Make TSA tests use the noprompt mode of utilities rather than piping
the result into interative utilities.
This commit is contained in:
Dr. Stephen Henson
parent
ad0e439604
commit
cf32ad7fe3
@ -11,6 +11,9 @@ RANDFILE = $ENV::HOME/.rnd
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
oid_section = new_oids
|
||||
|
||||
TSDNSECT = ts_cert_dn
|
||||
INDEX = 1
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# Policies used by the TSA tests.
|
||||
@ -53,36 +56,27 @@ emailAddress = optional
|
||||
[ req ]
|
||||
default_bits = 1024
|
||||
default_md = sha1
|
||||
distinguished_name = req_distinguished_name
|
||||
distinguished_name = $ENV::TSDNSECT
|
||||
encrypt_rsa_key = no
|
||||
prompt = no
|
||||
# attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
string_mask = nombstr
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = HU
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
[ ts_ca_dn ]
|
||||
countryName = HU
|
||||
stateOrProvinceName = Budapest
|
||||
localityName = Budapest
|
||||
organizationName = Gov-CA Ltd.
|
||||
commonName = ca1
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default =
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default =
|
||||
|
||||
commonName = Common Name (eg, YOUR name)
|
||||
commonName_max = 64
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
[ ts_cert_dn ]
|
||||
countryName = HU
|
||||
stateOrProvinceName = Budapest
|
||||
localityName = Buda
|
||||
organizationName = Hun-TSA Ltd.
|
||||
commonName = tsa$ENV::INDEX
|
||||
|
||||
[ tsa_cert ]
|
||||
|
||||
@ -138,7 +132,7 @@ dir = . # TSA root directory
|
||||
serial = $dir/tsa_serial # The current serial number (mandatory)
|
||||
signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
|
||||
# (optional)
|
||||
certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
|
||||
certs = $dir/tsaca.pem # Certificate chain to include in reply
|
||||
# (optional)
|
||||
signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
|
||||
|
||||
|
||||
47
test/testtsa
47
test/testtsa
@ -39,36 +39,29 @@ clean_up_dir () {
|
||||
create_ca () {
|
||||
|
||||
echo "Creating a new CA for the TSA tests..."
|
||||
/bin/rm -fr demoCA
|
||||
$SH ../../apps/CA.sh -newca <<EOF
|
||||
|
||||
HU
|
||||
Budapest
|
||||
Budapest
|
||||
Gov-CA Ltd.
|
||||
ca1
|
||||
EOF
|
||||
TSDNSECT=ts_ca_dn
|
||||
export TSDNSECT
|
||||
../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
|
||||
-out tsaca.pem -keyout tsacakey.pem
|
||||
test $? != 0 && error
|
||||
}
|
||||
|
||||
create_tsa_cert () {
|
||||
|
||||
INDEX=$1
|
||||
export INDEX
|
||||
EXT=$2
|
||||
../../util/shlib_wrap.sh ../../apps/openssl req -new -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem <<EOF
|
||||
HU
|
||||
Budapest
|
||||
Buda
|
||||
Hun-TSA Ltd.
|
||||
tsa${INDEX}
|
||||
EOF
|
||||
test $? != 0 && error
|
||||
TSDNSECT=ts_cert_dn
|
||||
export TSDNSECT
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ca -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
|
||||
-extensions $EXT <<EOF
|
||||
y
|
||||
y
|
||||
EOF
|
||||
../../util/shlib_wrap.sh ../../apps/openssl req -new \
|
||||
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
|
||||
test $? != 0 && error
|
||||
echo Using extension $EXT
|
||||
../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
|
||||
-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
|
||||
-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
|
||||
-extfile $OPENSSL_CONF -extensions $EXT
|
||||
test $? != 0 && error
|
||||
}
|
||||
|
||||
@ -128,10 +121,10 @@ time_stamp_response_token_test () {
|
||||
|
||||
verify_time_stamp_response () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
|
||||
-untrusted tsa_cert1.pem
|
||||
test $? != 0 && error
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile demoCA/cacert.pem \
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
|
||||
-untrusted tsa_cert1.pem
|
||||
test $? != 0 && error
|
||||
}
|
||||
@ -142,16 +135,16 @@ verify_time_stamp_token () {
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
|
||||
test $? != 0 && error
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
|
||||
-CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem
|
||||
-CAfile tsaca.pem -untrusted tsa_cert1.pem
|
||||
test $? != 0 && error
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
|
||||
-CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem
|
||||
-CAfile tsaca.pem -untrusted tsa_cert1.pem
|
||||
test $? != 0 && error
|
||||
}
|
||||
|
||||
verify_time_stamp_response_fail () {
|
||||
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \
|
||||
../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
|
||||
-untrusted tsa_cert1.pem
|
||||
# Checks if the verification failed, as it should have.
|
||||
test $? = 0 && error
|
||||
|
||||
Loading…
Reference in New Issue
Block a user