]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/recipes/80-test_tsa.t
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add version numbers on some modules we use.
[thirdparty/openssl.git] / test / recipes / 80-test_tsa.t
CommitLineData
88b8a527
RL		 1#! /usr/bin/perl
2
3use strict;
4use warnings;
5
6use POSIX;
7use File::Spec::Functions qw/splitdir curdir catfile/;
8use File::Compare;
fb921436 9use Test::More 0.96;
88b8a527
RL		 10use OpenSSL::Test qw/:DEFAULT cmdstr top_file/;
11
12setup("test_tsa");
13
14# All these are modified inside indir further down. They need to exist
15# here, however, to be available in all subroutines.
16my $testtsa;
17my $CAtsa;
18
19sub create_ca {
20 $ENV{TSDNSECT} = "ts_ca_dn";
21 return
22 ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
23 "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
24 'creating a new CA for the TSA tests');
25}
26
27sub create_tsa_cert {
28 my $INDEX = shift;
29 my $EXT = shift;
30 my $r = 1;
31 $ENV{TSDNSECT} = "ts_ca_dn";
32
33 $r *= ok(run(app(["openssl", "req", "-new",
34 "-out", "tsa_req${INDEX}.pem",
35 "-keyout", "tsa_key${INDEX}.pem"])));
36 note "using extension $EXT";
37 $r *= ok(run(app(["openssl", "x509", "-req",
38 "-in", "tsa_req${INDEX}.pem",
39 "-out", "tsa_cert${INDEX}.pem",
40 "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
41 "-CAcreateserial",
42 "-extfile", $ENV{OPENSSL_CONF}, "-extensions", $EXT])));
43 return $r;
44}
45
46sub print_request {
47 my $input = shift;
48 return ok(run(app(["openssl", "ts", "-query", "-in", $input, "-text"])));
49}
50
51sub create_time_stamp_request1 {
52 return
53 ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy1", "-cert", "-out", "req1.tsq"])));
54}
55
56sub create_time_stamp_request2 {
57
58 return
59 ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy2", "-no_nonce", "-out", "req2.tsq"])));
60}
61
62sub create_time_stamp_request3 {
63
64 return
65 ok(run(app(["openssl", "ts", "-query", "-data", $CAtsa, "-no_nonce", "-out", "req3.tsq"])))
66}
67
68sub print_response {
69 my $inputfile = shift;
70
71 return
72 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text"])));
73}
74
75sub create_time_stamp_response {
76 my $queryfile = shift;
77 my $outputfile = shift;
78 my $datafile = shift;
79
80 return
81 ok(run(app(["openssl", "ts", "-reply", "-section", "$datafile", "-queryfile", "$queryfile", "-out", "$outputfile"])));
82}
83
84sub time_stamp_response_token_test {
85 my $queryfile = shift;
86 my $inputfile = shift;
87 my $RESPONSE2="$inputfile.copy.tsr";
88 my $TOKEN_DER="$inputfile.token.der";
89
90 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$TOKEN_DER", "-token_out"])));
91 ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-out", "$RESPONSE2"])));
92 is(compare($RESPONSE2, $inputfile), 0);
93 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text", "-token_out"])));
94 ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-text", "-token_out"])));
95 ok(run(app(["openssl", "ts", "-reply", "-queryfile", "$queryfile", "-text", "-token_out"])));
96}
97
98sub verify_time_stamp_response {
99 my $queryfile = shift;
100 my $inputfile = shift;
101 my $datafile = shift;
102
103 ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
104 ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
105}
106
107sub verify_time_stamp_token {
108 my $queryfile = shift;
109 my $inputfile = shift;
110 my $datafile = shift;
111
112 # create the token from the response first
113 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$inputfile.token", "-token_out"])));
114 ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
115 ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
116}
117
118sub verify_time_stamp_response_fail {
119 my $queryfile = shift;
120 my $inputfile = shift;
121
122 ok(!run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
123}
124
125# main functions
126
127indir "tsa" => sub {
128
129 $ENV{OPENSSL_CONF} = top_file("test", "CAtsa.cnf");
130 # Because that's what ../apps/CA.pl really looks at
131 $ENV{SSLEAY_CONFIG} = "-config ".$ENV{OPENSSL_CONF};
132 $ENV{OPENSSL} = cmdstr(app(["openssl"]));
133 $testtsa = top_file("test", "recipes", "80-test_tsa.t");
134 $CAtsa = top_file("test", "CAtsa.cnf");
135
136 plan tests => 20;
137
138 SKIP: {
139 skip "failed", 19
140 if !subtest 'creating CA for TSA tests' => sub { create_ca };
141
142 skip "failed", 18
143 if !subtest 'creating tsa_cert1.pem TSA server cert' => sub {
144 create_tsa_cert("1", "tsa_cert")
145 };
146
147 skip "failed", 17
148 if !subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
149 create_tsa_cert("2", "non_tsa_cert")
150 };
151
152 skip "failed", 16
153 if !subtest 'creating req1.req time stamp request for file testtsa' => sub {
154 create_time_stamp_request1()
155 };
156
157 subtest 'printing req1.req' => sub {
158 print_request("req1.tsq")
159 };
160
161 subtest 'generating valid response for req1.req' => sub {
162 create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
163 };
164
165 subtest 'printing response' => sub {
166 print_response("resp1.tsr")
167 };
168
169 subtest 'verifying valid response' => sub {
170 verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
171 };
172
173 subtest 'verifying valid token' => sub {
174 verify_time_stamp_token("req1.tsq", "resp1.tsr", $testtsa)
175 };
176
177 subtest 'creating req2.req time stamp request for file testtsa' => sub {
178 create_time_stamp_request2()
179 };
180
181 subtest 'printing req2.req' => sub {
182 print_request("req2.tsq")
183 };
184
185 subtest 'generating valid response for req2.req' => sub {
186 create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
187 };
188
189 subtest 'checking -token_in and -token_out options with -reply' => sub {
190 time_stamp_response_token_test("req2.tsq", "resp2.tsr")
191 };
192
193 subtest 'printing response' => sub {
194 print_response("resp2.tsr")
195 };
196
197 subtest 'verifying valid response' => sub {
198 verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
199 };
200
201 subtest 'verifying response against wrong request, it should fail' => sub {
202 verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
203 };
204
205 subtest 'verifying response against wrong request, it should fail' => sub {
206 verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
207 };
208
209 subtest 'creating req3.req time stamp request for file CAtsa.cnf' => sub {
210 create_time_stamp_request3()
211 };
212
213 subtest 'printing req3.req' => sub {
214 print_request("req3.tsq")
215 };
216
217 subtest 'verifying response against wrong request, it should fail' => sub {
218 verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
219 };
220 }
221}, cleanup => 1, create => 1;
A mirror of the official openssl repository