]>
Commit | Line | Data |
---|---|---|
655702f3 | 1 | #!/bin/bash |
6fc6879b JM |
2 | |
3 | # Public Key Interoperability Test Suite (PKITS) | |
4 | # http://csrc.nist.gov/pki/testing/x509paths.html | |
655702f3 | 5 | # http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/PKITS_data.zip |
6fc6879b JM |
6 | |
7 | if [ -z "$1" ]; then | |
8 | echo "usage: $0 <path to root test directory>" | |
9 | exit 1 | |
10 | fi | |
11 | ||
12 | TESTS=$1 | |
13 | ||
14 | if [ ! -d $TESTS ]; then | |
15 | echo "Not a directory: $TESTS" | |
16 | exit 1 | |
17 | fi | |
18 | ||
655702f3 | 19 | X509TEST="$PWD/test-x509v3 -v" |
6fc6879b JM |
20 | TMPOUT="$PWD/test_x509v3_nist2.out" |
21 | ||
22 | # TODO: add support for validating CRLs | |
23 | ||
24 | SUCCESS="" | |
25 | FAILURE="" | |
26 | ||
27 | function run_test | |
28 | { | |
29 | NUM=$1 | |
30 | RES=$2 | |
31 | shift 2 | |
32 | $X509TEST "$@" TrustAnchorRootCertificate.crt > $TMPOUT.$NUM | |
33 | VALRES=$? | |
34 | OK=0 | |
35 | if [ $RES -eq 0 ]; then | |
36 | # expecting success | |
37 | if [ $VALRES -eq 0 ]; then | |
38 | OK=1 | |
39 | else | |
40 | echo "$NUM failed - expected validation success" | |
41 | OK=0 | |
42 | fi | |
43 | else | |
44 | # expecting failure | |
45 | if [ $VALRES -eq 0 ]; then | |
46 | echo "$NUM failed - expected validation failure" | |
47 | OK=0 | |
48 | else | |
49 | REASON=`grep "Certificate chain validation failed: " $TMPOUT.$NUM` | |
50 | if [ $? -eq 0 ]; then | |
51 | REASONNUM=`echo "$REASON" | colrm 1 37` | |
52 | if [ $REASONNUM -eq $RES ]; then | |
53 | OK=1 | |
54 | else | |
55 | echo "$NUM failed - expected validation result $RES; result was $REASONNUM" | |
56 | OK=0 | |
57 | fi | |
58 | else | |
f1aac5c4 JM |
59 | if [ $RES -eq -1 ]; then |
60 | if grep -q "Failed to parse X.509 certificate" $TMPOUT.$NUM; then | |
61 | OK=1 | |
62 | else | |
63 | echo "$NUM failed - expected parsing failure; other type of error detected" | |
64 | OK=0 | |
65 | fi | |
66 | else | |
67 | echo "$NUM failed - expected validation failure; other type of error detected" | |
68 | OK=0 | |
69 | fi | |
6fc6879b JM |
70 | fi |
71 | fi | |
72 | fi | |
73 | if [ $OK -eq 1 ]; then | |
74 | rm $TMPOUT.$NUM | |
75 | SUCCESS="$SUCCESS $NUM" | |
76 | else | |
77 | FAILURE="$FAILURE $NUM" | |
78 | fi | |
79 | } | |
80 | ||
81 | pushd $TESTS/certs | |
82 | ||
83 | run_test 4.1.1 0 ValidCertificatePathTest1EE.crt GoodCACert.crt | |
84 | run_test 4.1.2 1 InvalidCASignatureTest2EE.crt BadSignedCACert.crt | |
85 | run_test 4.1.3 1 InvalidEESignatureTest3EE.crt GoodCACert.crt | |
86 | ||
87 | run_test 4.2.1 4 InvalidCAnotBeforeDateTest1EE.crt BadnotBeforeDateCACert.crt | |
88 | run_test 4.2.2 4 InvalidEEnotBeforeDateTest2EE.crt GoodCACert.crt | |
89 | run_test 4.2.3 0 Validpre2000UTCnotBeforeDateTest3EE.crt GoodCACert.crt | |
90 | run_test 4.2.4 0 ValidGeneralizedTimenotBeforeDateTest4EE.crt GoodCACert.crt | |
91 | run_test 4.2.5 4 InvalidCAnotAfterDateTest5EE.crt BadnotAfterDateCACert.crt | |
92 | run_test 4.2.6 4 InvalidEEnotAfterDateTest6EE.crt GoodCACert.crt | |
93 | run_test 4.2.7 4 Invalidpre2000UTCEEnotAfterDateTest7EE.crt GoodCACert.crt | |
94 | run_test 4.2.8 0 ValidGeneralizedTimenotAfterDateTest8EE.crt GoodCACert.crt | |
95 | ||
96 | run_test 4.3.1 5 InvalidNameChainingTest1EE.crt GoodCACert.crt | |
97 | run_test 4.3.2 5 InvalidNameChainingOrderTest2EE.crt NameOrderingCACert.crt | |
98 | run_test 4.3.3 0 ValidNameChainingWhitespaceTest3EE.crt GoodCACert.crt | |
99 | run_test 4.3.4 0 ValidNameChainingWhitespaceTest4EE.crt GoodCACert.crt | |
100 | run_test 4.3.5 0 ValidNameChainingCapitalizationTest5EE.crt GoodCACert.crt | |
101 | run_test 4.3.6 0 ValidNameUIDsTest6EE.crt UIDCACert.crt | |
102 | run_test 4.3.7 0 ValidRFC3280MandatoryAttributeTypesTest7EE.crt RFC3280MandatoryAttributeTypesCACert.crt | |
103 | run_test 4.3.8 0 ValidRFC3280OptionalAttributeTypesTest8EE.crt RFC3280OptionalAttributeTypesCACert.crt | |
104 | run_test 4.3.9 0 ValidUTF8StringEncodedNamesTest9EE.crt UTF8StringEncodedNamesCACert.crt | |
105 | run_test 4.3.10 0 ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt RolloverfromPrintableStringtoUTF8StringCACert.crt | |
106 | run_test 4.3.11 0 ValidUTF8StringCaseInsensitiveMatchTest11EE.crt UTF8StringCaseInsensitiveMatchCACert.crt | |
107 | ||
108 | run_test 4.4.1 1 InvalidMissingCRLTest1EE.crt NoCRLCACert.crt | |
109 | # skip rest of 4.4.x tests since CRLs are not yet supported | |
110 | ||
111 | run_test 4.5.1 0 ValidBasicSelfIssuedOldWithNewTest1EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt | |
112 | run_test 4.5.2 3 InvalidBasicSelfIssuedOldWithNewTest2EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt | |
113 | run_test 4.5.3 0 ValidBasicSelfIssuedNewWithOldTest3EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt | |
114 | run_test 4.5.4 0 ValidBasicSelfIssuedNewWithOldTest4EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt | |
115 | run_test 4.5.5 3 InvalidBasicSelfIssuedNewWithOldTest5EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt | |
116 | run_test 4.5.6 0 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt | |
117 | run_test 4.5.7 3 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt | |
118 | run_test 4.5.8 1 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt | |
119 | ||
120 | run_test 4.6.1 1 InvalidMissingbasicConstraintsTest1EE.crt MissingbasicConstraintsCACert.crt | |
121 | run_test 4.6.2 1 InvalidcAFalseTest2EE.crt basicConstraintsCriticalcAFalseCACert.crt | |
122 | run_test 4.6.3 1 InvalidcAFalseTest3EE.crt basicConstraintsNotCriticalcAFalseCACert.crt | |
123 | run_test 4.6.4 0 ValidbasicConstraintsNotCriticalTest4EE.crt basicConstraintsNotCriticalCACert.crt | |
124 | run_test 4.6.5 1 InvalidpathLenConstraintTest5EE.crt pathLenConstraint0subCACert.crt pathLenConstraint0CACert.crt | |
125 | run_test 4.6.6 1 InvalidpathLenConstraintTest6EE.crt pathLenConstraint0subCACert.crt pathLenConstraint0CACert.crt | |
126 | run_test 4.6.7 0 ValidpathLenConstraintTest7EE.crt pathLenConstraint0CACert.crt | |
127 | run_test 4.6.8 0 ValidpathLenConstraintTest8EE.crt pathLenConstraint0CACert.crt | |
128 | run_test 4.6.9 1 InvalidpathLenConstraintTest9EE.crt pathLenConstraint6subsubCA00Cert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6CACert.crt | |
129 | run_test 4.6.10 1 InvalidpathLenConstraintTest10EE.crt pathLenConstraint6subsubCA00Cert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6CACert.crt | |
130 | run_test 4.6.11 1 InvalidpathLenConstraintTest11EE.crt pathLenConstraint6subsubsubCA11XCert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6CACert.crt | |
131 | run_test 4.6.12 1 InvalidpathLenConstraintTest12EE.crt pathLenConstraint6subsubsubCA11XCert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6CACert.crt | |
132 | run_test 4.6.13 0 ValidpathLenConstraintTest13EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt | |
133 | run_test 4.6.14 0 ValidpathLenConstraintTest14EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt | |
134 | run_test 4.6.15 0 ValidSelfIssuedpathLenConstraintTest15EE.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0CACert.crt | |
135 | run_test 4.6.16 1 InvalidSelfIssuedpathLenConstraintTest16EE.crt pathLenConstraint0subCA2Cert.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0CACert.crt | |
136 | run_test 4.6.17 0 ValidSelfIssuedpathLenConstraintTest17EE.crt pathLenConstraint1SelfIssuedsubCACert.crt pathLenConstraint1subCACert.crt pathLenConstraint1SelfIssuedCACert.crt pathLenConstraint1CACert.crt | |
137 | ||
138 | run_test 4.7.1 1 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt keyUsageCriticalkeyCertSignFalseCACert.crt | |
139 | run_test 4.7.2 1 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt keyUsageNotCriticalkeyCertSignFalseCACert.crt | |
140 | run_test 4.7.3 0 ValidkeyUsageNotCriticalTest3EE.crt keyUsageNotCriticalCACert.crt | |
141 | run_test 4.7.4 1 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt keyUsageCriticalcRLSignFalseCACert.crt | |
142 | run_test 4.7.5 1 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt keyUsageNotCriticalcRLSignFalseCACert.crt | |
143 | ||
144 | run_test 4.8.1 0 ValidCertificatePathTest1EE.crt GoodCACert.crt | |
145 | run_test 4.8.2 0 AllCertificatesNoPoliciesTest2EE.crt NoPoliciesCACert.crt | |
146 | run_test 4.8.3 0 DifferentPoliciesTest3EE.crt PoliciesP2subCACert.crt GoodCACert.crt | |
147 | run_test 4.8.4 0 DifferentPoliciesTest4EE.crt GoodsubCACert.crt GoodCACert.crt | |
148 | run_test 4.8.5 0 DifferentPoliciesTest5EE.crt PoliciesP2subCA2Cert.crt GoodCACert.crt | |
149 | run_test 4.8.6 0 OverlappingPoliciesTest6EE.crt PoliciesP1234subsubCAP123P12Cert.crt PoliciesP1234subCAP123Cert.crt PoliciesP1234CACert.crt | |
150 | run_test 4.8.7 0 DifferentPoliciesTest7EE.crt PoliciesP123subsubCAP12P1Cert.crt PoliciesP123subCAP12Cert.crt PoliciesP123CACert.crt | |
151 | run_test 4.8.8 0 DifferentPoliciesTest8EE.crt PoliciesP12subsubCAP1P2Cert.crt PoliciesP12subCAP1Cert.crt PoliciesP12CACert.crt | |
152 | run_test 4.8.9 0 DifferentPoliciesTest9EE.crt PoliciesP123subsubsubCAP12P2P1Cert.crt PoliciesP123subsubCAP12P2Cert.crt PoliciesP123subCAP12Cert.crt PoliciesP123CACert.crt | |
153 | run_test 4.8.10 0 AllCertificatesSamePoliciesTest10EE.crt PoliciesP12CACert.crt | |
154 | run_test 4.8.11 0 AllCertificatesanyPolicyTest11EE.crt anyPolicyCACert.crt | |
155 | run_test 4.8.12 0 DifferentPoliciesTest12EE.crt PoliciesP3CACert.crt | |
156 | run_test 4.8.13 0 AllCertificatesSamePoliciesTest13EE.crt PoliciesP123CACert.crt | |
157 | run_test 4.8.14 0 AnyPolicyTest14EE.crt anyPolicyCACert.crt | |
158 | run_test 4.8.15 0 UserNoticeQualifierTest15EE.crt | |
159 | run_test 4.8.16 0 UserNoticeQualifierTest16EE.crt GoodCACert.crt | |
160 | run_test 4.8.17 0 UserNoticeQualifierTest17EE.crt GoodCACert.crt | |
161 | run_test 4.8.18 0 UserNoticeQualifierTest18EE.crt PoliciesP12CACert.crt | |
162 | run_test 4.8.19 0 UserNoticeQualifierTest19EE.crt TrustAnchorRootCertificate.crt | |
163 | run_test 4.8.20 0 CPSPointerQualifierTest20EE.crt GoodCACert.crt | |
164 | ||
f1aac5c4 JM |
165 | run_test 4.16.1 0 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt |
166 | run_test 4.16.2 -1 InvalidUnknownCriticalCertificateExtensionTest2EE.crt | |
167 | ||
6fc6879b JM |
168 | if false; then |
169 | # DSA tests | |
170 | run_test 4.1.4 0 ValidDSASignaturesTest4EE.crt DSACACert.crt | |
171 | fi | |
172 | ||
173 | popd | |
174 | ||
175 | ||
176 | echo "Successful tests:$SUCCESS" | |
177 | echo "Failed tests:$FAILURE" |