search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kdc: per-target CPPFLAGS do not have an _AM in the variable name
[heimdal.git] / lib / hx509 / test_cms.in
blob8edb62a0e4c0cd90d14dcf262f22beefd34c5f72
1 #!/bin/sh
2 #
3 # Copyright (c) 2005 Kungliga Tekniska Högskolan
4 # (Royal Institute of Technology, Stockholm, Sweden).
5 # All rights reserved.
6 #
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
9 # are met:
10 #
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
13 #
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
17 #
18 # 3. Neither the name of the Institute nor the names of its contributors
19 # may be used to endorse or promote products derived from this software
20 # without specific prior written permission.
21 #
22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 # SUCH DAMAGE.
33 #
34 # $Id$
35 #
36
37 srcdir="@srcdir@"
38 objdir="@objdir@"
39
40 stat="--statistic-file=${objdir}/statfile"
41
42 hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
43
44 if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
45 exit 77
46 fi
47 if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
48 exit 77
49 fi
50
51 if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then
52 echo "not testing ECDSA since hcrypto doesnt support ECDSA"
53 else
54 echo "create signed data (ec)"
55 ${hxtool} cms-create-sd \
56 --certificate=FILE:$srcdir/data/secp256r2TestClient.pem \
57 "$srcdir/test_chain.in" \
58 sd.data > /dev/null || exit 1
59
60 echo "verify signed data (ec)"
61 ${hxtool} cms-verify-sd \
62 --missing-revoke \
63 --anchors=FILE:$srcdir/data/secp256r1TestCA.cert.pem \
64 sd.data sd.data.out > /dev/null || exit 1
65 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
66 fi
67
68 echo "create signed data"
69 ${hxtool} cms-create-sd \
70 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
71 "$srcdir/test_chain.in" \
72 sd.data > /dev/null || exit 1
73
74 echo "verify signed data"
75 ${hxtool} cms-verify-sd \
76 --missing-revoke \
77 --anchors=FILE:$srcdir/data/ca.crt \
78 sd.data sd.data.out > /dev/null || exit 1
79 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
80
81 echo "create signed data (no signer)"
82 ${hxtool} cms-create-sd \
83 --no-signer \
84 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
85 "$srcdir/test_chain.in" \
86 sd.data > /dev/null || exit 1
87
88 echo "verify signed data (no signer)"
89 ${hxtool} cms-verify-sd \
90 --missing-revoke \
91 --no-signer-allowed \
92 --anchors=FILE:$srcdir/data/ca.crt \
93 sd.data sd.data.out > signer.tmp || exit 1
94 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
95 grep "unsigned" signer.tmp > /dev/null || exit 1
96
97 echo "verify signed data (no signer) (test failure)"
98 ${hxtool} cms-verify-sd \
99 --missing-revoke \
100 --anchors=FILE:$srcdir/data/ca.crt \
101 sd.data sd.data.out 2> signer.tmp && exit 1
102 grep "No signers were found" signer.tmp > /dev/null || exit 1
103
104 echo "create signed data (id-by-name)"
105 ${hxtool} cms-create-sd \
106 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
107 --id-by-name \
108 "$srcdir/test_chain.in" \
109 sd.data > /dev/null || exit 1
110
111 echo "verify signed data"
112 ${hxtool} cms-verify-sd \
113 --missing-revoke \
114 --anchors=FILE:$srcdir/data/ca.crt \
115 sd.data sd.data.out > /dev/null || exit 1
116 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
117
118 echo "verify signed data (EE cert as anchor)"
119 ${hxtool} cms-verify-sd \
120 --missing-revoke \
121 --anchors=FILE:$srcdir/data/test.crt \
122 sd.data sd.data.out > /dev/null || exit 1
123 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
124
125 echo "create signed data (password)"
126 ${hxtool} cms-create-sd \
127 --pass=PASS:foobar \
128 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
129 "$srcdir/test_chain.in" \
130 sd.data > /dev/null || exit 1
131
132 echo "verify signed data"
133 ${hxtool} cms-verify-sd \
134 --missing-revoke \
135 --anchors=FILE:$srcdir/data/ca.crt \
136 sd.data sd.data.out > /dev/null || exit 1
137 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
138
139 echo "create signed data (combined)"
140 ${hxtool} cms-create-sd \
141 --certificate=FILE:$srcdir/data/test.combined.crt \
142 "$srcdir/test_chain.in" \
143 sd.data > /dev/null || exit 1
144
145 echo "verify signed data"
146 ${hxtool} cms-verify-sd \
147 --missing-revoke \
148 --anchors=FILE:$srcdir/data/ca.crt \
149 sd.data sd.data.out > /dev/null || exit 1
150 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
151
152 echo "create signed data (content info)"
153 ${hxtool} cms-create-sd \
154 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
155 --content-info \
156 "$srcdir/test_chain.in" \
157 sd.data > /dev/null || exit 1
158
159 echo "verify signed data (content info)"
160 ${hxtool} cms-verify-sd \
161 --missing-revoke \
162 --anchors=FILE:$srcdir/data/ca.crt \
163 --content-info \
164 sd.data sd.data.out > /dev/null || exit 1
165 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
166
167 echo "create signed data (content type)"
168 ${hxtool} cms-create-sd \
169 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
170 --content-type=1.1.1.1 \
171 "$srcdir/test_chain.in" \
172 sd.data > /dev/null || exit 1
173
174 echo "verify signed data (content type)"
175 ${hxtool} cms-verify-sd \
176 --missing-revoke \
177 --anchors=FILE:$srcdir/data/ca.crt \
178 sd.data sd.data.out > /dev/null || exit 1
179 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
180
181 echo "create signed data (pem)"
182 ${hxtool} cms-create-sd \
183 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
184 --pem \
185 "$srcdir/test_chain.in" \
186 sd.data > /dev/null || exit 1
187
188 echo "verify signed data (pem)"
189 ${hxtool} cms-verify-sd \
190 --missing-revoke \
191 --anchors=FILE:$srcdir/data/ca.crt \
192 --pem \
193 sd.data sd.data.out > /dev/null
194 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
195
196 echo "create signed data (pem, detached)"
197 ${hxtool} cms-create-sd \
198 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
199 --detached-signature \
200 --pem \
201 "$srcdir/test_chain.in" \
202 sd.data > /dev/null || exit 1
203
204 echo "verify signed data (pem, detached)"
205 ${hxtool} cms-verify-sd \
206 --missing-revoke \
207 --anchors=FILE:$srcdir/data/ca.crt \
208 --pem \
209 --signed-content="$srcdir/test_chain.in" \
210 sd.data sd.data.out > /dev/null
211 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
212
213 echo "create signed data (p12)"
214 ${hxtool} cms-create-sd \
215 --pass=PASS:foobar \
216 --certificate=PKCS12:$srcdir/data/test.p12 \
217 --signer=friendlyname-test \
218 "$srcdir/test_chain.in" \
219 sd.data > /dev/null || exit 1
220
221 echo "verify signed data"
222 ${hxtool} cms-verify-sd \
223 --missing-revoke \
224 --anchors=FILE:$srcdir/data/ca.crt \
225 --content-info \
226 "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1
227 cmp "$srcdir/data/static-file" sd.data.out || exit 1
228
229 echo "verify signed data (no attr)"
230 ${hxtool} cms-verify-sd \
231 --missing-revoke \
232 --anchors=FILE:$srcdir/data/ca.crt \
233 --content-info \
234 "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1
235 cmp "$srcdir/data/static-file" sd.data.out || exit 1
236
237 echo "verify failure signed data (no attr, no certs)"
238 ${hxtool} cms-verify-sd \
239 --missing-revoke \
240 --anchors=FILE:$srcdir/data/ca.crt \
241 --content-info \
242 "$srcdir/data/test-signed-data-noattr-nocerts" \
243 sd.data.out > /dev/null 2>/dev/null && exit 1
244
245 echo "verify signed data (no attr, no certs)"
246 ${hxtool} cms-verify-sd \
247 --missing-revoke \
248 --anchors=FILE:$srcdir/data/ca.crt \
249 --certificate=FILE:$srcdir/data/test.crt \
250 --content-info \
251 "$srcdir/data/test-signed-data-noattr-nocerts" \
252 sd.data.out > /dev/null || exit 1
253 cmp "$srcdir/data/static-file" sd.data.out || exit 1
254
255 echo "verify signed data - sha1"
256 ${hxtool} cms-verify-sd \
257 --missing-revoke \
258 --anchors=FILE:$srcdir/data/ca.crt \
259 --content-info \
260 "$srcdir/data/test-signed-sha-1" sd.data.out > /dev/null || exit 1
261 cmp "$srcdir/data/static-file" sd.data.out || exit 1
262
263 echo "verify signed data - sha256"
264 ${hxtool} cms-verify-sd \
265 --missing-revoke \
266 --anchors=FILE:$srcdir/data/ca.crt \
267 --content-info \
268 "$srcdir/data/test-signed-sha-256" sd.data.out > /dev/null || exit 1
269 cmp "$srcdir/data/static-file" sd.data.out || exit 1
270
271 #echo "verify signed data - sha512"
272 #${hxtool} cms-verify-sd \
273 # --missing-revoke \
274 # --anchors=FILE:$srcdir/data/ca.crt \
275 # --content-info \
276 # "$srcdir/data/test-signed-sha-512" sd.data.out > /dev/null || exit 1
277 #cmp "$srcdir/data/static-file" sd.data.out || exit 1
278
279
280 echo "create signed data (subcert, no certs)"
281 ${hxtool} cms-create-sd \
282 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
283 "$srcdir/test_chain.in" \
284 sd.data > /dev/null || exit 1
285
286 echo "verify failure signed data"
287 ${hxtool} cms-verify-sd \
288 --missing-revoke \
289 --anchors=FILE:$srcdir/data/ca.crt \
290 sd.data sd.data.out > /dev/null 2> /dev/null && exit 1
291
292 echo "verify success signed data"
293 ${hxtool} cms-verify-sd \
294 --missing-revoke \
295 --certificate=FILE:$srcdir/data/sub-ca.crt \
296 --anchors=FILE:$srcdir/data/ca.crt \
297 sd.data sd.data.out > /dev/null || exit 1
298 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
299
300 echo "create signed data (subcert, certs)"
301 ${hxtool} cms-create-sd \
302 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
303 --pool=FILE:$srcdir/data/sub-ca.crt \
304 --anchors=FILE:$srcdir/data/ca.crt \
305 "$srcdir/test_chain.in" \
306 sd.data > /dev/null || exit 1
307
308 echo "verify success signed data"
309 ${hxtool} cms-verify-sd \
310 --missing-revoke \
311 --anchors=FILE:$srcdir/data/ca.crt \
312 sd.data sd.data.out > /dev/null || exit 1
313 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
314
315 echo "create signed data (subcert, certs, no-root)"
316 ${hxtool} cms-create-sd \
317 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
318 --pool=FILE:$srcdir/data/sub-ca.crt \
319 "$srcdir/test_chain.in" \
320 sd.data > /dev/null || exit 1
321
322 echo "verify success signed data"
323 ${hxtool} cms-verify-sd \
324 --missing-revoke \
325 --anchors=FILE:$srcdir/data/ca.crt \
326 sd.data sd.data.out > /dev/null || exit 1
327 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
328
329 echo "create signed data (subcert, no-subca, no-root)"
330 ${hxtool} cms-create-sd \
331 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
332 "$srcdir/test_chain.in" \
333 sd.data > /dev/null || exit 1
334
335 echo "verify failure signed data"
336 ${hxtool} cms-verify-sd \
337 --missing-revoke \
338 --anchors=FILE:$srcdir/data/ca.crt \
339 sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
340
341 echo "create signed data (sd cert)"
342 ${hxtool} cms-create-sd \
343 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
344 "$srcdir/test_chain.in" \
345 sd.data > /dev/null || exit 1
346
347 echo "create signed data (ke cert)"
348 ${hxtool} cms-create-sd \
349 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
350 "$srcdir/test_chain.in" \
351 sd.data > /dev/null 2>/dev/null && exit 1
352
353 echo "create signed data (sd + ke certs)"
354 ${hxtool} cms-create-sd \
355 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
356 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
357 "$srcdir/test_chain.in" \
358 sd.data > /dev/null || exit 1
359
360 echo "create signed data (ke + sd certs)"
361 ${hxtool} cms-create-sd \
362 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
363 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
364 "$srcdir/test_chain.in" \
365 sd.data > /dev/null || exit 1
366
367 echo "create signed data (detached)"
368 ${hxtool} cms-create-sd \
369 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
370 --detached-signature \
371 "$srcdir/test_chain.in" \
372 sd.data > /dev/null || exit 1
373
374 echo "verify signed data (detached)"
375 ${hxtool} cms-verify-sd \
376 --missing-revoke \
377 --signed-content="$srcdir/test_chain.in" \
378 --anchors=FILE:$srcdir/data/ca.crt \
379 sd.data sd.data.out > /dev/null || exit 1
380 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
381
382 echo "verify failure signed data (detached)"
383 ${hxtool} cms-verify-sd \
384 --missing-revoke \
385 --anchors=FILE:$srcdir/data/ca.crt \
386 sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
387
388 echo "create signed data (rsa)"
389 ${hxtool} cms-create-sd \
390 --peer-alg=1.2.840.113549.1.1.1 \
391 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
392 "$srcdir/test_chain.in" \
393 sd.data > /dev/null || exit 1
394
395 echo "verify signed data (rsa)"
396 ${hxtool} cms-verify-sd \
397 --missing-revoke \
398 --anchors=FILE:$srcdir/data/ca.crt \
399 sd.data sd.data.out > /dev/null 2>/dev/null || exit 1
400 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
401
402 echo "create signed data (pem, detached)"
403 cp "$srcdir/test_chain.in" sd
404 ${hxtool} cms-sign \
405 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
406 --detached-signature \
407 --pem \
408 sd > /dev/null || exit 1
409
410 echo "verify signed data (pem, detached)"
411 ${hxtool} cms-verify-sd \
412 --missing-revoke \
413 --anchors=FILE:$srcdir/data/ca.crt \
414 --pem \
415 sd.pem > /dev/null
416
417 echo "create signed data (no certs, detached sig)"
418 cp "$srcdir/test_chain.in" sd
419 ${hxtool} cms-sign \
420 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
421 --detached-signature \
422 --no-embedded-certs \
423 "$srcdir/data/static-file" \
424 sd > /dev/null || exit 1
425
426 echo "create signed data (leif only, detached sig)"
427 cp "$srcdir/test_chain.in" sd
428 ${hxtool} cms-sign \
429 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
430 --detached-signature \
431 --embed-leaf-only \
432 "$srcdir/data/static-file" \
433 sd > /dev/null || exit 1
434
435 echo "create signed data (no certs, detached sig, 2 signers)"
436 cp "$srcdir/test_chain.in" sd
437 ${hxtool} cms-sign \
438 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
439 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
440 --detached-signature \
441 --no-embedded-certs \
442 "$srcdir/data/static-file" \
443 sd > /dev/null || exit 1
444
445 echo "create signed data (no certs, detached sig, 3 signers)"
446 cp "$srcdir/test_chain.in" sd
447 ${hxtool} cms-sign \
448 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
449 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
450 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
451 --detached-signature \
452 --no-embedded-certs \
453 "$srcdir/data/static-file" \
454 sd > /dev/null || exit 1
455
456 echo "envelope data (content-type)"
457 ${hxtool} cms-envelope \
458 --certificate=FILE:$srcdir/data/test.crt \
459 --content-type=1.1.1.1 \
460 "$srcdir/data/static-file" \
461 ev.data > /dev/null || exit 1
462
463 echo "unenvelope data (content-type)"
464 ${hxtool} cms-unenvelope \
465 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
466 ev.data ev.data.out \
467 FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
468 cmp "$srcdir/data/static-file" ev.data.out || exit 1
469
470 echo "envelope data (content-info)"
471 ${hxtool} cms-envelope \
472 --certificate=FILE:$srcdir/data/test.crt \
473 --content-info \
474 "$srcdir/data/static-file" \
475 ev.data > /dev/null || exit 1
476
477 echo "unenvelope data (content-info)"
478 ${hxtool} cms-unenvelope \
479 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
480 --content-info \
481 ev.data ev.data.out \
482 FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
483 cmp "$srcdir/data/static-file" ev.data.out || exit 1
484
485 for a in des-ede3 aes-128 aes-256; do
486
487 rm -f ev.data ev.data.out
488 echo "envelope data ($a)"
489 ${hxtool} cms-envelope \
490 --encryption-type="$a-cbc" \
491 --certificate=FILE:$srcdir/data/test.crt \
492 "$srcdir/data/static-file" \
493 ev.data || exit 1
494
495 echo "unenvelope data ($a)"
496 ${hxtool} cms-unenvelope \
497 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
498 ev.data ev.data.out > /dev/null || exit 1
499 cmp "$srcdir/data/static-file" ev.data.out || exit 1
500 done
501
502 for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do
503 echo "static unenvelope data ($a)"
504
505 rm -f ev.data.out
506 ${hxtool} cms-unenvelope \
507 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
508 --content-info \
509 --allow-weak \
510 "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1
511 cmp "$srcdir/data/static-file" ev.data.out || exit 1
512 done
513
514 exit 0
Heimdal