Parameterise the invocation of hxtool, so we can make it run under TESTS_ENVIRONMENT. From Andrew Bartlett
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18388 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -36,136 +36,137 @@
|
||||
|
||||
srcdir="@srcdir@"
|
||||
|
||||
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
|
||||
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
exit 77
|
||||
fi
|
||||
|
||||
echo "cert -> root"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
chain:FILE:$srcdir/data/test.crt \
|
||||
chain:FILE:$srcdir/data/ca.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "cert -> root"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
chain:FILE:$srcdir/data/ca.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "cert -> root"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "sub-cert -> root"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/sub-cert.crt \
|
||||
chain:FILE:$srcdir/data/ca.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
|
||||
|
||||
echo "sub-cert -> sub-ca -> root"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/sub-cert.crt \
|
||||
chain:FILE:$srcdir/data/sub-ca.crt \
|
||||
chain:FILE:$srcdir/data/ca.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "sub-cert -> sub-ca"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/sub-cert.crt \
|
||||
anchor:FILE:$srcdir/data/sub-ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "sub-cert -> sub-ca -> root"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/sub-cert.crt \
|
||||
chain:FILE:$srcdir/data/sub-ca.crt \
|
||||
chain:FILE:$srcdir/data/ca.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "sub-cert -> sub-ca -> root"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/sub-cert.crt \
|
||||
chain:FILE:$srcdir/data/ca.crt \
|
||||
chain:FILE:$srcdir/data/sub-ca.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "sub-cert -> sub-ca -> root"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/sub-cert.crt \
|
||||
chain:FILE:$srcdir/data/sub-ca.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "ocsp non-ca responder"
|
||||
./hxtool verify \
|
||||
${hxtool} verify \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt \
|
||||
ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp.der > /dev/null || exit 1
|
||||
|
||||
echo "ocsp ca responder"
|
||||
./hxtool verify \
|
||||
${hxtool} verify \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt \
|
||||
ocsp:FILE:$srcdir/data/ocsp-resp1-ca.der > /dev/null || exit 1
|
||||
|
||||
echo "ocsp no-ca responder, missing cert"
|
||||
./hxtool verify \
|
||||
${hxtool} verify \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt \
|
||||
ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der > /dev/null && exit 1
|
||||
|
||||
echo "ocsp no-ca responder, missing cert, in pool"
|
||||
./hxtool verify \
|
||||
${hxtool} verify \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt \
|
||||
ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der \
|
||||
chain:FILE:$srcdir/data/ocsp-responder.crt > /dev/null || exit 1
|
||||
|
||||
echo "ocsp no-ca responder, keyHash"
|
||||
./hxtool verify \
|
||||
${hxtool} verify \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt \
|
||||
ocsp:FILE:$srcdir/data/ocsp-resp1-keyhash.der || exit 1
|
||||
|
||||
echo "ocsp revoked cert"
|
||||
./hxtool verify \
|
||||
${hxtool} verify \
|
||||
cert:FILE:$srcdir/data/revoke.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt \
|
||||
ocsp:FILE:$srcdir/data/ocsp-resp2.der > /dev/null && exit 1
|
||||
|
||||
for a in resp1-ocsp-no-cert resp1-ca resp1-keyhash resp2 ; do
|
||||
echo "ocsp print reply $a"
|
||||
./hxtool ocsp-print \
|
||||
${hxtool} ocsp-print \
|
||||
$srcdir/data/ocsp-resp2.der > /dev/null || exit 1
|
||||
done
|
||||
|
||||
echo "crl non-revoked cert"
|
||||
./hxtool verify \
|
||||
${hxtool} verify \
|
||||
cert:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt \
|
||||
crl:FILE:$srcdir/data/crl1.der > /dev/null || exit 1
|
||||
|
||||
echo "crl revoked cert"
|
||||
./hxtool verify \
|
||||
${hxtool} verify \
|
||||
cert:FILE:$srcdir/data/revoke.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt \
|
||||
crl:FILE:$srcdir/data/crl1.der > /dev/null && exit 1
|
||||
|
||||
echo "proxy cert"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--allow-proxy-certificate \
|
||||
cert:FILE:$srcdir/data/proxy-test.crt \
|
||||
chain:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "proxy cert (negative)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/proxy-test.crt \
|
||||
chain:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
|
||||
|
||||
echo "proxy cert (level fail)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--allow-proxy-certificate \
|
||||
cert:FILE:$srcdir/data/proxy-level-test.crt \
|
||||
chain:FILE:$srcdir/data/proxy-test.crt \
|
||||
@@ -173,21 +174,21 @@ echo "proxy cert (level fail)"
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
|
||||
|
||||
echo "not a proxy cert"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--allow-proxy-certificate \
|
||||
cert:FILE:$srcdir/data/no-proxy-test.crt \
|
||||
chain:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
|
||||
|
||||
echo "proxy cert (max level 10)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--allow-proxy-certificate \
|
||||
cert:FILE:$srcdir/data/proxy10-test.crt \
|
||||
chain:FILE:$srcdir/data/test.crt \
|
||||
anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
|
||||
|
||||
echo "proxy cert (second level)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--allow-proxy-certificate \
|
||||
cert:FILE:$srcdir/data/proxy10-child-test.crt \
|
||||
chain:FILE:$srcdir/data/proxy10-test.crt \
|
||||
|
||||
@@ -36,66 +36,68 @@
|
||||
|
||||
srcdir="@srcdir@"
|
||||
|
||||
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
|
||||
|
||||
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
exit 77
|
||||
fi
|
||||
|
||||
echo "create signed data"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "verify signed data"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
sd.data sd.data.out > /dev/null || exit 1
|
||||
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
|
||||
|
||||
echo "verify signed data (EE cert as anchor)"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/test.crt \
|
||||
sd.data sd.data.out > /dev/null || exit 1
|
||||
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
|
||||
|
||||
echo "create signed data (password)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--pass=PASS:foobar \
|
||||
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "verify signed data"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
sd.data sd.data.out > /dev/null || exit 1
|
||||
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
|
||||
|
||||
echo "create signed data (combined)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/test.combined.crt \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "verify signed data"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
sd.data sd.data.out > /dev/null || exit 1
|
||||
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
|
||||
|
||||
echo "create signed data (content info)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
|
||||
--content-info \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "verify signed data (content info)"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
--content-info \
|
||||
@@ -103,7 +105,7 @@ echo "verify signed data (content info)"
|
||||
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
|
||||
|
||||
echo "create signed data (p12)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--pass=PASS:foobar \
|
||||
--certificate=PKCS12:$srcdir/data/test.p12 \
|
||||
--signer=friendlyname-test \
|
||||
@@ -111,7 +113,7 @@ echo "create signed data (p12)"
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "verify signed data"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
--content-info \
|
||||
@@ -119,7 +121,7 @@ echo "verify signed data"
|
||||
cmp "$srcdir/data/static-file" sd.data.out || exit 1
|
||||
|
||||
echo "verify signed data (no attr)"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
--content-info \
|
||||
@@ -127,7 +129,7 @@ echo "verify signed data (no attr)"
|
||||
cmp "$srcdir/data/static-file" sd.data.out || exit 1
|
||||
|
||||
echo "verify failure signed data (no attr, no certs)"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
--content-info \
|
||||
@@ -135,7 +137,7 @@ echo "verify failure signed data (no attr, no certs)"
|
||||
sd.data.out > /dev/null 2>/dev/null && exit 1
|
||||
|
||||
echo "verify signed data (no attr, no certs)"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
--certificate=FILE:$srcdir/data/test.crt \
|
||||
@@ -145,19 +147,19 @@ echo "verify signed data (no attr, no certs)"
|
||||
cmp "$srcdir/data/static-file" sd.data.out || exit 1
|
||||
|
||||
echo "create signed data (subcert, no certs)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "verify failure signed data"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
sd.data sd.data.out > /dev/null 2> /dev/null && exit 1
|
||||
|
||||
echo "verify success signed data"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--certificate=FILE:$srcdir/data/sub-ca.crt \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
@@ -165,7 +167,7 @@ echo "verify success signed data"
|
||||
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
|
||||
|
||||
echo "create signed data (subcert, certs)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
|
||||
--pool=FILE:$srcdir/data/sub-ca.crt \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
@@ -173,47 +175,47 @@ echo "create signed data (subcert, certs)"
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "verify success signed data"
|
||||
./hxtool cms-verify-sd \
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/ca.crt \
|
||||
sd.data sd.data.out > /dev/null || exit 1
|
||||
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
|
||||
|
||||
echo "create signed data (sd cert)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "create signed data (ke cert)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null 2>/dev/null && exit 1
|
||||
|
||||
echo "create signed data (sd + ke certs)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
|
||||
--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "create signed data (ke + sd certs)"
|
||||
./hxtool cms-create-sd \
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
|
||||
--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "envelope data (content-info)"
|
||||
./hxtool cms-envelope \
|
||||
${hxtool} cms-envelope \
|
||||
--certificate=FILE:$srcdir/data/test.crt \
|
||||
--content-info \
|
||||
"$srcdir/data/static-file" \
|
||||
ev.data > /dev/null || exit 1
|
||||
|
||||
echo "unenvelope data (content-info)"
|
||||
./hxtool cms-unenvelope \
|
||||
${hxtool} cms-unenvelope \
|
||||
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
|
||||
--content-info \
|
||||
ev.data ev.data.out \
|
||||
@@ -224,14 +226,14 @@ for a in des-ede3 aes-128 aes-256; do
|
||||
|
||||
rm -f ev.data ev.data.out
|
||||
echo "envelope data ($a)"
|
||||
./hxtool cms-envelope \
|
||||
${hxtool} cms-envelope \
|
||||
--encryption-type="$a-cbc" \
|
||||
--certificate=FILE:$srcdir/data/test.crt \
|
||||
"$srcdir/data/static-file" \
|
||||
ev.data || exit 1
|
||||
|
||||
echo "unenvelope data ($a)"
|
||||
./hxtool cms-unenvelope \
|
||||
${hxtool} cms-unenvelope \
|
||||
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
|
||||
ev.data ev.data.out > /dev/null || exit 1
|
||||
cmp "$srcdir/data/static-file" ev.data.out || exit 1
|
||||
@@ -241,7 +243,7 @@ for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do
|
||||
echo "static unenvelope data ($a)"
|
||||
|
||||
rm -f ev.data.out
|
||||
./hxtool cms-unenvelope \
|
||||
${hxtool} cms-unenvelope \
|
||||
--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
|
||||
--content-info \
|
||||
"$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1
|
||||
|
||||
@@ -36,30 +36,32 @@
|
||||
|
||||
srcdir="@srcdir@"
|
||||
|
||||
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
|
||||
|
||||
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
exit 77
|
||||
fi
|
||||
|
||||
echo "Bleichenbacher good cert (from eay)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--time=2006-09-25 \
|
||||
cert:FILE:$srcdir/data/bleichenbacher-good.pem \
|
||||
anchor:FILE:$srcdir/data/bleichenbacher-good.pem > /dev/null || exit 1
|
||||
|
||||
echo "Bleichenbacher bad cert (from eay)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--time=2006-09-25 \
|
||||
cert:FILE:$srcdir/data/bleichenbacher-bad.pem \
|
||||
anchor:FILE:$srcdir/data/bleichenbacher-bad.pem > /dev/null && exit 1
|
||||
|
||||
echo "Bleichenbacher good cert (from yutaka)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--time=2006-09-25 \
|
||||
cert:FILE:$srcdir/data/yutaka-pad-ok-cert.pem \
|
||||
anchor:FILE:$srcdir/data/yutaka-pad-ok-ca.pem > /dev/null || exit 1
|
||||
|
||||
echo "Bleichenbacher bad cert (from yutaka)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--time=2006-09-25 \
|
||||
cert:FILE:$srcdir/data/yutaka-pad-broken-cert.pem \
|
||||
anchor:FILE:$srcdir/data/yutaka-pad-broken-ca.pem > /dev/null && exit 1
|
||||
@@ -67,7 +69,7 @@ echo "Bleichenbacher bad cert (from yutaka)"
|
||||
# Ralf-Philipp Weinmann <weinmann@cdc.informatik.tu-darmstadt.de>
|
||||
# Andrew Pyshkin <pychkine@cdc.informatik.tu-darmstadt.de>
|
||||
echo "Bleichenbacher bad cert (sf pad correct)"
|
||||
./hxtool verify --missing-revoke \
|
||||
${hxtool} verify --missing-revoke \
|
||||
--time=2006-09-25 \
|
||||
cert:FILE:$srcdir/data/bleichenbacher-sf-pad-correct.pem \
|
||||
anchor:FILE:$srcdir/data/sf-class2-root.pem > /dev/null && exit 1
|
||||
|
||||
@@ -37,7 +37,9 @@
|
||||
srcdir="@srcdir@"
|
||||
nistdir=/sources/pki/nist/PKITS_data
|
||||
|
||||
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
|
||||
|
||||
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
exit 77
|
||||
fi
|
||||
|
||||
@@ -82,7 +84,7 @@ while read id verify cert arg1 arg2 arg3 arg4 arg5 ; do
|
||||
args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
|
||||
args="$args cert:FILE:$nistdir/certs/$cert"
|
||||
|
||||
if ./hxtool verify $args > /dev/null; then
|
||||
if ${hxtool} verify $args > /dev/null; then
|
||||
if test "$verify" = "f"; then
|
||||
echo "verify passed on fail: $id $cert"
|
||||
exit 1
|
||||
|
||||
@@ -39,7 +39,9 @@ nistdir=/sources/pki/nist/PKITS_data
|
||||
|
||||
test -d "$nistdir" || exit 77
|
||||
|
||||
if ./hxtool validate DIR:$nistdir/certs > /dev/null; then
|
||||
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
|
||||
|
||||
if ${hxtool} validate DIR:$nistdir/certs > /dev/null; then
|
||||
:
|
||||
else
|
||||
echo "validate failed"
|
||||
|
||||
@@ -42,11 +42,13 @@ echo "nist pkcs12 tests"
|
||||
|
||||
test -d "$nistdir" || exit 77
|
||||
|
||||
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
|
||||
|
||||
for a in $nistdir/*.p12 ; do
|
||||
|
||||
echo -n .
|
||||
|
||||
if ./hxtool validate $pass PKCS12:$a > /dev/null; then
|
||||
if ${hxtool} validate $pass PKCS12:$a > /dev/null; then
|
||||
:
|
||||
else
|
||||
echo "$a failed"
|
||||
|
||||
@@ -36,98 +36,100 @@
|
||||
|
||||
srcdir="@srcdir@"
|
||||
|
||||
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
|
||||
|
||||
echo "try printing"
|
||||
./hxtool print \
|
||||
${hxtool} print \
|
||||
--pass=PASS:foobar \
|
||||
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
./hxtool print \
|
||||
${hxtool} print \
|
||||
--pass=PASS:foobar \
|
||||
--info \
|
||||
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
echo "make sure entry is found (friendlyname)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--pass=PASS:foobar \
|
||||
--friendlyname=friendlyname-test \
|
||||
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
echo "make sure entry is not found (friendlyname)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--pass=PASS:foobar \
|
||||
--friendlyname=friendlyname-test-not \
|
||||
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
|
||||
|
||||
echo "check for ca cert (friendlyname)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--pass=PASS:foobar \
|
||||
--friendlyname=ca \
|
||||
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
echo "make sure entry is not found (friendlyname)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--pass=PASS:foobar \
|
||||
--friendlyname=friendlyname-test \
|
||||
PKCS12:$srcdir/data/sub-cert.p12 >/dev/null 2>/dev/null && exit 1
|
||||
|
||||
echo "make sure entry is found (friendlyname|private key)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--pass=PASS:foobar \
|
||||
--friendlyname=friendlyname-test \
|
||||
--private-key \
|
||||
PKCS12:$srcdir/data/test.p12 > /dev/null || exit 1
|
||||
|
||||
echo "make sure entry is not found (friendlyname|private key)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--pass=PASS:foobar \
|
||||
--friendlyname=ca \
|
||||
--private-key \
|
||||
PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
|
||||
|
||||
echo "make sure entry is found (cert ds)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--digitalSignature \
|
||||
FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
echo "make sure entry is found (cert ke)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--keyEncipherment \
|
||||
FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
echo "make sure entry is found (cert ke + ds)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--digitalSignature \
|
||||
--keyEncipherment \
|
||||
FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
echo "make sure entry is found (cert-ds ds)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--digitalSignature \
|
||||
FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
echo "make sure entry is not found (cert-ds ke)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--keyEncipherment \
|
||||
FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
|
||||
|
||||
echo "make sure entry is not found (cert-ds ke + ds)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--digitalSignature \
|
||||
--keyEncipherment \
|
||||
FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
|
||||
|
||||
echo "make sure entry is not found (cert-ke ds)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--digitalSignature \
|
||||
FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
|
||||
|
||||
echo "make sure entry is found (cert-ke ke)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--keyEncipherment \
|
||||
FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null || exit 1
|
||||
|
||||
echo "make sure entry is not found (cert-ke ke + ds)"
|
||||
./hxtool query \
|
||||
${hxtool} query \
|
||||
--digitalSignature \
|
||||
--keyEncipherment \
|
||||
FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
|
||||
|
||||
@@ -36,19 +36,21 @@
|
||||
|
||||
srcdir="@srcdir@"
|
||||
|
||||
if ./hxtool info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
hxtool="${TESTS_ENVIRONMENT} ./hxtool"
|
||||
|
||||
if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
|
||||
exit 77
|
||||
fi
|
||||
|
||||
./hxtool request-create \
|
||||
${hxtool} request-create \
|
||||
--subject="CN=Love,DC=it,DC=su,DC=se" \
|
||||
--key=$srcdir/data/key.der \
|
||||
request.out || exit 1
|
||||
|
||||
./hxtool pkcs10-print \
|
||||
${hxtool} pkcs10-print \
|
||||
request.out > /dev/null || exit 1
|
||||
|
||||
./hxtool request-create \
|
||||
${hxtool} request-create \
|
||||
--subject="CN=Love,DC=it,DC=su,DC=se" \
|
||||
--dnsname=nutcracker.it.su.se \
|
||||
--key=$srcdir/data/key.der \
|
||||
|
||||
Reference in New Issue
Block a user