From ff5eb736c0476f53594cdd50b4b1751a98beeeb3 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 21 Nov 2017 16:31:02 +0100
Subject: tests: added ocsptool sanity check program

This checks its functionality in loading and exporting PEM
and DER structures.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 tests/Makefile.am              |  3 +-
 tests/ocsp-tests/ocsptool      | 89 ++++++++++++++++++++++++++++++++++++++++++
 tests/ocsp-tests/response1.pem | 45 +++++++++++++++++++++
 tests/ocsp-tests/response2.pem | 47 ++++++++++++++++++++++
 4 files changed, 183 insertions(+), 1 deletion(-)
 create mode 100755 tests/ocsp-tests/ocsptool
 create mode 100644 tests/ocsp-tests/response1.pem
 create mode 100644 tests/ocsp-tests/response2.pem

diff --git a/tests/Makefile.am b/tests/Makefile.am
index f42b88f372..26bb86075d 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -57,6 +57,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \
 	rng-op.c x509sign-verify-common.h common-key-tests.h \
 	ocsp-tests/certs/ca.key ocsp-tests/certs/ca.pem ocsp-tests/certs/ocsp-server.key ocsp-tests/certs/ocsp-server.pem ocsp-tests/response1.der \
 	ocsp-tests/response2.der ocsp-tests/certs/ocsp_index.txt ocsp-tests/certs/ocsp_index.txt.attr \
+	ocsp-tests/response1.pem ocsp-tests/response2.pem \
 	ocsp-tests/certs/server_good.key ocsp-tests/certs/server_bad.key ocsp-tests/certs/server_good.template \
 	ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der ocsp-tests/suppressions.valgrind \
 	data/listings-DTLS1.0 data/listings-SSL3.0 data/listings-TLS1.0 data/listings-TLS1.1 \
@@ -380,7 +381,7 @@ dist_check_SCRIPTS += fastopen.sh pkgconfig.sh starttls.sh starttls-ftp.sh start
 	ocsp-tests/ocsp-tls-connection ocsp-tests/ocsp-must-staple-connection \
 	ocsp-tests/ocsp-test cipher-listings.sh sni-hostname.sh server-multi-keys.sh \
 	psktool.sh ocsp-tests/ocsp-load-chain gnutls-cli-save-data.sh gnutls-cli-debug.sh \
-	sni-resume.sh
+	sni-resume.sh ocsp-tests/ocsptool
 
 dist_check_SCRIPTS += gnutls-cli-self-signed.sh
 
diff --git a/tests/ocsp-tests/ocsptool b/tests/ocsp-tests/ocsptool
new file mode 100755
index 0000000000..22d5bd3fb2
--- /dev/null
+++ b/tests/ocsp-tests/ocsptool
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>
+
+#set -e
+
+# Sanity check program for various ocsptool options
+
+srcdir="${srcdir:-.}"
+OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}"
+DIFF="${DIFF:-diff}"
+CMP="${CMP:-cmp}"
+TMPFILE=ocsp.$$.tmp
+
+if ! test -x "${OCSPTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+"${OCSPTOOL}" -j --infile "${srcdir}/ocsp-tests/response1.pem" --outfile "${TMPFILE}"
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 1 - PEM loading failed"
+	exit ${rc}
+fi
+
+${CMP} "${srcdir}/ocsp-tests/response1.der" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test 1 - Comparison of DER file failed"
+	exit ${rc}
+fi
+
+"${OCSPTOOL}" -j --outpem --infile "${srcdir}/ocsp-tests/response1.pem" --outfile "${TMPFILE}"
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 2 - PEM loading failed"
+	exit ${rc}
+fi
+
+${DIFF} -B "${srcdir}/ocsp-tests/response1.pem" "${TMPFILE}" >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test 2 - Comparison of PEM file failed $TMPFILE"
+	exit ${rc}
+fi
+
+
+"${OCSPTOOL}" -j --infile "${srcdir}/ocsp-tests/response1.der"
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 3 - Transparent (backwards compatible) DER loading failed"
+	exit ${rc}
+fi
+
+"${OCSPTOOL}" -j --inder --infile "${srcdir}/ocsp-tests/response1.der"
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 4 - DER loading failed"
+	exit ${rc}
+fi
+
+rm -f "${TMPFILE}"
+
+exit 0
diff --git a/tests/ocsp-tests/response1.pem b/tests/ocsp-tests/response1.pem
new file mode 100644
index 0000000000..66adfe30e7
--- /dev/null
+++ b/tests/ocsp-tests/response1.pem
@@ -0,0 +1,45 @@
+OCSP Response Information:
+	Response Status: Successful
+	Response Type: Basic OCSP Response
+	Version: 1
+	Responder ID: CN=Testing Authority
+	Produced At: Wed Mar 23 21:55:28 UTC 2016
+	Responses:
+		Certificate ID:
+			Hash Algorithm: SHA1
+			Issuer Name Hash: bac68790352ceb4c4de1534445348f8b4b5309b3
+			Issuer Key Hash: e865fcb9123c7285fc28c803149f06ad94dfd934
+			Serial Number: 56f304a1326dc9b2d51b31b3
+		Certificate Status: unknown
+		This Update: Wed Mar 23 21:55:28 UTC 2016
+	Extensions:
+	Signature Algorithm: RSA-SHA256
+
+-----BEGIN OCSP RESPONSE-----
+MIIEwAoBAKCCBLkwggS1BgkrBgEFBQcwAQEEggSmMIIEojCBj6EeMBwxGjAYBgNV
+BAMTEVRlc3RpbmcgQXV0aG9yaXR5GA8yMDE2MDMyMzIxNTUyOFowXDBaMEUwCQYF
+Kw4DAhoFAAQUusaHkDUs60xN4VNERTSPi0tTCbMEFOhl/LkSPHKF/CjIAxSfBq2U
+39k0AgxW8wShMm3JstUbMbOCABgPMjAxNjAzMjMyMTU1MjhaMA0GCSqGSIb3DQEB
+CwUAA4IBAQBKkt+j9Rd5Pjq67WsiWIc9rVjxA0vdiZahZUAYlCCauKpLN+FxSsda
+uCUzYmotc4Jq4Erbmpl0pfvR5Y3nFArCQuKiLayOKk5NevUgnVMLbcaojrtwfPl/
+puf8zPFGOo+Ue2SQH+H8YX3wmQqeMEIblF2GonPVWm8pY+Gjx9ElBjUMCqAoCtig
+CWcS9BbOm1BON0IEOsCb9gJ+VtRrLxpaOzLsc0lZGip74IuqHEyb6foA/bME8Ydy
+T8v28oA9pfMdW0xoB/drpeq+lJfO3Hiu7QmHC56zRNyWNv3ovU9R87cEGEM2QD7o
+/23eXMmoFODYx7Y5B6UOmiD34ufq7UaRoIIC+DCCAvQwggLwMIIB2KADAgECAghW
+8wrgLlKayzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDExFUZXN0aW5nIEF1dGhv
+cml0eTAiGA8yMDE2MDMyMzIxMzAxNVoYDzk5OTkxMjMxMjM1OTU5WjAcMRowGAYD
+VQQDExFUZXN0aW5nIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKBV6T5EMSijMfx/e9MkasHxLi5VDv4gYb5Y/nuxilR1CpCRg6Twnqpu
+/tmkj9XU23ewZuIxjb+ePdOH7AmiFZKYxZpo6+x1h6GCBqBpjniWN1ygt/mLs6jA
+pJAlGOfgrjgFWzg8hwsgnN6T5gn3nFS7CLhFkJRav6DvgGcfRnSGQv9O/eGZDUAI
+UGPou0lRpiON77UzDRmvENke6+60LBygJZD470YiQHbU6WZERQHEq1JCbh3iXB1S
+uCRqe3R075I/u/+zOkDygDmVCPQYqoHJ+3AnfXpjsnTTjoMuqYXe0QVyCgzAeFga
+tyXUuxSvPq8rVTVYvb6+AOXBVTDidp0CAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQULdgUmhbVbf77sODe8fXFIwvTYr4wDQYJKoZIhvcNAQELBQAD
+ggEBAGGF8as/0Ew1prrQKOKSbVB3nrILF7D9fOxKIEUEOprtYGgjvvfkqG7xDQRP
+SvIiVy3X0wZQpzytCgvkjXeQ8QsIIMnrYpjy6iRCRkDlti3iUqx6zo7B7iYaEIdK
+Ky6uCn5z/RPti5WJIeqvg3WqTNeOXjWIK3ac6cROqUcUlLxy1AukNRYuvpVszQu9
+FDs9ecdA5aOvBvb0WlVjbEU37EVuoveayBpgP0c2I7xu2zAkobNdn7JYNOGJx4x9
+8WMlcCP0ZU7O0wwk9y/U/FxARqfFIzDC2JanTi2LxyHdQw8iWAvaBksb7vLdMnn2
+9prXtfKhcCXLVECxSJuI1swHETA=
+-----END OCSP RESPONSE-----
diff --git a/tests/ocsp-tests/response2.pem b/tests/ocsp-tests/response2.pem
new file mode 100644
index 0000000000..1ca75c39a9
--- /dev/null
+++ b/tests/ocsp-tests/response2.pem
@@ -0,0 +1,47 @@
+OCSP Response Information:
+	Response Status: Successful
+	Response Type: Basic OCSP Response
+	Version: 1
+	Responder ID: CN=Testing Authority OCSP Responder
+	Produced At: Wed Mar 23 22:31:19 UTC 2016
+	Responses:
+		Certificate ID:
+			Hash Algorithm: SHA1
+			Issuer Name Hash: bac68790352ceb4c4de1534445348f8b4b5309b3
+			Issuer Key Hash: e865fcb9123c7285fc28c803149f06ad94dfd934
+			Serial Number: 56f318d612de99176ccaa1e0
+		Certificate Status: unknown
+		This Update: Wed Mar 23 22:31:19 UTC 2016
+	Extensions:
+	Signature Algorithm: RSA-SHA256
+
+-----BEGIN OCSP RESPONSE-----
+MIIFIgoBAKCCBRswggUXBgkrBgEFBQcwAQEEggUIMIIFBDCBnqEtMCsxKTAnBgNV
+BAMTIFRlc3RpbmcgQXV0aG9yaXR5IE9DU1AgUmVzcG9uZGVyGA8yMDE2MDMyMzIy
+MzExOVowXDBaMEUwCQYFKw4DAhoFAAQUusaHkDUs60xN4VNERTSPi0tTCbMEFOhl
+/LkSPHKF/CjIAxSfBq2U39k0AgxW8xjWEt6ZF2zKoeCCABgPMjAxNjAzMjMyMjMx
+MTlaMA0GCSqGSIb3DQEBCwUAA4IBAQAuMHdyI3qMEyU4v60vCsLQqZkbA7x7lh4X
+detCl+Woe0WJoDUKZV8C78Ns9fhMY03tZLH2xGKtS8+C9r7Chi7r5SQUA9XyVaH1
+0L+McNed42kHtxvqNXNjZJHAZtY6NJ7IhocF97tPT/MZT+aCwNVh3DXCAo17b9bO
+eKtwM4OwGJhtm4THGS2iyKlytll2yQM52bX/cp1yDensz8zcV1GxCwD2yGEI/iD3
+L/g/IzeY9B3RKZ1uZ21K8VU9aSBygpcbV7Ii9yb+zx21sL2PJCYTHUCsSyzJcWId
+csrp8G2fdZfYEI6fJ/1GLUbSfVkbFWmEuvxNdN64vrYF3Vj2EU8qoIIDSzCCA0cw
+ggNDMIICK6ADAgECAgxW8xjWEt6ZF2zKoeAwDQYJKoZIhvcNAQELBQAwHDEaMBgG
+A1UEAxMRVGVzdGluZyBBdXRob3JpdHkwHhcNMTYwMzIzMjIyOTQyWhcNMTcwMzIz
+MjIyOTQyWjArMSkwJwYDVQQDEyBUZXN0aW5nIEF1dGhvcml0eSBPQ1NQIFJlc3Bv
+bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMCZAoNYiVu4fTs
+bfCE3EU4bl7rJCuMqZKBEVHZ40TPbVw/0bISFns+7rK5lazTYvvSuTJ1dCZHmnwW
+r9/Jk54XLrieZyVh9fPP6wged3H+rC8jeBAYqgzjLjp59RF2FjcPtj6btfsHLbHv
+CNjGeOhdl6Twx0/MMYAEvrXa2RlAc/1bFD6TbSBOzHrNgpQGDEU/zjOvsSJVLfde
+gzgdv3NaYcJz1B3CbWZfHbkOnqg5H3uhBL9Jr6kEz6GB/xuBSBZ3UZco5rVzxFYC
+wkf8WaRNOQox0NNwGTogKzP6l/mMFl7arYbGrwaH+OyTnhjQoMGRzqsJiexHPU5a
+ZBhz1JUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcD
+CTAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBTnPqFwFQGo2vJwQ+9MyIcaw5h0
+PTAfBgNVHSMEGDAWgBQt2BSaFtVt/vuw4N7x9cUjC9NivjANBgkqhkiG9w0BAQsF
+AAOCAQEAeqbE90S1ckBwtme9/ITGGWRLhAfGP13Dw5ZiZrUccDISI3EuW9eByeBi
+ylNU0cceISuW45rdN0OQGWB1N1DXhpEmoQhP4QNeitTwy+9Pu6O8Nb+GbYgMNutt
+3gLJ3WDqxAmm6KUFS+bhFX8umSQCFGF3h0SGeAeyhXSrUVsDsjGI9I1KLFWOkGi7
+YSE49AWnicXEVC+cQUrWDOW2Pbb6mWt6S6Jm0xLs5+GD5lodvZAHRuG+pszIvqNv
+T+zFBnLLWqMgPngbqeuvuP4/M35IeqjV19aG5hscFAwl2n4Aaa6wYWHAZ6bU+Y7k
+Bp0+NzqVez2ZL//+3HKKF4sYkmh1Bg==
+-----END OCSP RESPONSE-----
-- 
cgit v1.2.1