1ca1c9b0cSelric#!/bin/sh 2ca1c9b0cSelric# 3ca1c9b0cSelric# Copyright (c) 2005 - 2008 Kungliga Tekniska Högskolan 4ca1c9b0cSelric# (Royal Institute of Technology, Stockholm, Sweden). 5ca1c9b0cSelric# All rights reserved. 6ca1c9b0cSelric# 7ca1c9b0cSelric# Redistribution and use in source and binary forms, with or without 8ca1c9b0cSelric# modification, are permitted provided that the following conditions 9ca1c9b0cSelric# are met: 10ca1c9b0cSelric# 11ca1c9b0cSelric# 1. Redistributions of source code must retain the above copyright 12ca1c9b0cSelric# notice, this list of conditions and the following disclaimer. 13ca1c9b0cSelric# 14ca1c9b0cSelric# 2. Redistributions in binary form must reproduce the above copyright 15ca1c9b0cSelric# notice, this list of conditions and the following disclaimer in the 16ca1c9b0cSelric# documentation and/or other materials provided with the distribution. 17ca1c9b0cSelric# 18ca1c9b0cSelric# 3. Neither the name of the Institute nor the names of its contributors 19ca1c9b0cSelric# may be used to endorse or promote products derived from this software 20ca1c9b0cSelric# without specific prior written permission. 21ca1c9b0cSelric# 22ca1c9b0cSelric# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23ca1c9b0cSelric# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24ca1c9b0cSelric# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25ca1c9b0cSelric# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26ca1c9b0cSelric# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27ca1c9b0cSelric# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28ca1c9b0cSelric# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29ca1c9b0cSelric# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30ca1c9b0cSelric# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31ca1c9b0cSelric# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32ca1c9b0cSelric# SUCH DAMAGE. 33ca1c9b0cSelric# 34*b40995a4Selric# Id 35ca1c9b0cSelric# 36ca1c9b0cSelric 37ca1c9b0cSelricsrcdir="@srcdir@" 38ca1c9b0cSelricobjdir="@objdir@" 39ca1c9b0cSelric 40ca1c9b0cSelricstat="--statistic-file=${objdir}/statfile" 41ca1c9b0cSelric 42ca1c9b0cSelrichxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" 43ca1c9b0cSelric 44ca1c9b0cSelricecho "try printing" 45ca1c9b0cSelric${hxtool} print \ 46ca1c9b0cSelric --pass=PASS:foobar \ 47ca1c9b0cSelric --info --content \ 48ca1c9b0cSelric PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1 49ca1c9b0cSelric 50ca1c9b0cSelricecho "try printing" 51ca1c9b0cSelric${hxtool} print \ 52ca1c9b0cSelric --pass=PASS:foobar \ 53ca1c9b0cSelric --info --content \ 54ca1c9b0cSelric FILE:$srcdir/data/kdc.crt >/dev/null 2>/dev/null || exit 1 55ca1c9b0cSelric 56ca1c9b0cSelric${hxtool} print \ 57ca1c9b0cSelric --pass=PASS:foobar \ 58ca1c9b0cSelric --info \ 59ca1c9b0cSelric PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1 60ca1c9b0cSelric 61ca1c9b0cSelricecho "make sure entry is found (friendlyname)" 62ca1c9b0cSelric${hxtool} query \ 63ca1c9b0cSelric --pass=PASS:foobar \ 64ca1c9b0cSelric --friendlyname=friendlyname-test \ 65ca1c9b0cSelric PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1 66ca1c9b0cSelric 67ca1c9b0cSelricecho "make sure entry is not found (friendlyname)" 68ca1c9b0cSelric${hxtool} query \ 69ca1c9b0cSelric --pass=PASS:foobar \ 70ca1c9b0cSelric --friendlyname=friendlyname-test-not \ 71ca1c9b0cSelric PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1 72ca1c9b0cSelric 73ca1c9b0cSelricecho "make sure entry is found (eku)" 74ca1c9b0cSelric${hxtool} query \ 75ca1c9b0cSelric --eku=1.3.6.1.5.2.3.5 \ 76ca1c9b0cSelric FILE:$srcdir/data/kdc.crt >/dev/null 2>/dev/null || exit 1 77ca1c9b0cSelric 78ca1c9b0cSelricecho "make sure entry is not found (eku)" 79ca1c9b0cSelric${hxtool} query \ 80ca1c9b0cSelric --eku=1.3.6.1.5.2.3.6 \ 81ca1c9b0cSelric FILE:$srcdir/data/kdc.crt >/dev/null 2>/dev/null && exit 1 82ca1c9b0cSelric 83ca1c9b0cSelricecho "make sure entry is found (friendlyname, no-pw)" 84ca1c9b0cSelric${hxtool} query \ 85ca1c9b0cSelric --friendlyname=friendlyname-cert \ 86ca1c9b0cSelric PKCS12:$srcdir/data/test-nopw.p12 >/dev/null 2>/dev/null || exit 1 87ca1c9b0cSelric 88ca1c9b0cSelricecho "check for ca cert (friendlyname)" 89ca1c9b0cSelric${hxtool} query \ 90ca1c9b0cSelric --pass=PASS:foobar \ 91ca1c9b0cSelric --friendlyname=ca \ 92ca1c9b0cSelric PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1 93ca1c9b0cSelric 94ca1c9b0cSelricecho "make sure entry is not found (friendlyname)" 95ca1c9b0cSelric${hxtool} query \ 96ca1c9b0cSelric --pass=PASS:foobar \ 97ca1c9b0cSelric --friendlyname=friendlyname-test \ 98ca1c9b0cSelric PKCS12:$srcdir/data/sub-cert.p12 >/dev/null 2>/dev/null && exit 1 99ca1c9b0cSelric 100ca1c9b0cSelricecho "make sure entry is found (friendlyname|private key)" 101ca1c9b0cSelric${hxtool} query \ 102ca1c9b0cSelric --pass=PASS:foobar \ 103ca1c9b0cSelric --friendlyname=friendlyname-test \ 104ca1c9b0cSelric --private-key \ 105ca1c9b0cSelric PKCS12:$srcdir/data/test.p12 > /dev/null || exit 1 106ca1c9b0cSelric 107ca1c9b0cSelricecho "make sure entry is not found (friendlyname|private key)" 108ca1c9b0cSelric${hxtool} query \ 109ca1c9b0cSelric --pass=PASS:foobar \ 110ca1c9b0cSelric --friendlyname=ca \ 111ca1c9b0cSelric --private-key \ 112ca1c9b0cSelric PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1 113ca1c9b0cSelric 114ca1c9b0cSelricecho "make sure entry is found (cert ds)" 115ca1c9b0cSelric${hxtool} query \ 116ca1c9b0cSelric --digitalSignature \ 117ca1c9b0cSelric FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1 118ca1c9b0cSelric 119ca1c9b0cSelricecho "make sure entry is found (cert ke)" 120ca1c9b0cSelric${hxtool} query \ 121ca1c9b0cSelric --keyEncipherment \ 122ca1c9b0cSelric FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1 123ca1c9b0cSelric 124ca1c9b0cSelricecho "make sure entry is found (cert ke + ds)" 125ca1c9b0cSelric${hxtool} query \ 126ca1c9b0cSelric --digitalSignature \ 127ca1c9b0cSelric --keyEncipherment \ 128ca1c9b0cSelric FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1 129ca1c9b0cSelric 130ca1c9b0cSelricecho "make sure entry is found (cert-ds ds)" 131ca1c9b0cSelric${hxtool} query \ 132ca1c9b0cSelric --digitalSignature \ 133ca1c9b0cSelric FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null || exit 1 134ca1c9b0cSelric 135ca1c9b0cSelricecho "make sure entry is not found (cert-ds ke)" 136ca1c9b0cSelric${hxtool} query \ 137ca1c9b0cSelric --keyEncipherment \ 138ca1c9b0cSelric FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1 139ca1c9b0cSelric 140ca1c9b0cSelricecho "make sure entry is not found (cert-ds ke + ds)" 141ca1c9b0cSelric${hxtool} query \ 142ca1c9b0cSelric --digitalSignature \ 143ca1c9b0cSelric --keyEncipherment \ 144ca1c9b0cSelric FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1 145ca1c9b0cSelric 146ca1c9b0cSelricecho "make sure entry is not found (cert-ke ds)" 147ca1c9b0cSelric${hxtool} query \ 148ca1c9b0cSelric --digitalSignature \ 149ca1c9b0cSelric FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1 150ca1c9b0cSelric 151ca1c9b0cSelricecho "make sure entry is found (cert-ke ke)" 152ca1c9b0cSelric${hxtool} query \ 153ca1c9b0cSelric --keyEncipherment \ 154ca1c9b0cSelric FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null || exit 1 155ca1c9b0cSelric 156ca1c9b0cSelricecho "make sure entry is not found (cert-ke ke + ds)" 157ca1c9b0cSelric${hxtool} query \ 158ca1c9b0cSelric --digitalSignature \ 159ca1c9b0cSelric --keyEncipherment \ 160ca1c9b0cSelric FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1 161ca1c9b0cSelric 162ca1c9b0cSelricecho "make sure entry is found (eku) in query language" 163ca1c9b0cSelric${hxtool} query \ 164ca1c9b0cSelric --expr='"1.3.6.1.5.2.3.5" IN %{certificate.eku}' \ 165ca1c9b0cSelric FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 166ca1c9b0cSelric 167ca1c9b0cSelricecho "make sure entry is not found (eku) in query language" 168ca1c9b0cSelric${hxtool} query \ 169ca1c9b0cSelric --expr='"1.3.6.1.5.2.3.6" IN %{certificate.eku}' \ 170ca1c9b0cSelric FILE:$srcdir/data/kdc.crt > /dev/null && exit 1 171ca1c9b0cSelric 172ca1c9b0cSelricecho "make sure entry is found (subject) in query language" 173ca1c9b0cSelric${hxtool} query \ 174ca1c9b0cSelric --expr='%{certificate.subject} == "CN=kdc,C=SE"' \ 175ca1c9b0cSelric FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 176ca1c9b0cSelric 177ca1c9b0cSelricecho "make sure entry is found using TAILMATCH (subject) in query language" 178ca1c9b0cSelric${hxtool} query \ 179ca1c9b0cSelric --expr='%{certificate.subject} TAILMATCH "C=SE"' \ 180ca1c9b0cSelric FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 181ca1c9b0cSelric 182ca1c9b0cSelricecho "make sure entry is not found using TAILMATCH (subject) in query language" 183ca1c9b0cSelric${hxtool} query \ 184ca1c9b0cSelric --expr='%{certificate.subject} TAILMATCH "C=FI"' \ 185ca1c9b0cSelric FILE:$srcdir/data/kdc.crt > /dev/null && exit 1 186ca1c9b0cSelric 187ca1c9b0cSelricecho "make sure entry is found (issuer) in query language" 188ca1c9b0cSelric${hxtool} query \ 189ca1c9b0cSelric --expr='%{certificate.issuer} == "C=SE,CN=hx509 Test Root CA"' \ 190ca1c9b0cSelric FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 191ca1c9b0cSelric 192ca1c9b0cSelricecho "make sure entry match with EKU and TAILMATCH in query language" 193ca1c9b0cSelric${hxtool} query \ 194ca1c9b0cSelric --expr='"1.3.6.1.5.2.3.5" IN %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE"' \ 195ca1c9b0cSelric FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 196ca1c9b0cSelric 197ca1c9b0cSelricecho "make sure entry match with hash.sha1" 198ca1c9b0cSelric${hxtool} query \ 199ca1c9b0cSelric --expr='"%{certificate.hash.sha1}EQ "412120212A2CBFD777DE5499ECB4724345F33F16"' \ 200ca1c9b0cSelric FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 201ca1c9b0cSelric 202ca1c9b0cSelric 203ca1c9b0cSelricexit 0 204