diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-21 16:31:02 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:37 +0100 |
commit | ff5eb736c0476f53594cdd50b4b1751a98beeeb3 (patch) | |
tree | 1cd05bd8563e5cda854484ae39ae131777536075 | |
parent | db486d97c53725fe7917f1a4cb272e7e83536021 (diff) | |
download | gnutls-ff5eb736c0476f53594cdd50b4b1751a98beeeb3.tar.gz |
tests: added ocsptool sanity check program
This checks its functionality in loading and exporting PEM
and DER structures.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rwxr-xr-x | tests/ocsp-tests/ocsptool | 89 | ||||
-rw-r--r-- | tests/ocsp-tests/response1.pem | 45 | ||||
-rw-r--r-- | tests/ocsp-tests/response2.pem | 47 |
4 files changed, 183 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index f42b88f372..26bb86075d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ rng-op.c x509sign-verify-common.h common-key-tests.h \ ocsp-tests/certs/ca.key ocsp-tests/certs/ca.pem ocsp-tests/certs/ocsp-server.key ocsp-tests/certs/ocsp-server.pem ocsp-tests/response1.der \ ocsp-tests/response2.der ocsp-tests/certs/ocsp_index.txt ocsp-tests/certs/ocsp_index.txt.attr \ + ocsp-tests/response1.pem ocsp-tests/response2.pem \ ocsp-tests/certs/server_good.key ocsp-tests/certs/server_bad.key ocsp-tests/certs/server_good.template \ ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der ocsp-tests/suppressions.valgrind \ data/listings-DTLS1.0 data/listings-SSL3.0 data/listings-TLS1.0 data/listings-TLS1.1 \ @@ -380,7 +381,7 @@ dist_check_SCRIPTS += fastopen.sh pkgconfig.sh starttls.sh starttls-ftp.sh start ocsp-tests/ocsp-tls-connection ocsp-tests/ocsp-must-staple-connection \ ocsp-tests/ocsp-test cipher-listings.sh sni-hostname.sh server-multi-keys.sh \ psktool.sh ocsp-tests/ocsp-load-chain gnutls-cli-save-data.sh gnutls-cli-debug.sh \ - sni-resume.sh + sni-resume.sh ocsp-tests/ocsptool dist_check_SCRIPTS += gnutls-cli-self-signed.sh diff --git a/tests/ocsp-tests/ocsptool b/tests/ocsp-tests/ocsptool new file mode 100755 index 0000000000..22d5bd3fb2 --- /dev/null +++ b/tests/ocsp-tests/ocsptool @@ -0,0 +1,89 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/> + +#set -e + +# Sanity check program for various ocsptool options + +srcdir="${srcdir:-.}" +OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}" +DIFF="${DIFF:-diff}" +CMP="${CMP:-cmp}" +TMPFILE=ocsp.$$.tmp + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +"${OCSPTOOL}" -j --infile "${srcdir}/ocsp-tests/response1.pem" --outfile "${TMPFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - PEM loading failed" + exit ${rc} +fi + +${CMP} "${srcdir}/ocsp-tests/response1.der" "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 1 - Comparison of DER file failed" + exit ${rc} +fi + +"${OCSPTOOL}" -j --outpem --infile "${srcdir}/ocsp-tests/response1.pem" --outfile "${TMPFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 2 - PEM loading failed" + exit ${rc} +fi + +${DIFF} -B "${srcdir}/ocsp-tests/response1.pem" "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 2 - Comparison of PEM file failed $TMPFILE" + exit ${rc} +fi + + +"${OCSPTOOL}" -j --infile "${srcdir}/ocsp-tests/response1.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3 - Transparent (backwards compatible) DER loading failed" + exit ${rc} +fi + +"${OCSPTOOL}" -j --inder --infile "${srcdir}/ocsp-tests/response1.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 4 - DER loading failed" + exit ${rc} +fi + +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/ocsp-tests/response1.pem b/tests/ocsp-tests/response1.pem new file mode 100644 index 0000000000..66adfe30e7 --- /dev/null +++ b/tests/ocsp-tests/response1.pem @@ -0,0 +1,45 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=Testing Authority + Produced At: Wed Mar 23 21:55:28 UTC 2016 + Responses: + Certificate ID: + Hash Algorithm: SHA1 + Issuer Name Hash: bac68790352ceb4c4de1534445348f8b4b5309b3 + Issuer Key Hash: e865fcb9123c7285fc28c803149f06ad94dfd934 + Serial Number: 56f304a1326dc9b2d51b31b3 + Certificate Status: unknown + This Update: Wed Mar 23 21:55:28 UTC 2016 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIIEwAoBAKCCBLkwggS1BgkrBgEFBQcwAQEEggSmMIIEojCBj6EeMBwxGjAYBgNV +BAMTEVRlc3RpbmcgQXV0aG9yaXR5GA8yMDE2MDMyMzIxNTUyOFowXDBaMEUwCQYF +Kw4DAhoFAAQUusaHkDUs60xN4VNERTSPi0tTCbMEFOhl/LkSPHKF/CjIAxSfBq2U +39k0AgxW8wShMm3JstUbMbOCABgPMjAxNjAzMjMyMTU1MjhaMA0GCSqGSIb3DQEB +CwUAA4IBAQBKkt+j9Rd5Pjq67WsiWIc9rVjxA0vdiZahZUAYlCCauKpLN+FxSsda +uCUzYmotc4Jq4Erbmpl0pfvR5Y3nFArCQuKiLayOKk5NevUgnVMLbcaojrtwfPl/ +puf8zPFGOo+Ue2SQH+H8YX3wmQqeMEIblF2GonPVWm8pY+Gjx9ElBjUMCqAoCtig +CWcS9BbOm1BON0IEOsCb9gJ+VtRrLxpaOzLsc0lZGip74IuqHEyb6foA/bME8Ydy +T8v28oA9pfMdW0xoB/drpeq+lJfO3Hiu7QmHC56zRNyWNv3ovU9R87cEGEM2QD7o +/23eXMmoFODYx7Y5B6UOmiD34ufq7UaRoIIC+DCCAvQwggLwMIIB2KADAgECAghW +8wrgLlKayzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDExFUZXN0aW5nIEF1dGhv +cml0eTAiGA8yMDE2MDMyMzIxMzAxNVoYDzk5OTkxMjMxMjM1OTU5WjAcMRowGAYD +VQQDExFUZXN0aW5nIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKBV6T5EMSijMfx/e9MkasHxLi5VDv4gYb5Y/nuxilR1CpCRg6Twnqpu +/tmkj9XU23ewZuIxjb+ePdOH7AmiFZKYxZpo6+x1h6GCBqBpjniWN1ygt/mLs6jA +pJAlGOfgrjgFWzg8hwsgnN6T5gn3nFS7CLhFkJRav6DvgGcfRnSGQv9O/eGZDUAI +UGPou0lRpiON77UzDRmvENke6+60LBygJZD470YiQHbU6WZERQHEq1JCbh3iXB1S +uCRqe3R075I/u/+zOkDygDmVCPQYqoHJ+3AnfXpjsnTTjoMuqYXe0QVyCgzAeFga +tyXUuxSvPq8rVTVYvb6+AOXBVTDidp0CAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQULdgUmhbVbf77sODe8fXFIwvTYr4wDQYJKoZIhvcNAQELBQAD +ggEBAGGF8as/0Ew1prrQKOKSbVB3nrILF7D9fOxKIEUEOprtYGgjvvfkqG7xDQRP +SvIiVy3X0wZQpzytCgvkjXeQ8QsIIMnrYpjy6iRCRkDlti3iUqx6zo7B7iYaEIdK +Ky6uCn5z/RPti5WJIeqvg3WqTNeOXjWIK3ac6cROqUcUlLxy1AukNRYuvpVszQu9 +FDs9ecdA5aOvBvb0WlVjbEU37EVuoveayBpgP0c2I7xu2zAkobNdn7JYNOGJx4x9 +8WMlcCP0ZU7O0wwk9y/U/FxARqfFIzDC2JanTi2LxyHdQw8iWAvaBksb7vLdMnn2 +9prXtfKhcCXLVECxSJuI1swHETA= +-----END OCSP RESPONSE----- diff --git a/tests/ocsp-tests/response2.pem b/tests/ocsp-tests/response2.pem new file mode 100644 index 0000000000..1ca75c39a9 --- /dev/null +++ b/tests/ocsp-tests/response2.pem @@ -0,0 +1,47 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=Testing Authority OCSP Responder + Produced At: Wed Mar 23 22:31:19 UTC 2016 + Responses: + Certificate ID: + Hash Algorithm: SHA1 + Issuer Name Hash: bac68790352ceb4c4de1534445348f8b4b5309b3 + Issuer Key Hash: e865fcb9123c7285fc28c803149f06ad94dfd934 + Serial Number: 56f318d612de99176ccaa1e0 + Certificate Status: unknown + This Update: Wed Mar 23 22:31:19 UTC 2016 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIIFIgoBAKCCBRswggUXBgkrBgEFBQcwAQEEggUIMIIFBDCBnqEtMCsxKTAnBgNV +BAMTIFRlc3RpbmcgQXV0aG9yaXR5IE9DU1AgUmVzcG9uZGVyGA8yMDE2MDMyMzIy +MzExOVowXDBaMEUwCQYFKw4DAhoFAAQUusaHkDUs60xN4VNERTSPi0tTCbMEFOhl +/LkSPHKF/CjIAxSfBq2U39k0AgxW8xjWEt6ZF2zKoeCCABgPMjAxNjAzMjMyMjMx +MTlaMA0GCSqGSIb3DQEBCwUAA4IBAQAuMHdyI3qMEyU4v60vCsLQqZkbA7x7lh4X +detCl+Woe0WJoDUKZV8C78Ns9fhMY03tZLH2xGKtS8+C9r7Chi7r5SQUA9XyVaH1 +0L+McNed42kHtxvqNXNjZJHAZtY6NJ7IhocF97tPT/MZT+aCwNVh3DXCAo17b9bO +eKtwM4OwGJhtm4THGS2iyKlytll2yQM52bX/cp1yDensz8zcV1GxCwD2yGEI/iD3 +L/g/IzeY9B3RKZ1uZ21K8VU9aSBygpcbV7Ii9yb+zx21sL2PJCYTHUCsSyzJcWId +csrp8G2fdZfYEI6fJ/1GLUbSfVkbFWmEuvxNdN64vrYF3Vj2EU8qoIIDSzCCA0cw +ggNDMIICK6ADAgECAgxW8xjWEt6ZF2zKoeAwDQYJKoZIhvcNAQELBQAwHDEaMBgG +A1UEAxMRVGVzdGluZyBBdXRob3JpdHkwHhcNMTYwMzIzMjIyOTQyWhcNMTcwMzIz +MjIyOTQyWjArMSkwJwYDVQQDEyBUZXN0aW5nIEF1dGhvcml0eSBPQ1NQIFJlc3Bv +bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMCZAoNYiVu4fTs +bfCE3EU4bl7rJCuMqZKBEVHZ40TPbVw/0bISFns+7rK5lazTYvvSuTJ1dCZHmnwW +r9/Jk54XLrieZyVh9fPP6wged3H+rC8jeBAYqgzjLjp59RF2FjcPtj6btfsHLbHv +CNjGeOhdl6Twx0/MMYAEvrXa2RlAc/1bFD6TbSBOzHrNgpQGDEU/zjOvsSJVLfde +gzgdv3NaYcJz1B3CbWZfHbkOnqg5H3uhBL9Jr6kEz6GB/xuBSBZ3UZco5rVzxFYC +wkf8WaRNOQox0NNwGTogKzP6l/mMFl7arYbGrwaH+OyTnhjQoMGRzqsJiexHPU5a +ZBhz1JUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcD +CTAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBTnPqFwFQGo2vJwQ+9MyIcaw5h0 +PTAfBgNVHSMEGDAWgBQt2BSaFtVt/vuw4N7x9cUjC9NivjANBgkqhkiG9w0BAQsF +AAOCAQEAeqbE90S1ckBwtme9/ITGGWRLhAfGP13Dw5ZiZrUccDISI3EuW9eByeBi +ylNU0cceISuW45rdN0OQGWB1N1DXhpEmoQhP4QNeitTwy+9Pu6O8Nb+GbYgMNutt +3gLJ3WDqxAmm6KUFS+bhFX8umSQCFGF3h0SGeAeyhXSrUVsDsjGI9I1KLFWOkGi7 +YSE49AWnicXEVC+cQUrWDOW2Pbb6mWt6S6Jm0xLs5+GD5lodvZAHRuG+pszIvqNv +T+zFBnLLWqMgPngbqeuvuP4/M35IeqjV19aG5hscFAwl2n4Aaa6wYWHAZ6bU+Y7k +Bp0+NzqVez2ZL//+3HKKF4sYkmh1Bg== +-----END OCSP RESPONSE----- |