]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/recipes/80-test_tsa.t
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Change OpenSSL::Test to be an extension of Test::More
[thirdparty/openssl.git] / test / recipes / 80-test_tsa.t
CommitLineData
88b8a527
RL		 1#! /usr/bin/perl
2
3use strict;
4use warnings;
5
6use POSIX;
7use File::Spec::Functions qw/splitdir curdir catfile/;
8use File::Compare;
88b8a527
RL		 9use OpenSSL::Test qw/:DEFAULT cmdstr top_file/;
10
11setup("test_tsa");
12
13# All these are modified inside indir further down. They need to exist
14# here, however, to be available in all subroutines.
15my $testtsa;
16my $CAtsa;
17
18sub create_ca {
19 $ENV{TSDNSECT} = "ts_ca_dn";
20 return
21 ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
22 "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
23 'creating a new CA for the TSA tests');
24}
25
26sub create_tsa_cert {
27 my $INDEX = shift;
28 my $EXT = shift;
29 my $r = 1;
30 $ENV{TSDNSECT} = "ts_ca_dn";
31
32 $r *= ok(run(app(["openssl", "req", "-new",
33 "-out", "tsa_req${INDEX}.pem",
34 "-keyout", "tsa_key${INDEX}.pem"])));
35 note "using extension $EXT";
36 $r *= ok(run(app(["openssl", "x509", "-req",
37 "-in", "tsa_req${INDEX}.pem",
38 "-out", "tsa_cert${INDEX}.pem",
39 "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
40 "-CAcreateserial",
41 "-extfile", $ENV{OPENSSL_CONF}, "-extensions", $EXT])));
42 return $r;
43}
44
45sub print_request {
46 my $input = shift;
47 return ok(run(app(["openssl", "ts", "-query", "-in", $input, "-text"])));
48}
49
50sub create_time_stamp_request1 {
51 return
52 ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy1", "-cert", "-out", "req1.tsq"])));
53}
54
55sub create_time_stamp_request2 {
56
57 return
58 ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy2", "-no_nonce", "-out", "req2.tsq"])));
59}
60
61sub create_time_stamp_request3 {
62
63 return
64 ok(run(app(["openssl", "ts", "-query", "-data", $CAtsa, "-no_nonce", "-out", "req3.tsq"])))
65}
66
67sub print_response {
68 my $inputfile = shift;
69
70 return
71 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text"])));
72}
73
74sub create_time_stamp_response {
75 my $queryfile = shift;
76 my $outputfile = shift;
77 my $datafile = shift;
78
79 return
80 ok(run(app(["openssl", "ts", "-reply", "-section", "$datafile", "-queryfile", "$queryfile", "-out", "$outputfile"])));
81}
82
83sub time_stamp_response_token_test {
84 my $queryfile = shift;
85 my $inputfile = shift;
86 my $RESPONSE2="$inputfile.copy.tsr";
87 my $TOKEN_DER="$inputfile.token.der";
88
89 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$TOKEN_DER", "-token_out"])));
90 ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-out", "$RESPONSE2"])));
91 is(compare($RESPONSE2, $inputfile), 0);
92 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text", "-token_out"])));
93 ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-text", "-token_out"])));
94 ok(run(app(["openssl", "ts", "-reply", "-queryfile", "$queryfile", "-text", "-token_out"])));
95}
96
97sub verify_time_stamp_response {
98 my $queryfile = shift;
99 my $inputfile = shift;
100 my $datafile = shift;
101
102 ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
103 ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
104}
105
106sub verify_time_stamp_token {
107 my $queryfile = shift;
108 my $inputfile = shift;
109 my $datafile = shift;
110
111 # create the token from the response first
112 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$inputfile.token", "-token_out"])));
113 ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
114 ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
115}
116
117sub verify_time_stamp_response_fail {
118 my $queryfile = shift;
119 my $inputfile = shift;
120
121 ok(!run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
122}
123
124# main functions
125
126indir "tsa" => sub {
127
128 $ENV{OPENSSL_CONF} = top_file("test", "CAtsa.cnf");
129 # Because that's what ../apps/CA.pl really looks at
130 $ENV{SSLEAY_CONFIG} = "-config ".$ENV{OPENSSL_CONF};
131 $ENV{OPENSSL} = cmdstr(app(["openssl"]));
132 $testtsa = top_file("test", "recipes", "80-test_tsa.t");
133 $CAtsa = top_file("test", "CAtsa.cnf");
134
135 plan tests => 20;
136
137 SKIP: {
138 skip "failed", 19
139 if !subtest 'creating CA for TSA tests' => sub { create_ca };
140
141 skip "failed", 18
142 if !subtest 'creating tsa_cert1.pem TSA server cert' => sub {
143 create_tsa_cert("1", "tsa_cert")
144 };
145
146 skip "failed", 17
147 if !subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
148 create_tsa_cert("2", "non_tsa_cert")
149 };
150
151 skip "failed", 16
152 if !subtest 'creating req1.req time stamp request for file testtsa' => sub {
153 create_time_stamp_request1()
154 };
155
156 subtest 'printing req1.req' => sub {
157 print_request("req1.tsq")
158 };
159
160 subtest 'generating valid response for req1.req' => sub {
161 create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
162 };
163
164 subtest 'printing response' => sub {
165 print_response("resp1.tsr")
166 };
167
168 subtest 'verifying valid response' => sub {
169 verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
170 };
171
172 subtest 'verifying valid token' => sub {
173 verify_time_stamp_token("req1.tsq", "resp1.tsr", $testtsa)
174 };
175
176 subtest 'creating req2.req time stamp request for file testtsa' => sub {
177 create_time_stamp_request2()
178 };
179
180 subtest 'printing req2.req' => sub {
181 print_request("req2.tsq")
182 };
183
184 subtest 'generating valid response for req2.req' => sub {
185 create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
186 };
187
188 subtest 'checking -token_in and -token_out options with -reply' => sub {
189 time_stamp_response_token_test("req2.tsq", "resp2.tsr")
190 };
191
192 subtest 'printing response' => sub {
193 print_response("resp2.tsr")
194 };
195
196 subtest 'verifying valid response' => sub {
197 verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
198 };
199
200 subtest 'verifying response against wrong request, it should fail' => sub {
201 verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
202 };
203
204 subtest 'verifying response against wrong request, it should fail' => sub {
205 verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
206 };
207
208 subtest 'creating req3.req time stamp request for file CAtsa.cnf' => sub {
209 create_time_stamp_request3()
210 };
211
212 subtest 'printing req3.req' => sub {
213 print_request("req3.tsq")
214 };
215
216 subtest 'verifying response against wrong request, it should fail' => sub {
217 verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
218 };
219 }
220}, cleanup => 1, create => 1;
A mirror of the official openssl repository