# Extra OBJECT IDENTIFIER info:
oid_section = new_oids
+TSDNSECT = ts_cert_dn
+INDEX = 1
+
[ new_oids ]
# Policies used by the TSA tests.
[ req ]
default_bits = 1024
default_md = sha1
-distinguished_name = req_distinguished_name
+distinguished_name = $ENV::TSDNSECT
encrypt_rsa_key = no
+prompt = no
# attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = HU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default =
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default =
+[ ts_ca_dn ]
+countryName = HU
+stateOrProvinceName = Budapest
+localityName = Budapest
+organizationName = Gov-CA Ltd.
+commonName = ca1
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
+[ ts_cert_dn ]
+countryName = HU
+stateOrProvinceName = Budapest
+localityName = Buda
+organizationName = Hun-TSA Ltd.
+commonName = tsa$ENV::INDEX
[ tsa_cert ]
serial = $dir/tsa_serial # The current serial number (mandatory)
signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
# (optional)
-certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
+certs = $dir/tsaca.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
create_ca () {
echo "Creating a new CA for the TSA tests..."
- /bin/rm -fr demoCA
- $SH ../../apps/CA.sh -newca <<EOF
-
-HU
-Budapest
-Budapest
-Gov-CA Ltd.
-ca1
-EOF
+ TSDNSECT=ts_ca_dn
+ export TSDNSECT
+ ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
+ -out tsaca.pem -keyout tsacakey.pem
test $? != 0 && error
}
create_tsa_cert () {
INDEX=$1
+ export INDEX
EXT=$2
- ../../util/shlib_wrap.sh ../../apps/openssl req -new -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem <<EOF
-HU
-Budapest
-Buda
-Hun-TSA Ltd.
-tsa${INDEX}
-EOF
- test $? != 0 && error
+ TSDNSECT=ts_cert_dn
+ export TSDNSECT
- ../../util/shlib_wrap.sh ../../apps/openssl ca -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
- -extensions $EXT <<EOF
-y
-y
-EOF
+ ../../util/shlib_wrap.sh ../../apps/openssl req -new \
+ -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
+ test $? != 0 && error
+echo Using extension $EXT
+ ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
+ -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
+ -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
+ -extfile $OPENSSL_CONF -extensions $EXT
test $? != 0 && error
}
verify_time_stamp_response () {
- ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
-untrusted tsa_cert1.pem
test $? != 0 && error
- ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile demoCA/cacert.pem \
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
-untrusted tsa_cert1.pem
test $? != 0 && error
}
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
test $? != 0 && error
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
- -CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem
+ -CAfile tsaca.pem -untrusted tsa_cert1.pem
test $? != 0 && error
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
- -CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem
+ -CAfile tsaca.pem -untrusted tsa_cert1.pem
test $? != 0 && error
}
verify_time_stamp_response_fail () {
- ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \
+ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
-untrusted tsa_cert1.pem
# Checks if the verification failed, as it should have.
test $? = 0 && error