1 1.1 christos #! /usr/bin/env perl 2 1.1 christos # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos # 4 1.1 christos # Licensed under the OpenSSL license (the "License"). You may not use 5 1.1 christos # this file except in compliance with the License. You can obtain a copy 6 1.1 christos # in the file LICENSE in the source distribution or at 7 1.1 christos # https://www.openssl.org/source/license.html 8 1.1 christos 9 1.1 christos 10 1.1 christos use strict; 11 1.1 christos use warnings; 12 1.1 christos 13 1.1 christos use POSIX; 14 1.1 christos use File::Spec::Functions qw/splitdir curdir catfile/; 15 1.1 christos use File::Compare; 16 1.1 christos use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; 17 1.1 christos use OpenSSL::Test::Utils; 18 1.1 christos 19 1.1 christos setup("test_tsa"); 20 1.1 christos 21 1.1 christos plan skip_all => "TS is not supported by this OpenSSL build" 22 1.1 christos if disabled("ts"); 23 1.1 christos 24 1.1 christos # All these are modified inside indir further down. They need to exist 25 1.1 christos # here, however, to be available in all subroutines. 26 1.1 christos my $openssl_conf; 27 1.1 christos my $testtsa; 28 1.1 christos my $CAtsa; 29 1.1 christos my @RUN; 30 1.1 christos 31 1.1 christos sub create_tsa_cert { 32 1.1 christos my $INDEX = shift; 33 1.1 christos my $EXT = shift; 34 1.1 christos my $r = 1; 35 1.1 christos $ENV{TSDNSECT} = "ts_cert_dn"; 36 1.1 christos 37 1.1 christos ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new", 38 1.1 christos "-out", "tsa_req${INDEX}.pem", 39 1.1 christos "-keyout", "tsa_key${INDEX}.pem"]))); 40 1.1 christos note "using extension $EXT"; 41 1.1 christos ok(run(app(["openssl", "x509", "-req", 42 1.1 christos "-in", "tsa_req${INDEX}.pem", 43 1.1 christos "-out", "tsa_cert${INDEX}.pem", 44 1.1 christos "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem", 45 1.1 christos "-CAcreateserial", 46 1.1 christos "-extfile", $openssl_conf, "-extensions", $EXT]))); 47 1.1 christos } 48 1.1 christos 49 1.1 christos sub create_time_stamp_response { 50 1.1 christos my $queryfile = shift; 51 1.1 christos my $outputfile = shift; 52 1.1 christos my $datafile = shift; 53 1.1 christos 54 1.1 christos ok(run(app([@RUN, "-reply", "-section", "$datafile", 55 1.1 christos "-queryfile", "$queryfile", "-out", "$outputfile"]))); 56 1.1 christos } 57 1.1 christos 58 1.1 christos sub verify_time_stamp_response { 59 1.1 christos my $queryfile = shift; 60 1.1 christos my $inputfile = shift; 61 1.1 christos my $datafile = shift; 62 1.1 christos 63 1.1 christos ok(run(app([@RUN, "-verify", "-queryfile", "$queryfile", 64 1.1 christos "-in", "$inputfile", "-CAfile", "tsaca.pem", 65 1.1 christos "-untrusted", "tsa_cert1.pem"]))); 66 1.1 christos ok(run(app([@RUN, "-verify", "-data", "$datafile", 67 1.1 christos "-in", "$inputfile", "-CAfile", "tsaca.pem", 68 1.1 christos "-untrusted", "tsa_cert1.pem"]))); 69 1.1 christos } 70 1.1 christos 71 1.1 christos sub verify_time_stamp_response_fail { 72 1.1 christos my $queryfile = shift; 73 1.1 christos my $inputfile = shift; 74 1.1 christos 75 1.1 christos ok(!run(app([@RUN, "-verify", "-queryfile", "$queryfile", 76 1.1 christos "-in", "$inputfile", "-CAfile", "tsaca.pem", 77 1.1 christos "-untrusted", "tsa_cert1.pem"]))); 78 1.1 christos } 79 1.1 christos 80 1.1 christos # main functions 81 1.1 christos 82 1.1 christos plan tests => 20; 83 1.1 christos 84 1.1 christos note "setting up TSA test directory"; 85 1.1 christos indir "tsa" => sub 86 1.1 christos { 87 1.1 christos $openssl_conf = srctop_file("test", "CAtsa.cnf"); 88 1.1 christos $testtsa = srctop_file("test", "recipes", "80-test_tsa.t"); 89 1.1 christos $CAtsa = srctop_file("test", "CAtsa.cnf"); 90 1.1 christos @RUN = ("openssl", "ts", "-config", $openssl_conf); 91 1.1 christos 92 1.1 christos # ../apps/CA.pl needs these 93 1.1 christos $ENV{OPENSSL_CONFIG} = "-config $openssl_conf"; 94 1.1 christos $ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1); 95 1.1 christos 96 1.1 christos SKIP: { 97 1.1 christos $ENV{TSDNSECT} = "ts_ca_dn"; 98 1.1 christos skip "failed", 19 99 1.1 christos unless ok(run(app(["openssl", "req", "-config", $openssl_conf, 100 1.1 christos "-new", "-x509", "-nodes", 101 1.1 christos "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])), 102 1.1 christos 'creating a new CA for the TSA tests'); 103 1.1 christos 104 1.1 christos skip "failed", 18 105 1.1 christos unless subtest 'creating tsa_cert1.pem TSA server cert' => sub { 106 1.1 christos create_tsa_cert("1", "tsa_cert") 107 1.1 christos }; 108 1.1 christos 109 1.1 christos skip "failed", 17 110 1.1 christos unless subtest 'creating tsa_cert2.pem non-TSA server cert' => sub { 111 1.1 christos create_tsa_cert("2", "non_tsa_cert") 112 1.1 christos }; 113 1.1 christos 114 1.1 christos skip "failed", 16 115 1.1 christos unless ok(run(app([@RUN, "-query", "-data", $testtsa, 116 1.1 christos "-tspolicy", "tsa_policy1", "-cert", 117 1.1 christos "-out", "req1.tsq"])), 118 1.1 christos 'creating req1.req time stamp request for file testtsa'); 119 1.1 christos 120 1.1 christos ok(run(app([@RUN, "-query", "-in", "req1.tsq", "-text"])), 121 1.1 christos 'printing req1.req'); 122 1.1 christos 123 1.1 christos subtest 'generating valid response for req1.req' => sub { 124 1.1 christos create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1") 125 1.1 christos }; 126 1.1 christos 127 1.1 christos ok(run(app([@RUN, "-reply", "-in", "resp1.tsr", "-text"])), 128 1.1 christos 'printing response'); 129 1.1 christos 130 1.1 christos subtest 'verifying valid response' => sub { 131 1.1 christos verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa) 132 1.1 christos }; 133 1.1 christos 134 1.1 christos skip "failed", 11 135 1.1 christos unless subtest 'verifying valid token' => sub { 136 1.1 christos ok(run(app([@RUN, "-reply", "-in", "resp1.tsr", 137 1.1 christos "-out", "resp1.tsr.token", "-token_out"]))); 138 1.1 christos ok(run(app([@RUN, "-verify", "-queryfile", "req1.tsq", 139 1.1 christos "-in", "resp1.tsr.token", "-token_in", 140 1.1 christos "-CAfile", "tsaca.pem", 141 1.1 christos "-untrusted", "tsa_cert1.pem"]))); 142 1.1 christos ok(run(app([@RUN, "-verify", "-data", $testtsa, 143 1.1 christos "-in", "resp1.tsr.token", "-token_in", 144 1.1 christos "-CAfile", "tsaca.pem", 145 1.1 christos "-untrusted", "tsa_cert1.pem"]))); 146 1.1 christos }; 147 1.1 christos 148 1.1 christos skip "failed", 10 149 1.1 christos unless ok(run(app([@RUN, "-query", "-data", $testtsa, 150 1.1 christos "-tspolicy", "tsa_policy2", "-no_nonce", 151 1.1 christos "-out", "req2.tsq"])), 152 1.1 christos 'creating req2.req time stamp request for file testtsa'); 153 1.1 christos 154 1.1 christos ok(run(app([@RUN, "-query", "-in", "req2.tsq", "-text"])), 155 1.1 christos 'printing req2.req'); 156 1.1 christos 157 1.1 christos skip "failed", 8 158 1.1 christos unless subtest 'generating valid response for req2.req' => sub { 159 1.1 christos create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1") 160 1.1 christos }; 161 1.1 christos 162 1.1 christos skip "failed", 7 163 1.1 christos unless subtest 'checking -token_in and -token_out options with -reply' => sub { 164 1.1 christos my $RESPONSE2="resp2.tsr.copy.tsr"; 165 1.1 christos my $TOKEN_DER="resp2.tsr.token.der"; 166 1.1 christos 167 1.1 christos ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", 168 1.1 christos "-out", "$TOKEN_DER", "-token_out"]))); 169 1.1 christos ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER", 170 1.1 christos "-token_in", "-out", "$RESPONSE2"]))); 171 1.1 christos is(compare($RESPONSE2, "resp2.tsr"), 0); 172 1.1 christos ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", 173 1.1 christos "-text", "-token_out"]))); 174 1.1 christos ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER", 175 1.1 christos "-token_in", "-text", "-token_out"]))); 176 1.1 christos ok(run(app([@RUN, "-reply", "-queryfile", "req2.tsq", 177 1.1 christos "-text", "-token_out"]))); 178 1.1 christos }; 179 1.1 christos 180 1.1 christos ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", "-text"])), 181 1.1 christos 'printing response'); 182 1.1 christos 183 1.1 christos subtest 'verifying valid response' => sub { 184 1.1 christos verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa) 185 1.1 christos }; 186 1.1 christos 187 1.1 christos subtest 'verifying response against wrong request, it should fail' => sub { 188 1.1 christos verify_time_stamp_response_fail("req1.tsq", "resp2.tsr") 189 1.1 christos }; 190 1.1 christos 191 1.1 christos subtest 'verifying response against wrong request, it should fail' => sub { 192 1.1 christos verify_time_stamp_response_fail("req2.tsq", "resp1.tsr") 193 1.1 christos }; 194 1.1 christos 195 1.1 christos skip "failure", 2 196 1.1 christos unless ok(run(app([@RUN, "-query", "-data", $CAtsa, 197 1.1 christos "-no_nonce", "-out", "req3.tsq"])), 198 1.1 christos "creating req3.req time stamp request for file CAtsa.cnf"); 199 1.1 christos 200 1.1 christos ok(run(app([@RUN, "-query", "-in", "req3.tsq", "-text"])), 201 1.1 christos 'printing req3.req'); 202 1.1 christos 203 1.1 christos subtest 'verifying response against wrong request, it should fail' => sub { 204 1.1 christos verify_time_stamp_response_fail("req3.tsq", "resp1.tsr") 205 1.1 christos }; 206 1.1 christos } 207 1.1 christos }, create => 1, cleanup => 1 208
Indexes created Sat Feb 28 05:31:39 UTC 2026