test script cleanup

cp $t crl-fff.p

echo "p -> d"

$cmd -in crl-fff.p -inform p -outform d >crl-f.d

if [ $? != 0 ]; then exit 1; fi

#echo "p -> t"

#$cmd -in crl-fff.p -inform p -outform t >crl-f.t

#if [ $? != 0 ]; then exit 1; fi

$cmd -in crl-fff.p -inform p -outform d >crl-f.d || exit 1

echo "p -> p"

$cmd -in crl-fff.p -inform p -outform p >crl-f.p

if [ $? != 0 ]; then exit 1; fi

$cmd -in crl-fff.p -inform p -outform p >crl-f.p || exit 1

echo "d -> d"

$cmd -in crl-f.d -inform d -outform d >crl-ff.d1

if [ $? != 0 ]; then exit 1; fi

#echo "t -> d"

#$cmd -in crl-f.t -inform t -outform d >crl-ff.d2

#if [ $? != 0 ]; then exit 1; fi

$cmd -in crl-f.d -inform d -outform d >crl-ff.d1 || exit 1

echo "p -> d"

$cmd -in crl-f.p -inform p -outform d >crl-ff.d3

if [ $? != 0 ]; then exit 1; fi

$cmd -in crl-f.p -inform p -outform d >crl-ff.d3 || exit 1

#echo "d -> t"

#$cmd -in crl-f.d -inform d -outform t >crl-ff.t1

#if [ $? != 0 ]; then exit 1; fi

#echo "t -> t"

#$cmd -in crl-f.t -inform t -outform t >crl-ff.t2

#if [ $? != 0 ]; then exit 1; fi

#echo "p -> t"

#$cmd -in crl-f.p -inform p -outform t >crl-ff.t3

#if [ $? != 0 ]; then exit 1; fi

echo "d -> p"

$cmd -in crl-f.d -inform d -outform p >crl-ff.p1

if [ $? != 0 ]; then exit 1; fi

#echo "t -> p"

#$cmd -in crl-f.t -inform t -outform p >crl-ff.p2

#if [ $? != 0 ]; then exit 1; fi

$cmd -in crl-f.d -inform d -outform p >crl-ff.p1 || exit 1

echo "p -> p"

$cmd -in crl-f.p -inform p -outform p >crl-ff.p3

if [ $? != 0 ]; then exit 1; fi

$cmd -in crl-f.p -inform p -outform p >crl-ff.p3 || exit 1

cmp crl-fff.p crl-f.p

if [ $? != 0 ]; then exit 1; fi

cmp crl-fff.p crl-ff.p1

if [ $? != 0 ]; then exit 1; fi

#cmp crl-fff.p crl-ff.p2

#if [ $? != 0 ]; then exit 1; fi

cmp crl-fff.p crl-ff.p3

if [ $? != 0 ]; then exit 1; fi

#cmp crl-f.t crl-ff.t1

#if [ $? != 0 ]; then exit 1; fi

#cmp crl-f.t crl-ff.t2

#if [ $? != 0 ]; then exit 1; fi

#cmp crl-f.t crl-ff.t3

#if [ $? != 0 ]; then exit 1; fi

cmp crl-f.p crl-ff.p1

if [ $? != 0 ]; then exit 1; fi

#cmp crl-f.p crl-ff.p2

#if [ $? != 0 ]; then exit 1; fi

cmp crl-f.p crl-ff.p3

if [ $? != 0 ]; then exit 1; fi

cmp crl-fff.p crl-f.p || exit 1

cmp crl-fff.p crl-ff.p1 || exit 1

cmp crl-fff.p crl-ff.p3 || exit 1

cmp crl-f.p crl-ff.p1 || exit 1

cmp crl-f.p crl-ff.p3 || exit 1

/bin/rm -f crl-f.* crl-ff.* crl-fff.*

exit 0

export OPENSSL

/bin/rm -fr demoCA

# Could do '...CA.pl -newca || exot 1 << EOF

# EOF' but that seems too obscure to me. :)

OPENSSL_CONFIG=/dev/null $PERL ../apps/CA.pl -newca <<EOF

EOF

if [ $? != 0 ]; then

	exit 1;

fi

[ $? == 0 ] || exit 1

SSLEAY_CONFIG="-config Uss.cnf"

export SSLEAY_CONFIG

$PERL ../apps/CA.pl -newreq

if [ $? != 0 ]; then

	exit 1;

fi

$PERL ../apps/CA.pl -newreq || exit 1

SSLEAY_CONFIG="-config ../apps/openssl.cnf"

export SSLEAY_CONFIG

# Same comment here.

$PERL ../apps/CA.pl -sign  <<EOF

y

y

EOF

if [ $? != 0 ]; then

	exit 1;

fi

[ $? == 0 ] || exit 1

$PERL ../apps/CA.pl -verify newcert.pem

if [ $? != 0 ]; then

	exit 1;

fi

$PERL ../apps/CA.pl -verify newcert.pem || exit 1

/bin/rm -fr demoCA newcert.pem newreq.pem

echo cat

$cmd enc < $test > $test.cipher

$cmd enc < $test.cipher >$test.clear

cmp $test $test.clear

if [ $? != 0 ]

then

	exit 1

else

cmp $test $test.clear || exit 1

/bin/rm $test.cipher $test.clear

fi

echo base64

$cmd enc -a -e < $test > $test.cipher

$cmd enc -a -d < $test.cipher >$test.clear

cmp $test $test.clear

if [ $? != 0 ]

then

	exit 1

else

cmp $test $test.clear || exit 1

/bin/rm $test.cipher $test.clear

fi

for i in `$cmd list-cipher-commands`

do

	echo $i

	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher

	$cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear

	cmp $test $test.$i.clear

	if [ $? != 0 ]

	then

		exit 1

	else

	cmp $test $test.$i.clear || exit 1

	/bin/rm $test.$i.cipher $test.$i.clear

	fi

	echo $i base64

	$cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher

	$cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear

	cmp $test $test.$i.clear

	if [ $? != 0 ]

	then

		exit 1

	else

	cmp $test $test.$i.clear || exit 1

	/bin/rm $test.$i.cipher $test.$i.clear

	fi

done

rm -f $test

echo "string to make the random number generator think it has entropy" >> ./.rnd

if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then

if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then

  req_new='-newkey dsa:../apps/dsa512.pem'

else

  req_new='-new'

  echo "There should not be more that at most 80 per line"

fi

echo "This could take some time."

rm -f testkey.pem testreq.pem

../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem

if [ $? != 0 ]; then

echo problems creating request

exit 1

fi

echo Generating request

../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem || exit 1

../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout

if [ $? != 0 ]; then

echo signature on req is wrong

exit 1

fi

echo Verifying signature on request

../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout || exit 1

exit 0

P2cert="certP2.ss"

P2intermediate="tmp_intP2.ss"

echo

echo "make a certificate request using 'req'"

echo "string to make the random number generator think it has entropy" >> ./.rnd

echo string to make the random number generator think it has entropy >> ./.rnd

if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then

if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then

  req_new='-newkey dsa:../apps/dsa512.pem'

else

  req_new='-new'

fi

$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new

if [ $? != 0 ]; then

	echo "error using 'req' to generate a certificate request"

	exit 1

fi

echo

echo "convert the certificate request into a self signed certificate using 'x509'"

$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss

if [ $? != 0 ]; then

	echo "error using 'x509' to self sign a certificate request"

	exit 1

fi

echo make cert request

$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new || exit 1

echo

echo "convert a certificate into a certificate request using 'x509'"

$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss

if [ $? != 0 ]; then

	echo "error using 'x509' convert a certificate to a certificate request"

	exit 1

fi

echo convert request into self-signed cert

$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss || exit 1

$reqcmd -config $dummycnf -verify -in $CAreq -noout

if [ $? != 0 ]; then

	echo first generated request is invalid

	exit 1

fi

echo convert cert into a cert request

$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss || exit 1

$reqcmd -config $dummycnf -verify -in $CAreq2 -noout

if [ $? != 0 ]; then

	echo second generated request is invalid

	exit 1

fi

echo verify request 1

$reqcmd -config $dummycnf -verify -in $CAreq -noout || exit 1

$verifycmd -CAfile $CAcert $CAcert

if [ $? != 0 ]; then

	echo first generated cert is invalid

	exit 1

fi

echo verify request 1

$reqcmd -config $dummycnf -verify -in $CAreq2 -noout || exit 1

echo

echo "make a user certificate request using 'req'"

$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss

if [ $? != 0 ]; then

	echo "error using 'req' to generate a user certificate request"

	exit 1

fi

echo verify signature

$verifycmd -CAfile $CAcert $CAcert || exit 1

echo

echo "sign user certificate request with the just created CA via 'x509'"

$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss

if [ $? != 0 ]; then

	echo "error using 'x509' to sign a user certificate request"

	exit 1

fi

echo make a user cert request

$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1

$verifycmd -CAfile $CAcert $Ucert

echo

echo "Certificate details"

$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert

echo

echo "make a proxy certificate request using 'req'"

$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss

if [ $? != 0 ]; then

	echo "error using 'req' to generate a proxy certificate request"

	exit 1

fi

echo sign user cert request

$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss || exit 1

$verifycmd -CAfile $CAcert $Ucert || exit 1

echo

echo "sign proxy certificate request with the just created user certificate via 'x509'"

$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss

if [ $? != 0 ]; then

	echo "error using 'x509' to sign a proxy certificate request"

	exit 1

fi

echo Certificate details

$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1

echo make a proxy cert request

$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss || exit 1

echo sign proxy with user cert

$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss || exit 1

cat $Ucert > $P1intermediate

$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert

echo

echo "Certificate details"

echo Certificate details

$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert

echo

echo "make another proxy certificate request using 'req'"

$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss

if [ $? != 0 ]; then

	echo "error using 'req' to generate another proxy certificate request"

	exit 1

fi

echo make another proxy cert request

$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss || exit 1

echo

echo "sign second proxy certificate request with the first proxy certificate via 'x509'"

$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss

if [ $? != 0 ]; then

	echo "error using 'x509' to sign a second proxy certificate request"

	exit 1

fi

echo sign second proxy cert request with the first proxy cert

$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss || exit 1

echo Certificate details

cat $Ucert $P1cert > $P2intermediate

$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert

echo

echo "Certificate details"

$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert

echo

echo The generated CA certificate is $CAcert

echo The generated CA private key is $CAkey

echo The generated user certificate is $Ucert

echo The generated user private key is $Ukey

echo The first generated proxy certificate is $P1cert

echo The first generated proxy private key is $P1key

echo The second generated proxy certificate is $P2cert

echo The second generated proxy private key is $P2key