1*ebfedea0SLionel Sambuc#!/bin/sh 2*ebfedea0SLionel Sambuc 3*ebfedea0SLionel Sambuc# 4*ebfedea0SLionel Sambuc# A few very basic tests for the 'ts' time stamping authority command. 5*ebfedea0SLionel Sambuc# 6*ebfedea0SLionel Sambuc 7*ebfedea0SLionel SambucSH="/bin/sh" 8*ebfedea0SLionel Sambucif test "$OSTYPE" = msdosdjgpp; then 9*ebfedea0SLionel Sambuc PATH="../apps\;$PATH" 10*ebfedea0SLionel Sambucelse 11*ebfedea0SLionel Sambuc PATH="../apps:$PATH" 12*ebfedea0SLionel Sambucfi 13*ebfedea0SLionel Sambucexport SH PATH 14*ebfedea0SLionel Sambuc 15*ebfedea0SLionel SambucOPENSSL_CONF="../CAtsa.cnf" 16*ebfedea0SLionel Sambucexport OPENSSL_CONF 17*ebfedea0SLionel Sambuc# Because that's what ../apps/CA.sh really looks at 18*ebfedea0SLionel SambucSSLEAY_CONFIG="-config $OPENSSL_CONF" 19*ebfedea0SLionel Sambucexport SSLEAY_CONFIG 20*ebfedea0SLionel Sambuc 21*ebfedea0SLionel SambucOPENSSL="`pwd`/../util/opensslwrap.sh" 22*ebfedea0SLionel Sambucexport OPENSSL 23*ebfedea0SLionel Sambuc 24*ebfedea0SLionel Sambucerror () { 25*ebfedea0SLionel Sambuc 26*ebfedea0SLionel Sambuc echo "TSA test failed!" >&2 27*ebfedea0SLionel Sambuc exit 1 28*ebfedea0SLionel Sambuc} 29*ebfedea0SLionel Sambuc 30*ebfedea0SLionel Sambucsetup_dir () { 31*ebfedea0SLionel Sambuc 32*ebfedea0SLionel Sambuc rm -rf tsa 2>/dev/null 33*ebfedea0SLionel Sambuc mkdir tsa 34*ebfedea0SLionel Sambuc cd ./tsa 35*ebfedea0SLionel Sambuc} 36*ebfedea0SLionel Sambuc 37*ebfedea0SLionel Sambucclean_up_dir () { 38*ebfedea0SLionel Sambuc 39*ebfedea0SLionel Sambuc cd .. 40*ebfedea0SLionel Sambuc rm -rf tsa 41*ebfedea0SLionel Sambuc} 42*ebfedea0SLionel Sambuc 43*ebfedea0SLionel Sambuccreate_ca () { 44*ebfedea0SLionel Sambuc 45*ebfedea0SLionel Sambuc echo "Creating a new CA for the TSA tests..." 46*ebfedea0SLionel Sambuc TSDNSECT=ts_ca_dn 47*ebfedea0SLionel Sambuc export TSDNSECT 48*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ 49*ebfedea0SLionel Sambuc -out tsaca.pem -keyout tsacakey.pem 50*ebfedea0SLionel Sambuc test $? != 0 && error 51*ebfedea0SLionel Sambuc} 52*ebfedea0SLionel Sambuc 53*ebfedea0SLionel Sambuccreate_tsa_cert () { 54*ebfedea0SLionel Sambuc 55*ebfedea0SLionel Sambuc INDEX=$1 56*ebfedea0SLionel Sambuc export INDEX 57*ebfedea0SLionel Sambuc EXT=$2 58*ebfedea0SLionel Sambuc TSDNSECT=ts_cert_dn 59*ebfedea0SLionel Sambuc export TSDNSECT 60*ebfedea0SLionel Sambuc 61*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl req -new \ 62*ebfedea0SLionel Sambuc -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem 63*ebfedea0SLionel Sambuc test $? != 0 && error 64*ebfedea0SLionel Sambucecho Using extension $EXT 65*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ 66*ebfedea0SLionel Sambuc -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ 67*ebfedea0SLionel Sambuc -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ 68*ebfedea0SLionel Sambuc -extfile $OPENSSL_CONF -extensions $EXT 69*ebfedea0SLionel Sambuc test $? != 0 && error 70*ebfedea0SLionel Sambuc} 71*ebfedea0SLionel Sambuc 72*ebfedea0SLionel Sambucprint_request () { 73*ebfedea0SLionel Sambuc 74*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text 75*ebfedea0SLionel Sambuc} 76*ebfedea0SLionel Sambuc 77*ebfedea0SLionel Sambuccreate_time_stamp_request1 () { 78*ebfedea0SLionel Sambuc 79*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq 80*ebfedea0SLionel Sambuc test $? != 0 && error 81*ebfedea0SLionel Sambuc} 82*ebfedea0SLionel Sambuc 83*ebfedea0SLionel Sambuccreate_time_stamp_request2 () { 84*ebfedea0SLionel Sambuc 85*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ 86*ebfedea0SLionel Sambuc -out req2.tsq 87*ebfedea0SLionel Sambuc test $? != 0 && error 88*ebfedea0SLionel Sambuc} 89*ebfedea0SLionel Sambuc 90*ebfedea0SLionel Sambuccreate_time_stamp_request3 () { 91*ebfedea0SLionel Sambuc 92*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq 93*ebfedea0SLionel Sambuc test $? != 0 && error 94*ebfedea0SLionel Sambuc} 95*ebfedea0SLionel Sambuc 96*ebfedea0SLionel Sambucprint_response () { 97*ebfedea0SLionel Sambuc 98*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text 99*ebfedea0SLionel Sambuc test $? != 0 && error 100*ebfedea0SLionel Sambuc} 101*ebfedea0SLionel Sambuc 102*ebfedea0SLionel Sambuccreate_time_stamp_response () { 103*ebfedea0SLionel Sambuc 104*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 105*ebfedea0SLionel Sambuc test $? != 0 && error 106*ebfedea0SLionel Sambuc} 107*ebfedea0SLionel Sambuc 108*ebfedea0SLionel Sambuctime_stamp_response_token_test () { 109*ebfedea0SLionel Sambuc 110*ebfedea0SLionel Sambuc RESPONSE2=$2.copy.tsr 111*ebfedea0SLionel Sambuc TOKEN_DER=$2.token.der 112*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out 113*ebfedea0SLionel Sambuc test $? != 0 && error 114*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 115*ebfedea0SLionel Sambuc test $? != 0 && error 116*ebfedea0SLionel Sambuc cmp $RESPONSE2 $2 117*ebfedea0SLionel Sambuc test $? != 0 && error 118*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out 119*ebfedea0SLionel Sambuc test $? != 0 && error 120*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out 121*ebfedea0SLionel Sambuc test $? != 0 && error 122*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out 123*ebfedea0SLionel Sambuc test $? != 0 && error 124*ebfedea0SLionel Sambuc} 125*ebfedea0SLionel Sambuc 126*ebfedea0SLionel Sambucverify_time_stamp_response () { 127*ebfedea0SLionel Sambuc 128*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ 129*ebfedea0SLionel Sambuc -untrusted tsa_cert1.pem 130*ebfedea0SLionel Sambuc test $? != 0 && error 131*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ 132*ebfedea0SLionel Sambuc -untrusted tsa_cert1.pem 133*ebfedea0SLionel Sambuc test $? != 0 && error 134*ebfedea0SLionel Sambuc} 135*ebfedea0SLionel Sambuc 136*ebfedea0SLionel Sambucverify_time_stamp_token () { 137*ebfedea0SLionel Sambuc 138*ebfedea0SLionel Sambuc # create the token from the response first 139*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out 140*ebfedea0SLionel Sambuc test $? != 0 && error 141*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ 142*ebfedea0SLionel Sambuc -CAfile tsaca.pem -untrusted tsa_cert1.pem 143*ebfedea0SLionel Sambuc test $? != 0 && error 144*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ 145*ebfedea0SLionel Sambuc -CAfile tsaca.pem -untrusted tsa_cert1.pem 146*ebfedea0SLionel Sambuc test $? != 0 && error 147*ebfedea0SLionel Sambuc} 148*ebfedea0SLionel Sambuc 149*ebfedea0SLionel Sambucverify_time_stamp_response_fail () { 150*ebfedea0SLionel Sambuc 151*ebfedea0SLionel Sambuc ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ 152*ebfedea0SLionel Sambuc -untrusted tsa_cert1.pem 153*ebfedea0SLionel Sambuc # Checks if the verification failed, as it should have. 154*ebfedea0SLionel Sambuc test $? = 0 && error 155*ebfedea0SLionel Sambuc echo Ok 156*ebfedea0SLionel Sambuc} 157*ebfedea0SLionel Sambuc 158*ebfedea0SLionel Sambuc# main functions 159*ebfedea0SLionel Sambuc 160*ebfedea0SLionel Sambucecho "Setting up TSA test directory..." 161*ebfedea0SLionel Sambucsetup_dir 162*ebfedea0SLionel Sambuc 163*ebfedea0SLionel Sambucecho "Creating CA for TSA tests..." 164*ebfedea0SLionel Sambuccreate_ca 165*ebfedea0SLionel Sambuc 166*ebfedea0SLionel Sambucecho "Creating tsa_cert1.pem TSA server cert..." 167*ebfedea0SLionel Sambuccreate_tsa_cert 1 tsa_cert 168*ebfedea0SLionel Sambuc 169*ebfedea0SLionel Sambucecho "Creating tsa_cert2.pem non-TSA server cert..." 170*ebfedea0SLionel Sambuccreate_tsa_cert 2 non_tsa_cert 171*ebfedea0SLionel Sambuc 172*ebfedea0SLionel Sambucecho "Creating req1.req time stamp request for file testtsa..." 173*ebfedea0SLionel Sambuccreate_time_stamp_request1 174*ebfedea0SLionel Sambuc 175*ebfedea0SLionel Sambucecho "Printing req1.req..." 176*ebfedea0SLionel Sambucprint_request req1.tsq 177*ebfedea0SLionel Sambuc 178*ebfedea0SLionel Sambucecho "Generating valid response for req1.req..." 179*ebfedea0SLionel Sambuccreate_time_stamp_response req1.tsq resp1.tsr tsa_config1 180*ebfedea0SLionel Sambuc 181*ebfedea0SLionel Sambucecho "Printing response..." 182*ebfedea0SLionel Sambucprint_response resp1.tsr 183*ebfedea0SLionel Sambuc 184*ebfedea0SLionel Sambucecho "Verifying valid response..." 185*ebfedea0SLionel Sambucverify_time_stamp_response req1.tsq resp1.tsr ../testtsa 186*ebfedea0SLionel Sambuc 187*ebfedea0SLionel Sambucecho "Verifying valid token..." 188*ebfedea0SLionel Sambucverify_time_stamp_token req1.tsq resp1.tsr ../testtsa 189*ebfedea0SLionel Sambuc 190*ebfedea0SLionel Sambuc# The tests below are commented out, because invalid signer certificates 191*ebfedea0SLionel Sambuc# can no longer be specified in the config file. 192*ebfedea0SLionel Sambuc 193*ebfedea0SLionel Sambuc# echo "Generating _invalid_ response for req1.req..." 194*ebfedea0SLionel Sambuc# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 195*ebfedea0SLionel Sambuc 196*ebfedea0SLionel Sambuc# echo "Printing response..." 197*ebfedea0SLionel Sambuc# print_response resp1_bad.tsr 198*ebfedea0SLionel Sambuc 199*ebfedea0SLionel Sambuc# echo "Verifying invalid response, it should fail..." 200*ebfedea0SLionel Sambuc# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr 201*ebfedea0SLionel Sambuc 202*ebfedea0SLionel Sambucecho "Creating req2.req time stamp request for file testtsa..." 203*ebfedea0SLionel Sambuccreate_time_stamp_request2 204*ebfedea0SLionel Sambuc 205*ebfedea0SLionel Sambucecho "Printing req2.req..." 206*ebfedea0SLionel Sambucprint_request req2.tsq 207*ebfedea0SLionel Sambuc 208*ebfedea0SLionel Sambucecho "Generating valid response for req2.req..." 209*ebfedea0SLionel Sambuccreate_time_stamp_response req2.tsq resp2.tsr tsa_config1 210*ebfedea0SLionel Sambuc 211*ebfedea0SLionel Sambucecho "Checking '-token_in' and '-token_out' options with '-reply'..." 212*ebfedea0SLionel Sambuctime_stamp_response_token_test req2.tsq resp2.tsr 213*ebfedea0SLionel Sambuc 214*ebfedea0SLionel Sambucecho "Printing response..." 215*ebfedea0SLionel Sambucprint_response resp2.tsr 216*ebfedea0SLionel Sambuc 217*ebfedea0SLionel Sambucecho "Verifying valid response..." 218*ebfedea0SLionel Sambucverify_time_stamp_response req2.tsq resp2.tsr ../testtsa 219*ebfedea0SLionel Sambuc 220*ebfedea0SLionel Sambucecho "Verifying response against wrong request, it should fail..." 221*ebfedea0SLionel Sambucverify_time_stamp_response_fail req1.tsq resp2.tsr 222*ebfedea0SLionel Sambuc 223*ebfedea0SLionel Sambucecho "Verifying response against wrong request, it should fail..." 224*ebfedea0SLionel Sambucverify_time_stamp_response_fail req2.tsq resp1.tsr 225*ebfedea0SLionel Sambuc 226*ebfedea0SLionel Sambucecho "Creating req3.req time stamp request for file CAtsa.cnf..." 227*ebfedea0SLionel Sambuccreate_time_stamp_request3 228*ebfedea0SLionel Sambuc 229*ebfedea0SLionel Sambucecho "Printing req3.req..." 230*ebfedea0SLionel Sambucprint_request req3.tsq 231*ebfedea0SLionel Sambuc 232*ebfedea0SLionel Sambucecho "Verifying response against wrong request, it should fail..." 233*ebfedea0SLionel Sambucverify_time_stamp_response_fail req3.tsq resp1.tsr 234*ebfedea0SLionel Sambuc 235*ebfedea0SLionel Sambucecho "Cleaning up..." 236*ebfedea0SLionel Sambucclean_up_dir 237*ebfedea0SLionel Sambuc 238*ebfedea0SLionel Sambucexit 0 239