From ff48c0d9098080b51ea12710029135916d117806 Mon Sep 17 00:00:00 2001
From: marha <marha@users.sourceforge.net>
Date: Tue, 30 Mar 2010 12:36:28 +0000
Subject: svn merge -r514:HEAD ^/branches/released .

---
 openssl/test/testtsa.com | 248 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 248 insertions(+)
 create mode 100644 openssl/test/testtsa.com

(limited to 'openssl/test/testtsa.com')

diff --git a/openssl/test/testtsa.com b/openssl/test/testtsa.com
new file mode 100644
index 000000000..e3c586f14
--- /dev/null
+++ b/openssl/test/testtsa.com
@@ -0,0 +1,248 @@
+$!
+$! A few very basic tests for the 'ts' time stamping authority command.
+$!
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then -
+	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$	if __arch .eqs. "" then __arch := UNK
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
+$	OPENSSL_CONF := [-]CAtsa.cnf
+$	! Because that's what ../apps/CA.sh really looks at
+$	SSLEAY_CONFIG = "-config " + OPENSSL_CONF
+$
+$ error:
+$	subroutine
+$		write sys$error "TSA test failed!"
+$		exit 3
+$	endsubroutine
+$
+$ setup_dir:
+$	subroutine
+$
+$		if f$search("tsa.dir") .nes ""
+$		then
+$			@[-.util]deltree [.tsa]*.*
+$ 			set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$ 			delete tsa.dir;*
+$		endif
+$
+$		create/dir [.tsa]
+$		set default [.tsa]
+$	endsubroutine
+$
+$ clean_up_dir:
+$	subroutine
+$
+$		set default [-]
+$		@[-.util]deltree [.tsa]*.*
+$ 		set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$ 		delete tsa.dir;*
+$	endsubroutine
+$
+$ create_ca:
+$	subroutine
+$
+$		write sys$output "Creating a new CA for the TSA tests..."
+$		TSDNSECT = "ts_ca_dn"
+$		openssl req -new -x509 -nodes -
+			-out tsaca.pem -keyout tsacakey.pem
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ create_tsa_cert:
+$	subroutine
+$
+$		INDEX=p1
+$		EXT=p2
+$		TSDNSECT = "ts_cert_dn"
+$
+$		openssl req -new -
+			-out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
+$		if $severity .ne. 1 then call error
+$
+$		write sys$output "Using extension ''EXT'"
+$		openssl x509 -req -
+			-in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
+			"-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
+			-extfile 'OPENSSL_CONF' -extensions "''EXT'"
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ print_request:
+$	subroutine
+$
+$		openssl ts -query -in 'p1' -text
+$	endsubroutine
+$
+$ create_time_stamp_request1: subroutine
+$
+$		openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
+			-cert -out req1.tsq
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ create_time_stamp_request2: subroutine
+$
+$		openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
+			-no_nonce -out req2.tsq
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ create_time_stamp_request3: subroutine
+$
+$		openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ print_response:
+$	subroutine
+$
+$		openssl ts -reply -in 'p1' -text
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ create_time_stamp_response:
+$	subroutine
+$
+$		openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ time_stamp_response_token_test:
+$	subroutine
+$
+$		RESPONSE2:='p2'.copy_tsr
+$		TOKEN_DER:='p2'.token_der
+$		openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
+$		if $severity .ne. 1 then call error
+$		openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
+$		if $severity .ne. 1 then call error
+$		backup/compare 'RESPONSE2' 'p2'
+$		if $severity .ne. 1 then call error
+$		openssl ts -reply -in 'p2' -text -token_out
+$		if $severity .ne. 1 then call error
+$		openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
+$		if $severity .ne. 1 then call error
+$		openssl ts -reply -queryfile 'p1' -text -token_out
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ verify_time_stamp_response:
+$	subroutine
+$
+$		openssl ts -verify -queryfile 'p1' -in 'p2' -
+			"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$		if $severity .ne. 1 then call error
+$		openssl ts -verify -data 'p3' -in 'p2' -
+			"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ verify_time_stamp_token:
+$	subroutine
+$
+$		! create the token from the response first
+$		openssl ts -reply -in 'p2' -out 'p2'.token -token_out
+$		if $severity .ne. 1 then call error
+$		openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
+			"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$		if $severity .ne. 1 then call error
+$		openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
+			"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$		if $severity .ne. 1 then call error
+$	endsubroutine
+$
+$ verify_time_stamp_response_fail:
+$	subroutine
+$
+$		openssl ts -verify -queryfile 'p1' -in 'p2' -
+			"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$		! Checks if the verification failed, as it should have.
+$		if $severity .eq. 1 then call error
+$		write sys$output "Ok"
+$	endsubroutine
+$
+$	! Main body ----------------------------------------------------------
+$
+$	write sys$output "Setting up TSA test directory..."
+$	call setup_dir
+$
+$	write sys$output "Creating CA for TSA tests..."
+$	call create_ca
+$
+$	write sys$output "Creating tsa_cert1.pem TSA server cert..."
+$	call create_tsa_cert 1 "tsa_cert"
+$
+$	write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
+$	call create_tsa_cert 2 "non_tsa_cert"
+$
+$	write sys$output "Creating req1.req time stamp request for file testtsa..."
+$	call create_time_stamp_request1
+$
+$	write sys$output "Printing req1.req..."
+$	call print_request req1.tsq
+$
+$	write sys$output "Generating valid response for req1.req..."
+$	call create_time_stamp_response req1.tsq resp1.tsr tsa_config1
+$
+$	write sys$output "Printing response..."
+$	call print_response resp1.tsr
+$
+$	write sys$output "Verifying valid response..."
+$	call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
+$
+$	write sys$output "Verifying valid token..."
+$	call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
+$
+$	! The tests below are commented out, because invalid signer certificates
+$	! can no longer be specified in the config file.
+$
+$	! write sys$output "Generating _invalid_ response for req1.req..."
+$	! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
+$
+$	! write sys$output "Printing response..."
+$	! call print_response resp1_bad.tsr
+$
+$	! write sys$output "Verifying invalid response, it should fail..."
+$	! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
+$
+$	write sys$output "Creating req2.req time stamp request for file testtsa..."
+$	call create_time_stamp_request2
+$
+$	write sys$output "Printing req2.req..."
+$	call print_request req2.tsq
+$
+$	write sys$output "Generating valid response for req2.req..."
+$	call create_time_stamp_response req2.tsq resp2.tsr tsa_config1
+$
+$	write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
+$	call time_stamp_response_token_test req2.tsq resp2.tsr
+$
+$	write sys$output "Printing response..."
+$	call print_response resp2.tsr
+$
+$	write sys$output "Verifying valid response..."
+$	call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
+$
+$	write sys$output "Verifying response against wrong request, it should fail..."
+$	call verify_time_stamp_response_fail req1.tsq resp2.tsr
+$
+$	write sys$output "Verifying response against wrong request, it should fail..."
+$	call verify_time_stamp_response_fail req2.tsq resp1.tsr
+$
+$	write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
+$	call create_time_stamp_request3
+$
+$	write sys$output "Printing req3.req..."
+$	call print_request req3.tsq
+$
+$	write sys$output "Verifying response against wrong request, it should fail..."
+$	call verify_time_stamp_response_fail req3.tsq resp1.tsr
+$
+$	write sys$output "Cleaning up..."
+$	call clean_up_dir
+$
+$	exit
-- 
cgit v1.2.3