Change the 80-test_tsa recipe as per changes in testtsa

Reviewed-by: Rich Salz <rsalz@openssl.org>
2024-12-21 16:03:42 +08:00 · 2015-09-06 16:03:30 +02:00 · 2015-09-06 16:03:30 +02:00 · 1c73c3bcf0
commit 1c73c3bcf0
parent ca5d7dff72
1 changed files with 116 additions and 144 deletions
--- a/test/recipes/80-test_tsa.t
+++ b/test/recipes/80-test_tsa.t
@ -14,61 +14,24 @@ setup("test_tsa");
 # here, however, to be available in all subroutines.
 my $testtsa;
 my $CAtsa;
-
-sub create_ca {
-    $ENV{TSDNSECT} = "ts_ca_dn";
-    return
-	ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
-		    "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
-	   'creating a new CA for the TSA tests');
-}
+my @RUN = ("openssl", "ts");

 sub create_tsa_cert {
    my $INDEX = shift;
    my $EXT = shift;
    my $r = 1;
-    $ENV{TSDNSECT} = "ts_ca_dn";
+    $ENV{TSDNSECT} = "ts_cert_dn";

-    $r *= ok(run(app(["openssl", "req", "-new",
-		      "-out", "tsa_req${INDEX}.pem",
-		      "-keyout", "tsa_key${INDEX}.pem"])));
+    ok(run(app(["openssl", "req", "-new",
+                "-out", "tsa_req${INDEX}.pem",
+                "-keyout", "tsa_key${INDEX}.pem"])));
    note "using extension $EXT";
-    $r *= ok(run(app(["openssl", "x509", "-req",
-		      "-in", "tsa_req${INDEX}.pem",
-		      "-out", "tsa_cert${INDEX}.pem",
-		      "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
-		      "-CAcreateserial",
-		      "-extfile", $ENV{OPENSSL_CONF}, "-extensions", $EXT])));
-    return $r;
-}
-
-sub print_request {
-    my $input = shift;
-    return ok(run(app(["openssl", "ts", "-query", "-in", $input, "-text"])));
-}
-
-sub create_time_stamp_request1 {
-    return
-	ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy1", "-cert", "-out", "req1.tsq"])));
-}
-
-sub create_time_stamp_request2 {
-
-    return
-	ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy2", "-no_nonce", "-out", "req2.tsq"])));
-}
-
-sub create_time_stamp_request3 {
-
-    return
-	ok(run(app(["openssl", "ts", "-query", "-data", $CAtsa, "-no_nonce", "-out", "req3.tsq"])))
-}
-
-sub print_response {
-    my $inputfile = shift;
-
-    return
-	ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text"])));
+    ok(run(app(["openssl", "x509", "-req",
+                "-in", "tsa_req${INDEX}.pem",
+                "-out", "tsa_cert${INDEX}.pem",
+                "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
+                "-CAcreateserial",
+                "-extfile", $ENV{OPENSSL_CONF}, "-extensions", $EXT])));
 }

 sub create_time_stamp_response {
@ -76,22 +39,8 @@ sub create_time_stamp_response {
    my $outputfile = shift;
    my $datafile = shift;

-    return
-	ok(run(app(["openssl", "ts", "-reply", "-section", "$datafile", "-queryfile", "$queryfile", "-out", "$outputfile"])));
-}
-
-sub time_stamp_response_token_test {
-    my $queryfile = shift;
-    my $inputfile = shift;
-    my $RESPONSE2="$inputfile.copy.tsr";
-    my $TOKEN_DER="$inputfile.token.der";
-
-    ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$TOKEN_DER", "-token_out"])));
-    ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-out", "$RESPONSE2"])));
-    is(compare($RESPONSE2, $inputfile), 0);
-    ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text", "-token_out"])));
-    ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-text", "-token_out"])));
-    ok(run(app(["openssl", "ts", "-reply", "-queryfile", "$queryfile", "-text", "-token_out"])));
+    ok(run(app([@RUN, "-reply", "-section", "$datafile",
+                "-queryfile", "$queryfile", "-out", "$outputfile"])));
 }

 sub verify_time_stamp_response {
@ -99,32 +48,30 @@ sub verify_time_stamp_response {
    my $inputfile = shift;
    my $datafile = shift;

-    ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
-    ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
-}
-
-sub verify_time_stamp_token {
-    my $queryfile = shift;
-    my $inputfile = shift;
-    my $datafile = shift;
-
-    # create the token from the response first
-    ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$inputfile.token", "-token_out"])));
-    ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
-    ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
+    ok(run(app([@RUN, "-verify", "-queryfile", "$queryfile",
+                "-in", "$inputfile", "-CAfile", "tsaca.pem",
+                "-untrusted", "tsa_cert1.pem"])));
+    ok(run(app([@RUN, "-verify", "-data", "$datafile",
+                "-in", "$inputfile", "-CAfile", "tsaca.pem",
+                "-untrusted", "tsa_cert1.pem"])));
 }

 sub verify_time_stamp_response_fail {
    my $queryfile = shift;
    my $inputfile = shift;

-    ok(!run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
+    ok(!run(app([@RUN, "-verify", "-queryfile", "$queryfile",
+                 "-in", "$inputfile", "-CAfile", "tsaca.pem",
+                 "-untrusted", "tsa_cert1.pem"])));
 }

 # main functions

-indir "tsa" => sub {
+plan tests => 20;

+note "setting up TSA test directory";
+indir "tsa" => sub
+{
    $ENV{OPENSSL_CONF} = top_file("test", "CAtsa.cnf");
    # Because that's what ../apps/CA.pl really looks at
    $ENV{SSLEAY_CONFIG} = "-config ".$ENV{OPENSSL_CONF};
@ -132,89 +79,114 @@ indir "tsa" => sub {
    $testtsa = top_file("test", "recipes", "80-test_tsa.t");
    $CAtsa = top_file("test", "CAtsa.cnf");

-    plan tests => 20;
+ SKIP: {
+     $ENV{TSDNSECT} = "ts_ca_dn";
+     skip "failed", 19
+         unless ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
+                            "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
+                   'creating a new CA for the TSA tests');

-  SKIP: {
-      skip "failed", 19
-	  if !subtest 'creating CA for TSA tests' => sub { create_ca };
+     skip "failed", 18
+         unless subtest 'creating tsa_cert1.pem TSA server cert' => sub {
+             create_tsa_cert("1", "tsa_cert")
+     };

-      skip "failed", 18
-	  if !subtest 'creating tsa_cert1.pem TSA server cert' => sub {
-	      create_tsa_cert("1", "tsa_cert")
-      };
+     skip "failed", 17
+         unless subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
+             create_tsa_cert("2", "non_tsa_cert")
+     };

-      skip "failed", 17
-	  if !subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
-	      create_tsa_cert("2", "non_tsa_cert")
-      };
+     skip "failed", 16
+         unless ok(run(app([@RUN, "-query", "-data", $testtsa,
+                            "-policy", "tsa_policy1", "-cert",
+                            "-out", "req1.tsq"])),
+                   'creating req1.req time stamp request for file testtsa');

-      skip "failed", 16
-	  if !subtest 'creating req1.req time stamp request for file testtsa' => sub {
-	      create_time_stamp_request1()
-      };
+     ok(run(app([@RUN, "-query", "-in", "req1.tsq", "-text"])),
+        'printing req1.req');

-      subtest 'printing req1.req' => sub {
-	  print_request("req1.tsq")
-      };
+     subtest 'generating valid response for req1.req' => sub {
+         create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
+     };

-      subtest 'generating valid response for req1.req' => sub {
-	  create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
-      };
+     ok(run(app([@RUN, "-reply", "-in", "resp1.tsr", "-text"])),
+        'printing response');

-      subtest 'printing response' => sub {
-	  print_response("resp1.tsr")
-      };
+     subtest 'verifying valid response' => sub {
+         verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
+     };

-      subtest 'verifying valid response' => sub {
-	  verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
-      };
+     skip "failed", 11
+         unless subtest 'verifying valid token' => sub {
+             ok(run(app([@RUN, "-reply", "-in", "resp1.tsr",
+                         "-out", "resp1.tsr.token", "-token_out"])));
+             ok(run(app([@RUN, "-verify", "-queryfile", "req1.tsq",
+                         "-in", "resp1.tsr.token", "-token_in",
+                         "-CAfile", "tsaca.pem",
+                         "-untrusted", "tsa_cert1.pem"])));
+             ok(run(app([@RUN, "-verify", "-data", $testtsa,
+                         "-in", "resp1.tsr.token", "-token_in",
+                         "-CAfile", "tsaca.pem",
+                         "-untrusted", "tsa_cert1.pem"])));
+     };

-      subtest 'verifying valid token' => sub {
-	  verify_time_stamp_token("req1.tsq", "resp1.tsr", $testtsa)
-      };
+     skip "failed", 10
+         unless ok(run(app([@RUN, "-query", "-data", $testtsa,
+                            "-policy", "tsa_policy2", "-no_nonce",
+                            "-out", "req2.tsq"])),
+                   'creating req2.req time stamp request for file testtsa');

-      subtest 'creating req2.req time stamp request for file testtsa' => sub {
-	  create_time_stamp_request2()
-      };
+     ok(run(app([@RUN, "-query", "-in", "req2.tsq", "-text"])),
+        'printing req2.req');

-      subtest 'printing req2.req' => sub {
-	  print_request("req2.tsq")
-      };
+     skip "failed", 8
+         unless subtest 'generating valid response for req2.req' => sub {
+             create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
+     };

-      subtest 'generating valid response for req2.req' => sub {
-	  create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
-      };
+     skip "failed", 7
+         unless subtest 'checking -token_in and -token_out options with -reply' => sub {
+             my $RESPONSE2="resp2.tsr.copy.tsr";
+             my $TOKEN_DER="resp2.tsr.token.der";

-      subtest 'checking -token_in and -token_out options with -reply' => sub {
-	  time_stamp_response_token_test("req2.tsq", "resp2.tsr")
-      };
+             ok(run(app([@RUN, "-reply", "-in", "resp2.tsr",
+                         "-out", "$TOKEN_DER", "-token_out"])));
+             ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER",
+                         "-token_in", "-out", "$RESPONSE2"])));
+             is(compare($RESPONSE2, "resp2.tsr"), 0);
+             ok(run(app([@RUN, "-reply", "-in", "resp2.tsr",
+                         "-text", "-token_out"])));
+             ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER",
+                         "-token_in", "-text", "-token_out"])));
+             ok(run(app([@RUN, "-reply", "-queryfile", "req2.tsq",
+                         "-text", "-token_out"])));
+     };

-      subtest 'printing response' => sub {
-	  print_response("resp2.tsr")
-      };
+     ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", "-text"])),
+        'printing response');

-      subtest 'verifying valid response' => sub {
-	  verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
-      };
+     subtest 'verifying valid response' => sub {
+         verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
+     };

-      subtest 'verifying response against wrong request, it should fail' => sub {
-	  verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
-      };
+     subtest 'verifying response against wrong request, it should fail' => sub {
+         verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
+     };

-      subtest 'verifying response against wrong request, it should fail' => sub {
-	  verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
-      };
+     subtest 'verifying response against wrong request, it should fail' => sub {
+         verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
+     };

-      subtest 'creating req3.req time stamp request for file CAtsa.cnf' => sub {
-	  create_time_stamp_request3()
-      };
+     skip "failure", 2
+         unless ok(run(app([@RUN, "-query", "-data", $CAtsa,
+                            "-no_nonce", "-out", "req3.tsq"])),
+                   "creating req3.req time stamp request for file CAtsa.cnf");

-      subtest 'printing req3.req' => sub {
-	  print_request("req3.tsq")
-      };
+     ok(run(app([@RUN, "-query", "-in", "req3.tsq", "-text"])),
+        'printing req3.req');

-      subtest 'verifying response against wrong request, it should fail' => sub {
-	  verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
-      };
+     subtest 'verifying response against wrong request, it should fail' => sub {
+         verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
+     };
    }
-}, cleanup => 1, create => 1;
+}, create => 1, cleanup => 1