       write sys$output "Verifying valid response..."
-$       call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
-$
-$       write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
-$       call create_time_stamp_request3
-$
-$       write sys$output "Printing req3.req..."
-$       call print_request "req3.tsq"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
-$
-$       write sys$output "Cleaning up..."
-$       call clean_up_dir
-$
-$       set on
-$
-$       exit

diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa deleted file mode 100644 index bb653b5f73..0000000000 --- a/src/lib/libssl/test/testtsa +++ /dev/null
@@ -1,238 +0,0 @@
1	#!/bin/sh
2
3	#
4	# A few very basic tests for the 'ts' time stamping authority command.
5	#
6
7	SH="/bin/sh"
8	if test "$OSTYPE" = msdosdjgpp; then
9	PATH="../apps\;$PATH"
10	else
11	PATH="../apps:$PATH"
12	fi
13	export SH PATH
14
15	OPENSSL_CONF="../CAtsa.cnf"
16	export OPENSSL_CONF
17	# Because that's what ../apps/CA.sh really looks at
18	SSLEAY_CONFIG="-config $OPENSSL_CONF"
19	export SSLEAY_CONFIG
20
21	OPENSSL="`pwd`/../util/opensslwrap.sh"
22	export OPENSSL
23
24	error () {
25
26	echo "TSA test failed!" >&2
27	exit 1
28	}
29
30	setup_dir () {
31
32	rm -rf tsa 2>/dev/null
33	mkdir tsa
34	cd ./tsa
35	}
36
37	clean_up_dir () {
38
39	cd ..
40	rm -rf tsa
41	}
42
43	create_ca () {
44
45	echo "Creating a new CA for the TSA tests..."
46	TSDNSECT=ts_ca_dn
47	export TSDNSECT
48	../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49	-out tsaca.pem -keyout tsacakey.pem
50	test $? != 0 && error
51	}
52
53	create_tsa_cert () {
54
55	INDEX=$1
56	export INDEX
57	EXT=$2
58	TSDNSECT=ts_cert_dn
59	export TSDNSECT
60
61	../../util/shlib_wrap.sh ../../apps/openssl req -new \
62	-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63	test $? != 0 && error
64	echo Using extension $EXT
65	../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66	-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67	-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68	-extfile $OPENSSL_CONF -extensions $EXT
69	test $? != 0 && error
70	}
71
72	print_request () {
73
74	../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
75	}
76
77	create_time_stamp_request1 () {
78
79	../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
80	test $? != 0 && error
81	}
82
83	create_time_stamp_request2 () {
84
85	../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
86	-out req2.tsq
87	test $? != 0 && error
88	}
89
90	create_time_stamp_request3 () {
91
92	../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
93	test $? != 0 && error
94	}
95
96	print_response () {
97
98	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
99	test $? != 0 && error
100	}
101
102	create_time_stamp_response () {
103
104	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
105	test $? != 0 && error
106	}
107
108	time_stamp_response_token_test () {
109
110	RESPONSE2=$2.copy.tsr
111	TOKEN_DER=$2.token.der
112	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
113	test $? != 0 && error
114	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
115	test $? != 0 && error
116	cmp $RESPONSE2 $2
117	test $? != 0 && error
118	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
119	test $? != 0 && error
120	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
121	test $? != 0 && error
122	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
123	test $? != 0 && error
124	}
125
126	verify_time_stamp_response () {
127
128	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
129	-untrusted tsa_cert1.pem
130	test $? != 0 && error
131	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
132	-untrusted tsa_cert1.pem
133	test $? != 0 && error
134	}
135
136	verify_time_stamp_token () {
137
138	# create the token from the response first
139	../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
140	test $? != 0 && error
141	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
142	-CAfile tsaca.pem -untrusted tsa_cert1.pem
143	test $? != 0 && error
144	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
145	-CAfile tsaca.pem -untrusted tsa_cert1.pem
146	test $? != 0 && error
147	}
148
149	verify_time_stamp_response_fail () {
150
151	../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
152	-untrusted tsa_cert1.pem
153	# Checks if the verification failed, as it should have.
154	test $? = 0 && error
155	echo Ok
156	}
157
158	# main functions
159
160	echo "Setting up TSA test directory..."
161	setup_dir
162
163	echo "Creating CA for TSA tests..."
164	create_ca
165
166	echo "Creating tsa_cert1.pem TSA server cert..."
167	create_tsa_cert 1 tsa_cert
168
169	echo "Creating tsa_cert2.pem non-TSA server cert..."
170	create_tsa_cert 2 non_tsa_cert
171
172	echo "Creating req1.req time stamp request for file testtsa..."
173	create_time_stamp_request1
174
175	echo "Printing req1.req..."
176	print_request req1.tsq
177
178	echo "Generating valid response for req1.req..."
179	create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181	echo "Printing response..."
182	print_response resp1.tsr
183
184	echo "Verifying valid response..."
185	verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187	echo "Verifying valid token..."
188	verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190	# The tests below are commented out, because invalid signer certificates
191	# can no longer be specified in the config file.
192
193	# echo "Generating _invalid_ response for req1.req..."
194	# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196	# echo "Printing response..."
197	# print_response resp1_bad.tsr
198
199	# echo "Verifying invalid response, it should fail..."
200	# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202	echo "Creating req2.req time stamp request for file testtsa..."
203	create_time_stamp_request2
204
205	echo "Printing req2.req..."
206	print_request req2.tsq
207
208	echo "Generating valid response for req2.req..."
209	create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211	echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212	time_stamp_response_token_test req2.tsq resp2.tsr
213
214	echo "Printing response..."
215	print_response resp2.tsr
216
217	echo "Verifying valid response..."
218	verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220	echo "Verifying response against wrong request, it should fail..."
221	verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223	echo "Verifying response against wrong request, it should fail..."
224	verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226	echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227	create_time_stamp_request3
228
229	echo "Printing req3.req..."
230	print_request req3.tsq
231
232	echo "Verifying response against wrong request, it should fail..."
233	verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235	echo "Cleaning up..."
236	clean_up_dir
237
238	exit 0


diff --git a/src/lib/libssl/test/testtsa.com b/src/lib/libssl/test/testtsa.com deleted file mode 100644 index 29fb1d0e63..0000000000 --- a/src/lib/libssl/test/testtsa.com +++ /dev/null
@@ -1,255 +0,0 @@
1	$!
2	$! A few very basic tests for the 'ts' time stamping authority command.
3	$!
4	$
5	$ __arch = "VAX"
6	$ if f$getsyi("cpu") .ge. 128 then -
7	__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
8	$ if __arch .eqs. "" then __arch = "UNK"
9	$!
10	$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
11	$!
12	$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
13	$
14	$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
15	$ OPENSSL_CONF = "[-]CAtsa.cnf"
16	$ ! Because that's what ../apps/CA.sh really looks at
17	$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF
18	$
19	$ error:
20	$ subroutine
21	$ write sys$error "TSA test failed!"
22	$ exit 3
23	$ endsubroutine
24	$
25	$ setup_dir:
26	$ subroutine
27	$
28	$ if f$search("tsa.dir") .nes ""
29	$ then
30	$ @[-.util]deltree [.tsa].
31	$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
32	$ delete tsa.dir;*
33	$ endif
34	$
35	$ create/dir [.tsa]
36	$ set default [.tsa]
37	$ endsubroutine
38	$
39	$ clean_up_dir:
40	$ subroutine
41	$
42	$ set default [-]
43	$ @[-.util]deltree [.tsa].
44	$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
45	$ delete tsa.dir;*
46	$ endsubroutine
47	$
48	$ create_ca:
49	$ subroutine
50	$
51	$ write sys$output "Creating a new CA for the TSA tests..."
52	$ TSDNSECT = "ts_ca_dn"
53	$ openssl req -new -x509 -nodes -
54	-out tsaca.pem -keyout tsacakey.pem
55	$ if $severity .ne. 1 then call error
56	$ endsubroutine
57	$
58	$ create_tsa_cert:
59	$ subroutine
60	$
61	$ INDEX=p1
62	$ EXT=p2
63	$ TSDNSECT = "ts_cert_dn"
64	$
65	$ openssl req -new -
66	-out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
67	$ if $severity .ne. 1 then call error
68	$
69	$ write sys$output "Using extension ''EXT'"
70	$ openssl x509 -req -
71	-in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
72	"-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
73	-extfile 'OPENSSL_CONF' -extensions "''EXT'"
74	$ if $severity .ne. 1 then call error
75	$ endsubroutine
76	$
77	$ print_request:
78	$ subroutine
79	$
80	$ openssl ts -query -in 'p1' -text
81	$ endsubroutine
82	$
83	$ create_time_stamp_request1: subroutine
84	$
85	$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
86	-cert -out req1.tsq
87	$ if $severity .ne. 1 then call error
88	$ endsubroutine
89	$
90	$ create_time_stamp_request2: subroutine
91	$
92	$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
93	-no_nonce -out req2.tsq
94	$ if $severity .ne. 1 then call error
95	$ endsubroutine
96	$
97	$ create_time_stamp_request3: subroutine
98	$
99	$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
100	$ if $severity .ne. 1 then call error
101	$ endsubroutine
102	$
103	$ print_response:
104	$ subroutine
105	$
106	$ openssl ts -reply -in 'p1' -text
107	$ if $severity .ne. 1 then call error
108	$ endsubroutine
109	$
110	$ create_time_stamp_response:
111	$ subroutine
112	$
113	$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
114	$ if $severity .ne. 1 then call error
115	$ endsubroutine
116	$
117	$ time_stamp_response_token_test:
118	$ subroutine
119	$
120	$ RESPONSE2 = p2+ "-copy_tsr"
121	$ TOKEN_DER = p2+ "-token_der"
122	$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
123	$ if $severity .ne. 1 then call error
124	$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
125	$ if $severity .ne. 1 then call error
126	$ backup/compare 'RESPONSE2' 'p2'
127	$ if $severity .ne. 1 then call error
128	$ openssl ts -reply -in 'p2' -text -token_out
129	$ if $severity .ne. 1 then call error
130	$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
131	$ if $severity .ne. 1 then call error
132	$ openssl ts -reply -queryfile 'p1' -text -token_out
133	$ if $severity .ne. 1 then call error
134	$ endsubroutine
135	$
136	$ verify_time_stamp_response:
137	$ subroutine
138	$
139	$ openssl ts -verify -queryfile 'p1' -in 'p2' -
140	"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
141	$ if $severity .ne. 1 then call error
142	$ openssl ts -verify -data 'p3' -in 'p2' -
143	"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
144	$ if $severity .ne. 1 then call error
145	$ endsubroutine
146	$
147	$ verify_time_stamp_token:
148	$ subroutine
149	$
150	$ ! create the token from the response first
151	$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
152	$ if $severity .ne. 1 then call error
153	$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
154	-token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
155	$ if $severity .ne. 1 then call error
156	$ openssl ts -verify -data "''p3'" -in "''p2'-token" -
157	-token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
158	$ if $severity .ne. 1 then call error
159	$ endsubroutine
160	$
161	$ verify_time_stamp_response_fail:
162	$ subroutine
163	$
164	$ openssl ts -verify -queryfile 'p1' -in 'p2' -
165	"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
166	$ ! Checks if the verification failed, as it should have.
167	$ if $severity .eq. 1 then call error
168	$ write sys$output "Ok"
169	$ endsubroutine
170	$
171	$ ! Main body ----------------------------------------------------------
172	$
173	$ set noon
174	$
175	$ write sys$output "Setting up TSA test directory..."
176	$ call setup_dir
177	$
178	$ write sys$output "Creating CA for TSA tests..."
179	$ call create_ca
180	$
181	$ write sys$output "Creating tsa_cert1.pem TSA server cert..."
182	$ call create_tsa_cert 1 "tsa_cert"
183	$
184	$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
185	$ call create_tsa_cert 2 "non_tsa_cert"
186	$
187	$ write sys$output "Creating req1.req time stamp request for file testtsa..."
188	$ call create_time_stamp_request1
189	$
190	$ write sys$output "Printing req1.req..."
191	$ call print_request "req1.tsq"
192	$
193	$ write sys$output "Generating valid response for req1.req..."
194	$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
195	$
196	$ write sys$output "Printing response..."
197	$ call print_response "resp1.tsr"
198	$
199	$ write sys$output "Verifying valid response..."
200	$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
201	$
202	$ write sys$output "Verifying valid token..."
203	$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
204	$
205	$ ! The tests below are commented out, because invalid signer certificates
206	$ ! can no longer be specified in the config file.
207	$
208	$ ! write sys$output "Generating _invalid_ response for req1.req..."
209	$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
210	$
211	$ ! write sys$output "Printing response..."
212	$ ! call print_response "resp1_bad.tsr"
213	$
214	$ ! write sys$output "Verifying invalid response, it should fail..."
215	$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
216	$
217	$ write sys$output "Creating req2.req time stamp request for file testtsa..."
218	$ call create_time_stamp_request2
219	$
220	$ write sys$output "Printing req2.req..."
221	$ call print_request "req2.tsq"
222	$
223	$ write sys$output "Generating valid response for req2.req..."
224	$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
225	$
226	$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
227	$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
228	$
229	$ write sys$output "Printing response..."
230	$ call print_response "resp2.tsr"
231	$
232	$ write sys$output "Verifying valid response..."
233	$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
234	$
235	$ write sys$output "Verifying response against wrong request, it should fail..."
236	$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
237	$
238	$ write sys$output "Verifying response against wrong request, it should fail..."
239	$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
240	$
241	$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
242	$ call create_time_stamp_request3
243	$
244	$ write sys$output "Printing req3.req..."
245	$ call print_request "req3.tsq"
246	$
247	$ write sys$output "Verifying response against wrong request, it should fail..."
248	$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
249	$
250	$ write sys$output "Cleaning up..."
251	$ call clean_up_dir
252	$
253	$ set on
254	$
255	$ exit