Cleanup testtsa script
Add RUN function; remove single-use functions and use their body inline. Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Rich Salz
Rich Salz
parent
ca4a494cb7
commit
fda23e2d93
1 changed files with 39 additions and 88 deletions
127
test/testtsa
127
test/testtsa
|
|
@ -21,32 +21,16 @@ export SSLEAY_CONFIG
|
|||
OPENSSL="`pwd`/../util/opensslwrap.sh"
|
||||
export OPENSSL
|
||||
|
||||
setup_dir () {
|
||||
rm -rf tsa 2>/dev/null
|
||||
mkdir tsa
|
||||
cd ./tsa
|
||||
}
|
||||
|
||||
clean_up_dir () {
|
||||
cd ..
|
||||
rm -rf tsa
|
||||
}
|
||||
|
||||
create_ca () {
|
||||
echo creating a new CA for the TSA tests
|
||||
TSDNSECT=ts_ca_dn
|
||||
export TSDNSECT
|
||||
../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
|
||||
-out tsaca.pem -keyout tsacakey.pem || exit 1
|
||||
RUN () {
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts $*
|
||||
}
|
||||
|
||||
create_tsa_cert () {
|
||||
|
||||
INDEX=$1
|
||||
export INDEX
|
||||
EXT=$2
|
||||
TSDNSECT=ts_cert_dn
|
||||
export TSDNSECT
|
||||
export TSDNSECT
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl req -new \
|
||||
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1
|
||||
|
|
@ -57,70 +41,19 @@ create_tsa_cert () {
|
|||
-extfile $OPENSSL_CONF -extensions $EXT || exit 1
|
||||
}
|
||||
|
||||
print_request () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
|
||||
}
|
||||
|
||||
create_time_stamp_request1 () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1
|
||||
}
|
||||
|
||||
create_time_stamp_request2 () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
|
||||
-out req2.tsq || exit 1
|
||||
}
|
||||
|
||||
create_time_stamp_request3 () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1
|
||||
}
|
||||
|
||||
print_response () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text || exit 1
|
||||
}
|
||||
|
||||
create_time_stamp_response () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 || exit 1
|
||||
}
|
||||
|
||||
time_stamp_response_token_test () {
|
||||
|
||||
RESPONSE2=$2.copy.tsr
|
||||
TOKEN_DER=$2.token.der
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out || exit 1
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
|
||||
cmp $RESPONSE2 $2 || exit 1
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out || exit 1
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out || exit 1
|
||||
RUN -reply -section $3 -queryfile $1 -out $2 || exit 1
|
||||
}
|
||||
|
||||
verify_time_stamp_response () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
|
||||
RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
|
||||
-untrusted tsa_cert1.pem || exit 1
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
|
||||
RUN -verify -data $3 -in $2 -CAfile tsaca.pem \
|
||||
-untrusted tsa_cert1.pem || exit 1
|
||||
}
|
||||
|
||||
verify_time_stamp_token () {
|
||||
|
||||
# create the token from the response first
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out || exit 1
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
|
||||
-CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
|
||||
-CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
|
||||
}
|
||||
|
||||
verify_time_stamp_response_fail () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
|
||||
RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
|
||||
-untrusted tsa_cert1.pem && exit 1
|
||||
echo ok
|
||||
}
|
||||
|
|
@ -128,10 +61,15 @@ verify_time_stamp_response_fail () {
|
|||
# main functions
|
||||
|
||||
echo setting up TSA test directory
|
||||
setup_dir
|
||||
rm -rf tsa 2>/dev/null
|
||||
mkdir tsa
|
||||
cd ./tsa
|
||||
|
||||
echo creating CA for TSA tests
|
||||
create_ca
|
||||
echo creating a new CA for the TSA tests
|
||||
TSDNSECT=ts_ca_dn
|
||||
export TSDNSECT
|
||||
../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
|
||||
-out tsaca.pem -keyout tsacakey.pem || exit 1
|
||||
|
||||
echo creating tsa_cert1.pem TSA server cert
|
||||
create_tsa_cert 1 tsa_cert
|
||||
|
|
@ -140,37 +78,49 @@ echo creating tsa_cert2.pem non-TSA server cert
|
|||
create_tsa_cert 2 non_tsa_cert
|
||||
|
||||
echo creating req1.req time stamp request for file testtsa
|
||||
create_time_stamp_request1
|
||||
RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1
|
||||
|
||||
echo printing req1.req
|
||||
print_request req1.tsq
|
||||
RUN -query -in req1.tsq -text
|
||||
|
||||
echo generating valid response for req1.req
|
||||
create_time_stamp_response req1.tsq resp1.tsr tsa_config1
|
||||
|
||||
echo printing response
|
||||
print_response resp1.tsr
|
||||
RUN -reply -in resp1.tsr -text || exit 1
|
||||
|
||||
echo verifying valid response
|
||||
verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
|
||||
|
||||
echo verifying valid token
|
||||
verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
|
||||
RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out || exit 1
|
||||
RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \
|
||||
-CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
|
||||
RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \
|
||||
-CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
|
||||
|
||||
echo creating req2.req time stamp request for file testtsa
|
||||
create_time_stamp_request2
|
||||
RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \
|
||||
-out req2.tsq || exit 1
|
||||
|
||||
echo printing req2.req
|
||||
print_request req2.tsq
|
||||
RUN -query -in req2.tsq -text
|
||||
|
||||
echo generating valid response for req2.req
|
||||
create_time_stamp_response req2.tsq resp2.tsr tsa_config1
|
||||
|
||||
echo checking -token_in and -token_out options with -reply
|
||||
time_stamp_response_token_test req2.tsq resp2.tsr
|
||||
RESPONSE2=resp2.tsr.copy.tsr
|
||||
TOKEN_DER=resp2.tsr.token.der
|
||||
RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out || exit 1
|
||||
RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
|
||||
cmp $RESPONSE2 resp2.tsr || exit 1
|
||||
RUN -reply -in resp2.tsr -text -token_out || exit 1
|
||||
RUN -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
|
||||
RUN -reply -queryfile req2.tsq -text -token_out || exit 1
|
||||
|
||||
echo printing response
|
||||
print_response resp2.tsr
|
||||
RUN -reply -in resp2.tsr -text || exit 1
|
||||
|
||||
echo verifying valid response
|
||||
verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
|
||||
|
|
@ -182,15 +132,16 @@ echo verifying response against wrong request, it should fail
|
|||
verify_time_stamp_response_fail req2.tsq resp1.tsr
|
||||
|
||||
echo creating req3.req time stamp request for file CAtsa.cnf
|
||||
create_time_stamp_request3
|
||||
RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1
|
||||
|
||||
echo printing req3.req
|
||||
print_request req3.tsq
|
||||
RUN -query -in req3.tsq -text
|
||||
|
||||
echo verifying response against wrong request, it should fail
|
||||
verify_time_stamp_response_fail req3.tsq resp1.tsr
|
||||
|
||||
echo cleaning up
|
||||
clean_up_dir
|
||||
cd ..
|
||||
rm -rf tsa
|
||||
|
||||
exit 0
|
||||
|
|
|
|||
Loading…
Reference in a new issue