Loading test/testtsa.com +26 −45 Original line number Diff line number Diff line Loading @@ -46,21 +46,10 @@ $ create_ca: $ subroutine $ $ write sys$output "Creating a new CA for the TSA tests..." $ @[--.util]deltree [.demoCA]*.* $ $ open/write file VMStsa-response.create_ca $ write file "" $ write file "HU" $ write file "Budapest" $ write file "Budapest" $ write file "Gov-CA Ltd." $ write file "ca1" $ close file $ open/read sys$ca_input VMStsa-response.create_ca $ @[--.apps]CA.com -input sys$ca_input -newca $ save_severity = $severity $ close sys$ca_input $ if save_severity .ne. 1 then call error $ TSDNSECT = "ts_ca_dn" $ openssl req -new -x509 -nodes - -out tsaca.pem -keyout tsacakey.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ create_tsa_cert: Loading @@ -68,25 +57,17 @@ $ subroutine $ $ INDEX=p1 $ EXT=p2 $ open/write file VMStsa-response1.create_tsa_cert $ write file "HU" $ write file "Budapest" $ write file "Buda" $ write file "Hun-TSA Ltd." $ write file "tsa",INDEX $ close file $ define/user sys$input VMStsa-response.create_tsa_cert $ TSDNSECT = "ts_cert_dn" $ $ openssl req -new - -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem $ if $severity .ne. 1 then call error $ $ open/write file VMStsa-response2.create_tsa_cert $ write file "y" $ write file "y" $ close file $ define/user sys$input VMStsa-response.create_tsa_cert $ openssl ca -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - -extensions "''EXT'" $ write sys$output "Using extension ''EXT'" $ openssl x509 -req - -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - -extfile 'OPENSSL_CONF' -extensions "''EXT'" $ if $severity .ne. 1 then call error $ endsubroutine $ Loading Loading @@ -153,24 +134,24 @@ $ verify_time_stamp_response: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_token: $ subroutine $ $ # create the token from the response first $ ! create the token from the response first $ openssl ts -reply -in 'p2' -out 'p2'.token -token_out $ if $severity .ne. 1 then call error $ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in \ -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2'.token -token_in \ -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ openssl ts -verify -data 'p3' -in 'p2'.token -token_in - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ Loading @@ -178,9 +159,9 @@ $ verify_time_stamp_response_fail: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ # Checks if the verification failed, as it should have. $ if $severity .ne. 1 then call error "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ ! Checks if the verification failed, as it should have. $ if $severity .eq. 1 then call error $ write sys$output "Ok" $ endsubroutine $ Loading @@ -193,10 +174,10 @@ $ write sys$output "Creating CA for TSA tests..." $ call create_ca $ $ write sys$output "Creating tsa_cert1.pem TSA server cert..." $ call create_tsa_cert 1 tsa_cert $ call create_tsa_cert 1 "tsa_cert" $ $ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." $ call create_tsa_cert 2 non_tsa_cert $ call create_tsa_cert 2 "non_tsa_cert" $ $ write sys$output "Creating req1.req time stamp request for file testtsa..." $ call create_time_stamp_request1 Loading @@ -211,10 +192,10 @@ $ write sys$output "Printing response..." $ call print_response resp1.tsr $ $ write sys$output "Verifying valid response..." $ call verify_time_stamp_response req1.tsq resp1.tsr ../testtsa $ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com $ $ write sys$output "Verifying valid token..." $ call verify_time_stamp_token req1.tsq resp1.tsr ../testtsa $ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com $ $ ! The tests below are commented out, because invalid signer certificates $ ! can no longer be specified in the config file. Loading Loading @@ -244,7 +225,7 @@ $ write sys$output "Printing response..." $ call print_response resp2.tsr $ $ write sys$output "Verifying valid response..." $ call verify_time_stamp_response req2.tsq resp2.tsr ../testtsa $ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com $ $ write sys$output "Verifying response against wrong request, it should fail..." $ call verify_time_stamp_response_fail req1.tsq resp2.tsr Loading Loading
test/testtsa.com +26 −45 Original line number Diff line number Diff line Loading @@ -46,21 +46,10 @@ $ create_ca: $ subroutine $ $ write sys$output "Creating a new CA for the TSA tests..." $ @[--.util]deltree [.demoCA]*.* $ $ open/write file VMStsa-response.create_ca $ write file "" $ write file "HU" $ write file "Budapest" $ write file "Budapest" $ write file "Gov-CA Ltd." $ write file "ca1" $ close file $ open/read sys$ca_input VMStsa-response.create_ca $ @[--.apps]CA.com -input sys$ca_input -newca $ save_severity = $severity $ close sys$ca_input $ if save_severity .ne. 1 then call error $ TSDNSECT = "ts_ca_dn" $ openssl req -new -x509 -nodes - -out tsaca.pem -keyout tsacakey.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ create_tsa_cert: Loading @@ -68,25 +57,17 @@ $ subroutine $ $ INDEX=p1 $ EXT=p2 $ open/write file VMStsa-response1.create_tsa_cert $ write file "HU" $ write file "Budapest" $ write file "Buda" $ write file "Hun-TSA Ltd." $ write file "tsa",INDEX $ close file $ define/user sys$input VMStsa-response.create_tsa_cert $ TSDNSECT = "ts_cert_dn" $ $ openssl req -new - -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem $ if $severity .ne. 1 then call error $ $ open/write file VMStsa-response2.create_tsa_cert $ write file "y" $ write file "y" $ close file $ define/user sys$input VMStsa-response.create_tsa_cert $ openssl ca -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - -extensions "''EXT'" $ write sys$output "Using extension ''EXT'" $ openssl x509 -req - -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - -extfile 'OPENSSL_CONF' -extensions "''EXT'" $ if $severity .ne. 1 then call error $ endsubroutine $ Loading Loading @@ -153,24 +134,24 @@ $ verify_time_stamp_response: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_token: $ subroutine $ $ # create the token from the response first $ ! create the token from the response first $ openssl ts -reply -in 'p2' -out 'p2'.token -token_out $ if $severity .ne. 1 then call error $ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in \ -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2'.token -token_in \ -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ openssl ts -verify -data 'p3' -in 'p2'.token -token_in - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ Loading @@ -178,9 +159,9 @@ $ verify_time_stamp_response_fail: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ # Checks if the verification failed, as it should have. $ if $severity .ne. 1 then call error "-CAfile" tsaca.pem -untrusted tsa_cert1.pem $ ! Checks if the verification failed, as it should have. $ if $severity .eq. 1 then call error $ write sys$output "Ok" $ endsubroutine $ Loading @@ -193,10 +174,10 @@ $ write sys$output "Creating CA for TSA tests..." $ call create_ca $ $ write sys$output "Creating tsa_cert1.pem TSA server cert..." $ call create_tsa_cert 1 tsa_cert $ call create_tsa_cert 1 "tsa_cert" $ $ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." $ call create_tsa_cert 2 non_tsa_cert $ call create_tsa_cert 2 "non_tsa_cert" $ $ write sys$output "Creating req1.req time stamp request for file testtsa..." $ call create_time_stamp_request1 Loading @@ -211,10 +192,10 @@ $ write sys$output "Printing response..." $ call print_response resp1.tsr $ $ write sys$output "Verifying valid response..." $ call verify_time_stamp_response req1.tsq resp1.tsr ../testtsa $ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com $ $ write sys$output "Verifying valid token..." $ call verify_time_stamp_token req1.tsq resp1.tsr ../testtsa $ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com $ $ ! The tests below are commented out, because invalid signer certificates $ ! can no longer be specified in the config file. Loading Loading @@ -244,7 +225,7 @@ $ write sys$output "Printing response..." $ call print_response resp2.tsr $ $ write sys$output "Verifying valid response..." $ call verify_time_stamp_response req2.tsq resp2.tsr ../testtsa $ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com $ $ write sys$output "Verifying response against wrong request, it should fail..." $ call verify_time_stamp_response_fail req1.tsq resp2.tsr Loading
