| OLD | NEW |
|---|
| (Empty) | |
| 1 #!/bin/sh |
| 2 |
| 3 # |
| 4 # A few very basic tests for the 'ts' time stamping authority command. |
| 5 # |
| 6 |
| 7 SH="/bin/sh" |
| 8 if test "$OSTYPE" = msdosdjgpp; then |
| 9 PATH="../apps\;$PATH" |
| 10 else |
| 11 PATH="../apps:$PATH" |
| 12 fi |
| 13 export SH PATH |
| 14 |
| 15 OPENSSL_CONF="../CAtsa.cnf" |
| 16 export OPENSSL_CONF |
| 17 # Because that's what ../apps/CA.sh really looks at |
| 18 SSLEAY_CONFIG="-config $OPENSSL_CONF" |
| 19 export SSLEAY_CONFIG |
| 20 |
| 21 OPENSSL="`pwd`/../util/opensslwrap.sh" |
| 22 export OPENSSL |
| 23 |
| 24 error () { |
| 25 |
| 26 echo "TSA test failed!" >&2 |
| 27 exit 1 |
| 28 } |
| 29 |
| 30 setup_dir () { |
| 31 |
| 32 rm -rf tsa 2>/dev/null |
| 33 mkdir tsa |
| 34 cd ./tsa |
| 35 } |
| 36 |
| 37 clean_up_dir () { |
| 38 |
| 39 cd .. |
| 40 rm -rf tsa |
| 41 } |
| 42 |
| 43 create_ca () { |
| 44 |
| 45 echo "Creating a new CA for the TSA tests..." |
| 46 TSDNSECT=ts_ca_dn |
| 47 export TSDNSECT |
| 48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ |
| 49 -out tsaca.pem -keyout tsacakey.pem |
| 50 test $? != 0 && error |
| 51 } |
| 52 |
| 53 create_tsa_cert () { |
| 54 |
| 55 INDEX=$1 |
| 56 export INDEX |
| 57 EXT=$2 |
| 58 TSDNSECT=ts_cert_dn |
| 59 export TSDNSECT |
| 60 |
| 61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \ |
| 62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem |
| 63 test $? != 0 && error |
| 64 echo Using extension $EXT |
| 65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ |
| 66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ |
| 67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ |
| 68 -extfile $OPENSSL_CONF -extensions $EXT |
| 69 test $? != 0 && error |
| 70 } |
| 71 |
| 72 print_request () { |
| 73 |
| 74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text |
| 75 } |
| 76 |
| 77 create_time_stamp_request1 () { |
| 78 |
| 79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -poli
cy tsa_policy1 -cert -out req1.tsq |
| 80 test $? != 0 && error |
| 81 } |
| 82 |
| 83 create_time_stamp_request2 () { |
| 84 |
| 85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -poli
cy tsa_policy2 -no_nonce \ |
| 86 -out req2.tsq |
| 87 test $? != 0 && error |
| 88 } |
| 89 |
| 90 create_time_stamp_request3 () { |
| 91 |
| 92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no
_nonce -out req3.tsq |
| 93 test $? != 0 && error |
| 94 } |
| 95 |
| 96 print_response () { |
| 97 |
| 98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text |
| 99 test $? != 0 && error |
| 100 } |
| 101 |
| 102 create_time_stamp_response () { |
| 103 |
| 104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile
$1 -out $2 |
| 105 test $? != 0 && error |
| 106 } |
| 107 |
| 108 time_stamp_response_token_test () { |
| 109 |
| 110 RESPONSE2=$2.copy.tsr |
| 111 TOKEN_DER=$2.token.der |
| 112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER
-token_out |
| 113 test $? != 0 && error |
| 114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_
in -out $RESPONSE2 |
| 115 test $? != 0 && error |
| 116 cmp $RESPONSE2 $2 |
| 117 test $? != 0 && error |
| 118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_ou
t |
| 119 test $? != 0 && error |
| 120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_
in -text -token_out |
| 121 test $? != 0 && error |
| 122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -t
oken_out |
| 123 test $? != 0 && error |
| 124 } |
| 125 |
| 126 verify_time_stamp_response () { |
| 127 |
| 128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2
-CAfile tsaca.pem \ |
| 129 -untrusted tsa_cert1.pem |
| 130 test $? != 0 && error |
| 131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfi
le tsaca.pem \ |
| 132 -untrusted tsa_cert1.pem |
| 133 test $? != 0 && error |
| 134 } |
| 135 |
| 136 verify_time_stamp_token () { |
| 137 |
| 138 # create the token from the response first |
| 139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -
token_out |
| 140 test $? != 0 && error |
| 141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.
token -token_in \ |
| 142 -CAfile tsaca.pem -untrusted tsa_cert1.pem |
| 143 test $? != 0 && error |
| 144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token
-token_in \ |
| 145 -CAfile tsaca.pem -untrusted tsa_cert1.pem |
| 146 test $? != 0 && error |
| 147 } |
| 148 |
| 149 verify_time_stamp_response_fail () { |
| 150 |
| 151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2
-CAfile tsaca.pem \ |
| 152 -untrusted tsa_cert1.pem |
| 153 # Checks if the verification failed, as it should have. |
| 154 test $? = 0 && error |
| 155 echo Ok |
| 156 } |
| 157 |
| 158 # main functions |
| 159 |
| 160 echo "Setting up TSA test directory..." |
| 161 setup_dir |
| 162 |
| 163 echo "Creating CA for TSA tests..." |
| 164 create_ca |
| 165 |
| 166 echo "Creating tsa_cert1.pem TSA server cert..." |
| 167 create_tsa_cert 1 tsa_cert |
| 168 |
| 169 echo "Creating tsa_cert2.pem non-TSA server cert..." |
| 170 create_tsa_cert 2 non_tsa_cert |
| 171 |
| 172 echo "Creating req1.req time stamp request for file testtsa..." |
| 173 create_time_stamp_request1 |
| 174 |
| 175 echo "Printing req1.req..." |
| 176 print_request req1.tsq |
| 177 |
| 178 echo "Generating valid response for req1.req..." |
| 179 create_time_stamp_response req1.tsq resp1.tsr tsa_config1 |
| 180 |
| 181 echo "Printing response..." |
| 182 print_response resp1.tsr |
| 183 |
| 184 echo "Verifying valid response..." |
| 185 verify_time_stamp_response req1.tsq resp1.tsr ../testtsa |
| 186 |
| 187 echo "Verifying valid token..." |
| 188 verify_time_stamp_token req1.tsq resp1.tsr ../testtsa |
| 189 |
| 190 # The tests below are commented out, because invalid signer certificates |
| 191 # can no longer be specified in the config file. |
| 192 |
| 193 # echo "Generating _invalid_ response for req1.req..." |
| 194 # create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 |
| 195 |
| 196 # echo "Printing response..." |
| 197 # print_response resp1_bad.tsr |
| 198 |
| 199 # echo "Verifying invalid response, it should fail..." |
| 200 # verify_time_stamp_response_fail req1.tsq resp1_bad.tsr |
| 201 |
| 202 echo "Creating req2.req time stamp request for file testtsa..." |
| 203 create_time_stamp_request2 |
| 204 |
| 205 echo "Printing req2.req..." |
| 206 print_request req2.tsq |
| 207 |
| 208 echo "Generating valid response for req2.req..." |
| 209 create_time_stamp_response req2.tsq resp2.tsr tsa_config1 |
| 210 |
| 211 echo "Checking '-token_in' and '-token_out' options with '-reply'..." |
| 212 time_stamp_response_token_test req2.tsq resp2.tsr |
| 213 |
| 214 echo "Printing response..." |
| 215 print_response resp2.tsr |
| 216 |
| 217 echo "Verifying valid response..." |
| 218 verify_time_stamp_response req2.tsq resp2.tsr ../testtsa |
| 219 |
| 220 echo "Verifying response against wrong request, it should fail..." |
| 221 verify_time_stamp_response_fail req1.tsq resp2.tsr |
| 222 |
| 223 echo "Verifying response against wrong request, it should fail..." |
| 224 verify_time_stamp_response_fail req2.tsq resp1.tsr |
| 225 |
| 226 echo "Creating req3.req time stamp request for file CAtsa.cnf..." |
| 227 create_time_stamp_request3 |
| 228 |
| 229 echo "Printing req3.req..." |
| 230 print_request req3.tsq |
| 231 |
| 232 echo "Verifying response against wrong request, it should fail..." |
| 233 verify_time_stamp_response_fail req3.tsq resp1.tsr |
| 234 |
| 235 echo "Cleaning up..." |
| 236 clean_up_dir |
| 237 |
| 238 exit 0 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/