4 # A few very basic tests for the 'ts' time stamping authority command.
8 if test "$OSTYPE" = msdosdjgpp; then
15 OPENSSL_CONF="../CAtsa.cnf"
17 # Because that's what ../apps/CA.pl really looks at
18 SSLEAY_CONFIG="-config $OPENSSL_CONF"
21 OPENSSL="`pwd`/../util/opensslwrap.sh"
25 rm -rf tsa 2>/dev/null
36 echo creating a new CA for the TSA tests
39 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
40 -out tsaca.pem -keyout tsacakey.pem || exit 1
51 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
52 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1
53 echo using extension $EXT
54 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
55 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
56 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
57 -extfile $OPENSSL_CONF -extensions $EXT || exit 1
62 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
65 create_time_stamp_request1 () {
67 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1
70 create_time_stamp_request2 () {
72 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
73 -out req2.tsq || exit 1
76 create_time_stamp_request3 () {
78 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1
83 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text || exit 1
86 create_time_stamp_response () {
88 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 || exit 1
91 time_stamp_response_token_test () {
94 TOKEN_DER=$2.token.der
95 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out || exit 1
96 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
97 cmp $RESPONSE2 $2 || exit 1
98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out || exit 1
99 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
100 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out || exit 1
103 verify_time_stamp_response () {
105 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
106 -untrusted tsa_cert1.pem || exit 1
107 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
108 -untrusted tsa_cert1.pem || exit 1
111 verify_time_stamp_token () {
113 # create the token from the response first
114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out || exit 1
115 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
116 -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
117 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
118 -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
121 verify_time_stamp_response_fail () {
123 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
124 -untrusted tsa_cert1.pem && exit 1
130 echo setting up TSA test directory
133 echo creating CA for TSA tests
136 echo creating tsa_cert1.pem TSA server cert
137 create_tsa_cert 1 tsa_cert
139 echo creating tsa_cert2.pem non-TSA server cert
140 create_tsa_cert 2 non_tsa_cert
142 echo creating req1.req time stamp request for file testtsa
143 create_time_stamp_request1
145 echo printing req1.req
146 print_request req1.tsq
148 echo generating valid response for req1.req
149 create_time_stamp_response req1.tsq resp1.tsr tsa_config1
151 echo printing response
152 print_response resp1.tsr
154 echo verifying valid response
155 verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
157 echo verifying valid token
158 verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
160 echo creating req2.req time stamp request for file testtsa
161 create_time_stamp_request2
163 echo printing req2.req
164 print_request req2.tsq
166 echo generating valid response for req2.req
167 create_time_stamp_response req2.tsq resp2.tsr tsa_config1
169 echo checking -token_in and -token_out options with -reply
170 time_stamp_response_token_test req2.tsq resp2.tsr
172 echo printing response
173 print_response resp2.tsr
175 echo verifying valid response
176 verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
178 echo verifying response against wrong request, it should fail
179 verify_time_stamp_response_fail req1.tsq resp2.tsr
181 echo verifying response against wrong request, it should fail
182 verify_time_stamp_response_fail req2.tsq resp1.tsr
184 echo creating req3.req time stamp request for file CAtsa.cnf
185 create_time_stamp_request3
187 echo printing req3.req
188 print_request req3.tsq
190 echo verifying response against wrong request, it should fail
191 verify_time_stamp_response_fail req3.tsq resp1.tsr