test template handling

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19899 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-01-14 18:20:22 +00:00
parent 9b40125782
commit dd0471e76a

View File

@@ -178,6 +178,15 @@ ${hxtool} issue-certificate \
--subject="cn=ca2-cert" \
--certificate="FILE:cert-ca.pem" || exit 1
echo "issue sub-ca cert (generate rsa key)"
${hxtool} issue-certificate \
--ca-certificate=FILE:cert-ca.pem \
--issue-ca \
--serial-number="deadbeaf22" \
--generate-key=rsa \
--subject="cn=sub-ca2-cert" \
--certificate="FILE:cert-sub-ca.pem" || exit 1
echo "issue ee cert (generate rsa key)"
${hxtool} issue-certificate \
--ca-certificate=FILE:cert-ca.pem \
@@ -185,11 +194,24 @@ ${hxtool} issue-certificate \
--subject="cn=cert-ee2" \
--certificate="FILE:cert-ee.pem" || exit 1
echo "verify certificate"
echo "issue sub-ca ee cert (generate rsa key)"
${hxtool} issue-certificate \
--ca-certificate=FILE:cert-ca.pem \
--generate-key=rsa \
--subject="cn=cert-sub-ee2" \
--certificate="FILE:cert-sub-ee.pem" || exit 1
echo "verify certificate (ee)"
${hxtool} verify --missing-revoke \
cert:FILE:cert-ee.pem \
anchor:FILE:cert-ca.pem > /dev/null || exit 1
echo "verify certificate (sub-ee)"
${hxtool} verify --missing-revoke \
cert:FILE:cert-sub-ee.pem \
chain:FILE:cert-sub-ca.pem \
anchor:FILE:cert-ca.pem > /dev/null || exit 1
echo "sign CMS signature (generate key)"
${hxtool} cms-create-sd \
--certificate=FILE:cert-ee.pem \
@@ -218,4 +240,34 @@ ${hxtool} verify --missing-revoke \
cert:FILE:cert-ee.pem \
anchor:FILE:cert-ca.pem > /dev/null || exit 1
echo "extend ca cert (template)"
${hxtool} issue-certificate \
--self-signed \
--issue-ca \
--lifetime="3years" \
--template-certificate="FILE:cert-ca.pem" \
--template-fields="serialNumber,notBefore,subject" \
--ca-private-key=FILE:cert-ca.pem \
--certificate="FILE:cert-ca.pem" || exit 1
echo "verify certificate generated by previous ca"
${hxtool} verify --missing-revoke \
cert:FILE:cert-ee.pem \
anchor:FILE:cert-ca.pem > /dev/null || exit 1
echo "extend sub-ca cert (template)"
${hxtool} issue-certificate \
--ca-certificate=FILE:cert-ca.pem \
--issue-ca \
--lifetime="2years" \
--template-certificate="FILE:cert-sub-ca.pem" \
--template-fields="serialNumber,notBefore,subject,SPKI" \
--certificate="FILE:cert-sub-ca2.pem" || exit 1
echo "verify certificate (sub-ee) with extended chain"
${hxtool} verify --missing-revoke \
cert:FILE:cert-sub-ee.pem \
chain:FILE:cert-sub-ca.pem \
anchor:FILE:cert-ca.pem > /dev/null || exit 1
exit 0