| blob | 5676d70e774243a8390993697b0eac8a6e328316 |
1 $!
2 $! A few very basic tests for the 'ts' time stamping authority command.
3 $!
4 $
5 $ __arch := VAX
6 $ if f$getsyi("cpu") .ge. 128 then __arch := AXP
7 $ exe_dir := sys$disk:[-.'__arch'.exe.apps]
8 $
9 $ openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
10 $ OPENSSL_CONF := [-]CAtsa.cnf
11 $ ! Because that's what ../apps/CA.sh really looks at
12 $ SSLEAY_CONFIG = "-config " + OPENSSL_CONF
13 $
14 $ error:
15 $ subroutine
16 $ write sys$error "TSA test failed!"
17 $ exit 3
18 $ endsubroutine
19 $
20 $ setup_dir:
21 $ subroutine
22 $
23 $ if f$search("tsa.dir") .nes ""
24 $ then
25 $ @[-.util]deltree [.tsa]*.*
26 $ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
27 $ delete tsa.dir;*
28 $ endif
29 $
30 $ create/dir [.tsa]
31 $ set default [.tsa]
32 $ endsubroutine
33 $
34 $ clean_up_dir:
35 $ subroutine
36 $
37 $ set default [-]
38 $ @[-.util]deltree [.tsa]*.*
39 $ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
40 $ delete tsa.dir;*
41 $ endsubroutine
42 $
43 $ create_ca:
44 $ subroutine
45 $
46 $ write sys$output "Creating a new CA for the TSA tests..."
47 $ @[--.util]deltree [.demoCA]*.*
48 $
49 $ open/write file VMStsa-response.create_ca
50 $ write file ""
51 $ write file "HU"
52 $ write file "Budapest"
53 $ write file "Budapest"
54 $ write file "Gov-CA Ltd."
55 $ write file "ca1"
56 $ close file
57 $ open/read sys$ca_input VMStsa-response.create_ca
58 $ @[--.apps]CA.com -input sys$ca_input -newca
59 $ save_severity = $severity
60 $ close sys$ca_input
61 $ if save_severity .ne. 1 then call error
62 $ endsubroutine
63 $
64 $ create_tsa_cert:
65 $ subroutine
66 $
67 $ INDEX=p1
68 $ EXT=p2
69 $ open/write file VMStsa-response1.create_tsa_cert
70 $ write file "HU"
71 $ write file "Budapest"
72 $ write file "Buda"
73 $ write file "Hun-TSA Ltd."
74 $ write file "tsa",INDEX
75 $ close file
76 $ define/user sys$input VMStsa-response.create_tsa_cert
77 $ openssl req -new -
78 -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
79 $ if $severity .ne. 1 then call error
80 $
81 $ open/write file VMStsa-response2.create_tsa_cert
82 $ write file "y"
83 $ write file "y"
84 $ close file
85 $ define/user sys$input VMStsa-response.create_tsa_cert
86 $ openssl ca -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
87 -extensions "''EXT'"
88 $ if $severity .ne. 1 then call error
89 $ endsubroutine
90 $
91 $ print_request:
92 $ subroutine
93 $
94 $ openssl ts -query -in 'p1' -text
95 $ endsubroutine
96 $
97 $ create_time_stamp_request1: subroutine
98 $
99 $ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
100 -cert -out req1.tsq
101 $ if $severity .ne. 1 then call error
102 $ endsubroutine
103 $
104 $ create_time_stamp_request2: subroutine
105 $
106 $ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
107 -no_nonce -out req2.tsq
108 $ if $severity .ne. 1 then call error
109 $ endsubroutine
110 $
111 $ create_time_stamp_request3: subroutine
112 $
113 $ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
114 $ if $severity .ne. 1 then call error
115 $ endsubroutine
116 $
117 $ print_response:
118 $ subroutine
119 $
120 $ openssl ts -reply -in 'p1' -text
121 $ if $severity .ne. 1 then call error
122 $ endsubroutine
123 $
124 $ create_time_stamp_response:
125 $ subroutine
126 $
127 $ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
128 $ if $severity .ne. 1 then call error
129 $ endsubroutine
130 $
131 $ time_stamp_response_token_test:
132 $ subroutine
133 $
134 $ RESPONSE2:='p2'.copy_tsr
135 $ TOKEN_DER:='p2'.token_der
136 $ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
137 $ if $severity .ne. 1 then call error
138 $ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
139 $ if $severity .ne. 1 then call error
140 $ backup/compare 'RESPONSE2' 'p2'
141 $ if $severity .ne. 1 then call error
142 $ openssl ts -reply -in 'p2' -text -token_out
143 $ if $severity .ne. 1 then call error
144 $ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
145 $ if $severity .ne. 1 then call error
146 $ openssl ts -reply -queryfile 'p1' -text -token_out
147 $ if $severity .ne. 1 then call error
148 $ endsubroutine
149 $
150 $ verify_time_stamp_response:
151 $ subroutine
152 $
153 $ openssl ts -verify -queryfile 'p1' -in 'p2' -
154 -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
155 $ if $severity .ne. 1 then call error
156 $ openssl ts -verify -data 'p3' -in 'p2' -
157 -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
158 $ if $severity .ne. 1 then call error
159 $ endsubroutine
160 $
161 $ verify_time_stamp_token:
162 $ subroutine
163 $
164 $ # create the token from the response first
165 $ openssl ts -reply -in 'p2' -out 'p2'.token -token_out
166 $ if $severity .ne. 1 then call error
167 $ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in \
168 -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
169 $ if $severity .ne. 1 then call error
170 $ openssl ts -verify -data 'p3' -in 'p2'.token -token_in \
171 -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
172 $ if $severity .ne. 1 then call error
173 $ endsubroutine
174 $
175 $ verify_time_stamp_response_fail:
176 $ subroutine
177 $
178 $ openssl ts -verify -queryfile 'p1' -in 'p2' -
179 -CAfile [.demoCA]cacert.pem -untrusted tsa_cert1.pem
180 $ # Checks if the verification failed, as it should have.
181 $ if $severity .ne. 1 then call error
182 $ write sys$output "Ok"
183 $ endsubroutine
184 $
185 $ ! Main body ----------------------------------------------------------
186 $
187 $ write sys$output "Setting up TSA test directory..."
188 $ call setup_dir
189 $
190 $ write sys$output "Creating CA for TSA tests..."
191 $ call create_ca
192 $
193 $ write sys$output "Creating tsa_cert1.pem TSA server cert..."
194 $ call create_tsa_cert 1 tsa_cert
195 $
196 $ write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
197 $ call create_tsa_cert 2 non_tsa_cert
198 $
199 $ write sys$output "Creating req1.req time stamp request for file testtsa..."
200 $ call create_time_stamp_request1
201 $
202 $ write sys$output "Printing req1.req..."
203 $ call print_request req1.tsq
204 $
205 $ write sys$output "Generating valid response for req1.req..."
206 $ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1
207 $
208 $ write sys$output "Printing response..."
209 $ call print_response resp1.tsr
210 $
211 $ write sys$output "Verifying valid response..."
212 $ call verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
213 $
214 $ write sys$output "Verifying valid token..."
215 $ call verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
216 $
217 $ ! The tests below are commented out, because invalid signer certificates
218 $ ! can no longer be specified in the config file.
219 $
220 $ ! write sys$output "Generating _invalid_ response for req1.req..."
221 $ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
222 $
223 $ ! write sys$output "Printing response..."
224 $ ! call print_response resp1_bad.tsr
225 $
226 $ ! write sys$output "Verifying invalid response, it should fail..."
227 $ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
228 $
229 $ write sys$output "Creating req2.req time stamp request for file testtsa..."
230 $ call create_time_stamp_request2
231 $
232 $ write sys$output "Printing req2.req..."
233 $ call print_request req2.tsq
234 $
235 $ write sys$output "Generating valid response for req2.req..."
236 $ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1
237 $
238 $ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
239 $ call time_stamp_response_token_test req2.tsq resp2.tsr
240 $
241 $ write sys$output "Printing response..."
242 $ call print_response resp2.tsr
243 $
244 $ write sys$output "Verifying valid response..."
245 $ call verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
246 $
247 $ write sys$output "Verifying response against wrong request, it should fail..."
248 $ call verify_time_stamp_response_fail req1.tsq resp2.tsr
249 $
250 $ write sys$output "Verifying response against wrong request, it should fail..."
251 $ call verify_time_stamp_response_fail req2.tsq resp1.tsr
252 $
253 $ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
254 $ call create_time_stamp_request3
255 $
256 $ write sys$output "Printing req3.req..."
257 $ call print_request req3.tsq
258 $
259 $ write sys$output "Verifying response against wrong request, it should fail..."
260 $ call verify_time_stamp_response_fail req3.tsq resp1.tsr
261 $
262 $ write sys$output "Cleaning up..."
263 $ call clean_up_dir
264 $
265 $ exit