Remove building with NOCRYPTO option
[minix.git] / crypto / external / bsd / heimdal / dist / lib / hx509 / test_chain.in
blob13e27b25204a856836795d044e6d9230c0eddafb
1 #!/bin/sh
3 # Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan
4 # (Royal Institute of Technology, Stockholm, Sweden).
5 # All rights reserved.
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
9 # are met:
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
18 # 3. Neither the name of the Institute nor the names of its contributors
19 # may be used to endorse or promote products derived from this software
20 # without specific prior written permission.
22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 # SUCH DAMAGE.
34 # Id
37 srcdir="@srcdir@"
38 objdir="@objdir@"
40 stat="--statistic-file=${objdir}/statfile"
42 hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
43 if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
44 exit 77
46 if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
47 exit 77
50 echo "cert -> root"
51 ${hxtool} verify --missing-revoke \
52 cert:FILE:$srcdir/data/test.crt \
53 chain:FILE:$srcdir/data/test.crt \
54 chain:FILE:$srcdir/data/ca.crt \
55 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
57 echo "cert -> root"
58 ${hxtool} verify --missing-revoke \
59 cert:FILE:$srcdir/data/test.crt \
60 chain:FILE:$srcdir/data/ca.crt \
61 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
63 echo "cert -> root"
64 ${hxtool} verify --missing-revoke \
65 cert:FILE:$srcdir/data/test.crt \
66 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
68 echo "sub-cert -> root"
69 ${hxtool} verify --missing-revoke \
70 cert:FILE:$srcdir/data/sub-cert.crt \
71 chain:FILE:$srcdir/data/ca.crt \
72 anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
74 echo "sub-cert -> sub-ca -> root"
75 ${hxtool} verify --missing-revoke \
76 cert:FILE:$srcdir/data/sub-cert.crt \
77 chain:FILE:$srcdir/data/sub-ca.crt \
78 chain:FILE:$srcdir/data/ca.crt \
79 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
81 echo "sub-cert -> sub-ca"
82 ${hxtool} verify --missing-revoke \
83 cert:FILE:$srcdir/data/sub-cert.crt \
84 anchor:FILE:$srcdir/data/sub-ca.crt > /dev/null || exit 1
86 echo "sub-cert -> sub-ca -> root"
87 ${hxtool} verify --missing-revoke \
88 cert:FILE:$srcdir/data/sub-cert.crt \
89 chain:FILE:$srcdir/data/sub-ca.crt \
90 chain:FILE:$srcdir/data/ca.crt \
91 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
93 echo "sub-cert -> sub-ca -> root"
94 ${hxtool} verify --missing-revoke \
95 cert:FILE:$srcdir/data/sub-cert.crt \
96 chain:FILE:$srcdir/data/ca.crt \
97 chain:FILE:$srcdir/data/sub-ca.crt \
98 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
100 echo "sub-cert -> sub-ca -> root"
101 ${hxtool} verify --missing-revoke \
102 cert:FILE:$srcdir/data/sub-cert.crt \
103 chain:FILE:$srcdir/data/sub-ca.crt \
104 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
106 echo "max depth 2 (ok)"
107 ${hxtool} verify --missing-revoke \
108 --max-depth=2 \
109 cert:FILE:$srcdir/data/sub-cert.crt \
110 chain:FILE:$srcdir/data/sub-ca.crt \
111 anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
113 echo "max depth 1 (fail)"
114 ${hxtool} verify --missing-revoke \
115 --max-depth=1 \
116 cert:FILE:$srcdir/data/sub-cert.crt \
117 chain:FILE:$srcdir/data/sub-ca.crt \
118 anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
120 echo "ocsp non-ca responder"
121 ${hxtool} verify \
122 cert:FILE:$srcdir/data/test.crt \
123 anchor:FILE:$srcdir/data/ca.crt \
124 ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp.der > /dev/null || exit 1
126 echo "ocsp ca responder"
127 ${hxtool} verify \
128 cert:FILE:$srcdir/data/test.crt \
129 anchor:FILE:$srcdir/data/ca.crt \
130 ocsp:FILE:$srcdir/data/ocsp-resp1-ca.der > /dev/null || exit 1
132 echo "ocsp no-ca responder, missing cert"
133 ${hxtool} verify \
134 cert:FILE:$srcdir/data/test.crt \
135 anchor:FILE:$srcdir/data/ca.crt \
136 ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der > /dev/null && exit 1
138 echo "ocsp no-ca responder, missing cert, in pool"
139 ${hxtool} verify \
140 cert:FILE:$srcdir/data/test.crt \
141 anchor:FILE:$srcdir/data/ca.crt \
142 ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der \
143 chain:FILE:$srcdir/data/ocsp-responder.crt > /dev/null || exit 1
145 echo "ocsp no-ca responder, keyHash"
146 ${hxtool} verify \
147 cert:FILE:$srcdir/data/test.crt \
148 anchor:FILE:$srcdir/data/ca.crt \
149 ocsp:FILE:$srcdir/data/ocsp-resp1-keyhash.der > /dev/null || exit 1
151 echo "ocsp revoked cert"
152 ${hxtool} verify \
153 cert:FILE:$srcdir/data/revoke.crt \
154 anchor:FILE:$srcdir/data/ca.crt \
155 ocsp:FILE:$srcdir/data/ocsp-resp2.der > /dev/null && exit 1
157 for a in resp1-ocsp-no-cert resp1-ca resp1-keyhash resp2 ; do
158 echo "ocsp print reply $a"
159 ${hxtool} ocsp-print \
160 $srcdir/data/ocsp-${a}.der > /dev/null || exit 1
161 done
163 echo "ocsp verify exists"
164 ${hxtool} ocsp-verify \
165 --ocsp-file=$srcdir/data/ocsp-resp1-ca.der \
166 FILE:$srcdir/data/test.crt > /dev/null || exit 1
168 echo "ocsp verify not exists"
169 ${hxtool} ocsp-verify \
170 --ocsp-file=$srcdir/data/ocsp-resp1.der \
171 FILE:$srcdir/data/ca.crt > /dev/null && exit 1
173 echo "ocsp verify revoked"
174 ${hxtool} ocsp-verify \
175 --ocsp-file=$srcdir/data/ocsp-resp2.der \
176 FILE:$srcdir/data/revoke.crt > /dev/null && exit 1
178 echo "crl non-revoked cert"
179 ${hxtool} verify \
180 cert:FILE:$srcdir/data/test.crt \
181 anchor:FILE:$srcdir/data/ca.crt \
182 crl:FILE:$srcdir/data/crl1.der > /dev/null || exit 1
184 echo "crl revoked cert"
185 ${hxtool} verify \
186 cert:FILE:$srcdir/data/revoke.crt \
187 anchor:FILE:$srcdir/data/ca.crt \
188 crl:FILE:$srcdir/data/crl1.der > /dev/null && exit 1
190 if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then
191 echo "not testing ECDSA since hcrypto doesnt support ECDSA"
192 else
193 echo "eccert -> root"
194 ${hxtool} verify --missing-revoke \
195 cert:FILE:$srcdir/data/secp160r2TestServer.cert.pem \
196 anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1
198 echo "eccert -> root"
199 ${hxtool} verify --missing-revoke \
200 cert:FILE:$srcdir/data/secp160r2TestClient.cert.pem \
201 anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1
204 echo "proxy cert"
205 ${hxtool} verify --missing-revoke \
206 --allow-proxy-certificate \
207 cert:FILE:$srcdir/data/proxy-test.crt \
208 chain:FILE:$srcdir/data/test.crt \
209 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
211 echo "proxy cert (negative)"
212 ${hxtool} verify --missing-revoke \
213 cert:FILE:$srcdir/data/proxy-test.crt \
214 chain:FILE:$srcdir/data/test.crt \
215 anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
217 echo "proxy cert (level fail)"
218 ${hxtool} verify --missing-revoke \
219 --allow-proxy-certificate \
220 cert:FILE:$srcdir/data/proxy-level-test.crt \
221 chain:FILE:$srcdir/data/proxy-test.crt \
222 chain:FILE:$srcdir/data/test.crt \
223 anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
225 echo "not a proxy cert"
226 ${hxtool} verify --missing-revoke \
227 --allow-proxy-certificate \
228 cert:FILE:$srcdir/data/no-proxy-test.crt \
229 chain:FILE:$srcdir/data/test.crt \
230 anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
232 echo "proxy cert (max level 10)"
233 ${hxtool} verify --missing-revoke \
234 --allow-proxy-certificate \
235 cert:FILE:$srcdir/data/proxy10-test.crt \
236 chain:FILE:$srcdir/data/test.crt \
237 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
239 echo "proxy cert (second level)"
240 ${hxtool} verify --missing-revoke \
241 --allow-proxy-certificate \
242 cert:FILE:$srcdir/data/proxy10-child-test.crt \
243 chain:FILE:$srcdir/data/proxy10-test.crt \
244 chain:FILE:$srcdir/data/test.crt \
245 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
247 echo "proxy cert (third level)"
248 ${hxtool} verify --missing-revoke \
249 --allow-proxy-certificate \
250 cert:FILE:$srcdir/data/proxy10-child-child-test.crt \
251 chain:FILE:$srcdir/data/proxy10-child-test.crt \
252 chain:FILE:$srcdir/data/proxy10-test.crt \
253 chain:FILE:$srcdir/data/test.crt \
254 anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
256 exit 0