mirror of
https://github.com/openssl/openssl.git
synced 2024-11-21 01:15:20 +08:00
Apparently, test/testtsa.com was only half done
This commit is contained in:
parent
c8c07be883
commit
9921f865e4
@ -46,21 +46,10 @@ $ create_ca:
|
||||
$ subroutine
|
||||
$
|
||||
$ write sys$output "Creating a new CA for the TSA tests..."
|
||||
$ @[--.util]deltree [.demoCA]*.*
|
||||
$
|
||||
$ open/write file VMStsa-response.create_ca
|
||||
$ write file ""
|
||||
$ write file "HU"
|
||||
$ write file "Budapest"
|
||||
$ write file "Budapest"
|
||||
$ write file "Gov-CA Ltd."
|
||||
$ write file "ca1"
|
||||
$ close file
|
||||
$ open/read sys$ca_input VMStsa-response.create_ca
|
||||
$ @[--.apps]CA.com -input sys$ca_input -newca
|
||||
$ save_severity = $severity
|
||||
$ close sys$ca_input
|
||||
$ if save_severity .ne. 1 then call error
|
||||
$ TSDNSECT = "ts_ca_dn"
|
||||
$ openssl req -new -x509 -nodes -
|
||||
-out tsaca.pem -keyout tsacakey.pem
|
||||
$ if $severity .ne. 1 then call error
|
||||
$ endsubroutine
|
||||
$
|
||||
$ create_tsa_cert:
|
||||
@ -68,25 +57,17 @@ $ subroutine
|
||||
$
|
||||
$ INDEX=p1
|
||||
$ EXT=p2
|
||||
$ open/write file VMStsa-response1.create_tsa_cert
|
||||
$ write file "HU"
|
||||
$ write file "Budapest"
|
||||
$ write file "Buda"
|
||||
$ write file "Hun-TSA Ltd."
|
||||
$ write file "tsa",INDEX
|
||||
$ close file
|
||||
$ define/user sys$input VMStsa-response.create_tsa_cert
|
||||
$ TSDNSECT = "ts_cert_dn"
|
||||
$
|
||||
$ openssl req -new -
|
||||
-out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
|
||||
$ if $severity .ne. 1 then call error
|
||||
$
|
||||
$ open/write file VMStsa-response2.create_tsa_cert
|
||||
$ write file "y"
|
||||
$ write file "y"
|
||||
$ close file
|
||||
$ define/user sys$input VMStsa-response.create_tsa_cert
|
||||
$ openssl ca -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
|
||||
-extensions "''EXT'"
|
||||
$ write sys$output "Using extension ''EXT'"
|
||||
$ openssl x509 -req -
|
||||
-in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
|
||||
"-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
|
||||
-extfile 'OPENSSL_CONF' -extensions "''EXT'"
|
||||
$ if $severity .ne. 1 then call error
|
||||
$ endsubroutine
|
||||
$
|
||||
@ -153,24 +134,24 @@ $ verify_time_stamp_response:
|
||||
$ subroutine
|
||||
$
|
||||
$ openssl ts -verify -queryfile 'p1' -in 'p2' -
|
||||
-CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
|
||||
"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
|
||||
$ if $severity .ne. 1 then call error
|
||||
$ openssl ts -verify -data 'p3' -in 'p2' -
|
||||
-CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
|
||||
"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
|
||||
$ if $severity .ne. 1 then call error
|
||||
$ endsubroutine
|
||||
$
|
||||
$ verify_time_stamp_token:
|
||||
$ subroutine
|
||||
$
|
||||
$ # create the token from the response first
|
||||
$ ! create the token from the response first
|
||||
$ openssl ts -reply -in 'p2' -out 'p2'.token -token_out
|
||||
$ if $severity .ne. 1 then call error
|
||||
$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in \
|
||||
-CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
|
||||
$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
|
||||
"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
|
||||
$ if $severity .ne. 1 then call error
|
||||
$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in \
|
||||
-CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
|
||||
$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
|
||||
"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
|
||||
$ if $severity .ne. 1 then call error
|
||||
$ endsubroutine
|
||||
$
|
||||
@ -178,9 +159,9 @@ $ verify_time_stamp_response_fail:
|
||||
$ subroutine
|
||||
$
|
||||
$ openssl ts -verify -queryfile 'p1' -in 'p2' -
|
||||
-CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
|
||||
$ # Checks if the verification failed, as it should have.
|
||||
$ if $severity .ne. 1 then call error
|
||||
"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
|
||||
$ ! Checks if the verification failed, as it should have.
|
||||
$ if $severity .eq. 1 then call error
|
||||
$ write sys$output "Ok"
|
||||
$ endsubroutine
|
||||
$
|
||||
@ -193,10 +174,10 @@ $ write sys$output "Creating CA for TSA tests..."
|
||||
$ call create_ca
|
||||
$
|
||||
$ write sys$output "Creating tsa_cert1.pem TSA server cert..."
|
||||
$ call create_tsa_cert 1 tsa_cert
|
||||
$ call create_tsa_cert 1 "tsa_cert"
|
||||
$
|
||||
$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
|
||||
$ call create_tsa_cert 2 non_tsa_cert
|
||||
$ call create_tsa_cert 2 "non_tsa_cert"
|
||||
$
|
||||
$ write sys$output "Creating req1.req time stamp request for file testtsa..."
|
||||
$ call create_time_stamp_request1
|
||||
@ -211,10 +192,10 @@ $ write sys$output "Printing response..."
|
||||
$ call print_response resp1.tsr
|
||||
$
|
||||
$ write sys$output "Verifying valid response..."
|
||||
$ call verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
|
||||
$ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
|
||||
$
|
||||
$ write sys$output "Verifying valid token..."
|
||||
$ call verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
|
||||
$ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
|
||||
$
|
||||
$ ! The tests below are commented out, because invalid signer certificates
|
||||
$ ! can no longer be specified in the config file.
|
||||
@ -244,7 +225,7 @@ $ write sys$output "Printing response..."
|
||||
$ call print_response resp2.tsr
|
||||
$
|
||||
$ write sys$output "Verifying valid response..."
|
||||
$ call verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
|
||||
$ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
|
||||
$
|
||||
$ write sys$output "Verifying response against wrong request, it should fail..."
|
||||
$ call verify_time_stamp_response_fail req1.tsq resp2.tsr
|
||||
|
Loading…
Reference in New Issue
Block a user