OpenBoard/thirdparty/openssl/openssl-1.0.0d/test/testtsa

#!/bin/sh

#
# A few very basic tests for the 'ts' time stamping authority command.
#

SH="/bin/sh"
if test "$OSTYPE" = msdosdjgpp; then
    PATH="../apps\;$PATH"
else
    PATH="../apps:$PATH"
fi
export SH PATH

OPENSSL_CONF="../CAtsa.cnf"
export OPENSSL_CONF
# Because that's what ../apps/CA.sh really looks at
SSLEAY_CONFIG="-config $OPENSSL_CONF"
export SSLEAY_CONFIG

OPENSSL="`pwd`/../util/opensslwrap.sh"
export OPENSSL

error () {

    echo "TSA test failed!" >&2
    exit 1
}

setup_dir () {

    rm -rf tsa 2>/dev/null
    mkdir tsa
    cd ./tsa
}

clean_up_dir () {

    cd ..
    rm -rf tsa
}

create_ca () {

    echo "Creating a new CA for the TSA tests..."
    TSDNSECT=ts_ca_dn
    export TSDNSECT   
    ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
	-out tsaca.pem -keyout tsacakey.pem
    test $? != 0 && error
}

create_tsa_cert () {

    INDEX=$1
    export INDEX
    EXT=$2
    TSDNSECT=ts_cert_dn
    export TSDNSECT   

    ../../util/shlib_wrap.sh ../../apps/openssl req -new \
	-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
    test $? != 0 && error
echo Using extension $EXT
    ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
	-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
	-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
	-extfile $OPENSSL_CONF -extensions $EXT
    test $? != 0 && error
}

print_request () {

    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
}

create_time_stamp_request1 () {

    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
    test $? != 0 && error
}

create_time_stamp_request2 () {

    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
	-out req2.tsq
    test $? != 0 && error
}

create_time_stamp_request3 () {

    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
    test $? != 0 && error
}

print_response () {

    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
    test $? != 0 && error
}

create_time_stamp_response () {

    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
    test $? != 0 && error
}

time_stamp_response_token_test () {

    RESPONSE2=$2.copy.tsr
    TOKEN_DER=$2.token.der
    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
    test $? != 0 && error
    cmp $RESPONSE2 $2
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
    test $? != 0 && error
}

verify_time_stamp_response () {

    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem
    test $? != 0 && error
}

verify_time_stamp_token () {

    # create the token from the response first
    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
	-CAfile tsaca.pem -untrusted tsa_cert1.pem
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
	-CAfile tsaca.pem -untrusted tsa_cert1.pem
    test $? != 0 && error
}

verify_time_stamp_response_fail () {

    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
	-untrusted tsa_cert1.pem
    # Checks if the verification failed, as it should have.
    test $? = 0 && error
    echo Ok
}

# main functions

echo "Setting up TSA test directory..."
setup_dir

echo "Creating CA for TSA tests..."
create_ca

echo "Creating tsa_cert1.pem TSA server cert..."
create_tsa_cert 1 tsa_cert

echo "Creating tsa_cert2.pem non-TSA server cert..."
create_tsa_cert 2 non_tsa_cert

echo "Creating req1.req time stamp request for file testtsa..."
create_time_stamp_request1

echo "Printing req1.req..."
print_request req1.tsq

echo "Generating valid response for req1.req..."
create_time_stamp_response req1.tsq resp1.tsr tsa_config1

echo "Printing response..."
print_response resp1.tsr

echo "Verifying valid response..."
verify_time_stamp_response req1.tsq resp1.tsr ../testtsa

echo "Verifying valid token..."
verify_time_stamp_token req1.tsq resp1.tsr ../testtsa

# The tests below are commented out, because invalid signer certificates
# can no longer be specified in the config file.

# echo "Generating _invalid_ response for req1.req..."
# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2

# echo "Printing response..."
# print_response resp1_bad.tsr

# echo "Verifying invalid response, it should fail..."
# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr

echo "Creating req2.req time stamp request for file testtsa..."
create_time_stamp_request2

echo "Printing req2.req..."
print_request req2.tsq

echo "Generating valid response for req2.req..."
create_time_stamp_response req2.tsq resp2.tsr tsa_config1

echo "Checking '-token_in' and '-token_out' options with '-reply'..."
time_stamp_response_token_test req2.tsq resp2.tsr

echo "Printing response..."
print_response resp2.tsr

echo "Verifying valid response..."
verify_time_stamp_response req2.tsq resp2.tsr ../testtsa

echo "Verifying response against wrong request, it should fail..."
verify_time_stamp_response_fail req1.tsq resp2.tsr

echo "Verifying response against wrong request, it should fail..."
verify_time_stamp_response_fail req2.tsq resp1.tsr

echo "Creating req3.req time stamp request for file CAtsa.cnf..."
create_time_stamp_request3

echo "Printing req3.req..."
print_request req3.tsq

echo "Verifying response against wrong request, it should fail..."
verify_time_stamp_response_fail req3.tsq resp1.tsr

echo "Cleaning up..."
clean_up_dir

exit 0
Added source code for used libraries 14 years ago			`#!/bin/sh`

			`#`
			`# A few very basic tests for the 'ts' time stamping authority command.`
			`#`

			`SH="/bin/sh"`
			`if test "$OSTYPE" = msdosdjgpp; then`
			`PATH="../apps\;$PATH"`
			`else`
			`PATH="../apps:$PATH"`
			`fi`
			`export SH PATH`

			`OPENSSL_CONF="../CAtsa.cnf"`
			`export OPENSSL_CONF`
			`# Because that's what ../apps/CA.sh really looks at`
			`SSLEAY_CONFIG="-config $OPENSSL_CONF"`
			`export SSLEAY_CONFIG`

			OPENSSL="`pwd`/../util/opensslwrap.sh"
			`export OPENSSL`

			`error () {`

			`echo "TSA test failed!" >&2`
			`exit 1`
			`}`

			`setup_dir () {`

			`rm -rf tsa 2>/dev/null`
			`mkdir tsa`
			`cd ./tsa`
			`}`

			`clean_up_dir () {`

			`cd ..`
			`rm -rf tsa`
			`}`

			`create_ca () {`

			`echo "Creating a new CA for the TSA tests..."`
			`TSDNSECT=ts_ca_dn`
			`export TSDNSECT`
			`../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \`
			`-out tsaca.pem -keyout tsacakey.pem`
			`test $? != 0 && error`
			`}`

			`create_tsa_cert () {`

			`INDEX=$1`
			`export INDEX`
			`EXT=$2`
			`TSDNSECT=ts_cert_dn`
			`export TSDNSECT`

			`../../util/shlib_wrap.sh ../../apps/openssl req -new \`
			`-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem`
			`test $? != 0 && error`
			`echo Using extension $EXT`
			`../../util/shlib_wrap.sh ../../apps/openssl x509 -req \`
			`-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \`
			`-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \`
			`-extfile $OPENSSL_CONF -extensions $EXT`
			`test $? != 0 && error`
			`}`

			`print_request () {`

			`../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text`
			`}`

			`create_time_stamp_request1 () {`

			`../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq`
			`test $? != 0 && error`
			`}`

			`create_time_stamp_request2 () {`

			`../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \`
			`-out req2.tsq`
			`test $? != 0 && error`
			`}`

			`create_time_stamp_request3 () {`

			`../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq`
			`test $? != 0 && error`
			`}`

			`print_response () {`

			`../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text`
			`test $? != 0 && error`
			`}`

			`create_time_stamp_response () {`

			`../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2`
			`test $? != 0 && error`
			`}`

			`time_stamp_response_token_test () {`

			`RESPONSE2=$2.copy.tsr`
			`TOKEN_DER=$2.token.der`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out`
			`test $? != 0 && error`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2`
			`test $? != 0 && error`
			`cmp $RESPONSE2 $2`
			`test $? != 0 && error`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out`
			`test $? != 0 && error`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out`
			`test $? != 0 && error`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out`
			`test $? != 0 && error`
			`}`

			`verify_time_stamp_response () {`

			`../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \`
			`-untrusted tsa_cert1.pem`
			`test $? != 0 && error`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \`
			`-untrusted tsa_cert1.pem`
			`test $? != 0 && error`
			`}`

			`verify_time_stamp_token () {`

			`# create the token from the response first`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out`
			`test $? != 0 && error`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \`
			`-CAfile tsaca.pem -untrusted tsa_cert1.pem`
			`test $? != 0 && error`
			`../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \`
			`-CAfile tsaca.pem -untrusted tsa_cert1.pem`
			`test $? != 0 && error`
			`}`

			`verify_time_stamp_response_fail () {`

			`../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \`
			`-untrusted tsa_cert1.pem`
			`# Checks if the verification failed, as it should have.`
			`test $? = 0 && error`
			`echo Ok`
			`}`

			`# main functions`

			`echo "Setting up TSA test directory..."`
			`setup_dir`

			`echo "Creating CA for TSA tests..."`
			`create_ca`

			`echo "Creating tsa_cert1.pem TSA server cert..."`
			`create_tsa_cert 1 tsa_cert`

			`echo "Creating tsa_cert2.pem non-TSA server cert..."`
			`create_tsa_cert 2 non_tsa_cert`

			`echo "Creating req1.req time stamp request for file testtsa..."`
			`create_time_stamp_request1`

			`echo "Printing req1.req..."`
			`print_request req1.tsq`

			`echo "Generating valid response for req1.req..."`
			`create_time_stamp_response req1.tsq resp1.tsr tsa_config1`

			`echo "Printing response..."`
			`print_response resp1.tsr`

			`echo "Verifying valid response..."`
			`verify_time_stamp_response req1.tsq resp1.tsr ../testtsa`

			`echo "Verifying valid token..."`
			`verify_time_stamp_token req1.tsq resp1.tsr ../testtsa`

			`# The tests below are commented out, because invalid signer certificates`
			`# can no longer be specified in the config file.`

			`# echo "Generating _invalid_ response for req1.req..."`
			`# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2`

			`# echo "Printing response..."`
			`# print_response resp1_bad.tsr`

			`# echo "Verifying invalid response, it should fail..."`
			`# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr`

			`echo "Creating req2.req time stamp request for file testtsa..."`
			`create_time_stamp_request2`

			`echo "Printing req2.req..."`
			`print_request req2.tsq`

			`echo "Generating valid response for req2.req..."`
			`create_time_stamp_response req2.tsq resp2.tsr tsa_config1`

			`echo "Checking '-token_in' and '-token_out' options with '-reply'..."`
			`time_stamp_response_token_test req2.tsq resp2.tsr`

			`echo "Printing response..."`
			`print_response resp2.tsr`

			`echo "Verifying valid response..."`
			`verify_time_stamp_response req2.tsq resp2.tsr ../testtsa`

			`echo "Verifying response against wrong request, it should fail..."`
			`verify_time_stamp_response_fail req1.tsq resp2.tsr`

			`echo "Verifying response against wrong request, it should fail..."`
			`verify_time_stamp_response_fail req2.tsq resp1.tsr`

			`echo "Creating req3.req time stamp request for file CAtsa.cnf..."`
			`create_time_stamp_request3`

			`echo "Printing req3.req..."`
			`print_request req3.tsq`

			`echo "Verifying response against wrong request, it should fail..."`
			`verify_time_stamp_response_fail req3.tsq resp1.tsr`

			`echo "Cleaning up..."`
			`clean_up_dir`

			`exit 0`