agent/
[gnupg.git] / tests / pkits / signature-verification
blob7765371049886b5058011bdd6dd5d089737b9b22
1 #!/bin/sh
2 # signature-verification - PKITS Test 4.1 -*- sh -*-
3 # Copyright (C) 2008 Free Software Foundation, Inc.
5 # This file is part of GnuPG.
6 #
7 # GnuPG is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # GnuPG is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program; if not, see <http://www.gnu.org/licenses/>.
20 . ${srcdir:-.}/common.sh || exit 2
22 section=4.1
23 description="Signature Verification"
24 info "Running $description tests"
27 start_test 4.1.1 "Valid Signatures Test1"
28 # The purpose of this test is to verify an application's ability to
29 # name chain, signature chain, and check validity dates, on
30 # certificates in a certification path. It also tests processing of
31 # the basic constraints and key usage extensions in intermediate
32 # certificates.
33 clean_homedir
34 need_cert TrustAnchorRootCertificate
35 need_crl TrustAnchorRootCRL
36 need_cert GoodCACert
37 need_crl GoodCACRL
38 need_cert ValidCertificatePathTest1EE
39 if $GPGSM --with-colons --with-validation --list-key 0x126B7002 >$SCRATCH; then
40 tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
41 END {if(!any) print "error"}' $SCRATCH)
42 [ -n "$tmp" ] && set_status fail
43 else
44 set_status fail
46 if [ "$test_status" = "none" ]; then
47 if sed '1,/^.$/d' smime/SignedValidSignaturesTest1.eml \
48 | $GPGSM --verify --assume-base64 --status-fd 1 \
49 | grep TRUST_FULLY >/dev/null; then
50 set_status pass
51 else
52 set_status fail
55 end_test
59 start_test 4.1.2 "Invalid CA Signatures Test2"
60 # The purpose of this test is to verify an application's ability to
61 # recognize an invalid signature on an intermediate certificate in a
62 # certification path.
63 clean_homedir
64 need_cert TrustAnchorRootCertificate
65 need_crl TrustAnchorRootCRL
66 need_cert BadSignedCACert --import-anyway
67 need_crl BadSignedCACRL
68 need_cert InvalidCASignatureTest2EE --import-anyway
69 if $GPGSM --with-colons --with-validation --list-key 0xD667FE3C >$SCRATCH; then
70 tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
71 END {if(!any) print "error"}' $SCRATCH)
72 [ "$tmp" = "i" ] || set_status fail
73 else
74 set_status fail
76 if [ "$test_status" = "none" ]; then
77 if sed '1,/^.$/d' smime/SignedInvalidCASignatureTest2.eml \
78 | $GPGSM --verify --assume-base64 --status-fd 1 \
79 | grep TRUST_NEVER >/dev/null; then
80 set_status pass
81 else
82 set_status fail
85 end_test
89 start_test 4.1.3 "Invalid EE Signature Test3"
90 # The purpose of this test is to verify an application's ability to
91 # recognize an invalid signature on an end entity certificate in a
92 # certification path.
93 clean_homedir
94 need_cert TrustAnchorRootCertificate
95 need_crl TrustAnchorRootCRL
96 need_cert GoodCACert
97 need_crl GoodCACRL
98 need_cert InvalidEESignatureTest3EE --import-anyway
99 if $GPGSM --with-colons --with-validation --list-key 0x42E1AEE3 >$SCRATCH; then
100 tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
101 END {if(!any) print "error"}' $SCRATCH)
102 [ "$tmp" = "i" ] || set_status fail
103 else
104 set_status fail
106 if [ "$test_status" = "none" ]; then
107 if sed '1,/^.$/d' smime/SignedInvalidEESignatureTest3.eml \
108 | $GPGSM --verify --assume-base64 --status-fd 1 \
109 | grep TRUST_NEVER >/dev/null; then
110 set_status pass
111 else
112 set_status fail
115 end_test
118 start_test 4.1.4 "Valid DSA Signatures Test4"
119 # The purpose of this test is to verify an application's ability to
120 # validate certificate in which DSA signatures are used. The
121 # intermediate CA and the end entity have DSA key pairs.
122 clean_homedir
123 need_cert TrustAnchorRootCertificate
124 need_crl TrustAnchorRootCRL
125 need_cert DSACACert
126 need_crl DSACACRL
127 need_cert ValidDSASignaturesTest4EE
128 if $GPGSM --with-colons --with-validation --list-key 0x820A72B8 >$SCRATCH; then
129 tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
130 END {if(!any) print "error"}' $SCRATCH)
131 [ -n "$tmp" ] && set_status fail
132 else
133 set_status fail
135 if [ "$test_status" = "none" ]; then
136 # Note: This S/MIME file uses LF and not CR,LF. */
137 if sed '1,/^$/d' smime/SignedValidDSASignaturesTest4.eml \
138 | $GPGSM --verify --assume-base64 --status-fd 1 \
139 | grep TRUST_FULLY >/dev/null; then
140 set_status pass
141 else
142 set_status fail
145 end_test
148 start_test 4.1.5 "Valid DSA Parameter Inheritance Test5"
149 # The purpose of this test is to verify an application's ability to
150 # validate DSA signatures when the DSA parameters are not included in
151 # a certificate and need to be inherited from a previous certificate
152 # in the path. The intermediate CAs and the end entity have DSA key
153 # pairs.
154 set_status nys
155 end_test
158 start_test 4.1.6 "Invalid DSA Signature Test6"
159 # The purpose of this test is to verify an application's ability to
160 # determine when a DSA signature is invalid. The intermediate CA and
161 # the end entity have DSA key pairs.
162 set_status nys
163 end_test
167 final_result