Loading test/tests.com +19 −6 Original line number Diff line number Diff line Loading @@ -20,12 +20,12 @@ $ tests = p1 $ else $ tests := - test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- test_md2,test_mdc2,- test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,- test_md2,test_mdc2,test_wp,- test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,- test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- test_ss,test_ca,test_engine,test_evp,test_ssl test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa $ endif $ tests = f$edit(tests,"COLLAPSE") $ Loading Loading @@ -246,9 +246,22 @@ $ write sys$output "Generate and certify a test certificate via the 'ca' pro $ @testca.com $ endif $ return $ test_rd: $ write sys$output "test Rijndael" $ !mcr 'texe_dir''rdtest' $ test_aes: $! write sys$output "test AES" $! !mcr 'texe_dir''aestest' $ return $ test_tsa: $ set noon $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ save_severity=$SEVERITY $ set on $ if save_severity $ then $ write sys$output "skipping testtsa.com test -- requires RSA" $ else $ @testtsa.com $ endif $ return $ $ Loading test/testtsa.com 0 → 100644 +260 −0 Original line number Diff line number Diff line $! $! A few very basic tests for the 'ts' time stamping authority command. $! $ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ openssl := mcr 'exe_dir'openssl $ OPENSSL_CONF := [-]CAtsa.cnf $ $ error: $ subroutine $ write sys$error "TSA test failed!" $ exit 3 $ endsubroutine $ $ setup_dir: $ subroutine $ $ @[-.utils]deltree [.tsa]*.* $ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* $ delete tsa.dir;* $ $ create/dir [.tsa] $ set default [.tsa] $ endsubroutine $ $ clean_up_dir: $ subroutine $ $ set default [-] $ @[-.utils]deltree [.tsa]*.* $ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* $ delete tsa.dir;* $ endsubroutine $ $ create_ca: $ subroutine $ $ write sys$output "Creating a new CA for the TSA tests..." $ @[--.utils]deltree [.demoCA]*.* $ $ open/write file VMStsa-response.create_ca $ write file "" $ write file "HU" $ write file "Budapest" $ write file "Budapest" $ write file "Gov-CA Ltd." $ write file "ca1" $ close file $ open/read sys$ca_input VMStsa-response.create_ca $ @[--.apps]CA.com -input sys$ca_input -newca $ save_severity = $severity $ close sys$ca_input $ if save_severity .ne. 1 then call error $ endsubroutine $ $ create_tsa_cert: $ subroutine $ $ INDEX=p1 $ EXT=p2 $ open/write file VMStsa-response1.create_tsa_cert $ write file "HU" $ write file "Budapest" $ write file "Buda" $ write file "Hun-TSA Ltd." $ write file "tsa",INDEX $ close file $ define/user sys$input VMStsa-response.create_tsa_cert $ openssl req -new - -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem $ if $severity .ne. 1 then call error $ $ open/write file VMStsa-response2.create_tsa_cert $ write file "y" $ write file "y" $ close file $ define/user sys$input VMStsa-response.create_tsa_cert $ openssl ca -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - -extensions "''EXT'" $ if $severity .ne. 1 then call error $ endsubroutine $ $ print_request: $ subroutine $ $ openssl ts -query -in 'p1' -text $ endsubroutine $ $ create_time_stamp_request1: subroutine $ $ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - -cert -out req1.tsq $ if $severity .ne. 1 then call error $ endsubroutine $ $ create_time_stamp_request2: subroutine $ $ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - -no_nonce -out req2.tsq $ if $severity .ne. 1 then call error $ endsubroutine $ $ create_time_stamp_request3: subroutine $ $ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq $ if $severity .ne. 1 then call error $ endsubroutine $ $ print_response: $ subroutine $ $ openssl ts -reply -in 'p1' -text $ if $severity .ne. 1 then call error $ endsubroutine $ $ create_time_stamp_response: $ subroutine $ $ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' $ if $severity .ne. 1 then call error $ endsubroutine $ $ time_stamp_response_token_test: $ subroutine $ $ RESPONSE2:='p2'.copy_tsr $ TOKEN_DER:='p2'.token_der $ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out $ if $severity .ne. 1 then call error $ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' $ if $severity .ne. 1 then call error $ backup/compare 'RESPONSE2' 'p2' $ if $severity .ne. 1 then call error $ openssl ts -reply -in 'p2' -text -token_out $ if $severity .ne. 1 then call error $ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out $ if $severity .ne. 1 then call error $ openssl ts -reply -queryfile 'p1' -text -token_out $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_response: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_token: $ subroutine $ $ # create the token from the response first $ openssl ts -reply -in 'p2' -out 'p2'.token -token_out $ if $severity .ne. 1 then call error $ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in \ -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2'.token -token_in \ -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_response_fail: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ # Checks if the verification failed, as it should have. $ if $severity .ne. 1 then call error $ write sys$output "Ok" $ endsubroutine $ $ ! Main body ---------------------------------------------------------- $ $ write sys$output "Setting up TSA test directory..." $ call setup_dir $ $ write sys$output "Creating CA for TSA tests..." $ call create_ca $ $ write sys$output "Creating tsa_cert1.pem TSA server cert..." $ call create_tsa_cert 1 tsa_cert $ $ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." $ call create_tsa_cert 2 non_tsa_cert $ $ write sys$output "Creating req1.req time stamp request for file testtsa..." $ call create_time_stamp_request1 $ $ write sys$output "Printing req1.req..." $ call print_request req1.tsq $ $ write sys$output "Generating valid response for req1.req..." $ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1 $ $ write sys$output "Printing response..." $ call print_response resp1.tsr $ $ write sys$output "Verifying valid response..." $ call verify_time_stamp_response req1.tsq resp1.tsr ../testtsa $ $ write sys$output "Verifying valid token..." $ call verify_time_stamp_token req1.tsq resp1.tsr ../testtsa $ $ ! The tests below are commented out, because invalid signer certificates $ ! can no longer be specified in the config file. $ $ ! write sys$output "Generating _invalid_ response for req1.req..." $ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 $ $ ! write sys$output "Printing response..." $ ! call print_response resp1_bad.tsr $ $ ! write sys$output "Verifying invalid response, it should fail..." $ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr $ $ write sys$output "Creating req2.req time stamp request for file testtsa..." $ call create_time_stamp_request2 $ $ write sys$output "Printing req2.req..." $ call print_request req2.tsq $ $ write sys$output "Generating valid response for req2.req..." $ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1 $ $ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." $ call time_stamp_response_token_test req2.tsq resp2.tsr $ $ write sys$output "Printing response..." $ call print_response resp2.tsr $ $ write sys$output "Verifying valid response..." $ call verify_time_stamp_response req2.tsq resp2.tsr ../testtsa $ $ write sys$output "Verifying response against wrong request, it should fail..." $ call verify_time_stamp_response_fail req1.tsq resp2.tsr $ $ write sys$output "Verifying response against wrong request, it should fail..." $ call verify_time_stamp_response_fail req2.tsq resp1.tsr $ $ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." $ call create_time_stamp_request3 $ $ write sys$output "Printing req3.req..." $ call print_request req3.tsq $ $ write sys$output "Verifying response against wrong request, it should fail..." $ call verify_time_stamp_response_fail req3.tsq resp1.tsr $ $ write sys$output "Cleaning up..." $ call clean_up_dir $ $ exit Loading
test/tests.com +19 −6 Original line number Diff line number Diff line Loading @@ -20,12 +20,12 @@ $ tests = p1 $ else $ tests := - test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- test_md2,test_mdc2,- test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,- test_md2,test_mdc2,test_wp,- test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,- test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- test_ss,test_ca,test_engine,test_evp,test_ssl test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa $ endif $ tests = f$edit(tests,"COLLAPSE") $ Loading Loading @@ -246,9 +246,22 @@ $ write sys$output "Generate and certify a test certificate via the 'ca' pro $ @testca.com $ endif $ return $ test_rd: $ write sys$output "test Rijndael" $ !mcr 'texe_dir''rdtest' $ test_aes: $! write sys$output "test AES" $! !mcr 'texe_dir''aestest' $ return $ test_tsa: $ set noon $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ save_severity=$SEVERITY $ set on $ if save_severity $ then $ write sys$output "skipping testtsa.com test -- requires RSA" $ else $ @testtsa.com $ endif $ return $ $ Loading
test/testtsa.com 0 → 100644 +260 −0 Original line number Diff line number Diff line $! $! A few very basic tests for the 'ts' time stamping authority command. $! $ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ openssl := mcr 'exe_dir'openssl $ OPENSSL_CONF := [-]CAtsa.cnf $ $ error: $ subroutine $ write sys$error "TSA test failed!" $ exit 3 $ endsubroutine $ $ setup_dir: $ subroutine $ $ @[-.utils]deltree [.tsa]*.* $ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* $ delete tsa.dir;* $ $ create/dir [.tsa] $ set default [.tsa] $ endsubroutine $ $ clean_up_dir: $ subroutine $ $ set default [-] $ @[-.utils]deltree [.tsa]*.* $ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* $ delete tsa.dir;* $ endsubroutine $ $ create_ca: $ subroutine $ $ write sys$output "Creating a new CA for the TSA tests..." $ @[--.utils]deltree [.demoCA]*.* $ $ open/write file VMStsa-response.create_ca $ write file "" $ write file "HU" $ write file "Budapest" $ write file "Budapest" $ write file "Gov-CA Ltd." $ write file "ca1" $ close file $ open/read sys$ca_input VMStsa-response.create_ca $ @[--.apps]CA.com -input sys$ca_input -newca $ save_severity = $severity $ close sys$ca_input $ if save_severity .ne. 1 then call error $ endsubroutine $ $ create_tsa_cert: $ subroutine $ $ INDEX=p1 $ EXT=p2 $ open/write file VMStsa-response1.create_tsa_cert $ write file "HU" $ write file "Budapest" $ write file "Buda" $ write file "Hun-TSA Ltd." $ write file "tsa",INDEX $ close file $ define/user sys$input VMStsa-response.create_tsa_cert $ openssl req -new - -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem $ if $severity .ne. 1 then call error $ $ open/write file VMStsa-response2.create_tsa_cert $ write file "y" $ write file "y" $ close file $ define/user sys$input VMStsa-response.create_tsa_cert $ openssl ca -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - -extensions "''EXT'" $ if $severity .ne. 1 then call error $ endsubroutine $ $ print_request: $ subroutine $ $ openssl ts -query -in 'p1' -text $ endsubroutine $ $ create_time_stamp_request1: subroutine $ $ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - -cert -out req1.tsq $ if $severity .ne. 1 then call error $ endsubroutine $ $ create_time_stamp_request2: subroutine $ $ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - -no_nonce -out req2.tsq $ if $severity .ne. 1 then call error $ endsubroutine $ $ create_time_stamp_request3: subroutine $ $ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq $ if $severity .ne. 1 then call error $ endsubroutine $ $ print_response: $ subroutine $ $ openssl ts -reply -in 'p1' -text $ if $severity .ne. 1 then call error $ endsubroutine $ $ create_time_stamp_response: $ subroutine $ $ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' $ if $severity .ne. 1 then call error $ endsubroutine $ $ time_stamp_response_token_test: $ subroutine $ $ RESPONSE2:='p2'.copy_tsr $ TOKEN_DER:='p2'.token_der $ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out $ if $severity .ne. 1 then call error $ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' $ if $severity .ne. 1 then call error $ backup/compare 'RESPONSE2' 'p2' $ if $severity .ne. 1 then call error $ openssl ts -reply -in 'p2' -text -token_out $ if $severity .ne. 1 then call error $ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out $ if $severity .ne. 1 then call error $ openssl ts -reply -queryfile 'p1' -text -token_out $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_response: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_token: $ subroutine $ $ # create the token from the response first $ openssl ts -reply -in 'p2' -out 'p2'.token -token_out $ if $severity .ne. 1 then call error $ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in \ -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ openssl ts -verify -data 'p3' -in 'p2'.token -token_in \ -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ if $severity .ne. 1 then call error $ endsubroutine $ $ verify_time_stamp_response_fail: $ subroutine $ $ openssl ts -verify -queryfile 'p1' -in 'p2' - -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem $ # Checks if the verification failed, as it should have. $ if $severity .ne. 1 then call error $ write sys$output "Ok" $ endsubroutine $ $ ! Main body ---------------------------------------------------------- $ $ write sys$output "Setting up TSA test directory..." $ call setup_dir $ $ write sys$output "Creating CA for TSA tests..." $ call create_ca $ $ write sys$output "Creating tsa_cert1.pem TSA server cert..." $ call create_tsa_cert 1 tsa_cert $ $ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." $ call create_tsa_cert 2 non_tsa_cert $ $ write sys$output "Creating req1.req time stamp request for file testtsa..." $ call create_time_stamp_request1 $ $ write sys$output "Printing req1.req..." $ call print_request req1.tsq $ $ write sys$output "Generating valid response for req1.req..." $ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1 $ $ write sys$output "Printing response..." $ call print_response resp1.tsr $ $ write sys$output "Verifying valid response..." $ call verify_time_stamp_response req1.tsq resp1.tsr ../testtsa $ $ write sys$output "Verifying valid token..." $ call verify_time_stamp_token req1.tsq resp1.tsr ../testtsa $ $ ! The tests below are commented out, because invalid signer certificates $ ! can no longer be specified in the config file. $ $ ! write sys$output "Generating _invalid_ response for req1.req..." $ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 $ $ ! write sys$output "Printing response..." $ ! call print_response resp1_bad.tsr $ $ ! write sys$output "Verifying invalid response, it should fail..." $ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr $ $ write sys$output "Creating req2.req time stamp request for file testtsa..." $ call create_time_stamp_request2 $ $ write sys$output "Printing req2.req..." $ call print_request req2.tsq $ $ write sys$output "Generating valid response for req2.req..." $ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1 $ $ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." $ call time_stamp_response_token_test req2.tsq resp2.tsr $ $ write sys$output "Printing response..." $ call print_response resp2.tsr $ $ write sys$output "Verifying valid response..." $ call verify_time_stamp_response req2.tsq resp2.tsr ../testtsa $ $ write sys$output "Verifying response against wrong request, it should fail..." $ call verify_time_stamp_response_fail req1.tsq resp2.tsr $ $ write sys$output "Verifying response against wrong request, it should fail..." $ call verify_time_stamp_response_fail req2.tsq resp1.tsr $ $ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." $ call create_time_stamp_request3 $ $ write sys$output "Printing req3.req..." $ call print_request req3.tsq $ $ write sys$output "Verifying response against wrong request, it should fail..." $ call verify_time_stamp_response_fail req3.tsq resp1.tsr $ $ write sys$output "Cleaning up..." $ call clean_up_dir $ $ exit
