Parameterise the invocation of hxtool, so we can make it run under TESTS_ENVIRONMENT. From Andrew Bartlett

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18388 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-10-10 09:24:07 +00:00
parent 64dc3bcf0b
commit 4f9be7d03f
8 changed files with 100 additions and 85 deletions

View File

@@ -36,136 +36,137 @@
srcdir="@srcdir@"
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
exit 77
fi
echo "cert -> root"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/test.crt \
chain:FILE:$srcdir/data/test.crt \
chain:FILE:$srcdir/data/ca.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "cert -> root"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/test.crt \
chain:FILE:$srcdir/data/ca.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "cert -> root"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "sub-cert -> root"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/sub-cert.crt \
chain:FILE:$srcdir/data/ca.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
echo "sub-cert -> sub-ca -> root"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/sub-cert.crt \
chain:FILE:$srcdir/data/sub-ca.crt \
chain:FILE:$srcdir/data/ca.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "sub-cert -> sub-ca"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/sub-cert.crt \
anchor:FILE:$srcdir/data/sub-ca.crt > /dev/null || exit 1
echo "sub-cert -> sub-ca -> root"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/sub-cert.crt \
chain:FILE:$srcdir/data/sub-ca.crt \
chain:FILE:$srcdir/data/ca.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "sub-cert -> sub-ca -> root"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/sub-cert.crt \
chain:FILE:$srcdir/data/ca.crt \
chain:FILE:$srcdir/data/sub-ca.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "sub-cert -> sub-ca -> root"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/sub-cert.crt \
chain:FILE:$srcdir/data/sub-ca.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "ocsp non-ca responder"
./hxtool verify \
${hxtool} verify \
cert:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt \
ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp.der > /dev/null || exit 1
echo "ocsp ca responder"
./hxtool verify \
${hxtool} verify \
cert:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt \
ocsp:FILE:$srcdir/data/ocsp-resp1-ca.der > /dev/null || exit 1
echo "ocsp no-ca responder, missing cert"
./hxtool verify \
${hxtool} verify \
cert:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt \
ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der > /dev/null && exit 1
echo "ocsp no-ca responder, missing cert, in pool"
./hxtool verify \
${hxtool} verify \
cert:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt \
ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der \
chain:FILE:$srcdir/data/ocsp-responder.crt > /dev/null || exit 1
echo "ocsp no-ca responder, keyHash"
./hxtool verify \
${hxtool} verify \
cert:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt \
ocsp:FILE:$srcdir/data/ocsp-resp1-keyhash.der || exit 1
echo "ocsp revoked cert"
./hxtool verify \
${hxtool} verify \
cert:FILE:$srcdir/data/revoke.crt \
anchor:FILE:$srcdir/data/ca.crt \
ocsp:FILE:$srcdir/data/ocsp-resp2.der > /dev/null && exit 1
for a in resp1-ocsp-no-cert resp1-ca resp1-keyhash resp2 ; do
echo "ocsp print reply $a"
./hxtool ocsp-print \
${hxtool} ocsp-print \
$srcdir/data/ocsp-resp2.der > /dev/null || exit 1
done
echo "crl non-revoked cert"
./hxtool verify \
${hxtool} verify \
cert:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt \
crl:FILE:$srcdir/data/crl1.der > /dev/null || exit 1
echo "crl revoked cert"
./hxtool verify \
${hxtool} verify \
cert:FILE:$srcdir/data/revoke.crt \
anchor:FILE:$srcdir/data/ca.crt \
crl:FILE:$srcdir/data/crl1.der > /dev/null && exit 1
echo "proxy cert"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--allow-proxy-certificate \
cert:FILE:$srcdir/data/proxy-test.crt \
chain:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "proxy cert (negative)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
cert:FILE:$srcdir/data/proxy-test.crt \
chain:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
echo "proxy cert (level fail)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--allow-proxy-certificate \
cert:FILE:$srcdir/data/proxy-level-test.crt \
chain:FILE:$srcdir/data/proxy-test.crt \
@@ -173,21 +174,21 @@ echo "proxy cert (level fail)"
anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
echo "not a proxy cert"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--allow-proxy-certificate \
cert:FILE:$srcdir/data/no-proxy-test.crt \
chain:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
echo "proxy cert (max level 10)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--allow-proxy-certificate \
cert:FILE:$srcdir/data/proxy10-test.crt \
chain:FILE:$srcdir/data/test.crt \
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
echo "proxy cert (second level)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--allow-proxy-certificate \
cert:FILE:$srcdir/data/proxy10-child-test.crt \
chain:FILE:$srcdir/data/proxy10-test.crt \

View File

@@ -36,66 +36,68 @@
srcdir="@srcdir@"
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
exit 77
fi
echo "create signed data"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "verify signed data"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
sd.data sd.data.out > /dev/null || exit 1
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
echo "verify signed data (EE cert as anchor)"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/test.crt \
sd.data sd.data.out > /dev/null || exit 1
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
echo "create signed data (password)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--pass=PASS:foobar \
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "verify signed data"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
sd.data sd.data.out > /dev/null || exit 1
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
echo "create signed data (combined)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/test.combined.crt \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "verify signed data"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
sd.data sd.data.out > /dev/null || exit 1
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
echo "create signed data (content info)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
--content-info \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "verify signed data (content info)"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
--content-info \
@@ -103,7 +105,7 @@ echo "verify signed data (content info)"
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
echo "create signed data (p12)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--pass=PASS:foobar \
--certificate=PKCS12:$srcdir/data/test.p12 \
--signer=friendlyname-test \
@@ -111,7 +113,7 @@ echo "create signed data (p12)"
sd.data > /dev/null || exit 1
echo "verify signed data"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
--content-info \
@@ -119,7 +121,7 @@ echo "verify signed data"
cmp "$srcdir/data/static-file" sd.data.out || exit 1
echo "verify signed data (no attr)"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
--content-info \
@@ -127,7 +129,7 @@ echo "verify signed data (no attr)"
cmp "$srcdir/data/static-file" sd.data.out || exit 1
echo "verify failure signed data (no attr, no certs)"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
--content-info \
@@ -135,7 +137,7 @@ echo "verify failure signed data (no attr, no certs)"
sd.data.out > /dev/null 2>/dev/null && exit 1
echo "verify signed data (no attr, no certs)"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
--certificate=FILE:$srcdir/data/test.crt \
@@ -145,19 +147,19 @@ echo "verify signed data (no attr, no certs)"
cmp "$srcdir/data/static-file" sd.data.out || exit 1
echo "create signed data (subcert, no certs)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "verify failure signed data"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
sd.data sd.data.out > /dev/null 2> /dev/null && exit 1
echo "verify success signed data"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--certificate=FILE:$srcdir/data/sub-ca.crt \
--anchors=FILE:$srcdir/data/ca.crt \
@@ -165,7 +167,7 @@ echo "verify success signed data"
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
echo "create signed data (subcert, certs)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
--pool=FILE:$srcdir/data/sub-ca.crt \
--anchors=FILE:$srcdir/data/ca.crt \
@@ -173,47 +175,47 @@ echo "create signed data (subcert, certs)"
sd.data > /dev/null || exit 1
echo "verify success signed data"
./hxtool cms-verify-sd \
${hxtool} cms-verify-sd \
--missing-revoke \
--anchors=FILE:$srcdir/data/ca.crt \
sd.data sd.data.out > /dev/null || exit 1
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
echo "create signed data (sd cert)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "create signed data (ke cert)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
"$srcdir/test_chain.in" \
sd.data > /dev/null 2>/dev/null && exit 1
echo "create signed data (sd + ke certs)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "create signed data (ke + sd certs)"
./hxtool cms-create-sd \
${hxtool} cms-create-sd \
--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
"$srcdir/test_chain.in" \
sd.data > /dev/null || exit 1
echo "envelope data (content-info)"
./hxtool cms-envelope \
${hxtool} cms-envelope \
--certificate=FILE:$srcdir/data/test.crt \
--content-info \
"$srcdir/data/static-file" \
ev.data > /dev/null || exit 1
echo "unenvelope data (content-info)"
./hxtool cms-unenvelope \
${hxtool} cms-unenvelope \
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
--content-info \
ev.data ev.data.out \
@@ -224,14 +226,14 @@ for a in des-ede3 aes-128 aes-256; do
rm -f ev.data ev.data.out
echo "envelope data ($a)"
./hxtool cms-envelope \
${hxtool} cms-envelope \
--encryption-type="$a-cbc" \
--certificate=FILE:$srcdir/data/test.crt \
"$srcdir/data/static-file" \
ev.data || exit 1
echo "unenvelope data ($a)"
./hxtool cms-unenvelope \
${hxtool} cms-unenvelope \
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
ev.data ev.data.out > /dev/null || exit 1
cmp "$srcdir/data/static-file" ev.data.out || exit 1
@@ -241,7 +243,7 @@ for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do
echo "static unenvelope data ($a)"
rm -f ev.data.out
./hxtool cms-unenvelope \
${hxtool} cms-unenvelope \
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
--content-info \
"$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1

View File

@@ -36,30 +36,32 @@
srcdir="@srcdir@"
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
exit 77
fi
echo "Bleichenbacher good cert (from eay)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--time=2006-09-25 \
cert:FILE:$srcdir/data/bleichenbacher-good.pem \
anchor:FILE:$srcdir/data/bleichenbacher-good.pem > /dev/null || exit 1
echo "Bleichenbacher bad cert (from eay)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--time=2006-09-25 \
cert:FILE:$srcdir/data/bleichenbacher-bad.pem \
anchor:FILE:$srcdir/data/bleichenbacher-bad.pem > /dev/null && exit 1
echo "Bleichenbacher good cert (from yutaka)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--time=2006-09-25 \
cert:FILE:$srcdir/data/yutaka-pad-ok-cert.pem \
anchor:FILE:$srcdir/data/yutaka-pad-ok-ca.pem > /dev/null || exit 1
echo "Bleichenbacher bad cert (from yutaka)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--time=2006-09-25 \
cert:FILE:$srcdir/data/yutaka-pad-broken-cert.pem \
anchor:FILE:$srcdir/data/yutaka-pad-broken-ca.pem > /dev/null && exit 1
@@ -67,7 +69,7 @@ echo "Bleichenbacher bad cert (from yutaka)"
# Ralf-Philipp Weinmann <weinmann@cdc.informatik.tu-darmstadt.de>
# Andrew Pyshkin <pychkine@cdc.informatik.tu-darmstadt.de>
echo "Bleichenbacher bad cert (sf pad correct)"
./hxtool verify --missing-revoke \
${hxtool} verify --missing-revoke \
--time=2006-09-25 \
cert:FILE:$srcdir/data/bleichenbacher-sf-pad-correct.pem \
anchor:FILE:$srcdir/data/sf-class2-root.pem > /dev/null && exit 1

View File

@@ -37,7 +37,9 @@
srcdir="@srcdir@"
nistdir=/sources/pki/nist/PKITS_data
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
exit 77
fi
@@ -82,7 +84,7 @@ while read id verify cert arg1 arg2 arg3 arg4 arg5 ; do
args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
args="$args cert:FILE:$nistdir/certs/$cert"
if ./hxtool verify $args > /dev/null; then
if ${hxtool} verify $args > /dev/null; then
if test "$verify" = "f"; then
echo "verify passed on fail: $id $cert"
exit 1

View File

@@ -39,7 +39,9 @@ nistdir=/sources/pki/nist/PKITS_data
test -d "$nistdir" || exit 77
if ./hxtool validate DIR:$nistdir/certs > /dev/null; then
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
if ${hxtool} validate DIR:$nistdir/certs > /dev/null; then
:
else
echo "validate failed"

View File

@@ -42,11 +42,13 @@ echo "nist pkcs12 tests"
test -d "$nistdir" || exit 77
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
for a in $nistdir/*.p12 ; do
echo -n .
if ./hxtool validate $pass PKCS12:$a > /dev/null; then
if ${hxtool} validate $pass PKCS12:$a > /dev/null; then
:
else
echo "$a failed"

View File

@@ -36,98 +36,100 @@
srcdir="@srcdir@"
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
echo "try printing"
./hxtool print \
${hxtool} print \
--pass=PASS:foobar \
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
./hxtool print \
${hxtool} print \
--pass=PASS:foobar \
--info \
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
echo "make sure entry is found (friendlyname)"
./hxtool query \
${hxtool} query \
--pass=PASS:foobar \
--friendlyname=friendlyname-test \
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
echo "make sure entry is not found (friendlyname)"
./hxtool query \
${hxtool} query \
--pass=PASS:foobar \
--friendlyname=friendlyname-test-not \
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
echo "check for ca cert (friendlyname)"
./hxtool query \
${hxtool} query \
--pass=PASS:foobar \
--friendlyname=ca \
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
echo "make sure entry is not found (friendlyname)"
./hxtool query \
${hxtool} query \
--pass=PASS:foobar \
--friendlyname=friendlyname-test \
PKCS12:$srcdir/data/sub-cert.p12 >/dev/null 2>/dev/null && exit 1
echo "make sure entry is found (friendlyname|private key)"
./hxtool query \
${hxtool} query \
--pass=PASS:foobar \
--friendlyname=friendlyname-test \
--private-key \
PKCS12:$srcdir/data/test.p12 > /dev/null || exit 1
echo "make sure entry is not found (friendlyname|private key)"
./hxtool query \
${hxtool} query \
--pass=PASS:foobar \
--friendlyname=ca \
--private-key \
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
echo "make sure entry is found (cert ds)"
./hxtool query \
${hxtool} query \
--digitalSignature \
FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
echo "make sure entry is found (cert ke)"
./hxtool query \
${hxtool} query \
--keyEncipherment \
FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
echo "make sure entry is found (cert ke + ds)"
./hxtool query \
${hxtool} query \
--digitalSignature \
--keyEncipherment \
FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
echo "make sure entry is found (cert-ds ds)"
./hxtool query \
${hxtool} query \
--digitalSignature \
FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null || exit 1
echo "make sure entry is not found (cert-ds ke)"
./hxtool query \
${hxtool} query \
--keyEncipherment \
FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
echo "make sure entry is not found (cert-ds ke + ds)"
./hxtool query \
${hxtool} query \
--digitalSignature \
--keyEncipherment \
FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
echo "make sure entry is not found (cert-ke ds)"
./hxtool query \
${hxtool} query \
--digitalSignature \
FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
echo "make sure entry is found (cert-ke ke)"
./hxtool query \
${hxtool} query \
--keyEncipherment \
FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null || exit 1
echo "make sure entry is not found (cert-ke ke + ds)"
./hxtool query \
${hxtool} query \
--digitalSignature \
--keyEncipherment \
FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1

View File

@@ -36,19 +36,21 @@
srcdir="@srcdir@"
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
exit 77
fi
./hxtool request-create \
${hxtool} request-create \
--subject="CN=Love,DC=it,DC=su,DC=se" \
--key=$srcdir/data/key.der \
request.out || exit 1
./hxtool pkcs10-print \
${hxtool} pkcs10-print \
request.out > /dev/null || exit 1
./hxtool request-create \
${hxtool} request-create \
--subject="CN=Love,DC=it,DC=su,DC=se" \
--dnsname=nutcracker.it.su.se \
--key=$srcdir/data/key.der \