7 use File::Spec::Functions qw/splitdir curdir catfile/;
10 use OpenSSL::Test qw/:DEFAULT cmdstr top_file/;
14 # All these are modified inside indir further down. They need to exist
15 # here, however, to be available in all subroutines.
20 $ENV{TSDNSECT} = "ts_ca_dn";
22 ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
23 "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
24 'creating a new CA for the TSA tests');
31 $ENV{TSDNSECT} = "ts_ca_dn";
33 $r *= ok(run(app(["openssl", "req", "-new",
34 "-out", "tsa_req${INDEX}.pem",
35 "-keyout", "tsa_key${INDEX}.pem"])));
36 note "using extension $EXT";
37 $r *= ok(run(app(["openssl", "x509", "-req",
38 "-in", "tsa_req${INDEX}.pem",
39 "-out", "tsa_cert${INDEX}.pem",
40 "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
42 "-extfile", $ENV{OPENSSL_CONF}, "-extensions", $EXT])));
48 return ok(run(app(["openssl", "ts", "-query", "-in", $input, "-text"])));
51 sub create_time_stamp_request1 {
53 ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy1", "-cert", "-out", "req1.tsq"])));
56 sub create_time_stamp_request2 {
59 ok(run(app(["openssl", "ts", "-query", "-data", $testtsa, "-policy", "tsa_policy2", "-no_nonce", "-out", "req2.tsq"])));
62 sub create_time_stamp_request3 {
65 ok(run(app(["openssl", "ts", "-query", "-data", $CAtsa, "-no_nonce", "-out", "req3.tsq"])))
69 my $inputfile = shift;
72 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text"])));
75 sub create_time_stamp_response {
76 my $queryfile = shift;
77 my $outputfile = shift;
81 ok(run(app(["openssl", "ts", "-reply", "-section", "$datafile", "-queryfile", "$queryfile", "-out", "$outputfile"])));
84 sub time_stamp_response_token_test {
85 my $queryfile = shift;
86 my $inputfile = shift;
87 my $RESPONSE2="$inputfile.copy.tsr";
88 my $TOKEN_DER="$inputfile.token.der";
90 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$TOKEN_DER", "-token_out"])));
91 ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-out", "$RESPONSE2"])));
92 is(compare($RESPONSE2, $inputfile), 0);
93 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-text", "-token_out"])));
94 ok(run(app(["openssl", "ts", "-reply", "-in", "$TOKEN_DER", "-token_in", "-text", "-token_out"])));
95 ok(run(app(["openssl", "ts", "-reply", "-queryfile", "$queryfile", "-text", "-token_out"])));
98 sub verify_time_stamp_response {
99 my $queryfile = shift;
100 my $inputfile = shift;
101 my $datafile = shift;
103 ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
104 ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
107 sub verify_time_stamp_token {
108 my $queryfile = shift;
109 my $inputfile = shift;
110 my $datafile = shift;
112 # create the token from the response first
113 ok(run(app(["openssl", "ts", "-reply", "-in", "$inputfile", "-out", "$inputfile.token", "-token_out"])));
114 ok(run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
115 ok(run(app(["openssl", "ts", "-verify", "-data", "$datafile", "-in", "$inputfile.token", "-token_in", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
118 sub verify_time_stamp_response_fail {
119 my $queryfile = shift;
120 my $inputfile = shift;
122 ok(!run(app(["openssl", "ts", "-verify", "-queryfile", "$queryfile", "-in", "$inputfile", "-CAfile", "tsaca.pem", "-untrusted", "tsa_cert1.pem"])));
129 $ENV{OPENSSL_CONF} = top_file("test", "CAtsa.cnf");
130 # Because that's what ../apps/CA.pl really looks at
131 $ENV{SSLEAY_CONFIG} = "-config ".$ENV{OPENSSL_CONF};
132 $ENV{OPENSSL} = cmdstr(app(["openssl"]));
133 $testtsa = top_file("test", "recipes", "80-test_tsa.t");
134 $CAtsa = top_file("test", "CAtsa.cnf");
140 if !subtest 'creating CA for TSA tests' => sub { create_ca };
143 if !subtest 'creating tsa_cert1.pem TSA server cert' => sub {
144 create_tsa_cert("1", "tsa_cert")
148 if !subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
149 create_tsa_cert("2", "non_tsa_cert")
153 if !subtest 'creating req1.req time stamp request for file testtsa' => sub {
154 create_time_stamp_request1()
157 subtest 'printing req1.req' => sub {
158 print_request("req1.tsq")
161 subtest 'generating valid response for req1.req' => sub {
162 create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
165 subtest 'printing response' => sub {
166 print_response("resp1.tsr")
169 subtest 'verifying valid response' => sub {
170 verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
173 subtest 'verifying valid token' => sub {
174 verify_time_stamp_token("req1.tsq", "resp1.tsr", $testtsa)
177 subtest 'creating req2.req time stamp request for file testtsa' => sub {
178 create_time_stamp_request2()
181 subtest 'printing req2.req' => sub {
182 print_request("req2.tsq")
185 subtest 'generating valid response for req2.req' => sub {
186 create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
189 subtest 'checking -token_in and -token_out options with -reply' => sub {
190 time_stamp_response_token_test("req2.tsq", "resp2.tsr")
193 subtest 'printing response' => sub {
194 print_response("resp2.tsr")
197 subtest 'verifying valid response' => sub {
198 verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
201 subtest 'verifying response against wrong request, it should fail' => sub {
202 verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
205 subtest 'verifying response against wrong request, it should fail' => sub {
206 verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
209 subtest 'creating req3.req time stamp request for file CAtsa.cnf' => sub {
210 create_time_stamp_request3()
213 subtest 'printing req3.req' => sub {
214 print_request("req3.tsq")
217 subtest 'verifying response against wrong request, it should fail' => sub {
218 verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
221 }, cleanup => 1, create => 1;