mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Add some tests.
This commit is contained in:
parent
898a341f50
commit
f5f14d6556
4
TODO
4
TODO
@ -23,7 +23,6 @@
|
||||
** mark all unimplemented commands and options.
|
||||
** Implement --default-key
|
||||
** support the anyPolicy semantic
|
||||
** Check that we are really following the verification procedures in rfc3280.
|
||||
|
||||
|
||||
* sm/keydb.c
|
||||
@ -75,7 +74,7 @@
|
||||
** No card status notifications.
|
||||
** Regex support is disabled
|
||||
We need to adjust the test to find the regex we have anyway in
|
||||
gpg4in. Is that regex compatible to the OpenPGP requirement?
|
||||
gpg4win. Is that regex compatible to the OpenPGP requirement?
|
||||
|
||||
|
||||
* sm/
|
||||
@ -137,4 +136,3 @@
|
||||
gpg-agent's default locale (e.g. by the command updatestartuptty).
|
||||
|
||||
|
||||
|
||||
|
@ -1,3 +1,7 @@
|
||||
2008-02-22 Werner Koch <wk@g10code.com>
|
||||
|
||||
* argparse.c (strusage): Set copyright year to 2008.
|
||||
|
||||
2007-11-19 Werner Koch <wk@g10code.com>
|
||||
|
||||
* stringhelp.c (percent_escape): Factor code out to
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* [argparse.c wk 17.06.97] Argument Parser for option handling
|
||||
* Copyright (C) 1998, 1999, 2000, 2001, 2006
|
||||
* 2007 Free Software Foundation, Inc.
|
||||
* 2007, 2008 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of JNLIB.
|
||||
*
|
||||
@ -946,7 +946,7 @@ strusage( int level )
|
||||
break;
|
||||
case 11: p = "foo"; break;
|
||||
case 13: p = "0.0"; break;
|
||||
case 14: p = "Copyright (C) 2007 Free Software Foundation, Inc."; break;
|
||||
case 14: p = "Copyright (C) 2008 Free Software Foundation, Inc."; break;
|
||||
case 15: p =
|
||||
"This is free software: you are free to change and redistribute it.\n"
|
||||
"There is NO WARRANTY, to the extent permitted by law.\n";
|
||||
|
@ -48,7 +48,7 @@ EXTRA_DIST = inittests runtest common.sh $(testscripts)
|
||||
|
||||
TESTS = $(testscripts)
|
||||
|
||||
CLEANFILES = inittests.stamp x y y z out err *.lock .\#lk* *.log
|
||||
CLEANFILES = inittests.stamp scratch.*.tmp x y z out err *.lock .\#lk* *.log
|
||||
|
||||
DISTCLEANFILES = pubring.kbx~ random_seed
|
||||
|
||||
@ -62,11 +62,14 @@ inittests.stamp: inittests
|
||||
echo timestamp >./inittests.stamp
|
||||
|
||||
|
||||
run-all-tests:
|
||||
run-all-tests: inittests.stamp
|
||||
@set -e; \
|
||||
GNUPGHOME=`pwd`; export GNUPGHOME;\
|
||||
unset GPG_AGENT_INFO; \
|
||||
for test in $(testscripts); do \
|
||||
./$${test} && true; \
|
||||
for tst in $(testscripts); do \
|
||||
if ./$${tst}; then : ; \
|
||||
elif test $$? -eq 77; then echo "- SKIP $$tst"; \
|
||||
fi; \
|
||||
done
|
||||
|
||||
|
||||
|
@ -17,17 +17,31 @@
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# reset some environment variables because we do not want to test locals
|
||||
export LANG=C
|
||||
export LANGUAGE=C
|
||||
export LC_ALL=C
|
||||
LANG=C
|
||||
LANGUAGE=C
|
||||
LC_ALL=C
|
||||
export LANG LANGUAGE LC_ALL
|
||||
|
||||
pgmname=`basename $0`
|
||||
|
||||
[ "$VERBOSE" = yes ] && set -x
|
||||
if [ "$1" = "--debug" ]; then
|
||||
debug=yes
|
||||
set -x
|
||||
else
|
||||
debug=
|
||||
fi
|
||||
[ -z "$srcdir" ] && srcdir="."
|
||||
[ -z "$top_srcdir" ] && top_srcdir=".."
|
||||
[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm"
|
||||
[ -z "$silent" ] && silent=no
|
||||
|
||||
AWK=awk
|
||||
SCRATCH="scratch.$$.tmp"
|
||||
|
||||
# We use this as the faked system time for certain tests.
|
||||
MYTIME="20080508T120000"
|
||||
|
||||
|
||||
if [ "$GNUPGHOME" != "`pwd`" ]; then
|
||||
echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
|
||||
exit 1
|
||||
@ -41,7 +55,14 @@ fi
|
||||
if [ -f PKITS_data.tar.bz2 ]; then
|
||||
:
|
||||
else
|
||||
# Exit code 77 is used by the makefile for skipping a tests.
|
||||
if [ "$pgmname" = "import-all-certs" ]; then
|
||||
if [ "$silent" = "yes" ]; then tmp1="Note: "; tmp2=' '
|
||||
else tmp1="- ____ "; tmp2="$tmp1"
|
||||
fi
|
||||
echo "${tmp1}PKITS_data.tar.bz2 is not installed"
|
||||
echo "${tmp2}All tests will be skipped (this is not an error)"
|
||||
fi
|
||||
# Exit code 77 is used by the Makefile for skipping a tests.
|
||||
exit 77
|
||||
fi
|
||||
|
||||
@ -115,7 +136,9 @@ pass () {
|
||||
pass_count=`expr ${pass_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out PASS"
|
||||
[ -n "$description" ] && echo_n " ($description)"
|
||||
if [ -n "$1" ]; then echo_n " $1"
|
||||
elif [ -n "$description" ]; then echo_n " ($description)"
|
||||
fi
|
||||
echo
|
||||
fi
|
||||
}
|
||||
@ -126,7 +149,22 @@ fail () {
|
||||
fail_count=`expr ${fail_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out FAIL"
|
||||
[ -n "$description" ] && echo_n " ($description)"
|
||||
if [ -n "$1" ]; then echo_n " $1"
|
||||
elif [ -n "$description" ]; then echo_n " ($description)"
|
||||
fi
|
||||
echo
|
||||
fi
|
||||
}
|
||||
|
||||
skip () {
|
||||
setup_output
|
||||
echo "SKIP: " $* >&2
|
||||
skip_count=`expr ${skip_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out SKIP"
|
||||
if [ -n "$1" ]; then echo_n " $1"
|
||||
elif [ -n "$description" ]; then echo_n " ($description)"
|
||||
fi
|
||||
echo
|
||||
fi
|
||||
}
|
||||
@ -137,18 +175,9 @@ unresolved () {
|
||||
unresolved_count=`expr ${unresolved_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out UNRESOLVED"
|
||||
[ -n "$description" ] && echo_n " ($description)"
|
||||
echo
|
||||
if [ -n "$1" ]; then echo_n " $1"
|
||||
elif [ -n "$description" ]; then echo_n " ($description)"
|
||||
fi
|
||||
}
|
||||
|
||||
unsupported () {
|
||||
setup_output
|
||||
echo "UNSUPPORTED: " $* >&2
|
||||
unsupported_count=`expr ${unsupported_count} + 1`
|
||||
if [ "$silent" != "yes" ]; then
|
||||
echo_n "$section_out UNSUPPORTED"
|
||||
[ -n "$description" ] && echo_n " ($description)"
|
||||
echo
|
||||
fi
|
||||
}
|
||||
@ -158,8 +187,9 @@ final_result () {
|
||||
section=$first_section_set
|
||||
[ $pass_count = 0 ] || info "$pass_count tests passed"
|
||||
[ $fail_count = 0 ] || info "$fail_count tests failed"
|
||||
[ $skip_count = 0 ] || info "$unsupported_count tests skipped"
|
||||
[ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved"
|
||||
[ $unsupported_count = 0 ] || info "$unsupported_count tests unsupported"
|
||||
[ -z "$debug" -a -f "$SCRATCH" ] && rm "$SCRATCH"
|
||||
if [ $fail_count = 0 ]; then
|
||||
info "all tests passed"
|
||||
else
|
||||
@ -167,21 +197,79 @@ final_result () {
|
||||
fi
|
||||
}
|
||||
|
||||
set -e
|
||||
|
||||
pgmname=`basename $0`
|
||||
clean_homedir () {
|
||||
[ -f pubring.kbx ] && rm pubring.kbx
|
||||
if [ -d private-keys-v1.d ]; then
|
||||
rm private-keys-v1.d/* 2>/dev/null || true
|
||||
rmdir private-keys-v1.d
|
||||
fi
|
||||
}
|
||||
|
||||
start_test () {
|
||||
section="$1"
|
||||
description="$2"
|
||||
test_status=none
|
||||
echo "BEGIN TEST $section ($description)" >&2
|
||||
}
|
||||
|
||||
end_test () {
|
||||
case "$test_status" in
|
||||
none) skip "($description) - test not implemented";;
|
||||
pass) pass "($description)";;
|
||||
fail) fail "($description)";;
|
||||
setup) fail "($description) - setup failed";;
|
||||
ns) skip "($description) - not supported";;
|
||||
nys) skip "($description) - not yet supported";;
|
||||
*) unresolved "$(description)";;
|
||||
esac
|
||||
echo "END TEST $section" >&2
|
||||
}
|
||||
|
||||
set_status () {
|
||||
if [ "$test_status" = "none" ]; then
|
||||
test_status=$1
|
||||
fi
|
||||
}
|
||||
|
||||
need_cert () {
|
||||
if [ "$2" = "--import-anyway" ]; then
|
||||
if ! ${GPGSM} -q --debug-no-chain-validation --import certs/$1.crt
|
||||
then
|
||||
set_status setup
|
||||
fi
|
||||
else
|
||||
if ! ${GPGSM} -q --import certs/$1.crt; then
|
||||
set_status setup
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
need_crl () {
|
||||
# CRL are not yet implemented
|
||||
#set_status setup
|
||||
:
|
||||
}
|
||||
|
||||
|
||||
|
||||
set -e
|
||||
|
||||
pass_count=0
|
||||
fail_count=0
|
||||
skip_count=0
|
||||
unresolved_count=0
|
||||
unsupported_count=0
|
||||
first_section_set=""
|
||||
section_out=""
|
||||
test_status=none
|
||||
|
||||
# User settable variables
|
||||
section=""
|
||||
description=""
|
||||
|
||||
|
||||
#trap cleanup SIGHUP SIGINT SIGQUIT
|
||||
exec 2> ${pgmname}.log
|
||||
[ -z "$debug" ] && exec 2> ${pgmname}.log
|
||||
|
||||
:
|
||||
# end
|
||||
|
@ -36,7 +36,7 @@ while read flag dummy section name; do
|
||||
elif [ "$flag" = '?' ]; then
|
||||
unresolved "importing certificate \`$name' succeeded"
|
||||
elif [ "$flag" = 'u' ]; then
|
||||
unsupported "importing certificate \`$name' succeeded"
|
||||
skip "importing certificate \`$name' succeeded"
|
||||
else
|
||||
info "importing certificate \`$name' succeeded - (flag=$flag)"
|
||||
fi
|
||||
@ -48,7 +48,7 @@ while read flag dummy section name; do
|
||||
elif [ "$flag" = '?' ]; then
|
||||
unresolved "importing certificate \`$name' failed"
|
||||
elif [ "$flag" = 'u' ]; then
|
||||
unsupported "importing certificate \`$name' failed"
|
||||
skip "importing certificate \`$name' failed"
|
||||
else
|
||||
info "importing certificate \`$name' failed - (flag=$flag)"
|
||||
fi
|
||||
|
@ -28,7 +28,7 @@ p p 6.1.5.83 BasicSelfIssuedOldKeyNewWithOldCACert.crt
|
||||
|
||||
p p 6.1.5.218 CPSPointerQualifierTest20EE.crt
|
||||
|
||||
u u 6.1.5.572 DSACACert.crt
|
||||
p u 6.1.5.572 DSACACert.crt
|
||||
u u 6.1.5.575 DSAParametersInheritedCACert.crt
|
||||
|
||||
p p 6.1.5.210 DifferentPoliciesTest12EE.crt
|
||||
@ -81,9 +81,9 @@ p f 6.1.5.392 InvalidDNnameConstraintsTest7EE.crt
|
||||
p f 6.1.5.395 InvalidDNnameConstraintsTest8EE.crt
|
||||
p f 6.1.5.396 InvalidDNnameConstraintsTest9EE.crt
|
||||
|
||||
u u 6.1.5.578 InvalidDSASignatureTest6EE.crt
|
||||
p u 6.1.5.578 InvalidDSASignatureTest6EE.crt
|
||||
|
||||
f f 6.1.5.9 InvalidEESignatureTest3EE.crt
|
||||
p f 6.1.5.9 InvalidEESignatureTest3EE.crt
|
||||
|
||||
p f 6.1.5.19 InvalidEEnotAfterDateTest6EE.crt
|
||||
p f 6.1.5.13 InvalidEEnotBeforeDateTest2EE.crt
|
||||
|
@ -80,6 +80,17 @@ agent-program ../../agent/gpg-agent
|
||||
no-common-certs-import
|
||||
EOF
|
||||
|
||||
# The set of NIST test policies which should be used if anyPolicy is
|
||||
# not supported.
|
||||
cat > policies.txt <<EOF
|
||||
2.16.840.1.101.3.2.1.48.1
|
||||
2.16.840.1.101.3.2.1.48.2
|
||||
2.16.840.1.101.3.2.1.48.3
|
||||
2.16.840.1.101.3.2.1.48.4
|
||||
2.16.840.1.101.3.2.1.48.5
|
||||
2.16.840.1.101.3.2.1.48.6
|
||||
EOF
|
||||
|
||||
# Fixme: we need to write a dummy pinentry program
|
||||
cat > gpg-agent.conf <<EOF
|
||||
no-grab
|
||||
|
@ -25,7 +25,4 @@ info "Running $description tests"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
|
@ -24,8 +24,144 @@ description="Signature Verification"
|
||||
info "Running $description tests"
|
||||
|
||||
|
||||
start_test 4.1.1 "Valid Signatures Test1"
|
||||
# The purpose of this test is to verify an application's ability to
|
||||
# name chain, signature chain, and check validity dates, on
|
||||
# certificates in a certification path. It also tests processing of
|
||||
# the basic constraints and key usage extensions in intermediate
|
||||
# certificates.
|
||||
clean_homedir
|
||||
need_cert TrustAnchorRootCertificate
|
||||
need_crl TrustAnchorRootCRL
|
||||
need_cert GoodCACert
|
||||
need_crl GoodCACRL
|
||||
need_cert ValidCertificatePathTest1EE
|
||||
if $GPGSM --with-colons --with-validation --list-key 0x126B7002 >$SCRATCH; then
|
||||
tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
|
||||
END {if(!any) print "error"}' $SCRATCH)
|
||||
[ -n "$tmp" ] && set_status fail
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
if [ "$test_status" = "none" ]; then
|
||||
if sed '1,/^.$/d' smime/SignedValidSignaturesTest1.eml \
|
||||
| $GPGSM --verify --assume-base64 --status-fd 1 \
|
||||
| grep TRUST_FULLY >/dev/null; then
|
||||
set_status pass
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
fi
|
||||
end_test
|
||||
|
||||
|
||||
|
||||
start_test 4.1.2 "Invalid CA Signatures Test2"
|
||||
# The purpose of this test is to verify an application's ability to
|
||||
# recognize an invalid signature on an intermediate certificate in a
|
||||
# certification path.
|
||||
clean_homedir
|
||||
need_cert TrustAnchorRootCertificate
|
||||
need_crl TrustAnchorRootCRL
|
||||
need_cert BadSignedCACert --import-anyway
|
||||
need_crl BadSignedCACRL
|
||||
need_cert InvalidCASignatureTest2EE --import-anyway
|
||||
if $GPGSM --with-colons --with-validation --list-key 0xD667FE3C >$SCRATCH; then
|
||||
tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
|
||||
END {if(!any) print "error"}' $SCRATCH)
|
||||
[ "$tmp" = "i" ] || set_status fail
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
if [ "$test_status" = "none" ]; then
|
||||
if sed '1,/^.$/d' smime/SignedInvalidCASignatureTest2.eml \
|
||||
| $GPGSM --verify --assume-base64 --status-fd 1 \
|
||||
| grep TRUST_NEVER >/dev/null; then
|
||||
set_status pass
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
fi
|
||||
end_test
|
||||
|
||||
|
||||
|
||||
start_test 4.1.3 "Invalid EE Signature Test3"
|
||||
# The purpose of this test is to verify an application's ability to
|
||||
# recognize an invalid signature on an end entity certificate in a
|
||||
# certification path.
|
||||
clean_homedir
|
||||
need_cert TrustAnchorRootCertificate
|
||||
need_crl TrustAnchorRootCRL
|
||||
need_cert GoodCACert
|
||||
need_crl GoodCACRL
|
||||
need_cert InvalidEESignatureTest3EE --import-anyway
|
||||
if $GPGSM --with-colons --with-validation --list-key 0x42E1AEE3 >$SCRATCH; then
|
||||
tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
|
||||
END {if(!any) print "error"}' $SCRATCH)
|
||||
[ "$tmp" = "i" ] || set_status fail
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
if [ "$test_status" = "none" ]; then
|
||||
if sed '1,/^.$/d' smime/SignedInvalidEESignatureTest3.eml \
|
||||
| $GPGSM --verify --assume-base64 --status-fd 1 \
|
||||
| grep TRUST_NEVER >/dev/null; then
|
||||
set_status pass
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
fi
|
||||
end_test
|
||||
|
||||
|
||||
start_test 4.1.4 "Valid DSA Signatures Test4"
|
||||
# The purpose of this test is to verify an application's ability to
|
||||
# validate certificate in which DSA signatures are used. The
|
||||
# intermediate CA and the end entity have DSA key pairs.
|
||||
clean_homedir
|
||||
need_cert TrustAnchorRootCertificate
|
||||
need_crl TrustAnchorRootCRL
|
||||
need_cert DSACACert
|
||||
need_crl DSACACRL
|
||||
need_cert ValidDSASignaturesTest4EE
|
||||
if $GPGSM --with-colons --with-validation --list-key 0x820A72B8 >$SCRATCH; then
|
||||
tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
|
||||
END {if(!any) print "error"}' $SCRATCH)
|
||||
[ -n "$tmp" ] && set_status fail
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
if [ "$test_status" = "none" ]; then
|
||||
# Note: This S/MIME file uses LF and not CR,LF. */
|
||||
if sed '1,/^$/d' smime/SignedValidDSASignaturesTest4.eml \
|
||||
| $GPGSM --verify --assume-base64 --status-fd 1 \
|
||||
| grep TRUST_FULLY >/dev/null; then
|
||||
set_status pass
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
fi
|
||||
end_test
|
||||
|
||||
|
||||
start_test 4.1.5 "Valid DSA Parameter Inheritance Test5"
|
||||
# The purpose of this test is to verify an application's ability to
|
||||
# validate DSA signatures when the DSA parameters are not included in
|
||||
# a certificate and need to be inherited from a previous certificate
|
||||
# in the path. The intermediate CAs and the end entity have DSA key
|
||||
# pairs.
|
||||
set_status nys
|
||||
end_test
|
||||
|
||||
|
||||
start_test 4.1.6 "Invalid DSA Signature Test6"
|
||||
# The purpose of this test is to verify an application's ability to
|
||||
# determine when a DSA signature is invalid. The intermediate CA and
|
||||
# the end entity have DSA key pairs.
|
||||
set_status nys
|
||||
end_test
|
||||
|
||||
|
||||
|
||||
final_result
|
||||
|
@ -37,7 +37,7 @@ while read dummy flag section name; do
|
||||
elif [ "$flag" = '?' ]; then
|
||||
unresolved "validating certificate \`$name' succeeded"
|
||||
elif [ "$flag" = 'u' ]; then
|
||||
unsupported "validating certificate \`$name' succeeded"
|
||||
skip "validating certificate \`$name' succeeded"
|
||||
else
|
||||
info "validating certificate \`$name' succeeded - (flag=$flag)"
|
||||
fi
|
||||
@ -49,7 +49,7 @@ while read dummy flag section name; do
|
||||
elif [ "$flag" = '?' ]; then
|
||||
unresolved "validating certificate \`$name' failed"
|
||||
elif [ "$flag" = 'u' ]; then
|
||||
unsupported "validating certificate \`$name' failed"
|
||||
skip "validating certificate \`$name' failed"
|
||||
else
|
||||
info "validating certificate \`$name' failed - (flag=$flag)"
|
||||
fi
|
||||
|
@ -23,8 +23,195 @@ section=4.2
|
||||
description="Validity Periods"
|
||||
info "Running $description tests"
|
||||
|
||||
start_test 4.2.1 "Invalid CA notBefore Date Test1"
|
||||
# In this test, the intermediate certificate's notBefore date is after
|
||||
# the current date.
|
||||
clean_homedir
|
||||
need_cert TrustAnchorRootCertificate
|
||||
need_crl TrustAnchorRootCRL
|
||||
need_cert BadnotBeforeDateCACert
|
||||
need_crl BadnotBeforeDateCACRL
|
||||
need_cert InvalidCAnotBeforeDateTest1EE
|
||||
if $GPGSM --faked-system-time $MYTIME \
|
||||
--with-colons --with-validation --list-key 0x459ADD33 >$SCRATCH; then
|
||||
tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
|
||||
END {if(!any) print "error"}' $SCRATCH)
|
||||
[ "$tmp" = "i" ] || set_status fail
|
||||
else
|
||||
set_status fail
|
||||
fi
|
||||
if [ "$test_status" = "none" ]; then
|
||||
if sed '1,/^.$/d' smime/SignedInvalidCAnotBeforeDateTest1.eml \
|
||||
| $GPGSM --faked-system-time $MYTIME \
|
||||
--verify --assume-base64 --status-fd 1 --logger-fd 1 \
|
||||
| tee $SCRATCH \
|
||||
| grep TRUST_UNDEFINED >/dev/null; then
|
||||
if grep 'intermediate certificate not yet valid' $SCRATCH >/dev/null \
|
||||
&& grep 'invalid certification chain: Certificate too young' \
|
||||
$SCRATCH >/dev/null
|
||||
then
|
||||
set_status pass
|
||||
fi
|
||||
fi
|
||||
set_status fail
|
||||
fi
|
||||
end_test
|
||||
|
||||
|
||||
start_test 4.2.2 "Invalid EE notBefore Date Test2"
|
||||
# In this test, the end entity certificate's notBefore date is after
|
||||
# the current date.
|
||||
|
||||
# Procedure: Validate Invalid EE notBefore Date Test2 EE using the
|
||||
# default settings or open and verify Signed Test Message 6.2.2.5
|
||||
# using the default settings.
|
||||
|
||||
# Expected Result: The path should not validate successfully as the
|
||||
# notBefore date in the end entity certificate is after the current
|
||||
# date.
|
||||
|
||||
# Certification Path: The certification path is composed of the
|
||||
# following objects: Trust Anchor Root Certificate, Trust Anchor
|
||||
# Root CRL Good CA Cert, Good CA CRL Invalid EE notBefore Date
|
||||
# Test2 EE
|
||||
|
||||
end_test
|
||||
|
||||
|
||||
|
||||
start_test 4.2.3 "Valid pre2000 UTC notBefore Date Test3"
|
||||
# In this test, the end entity certificate's notBefore date is set to
|
||||
# 1950 and is encoded in UTCTime.
|
||||
#
|
||||
# Procedure: Validate Valid pre2000 UTC notBefore Date Test3 EE
|
||||
# using the default settings or open and
|
||||
# verify Signed Test Message 6.2.2.6 using
|
||||
# the default settings.
|
||||
#
|
||||
# Expected Result: The path should validate successfully as the
|
||||
# notBefore date in the end entity
|
||||
# certificate is before the current date.
|
||||
#
|
||||
# Certification Path: The certification path is composed of the
|
||||
# following objects: Trust Anchor Root Certificate,
|
||||
# Trust Anchor Root CRL Good CA Cert, Good CA CRL Valid
|
||||
# pre2000 UTC notBefore Date Test3 EE
|
||||
#
|
||||
end_test
|
||||
|
||||
|
||||
|
||||
start_test 4.2.4 "Valid GeneralizedTime notBefore Date Test4"
|
||||
# In this test, the end entity certificate's notBefore date is
|
||||
# specified in GeneralizedTime.
|
||||
#
|
||||
# Procedure: Validate Valid GeneralizedTime notBefore Date Test4 EE
|
||||
# using the default settings or open and
|
||||
# verify Signed Test Message 6.2.2.7 using
|
||||
# the default settings.
|
||||
#
|
||||
# Expected Result: The path should validate successfully.
|
||||
#
|
||||
# Certification Path:
|
||||
# The certification path is composed of the following objects:
|
||||
# Trust Anchor Root Certificate, Trust Anchor Root CRL
|
||||
# Good CA Cert, Good CA CRL
|
||||
# Valid GeneralizedTime notBefore Date Test4 EE
|
||||
#
|
||||
end_test
|
||||
|
||||
|
||||
|
||||
start_test 4.2.5 "Invalid CA notAfter Date Test5"
|
||||
# In this test, the intermediate certificate's notAfter date is before
|
||||
# the current date.
|
||||
|
||||
# Procedure: Validate Invalid CA notAfter Date Test5 EE using the
|
||||
# default settings or open and verify
|
||||
# Signed Test Message 6.2.2.8 using the
|
||||
# default settings.
|
||||
#
|
||||
# Expected Result: The path should not validate successfully as the
|
||||
# notAfter date in the intermediate
|
||||
# certificate is before the current date.
|
||||
#
|
||||
# Certification Path: The certification path is composed of the
|
||||
# following objects:
|
||||
#
|
||||
# Trust Anchor Root Certificate, Trust Anchor Root CRL
|
||||
# Bad notAfter Date CA Cert, Bad notAfter Date CA CRL
|
||||
# Invalid CA notAfter Date Test5 EE
|
||||
#
|
||||
end_test
|
||||
|
||||
|
||||
start_test 4.2.6 "Invalid EE notAfter Date Test6"
|
||||
# In this test, the end entity certificate's notAfter date is before
|
||||
# the current date.
|
||||
|
||||
# Procedure: Validate Invalid EE notAfter Date Test6 EE using the
|
||||
# default settings or open and verify
|
||||
# Signed Test Message 6.2.2.9 using the
|
||||
# default settings.
|
||||
#
|
||||
# Expected Result: The path should not validate successfully as the
|
||||
# notAfter date in the end certificate is
|
||||
# before the current date.
|
||||
#
|
||||
# Certification Path: The certification path is composed of the
|
||||
# following objects:
|
||||
# Trust Anchor Root Certificate, Trust Anchor Root CRL
|
||||
# Good CA Cert, Good CA CRL
|
||||
# Invalid EE notAfter Date Test6 EE
|
||||
|
||||
end_test
|
||||
|
||||
|
||||
start_test 4.2.7 "Invalid pre2000 UTC EE notAfter Date Test7"
|
||||
# In this test, the end entity certificate's notAfter date is 1999 and
|
||||
# is encoded in UTCTime.
|
||||
|
||||
# Procedure: Validate Invalid pre2000 UTC EE notAfter Date Test7 EE
|
||||
# using the default settings or open and
|
||||
# verify Signed Test Message 6.2.2.10 using
|
||||
# the default settings.
|
||||
#
|
||||
# Expected Result: The path should not validate successfully as the
|
||||
# notAfter date in the end certificate is
|
||||
# before the current date.
|
||||
#
|
||||
#
|
||||
# Certification Path: The certification path is composed of the
|
||||
# following objects:
|
||||
#
|
||||
# Trust Anchor Root Certificate, Trust Anchor Root CRL
|
||||
# Good CA Cert, Good CA CRL
|
||||
# Invalid pre2000 UTC EE notAfter Date Test7 EE
|
||||
|
||||
end_test
|
||||
|
||||
|
||||
|
||||
start_test 4.2.8 "Valid GeneralizedTime notAfter Date Test8"
|
||||
# In this test, the end entity certificate's notAfter date is 2050 and
|
||||
# is encoded in GeneralizedTime.
|
||||
|
||||
# Procedure: Validate Valid GeneralizedTime notAfter Date Test8 EE
|
||||
# using the default settings or open and
|
||||
# verify Signed Test Message 6.2.2.11 using
|
||||
# the default settings.
|
||||
#
|
||||
# Expected Result: The path should validate successfully as the
|
||||
# notAfter date in the end certificate is
|
||||
# after the current date.
|
||||
#
|
||||
#
|
||||
# Trust Anchor Root Certificate, Trust Anchor Root CRL
|
||||
# Good CA Cert, Good CA CRL
|
||||
# Valid GeneralizedTime notAfter Date Test8 EE
|
||||
|
||||
end_test
|
||||
|
||||
|
||||
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user