Loading test/CAtsa.cnf +18 −24 Original line number Diff line number Diff line Loading @@ -11,6 +11,9 @@ RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: oid_section = new_oids TSDNSECT = ts_cert_dn INDEX = 1 [ new_oids ] # Policies used by the TSA tests. Loading Loading @@ -53,36 +56,27 @@ emailAddress = optional [ req ] default_bits = 1024 default_md = sha1 distinguished_name = req_distinguished_name distinguished_name = $ENV::TSDNSECT encrypt_rsa_key = no prompt = no # attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = nombstr [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = HU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = [ ts_ca_dn ] countryName = HU stateOrProvinceName = Budapest localityName = Budapest organizationName = Gov-CA Ltd. commonName = ca1 commonName = Common Name (eg, YOUR name) commonName_max = 64 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ ts_cert_dn ] countryName = HU stateOrProvinceName = Budapest localityName = Buda organizationName = Hun-TSA Ltd. commonName = tsa$ENV::INDEX [ tsa_cert ] Loading Loading @@ -138,7 +132,7 @@ dir = . # TSA root directory serial = $dir/tsa_serial # The current serial number (mandatory) signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate # (optional) certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply certs = $dir/tsaca.pem # Certificate chain to include in reply # (optional) signer_key = $dir/tsa_key1.pem # The TSA private key (optional) Loading test/testtsa +20 −27 Original line number Diff line number Diff line Loading @@ -39,36 +39,29 @@ clean_up_dir () { create_ca () { echo "Creating a new CA for the TSA tests..." /bin/rm -fr demoCA $SH ../../apps/CA.sh -newca <<EOF HU Budapest Budapest Gov-CA Ltd. ca1 EOF TSDNSECT=ts_ca_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ -out tsaca.pem -keyout tsacakey.pem test $? != 0 && error } create_tsa_cert () { INDEX=$1 export INDEX EXT=$2 ../../util/shlib_wrap.sh ../../apps/openssl req -new -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem <<EOF HU Budapest Buda Hun-TSA Ltd. tsa${INDEX} EOF test $? != 0 && error TSDNSECT=ts_cert_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl ca -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ -extensions $EXT <<EOF y y EOF ../../util/shlib_wrap.sh ../../apps/openssl req -new \ -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem test $? != 0 && error echo Using extension $EXT ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ -extfile $OPENSSL_CONF -extensions $EXT test $? != 0 && error } Loading Loading @@ -128,10 +121,10 @@ time_stamp_response_token_test () { verify_time_stamp_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile demoCA/cacert.pem \ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error } Loading @@ -142,16 +135,16 @@ verify_time_stamp_token () { ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ -CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ -CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error } verify_time_stamp_response_fail () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem # Checks if the verification failed, as it should have. test $? = 0 && error Loading Loading
test/CAtsa.cnf +18 −24 Original line number Diff line number Diff line Loading @@ -11,6 +11,9 @@ RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: oid_section = new_oids TSDNSECT = ts_cert_dn INDEX = 1 [ new_oids ] # Policies used by the TSA tests. Loading Loading @@ -53,36 +56,27 @@ emailAddress = optional [ req ] default_bits = 1024 default_md = sha1 distinguished_name = req_distinguished_name distinguished_name = $ENV::TSDNSECT encrypt_rsa_key = no prompt = no # attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = nombstr [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = HU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = [ ts_ca_dn ] countryName = HU stateOrProvinceName = Budapest localityName = Budapest organizationName = Gov-CA Ltd. commonName = ca1 commonName = Common Name (eg, YOUR name) commonName_max = 64 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ ts_cert_dn ] countryName = HU stateOrProvinceName = Budapest localityName = Buda organizationName = Hun-TSA Ltd. commonName = tsa$ENV::INDEX [ tsa_cert ] Loading Loading @@ -138,7 +132,7 @@ dir = . # TSA root directory serial = $dir/tsa_serial # The current serial number (mandatory) signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate # (optional) certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply certs = $dir/tsaca.pem # Certificate chain to include in reply # (optional) signer_key = $dir/tsa_key1.pem # The TSA private key (optional) Loading
test/testtsa +20 −27 Original line number Diff line number Diff line Loading @@ -39,36 +39,29 @@ clean_up_dir () { create_ca () { echo "Creating a new CA for the TSA tests..." /bin/rm -fr demoCA $SH ../../apps/CA.sh -newca <<EOF HU Budapest Budapest Gov-CA Ltd. ca1 EOF TSDNSECT=ts_ca_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ -out tsaca.pem -keyout tsacakey.pem test $? != 0 && error } create_tsa_cert () { INDEX=$1 export INDEX EXT=$2 ../../util/shlib_wrap.sh ../../apps/openssl req -new -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem <<EOF HU Budapest Buda Hun-TSA Ltd. tsa${INDEX} EOF test $? != 0 && error TSDNSECT=ts_cert_dn export TSDNSECT ../../util/shlib_wrap.sh ../../apps/openssl ca -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ -extensions $EXT <<EOF y y EOF ../../util/shlib_wrap.sh ../../apps/openssl req -new \ -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem test $? != 0 && error echo Using extension $EXT ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ -extfile $OPENSSL_CONF -extensions $EXT test $? != 0 && error } Loading Loading @@ -128,10 +121,10 @@ time_stamp_response_token_test () { verify_time_stamp_response () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile demoCA/cacert.pem \ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem test $? != 0 && error } Loading @@ -142,16 +135,16 @@ verify_time_stamp_token () { ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ -CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ -CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem -CAfile tsaca.pem -untrusted tsa_cert1.pem test $? != 0 && error } verify_time_stamp_response_fail () { ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \ ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ -untrusted tsa_cert1.pem # Checks if the verification failed, as it should have. test $? = 0 && error Loading
