mirror of
https://github.com/openssl/openssl.git
synced 2024-12-22 00:13:57 +08:00
Change the 80-test_tsa recipe as per changes in testtsa
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
ca5d7dff72
commit
1c73c3bcf0
@ -14,61 +14,24 @@ setup("test_tsa");
|
|||||||
# here, however, to be available in all subroutines.
|
# here, however, to be available in all subroutines.
|
||||||
my $testtsa;
|
my $testtsa;
|
||||||
my $CAtsa;
|
my $CAtsa;
|
||||||
|
my @RUN = ("openssl", "ts");
|
||||||
sub create_ca {
|
|
||||||
$ENV{TSDNSECT} = "ts_ca_dn";
|
|
||||||
return
|
|
||||||
ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
|
|
||||||
"-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
|
|
||||||
'creating a new CA for the TSA tests');
|
|
||||||
}
|
|
||||||
|
|
||||||
sub create_tsa_cert {
|
sub create_tsa_cert {
|
||||||
my $INDEX = shift;
|
my $INDEX = shift;
|
||||||
my $EXT = shift;
|
my $EXT = shift;
|
||||||
my $r = 1;
|
my $r = 1;
|
||||||
$ENV{TSDNSECT} = "ts_ca_dn";
|
$ENV{TSDNSECT} = "ts_cert_dn";
|
||||||
|
|
||||||
$r *= ok(run(app(["openssl", "req", "-new",
|
ok(run(app(["openssl", "req", "-new",
|
||||||
"-out", "tsa_req${INDEX}.pem",
|
"-out", "tsa_req${INDEX}.pem",
|
||||||
"-keyout", "tsa_key${INDEX}.pem"])));
|
"-keyout", "tsa_key${INDEX}.pem"])));
|
||||||
note "using extension $EXT";
|
note "using extension $EXT";
|
||||||
$r *= ok(run(app(["openssl", "x509", "-req",
|
ok(run(app(["openssl", "x509", "-req",
|
||||||
"-in", "tsa_req${INDEX}.pem",
|
"-in", "tsa_req${INDEX}.pem",
|
||||||
"-out", "tsa_cert${INDEX}.pem",
|
"-out", "tsa_cert${INDEX}.pem",
|
||||||
"-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
|
"-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
|
||||||
"-CAcreateserial",
|
"-CAcreateserial",
|
||||||
"-extfile", $ENV{OPENSSL_CONF}, "-extensions", $EXT])));
|
"-extfile", $ENV{OPENSSL_CONF}, "-extensions", $EXT])));
|
||||||
return $r;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub print_request {
|
|
||||||
my $input = shift;
|
|
||||||
return ok(run(app(["openssl", "ts", "-query", "-in", $input, "-text"])));
|
|
||||||
}
|
|
||||||
|
|
||||||
sub create_time_stamp_request1 {
|
|
||||||
return
|
|
||||||
ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy1", "-cert", "-out", "req1.tsq"])));
|
|
||||||
}
|
|
||||||
|
|
||||||
sub create_time_stamp_request2 {
|
|
||||||
|
|
||||||
return
|
|
||||||
ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy2", "-no_nonce", "-out", "req2.tsq"])));
|
|
||||||
}
|
|
||||||
|
|
||||||
sub create_time_stamp_request3 {
|
|
||||||
|
|
||||||
return
|
|
||||||
ok(run(app(["openssl", "ts", "-query", "-data", $CAtsa, "-no_nonce", "-out", "req3.tsq"])))
|
|
||||||
}
|
|
||||||
|
|
||||||
sub print_response {
|
|
||||||
my $inputfile = shift;
|
|
||||||
|
|
||||||
return
|
|
||||||
ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text"])));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub create_time_stamp_response {
|
sub create_time_stamp_response {
|
||||||
@ -76,22 +39,8 @@ sub create_time_stamp_response {
|
|||||||
my $outputfile = shift;
|
my $outputfile = shift;
|
||||||
my $datafile = shift;
|
my $datafile = shift;
|
||||||
|
|
||||||
return
|
ok(run(app([@RUN, "-reply", "-section", "$datafile",
|
||||||
ok(run(app(["openssl", "ts", "-reply", "-section", "$datafile", "-queryfile", "$queryfile", "-out", "$outputfile"])));
|
"-queryfile", "$queryfile", "-out", "$outputfile"])));
|
||||||
}
|
|
||||||
|
|
||||||
sub time_stamp_response_token_test {
|
|
||||||
my $queryfile = shift;
|
|
||||||
my $inputfile = shift;
|
|
||||||
my $RESPONSE2="$inputfile.copy.tsr";
|
|
||||||
my $TOKEN_DER="$inputfile.token.der";
|
|
||||||
|
|
||||||
ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$TOKEN_DER", "-token_out"])));
|
|
||||||
ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-out", "$RESPONSE2"])));
|
|
||||||
is(compare($RESPONSE2, $inputfile), 0);
|
|
||||||
ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text", "-token_out"])));
|
|
||||||
ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-text", "-token_out"])));
|
|
||||||
ok(run(app(["openssl", "ts", "-reply", "-queryfile", "$queryfile", "-text", "-token_out"])));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub verify_time_stamp_response {
|
sub verify_time_stamp_response {
|
||||||
@ -99,32 +48,30 @@ sub verify_time_stamp_response {
|
|||||||
my $inputfile = shift;
|
my $inputfile = shift;
|
||||||
my $datafile = shift;
|
my $datafile = shift;
|
||||||
|
|
||||||
ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
|
ok(run(app([@RUN, "-verify", "-queryfile", "$queryfile",
|
||||||
ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
|
"-in", "$inputfile", "-CAfile", "tsaca.pem",
|
||||||
}
|
"-untrusted", "tsa_cert1.pem"])));
|
||||||
|
ok(run(app([@RUN, "-verify", "-data", "$datafile",
|
||||||
sub verify_time_stamp_token {
|
"-in", "$inputfile", "-CAfile", "tsaca.pem",
|
||||||
my $queryfile = shift;
|
"-untrusted", "tsa_cert1.pem"])));
|
||||||
my $inputfile = shift;
|
|
||||||
my $datafile = shift;
|
|
||||||
|
|
||||||
# create the token from the response first
|
|
||||||
ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$inputfile.token", "-token_out"])));
|
|
||||||
ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
|
|
||||||
ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub verify_time_stamp_response_fail {
|
sub verify_time_stamp_response_fail {
|
||||||
my $queryfile = shift;
|
my $queryfile = shift;
|
||||||
my $inputfile = shift;
|
my $inputfile = shift;
|
||||||
|
|
||||||
ok(!run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
|
ok(!run(app([@RUN, "-verify", "-queryfile", "$queryfile",
|
||||||
|
"-in", "$inputfile", "-CAfile", "tsaca.pem",
|
||||||
|
"-untrusted", "tsa_cert1.pem"])));
|
||||||
}
|
}
|
||||||
|
|
||||||
# main functions
|
# main functions
|
||||||
|
|
||||||
indir "tsa" => sub {
|
plan tests => 20;
|
||||||
|
|
||||||
|
note "setting up TSA test directory";
|
||||||
|
indir "tsa" => sub
|
||||||
|
{
|
||||||
$ENV{OPENSSL_CONF} = top_file("test", "CAtsa.cnf");
|
$ENV{OPENSSL_CONF} = top_file("test", "CAtsa.cnf");
|
||||||
# Because that's what ../apps/CA.pl really looks at
|
# Because that's what ../apps/CA.pl really looks at
|
||||||
$ENV{SSLEAY_CONFIG} = "-config ".$ENV{OPENSSL_CONF};
|
$ENV{SSLEAY_CONFIG} = "-config ".$ENV{OPENSSL_CONF};
|
||||||
@ -132,89 +79,114 @@ indir "tsa" => sub {
|
|||||||
$testtsa = top_file("test", "recipes", "80-test_tsa.t");
|
$testtsa = top_file("test", "recipes", "80-test_tsa.t");
|
||||||
$CAtsa = top_file("test", "CAtsa.cnf");
|
$CAtsa = top_file("test", "CAtsa.cnf");
|
||||||
|
|
||||||
plan tests => 20;
|
SKIP: {
|
||||||
|
$ENV{TSDNSECT} = "ts_ca_dn";
|
||||||
|
skip "failed", 19
|
||||||
|
unless ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
|
||||||
|
"-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
|
||||||
|
'creating a new CA for the TSA tests');
|
||||||
|
|
||||||
SKIP: {
|
skip "failed", 18
|
||||||
skip "failed", 19
|
unless subtest 'creating tsa_cert1.pem TSA server cert' => sub {
|
||||||
if !subtest 'creating CA for TSA tests' => sub { create_ca };
|
create_tsa_cert("1", "tsa_cert")
|
||||||
|
};
|
||||||
|
|
||||||
skip "failed", 18
|
skip "failed", 17
|
||||||
if !subtest 'creating tsa_cert1.pem TSA server cert' => sub {
|
unless subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
|
||||||
create_tsa_cert("1", "tsa_cert")
|
create_tsa_cert("2", "non_tsa_cert")
|
||||||
};
|
};
|
||||||
|
|
||||||
skip "failed", 17
|
skip "failed", 16
|
||||||
if !subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
|
unless ok(run(app([@RUN, "-query", "-data", $testtsa,
|
||||||
create_tsa_cert("2", "non_tsa_cert")
|
"-policy", "tsa_policy1", "-cert",
|
||||||
};
|
"-out", "req1.tsq"])),
|
||||||
|
'creating req1.req time stamp request for file testtsa');
|
||||||
|
|
||||||
skip "failed", 16
|
ok(run(app([@RUN, "-query", "-in", "req1.tsq", "-text"])),
|
||||||
if !subtest 'creating req1.req time stamp request for file testtsa' => sub {
|
'printing req1.req');
|
||||||
create_time_stamp_request1()
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest 'printing req1.req' => sub {
|
subtest 'generating valid response for req1.req' => sub {
|
||||||
print_request("req1.tsq")
|
create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
|
||||||
};
|
};
|
||||||
|
|
||||||
subtest 'generating valid response for req1.req' => sub {
|
ok(run(app([@RUN, "-reply", "-in", "resp1.tsr", "-text"])),
|
||||||
create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
|
'printing response');
|
||||||
};
|
|
||||||
|
|
||||||
subtest 'printing response' => sub {
|
subtest 'verifying valid response' => sub {
|
||||||
print_response("resp1.tsr")
|
verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
|
||||||
};
|
};
|
||||||
|
|
||||||
subtest 'verifying valid response' => sub {
|
skip "failed", 11
|
||||||
verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
|
unless subtest 'verifying valid token' => sub {
|
||||||
};
|
ok(run(app([@RUN, "-reply", "-in", "resp1.tsr",
|
||||||
|
"-out", "resp1.tsr.token", "-token_out"])));
|
||||||
|
ok(run(app([@RUN, "-verify", "-queryfile", "req1.tsq",
|
||||||
|
"-in", "resp1.tsr.token", "-token_in",
|
||||||
|
"-CAfile", "tsaca.pem",
|
||||||
|
"-untrusted", "tsa_cert1.pem"])));
|
||||||
|
ok(run(app([@RUN, "-verify", "-data", $testtsa,
|
||||||
|
"-in", "resp1.tsr.token", "-token_in",
|
||||||
|
"-CAfile", "tsaca.pem",
|
||||||
|
"-untrusted", "tsa_cert1.pem"])));
|
||||||
|
};
|
||||||
|
|
||||||
subtest 'verifying valid token' => sub {
|
skip "failed", 10
|
||||||
verify_time_stamp_token("req1.tsq", "resp1.tsr", $testtsa)
|
unless ok(run(app([@RUN, "-query", "-data", $testtsa,
|
||||||
};
|
"-policy", "tsa_policy2", "-no_nonce",
|
||||||
|
"-out", "req2.tsq"])),
|
||||||
|
'creating req2.req time stamp request for file testtsa');
|
||||||
|
|
||||||
subtest 'creating req2.req time stamp request for file testtsa' => sub {
|
ok(run(app([@RUN, "-query", "-in", "req2.tsq", "-text"])),
|
||||||
create_time_stamp_request2()
|
'printing req2.req');
|
||||||
};
|
|
||||||
|
|
||||||
subtest 'printing req2.req' => sub {
|
skip "failed", 8
|
||||||
print_request("req2.tsq")
|
unless subtest 'generating valid response for req2.req' => sub {
|
||||||
};
|
create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
|
||||||
|
};
|
||||||
|
|
||||||
subtest 'generating valid response for req2.req' => sub {
|
skip "failed", 7
|
||||||
create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
|
unless subtest 'checking -token_in and -token_out options with -reply' => sub {
|
||||||
};
|
my $RESPONSE2="resp2.tsr.copy.tsr";
|
||||||
|
my $TOKEN_DER="resp2.tsr.token.der";
|
||||||
|
|
||||||
subtest 'checking -token_in and -token_out options with -reply' => sub {
|
ok(run(app([@RUN, "-reply", "-in", "resp2.tsr",
|
||||||
time_stamp_response_token_test("req2.tsq", "resp2.tsr")
|
"-out", "$TOKEN_DER", "-token_out"])));
|
||||||
};
|
ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER",
|
||||||
|
"-token_in", "-out", "$RESPONSE2"])));
|
||||||
|
is(compare($RESPONSE2, "resp2.tsr"), 0);
|
||||||
|
ok(run(app([@RUN, "-reply", "-in", "resp2.tsr",
|
||||||
|
"-text", "-token_out"])));
|
||||||
|
ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER",
|
||||||
|
"-token_in", "-text", "-token_out"])));
|
||||||
|
ok(run(app([@RUN, "-reply", "-queryfile", "req2.tsq",
|
||||||
|
"-text", "-token_out"])));
|
||||||
|
};
|
||||||
|
|
||||||
subtest 'printing response' => sub {
|
ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", "-text"])),
|
||||||
print_response("resp2.tsr")
|
'printing response');
|
||||||
};
|
|
||||||
|
|
||||||
subtest 'verifying valid response' => sub {
|
subtest 'verifying valid response' => sub {
|
||||||
verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
|
verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
|
||||||
};
|
};
|
||||||
|
|
||||||
subtest 'verifying response against wrong request, it should fail' => sub {
|
subtest 'verifying response against wrong request, it should fail' => sub {
|
||||||
verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
|
verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
|
||||||
};
|
};
|
||||||
|
|
||||||
subtest 'verifying response against wrong request, it should fail' => sub {
|
subtest 'verifying response against wrong request, it should fail' => sub {
|
||||||
verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
|
verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
|
||||||
};
|
};
|
||||||
|
|
||||||
subtest 'creating req3.req time stamp request for file CAtsa.cnf' => sub {
|
skip "failure", 2
|
||||||
create_time_stamp_request3()
|
unless ok(run(app([@RUN, "-query", "-data", $CAtsa,
|
||||||
};
|
"-no_nonce", "-out", "req3.tsq"])),
|
||||||
|
"creating req3.req time stamp request for file CAtsa.cnf");
|
||||||
|
|
||||||
subtest 'printing req3.req' => sub {
|
ok(run(app([@RUN, "-query", "-in", "req3.tsq", "-text"])),
|
||||||
print_request("req3.tsq")
|
'printing req3.req');
|
||||||
};
|
|
||||||
|
|
||||||
subtest 'verifying response against wrong request, it should fail' => sub {
|
subtest 'verifying response against wrong request, it should fail' => sub {
|
||||||
verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
|
verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}, cleanup => 1, create => 1;
|
}, create => 1, cleanup => 1
|
||||||
|
Loading…
Reference in New Issue
Block a user