#!/bin/sh # validity-periods - PKITS Test 4.2 -*- sh -*- # Copyright (C) 2008 Free Software Foundation, Inc. # # This file is part of GnuPG. # # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . . ${srcdir:-.}/common.sh || exit 2 section=4.2 description="Validity Periods" info "Running $description tests" start_test 4.2.1 "Invalid CA notBefore Date Test1" # In this test, the intermediate certificate's notBefore date is after # the current date. clean_homedir need_cert TrustAnchorRootCertificate need_crl TrustAnchorRootCRL need_cert BadnotBeforeDateCACert need_crl BadnotBeforeDateCACRL need_cert InvalidCAnotBeforeDateTest1EE if $GPGSM --faked-system-time $MYTIME \ --with-colons --with-validation --list-key 0x459ADD33 >$SCRATCH; then tmp=$($AWK -F: '$1 == "crt" {any=1; print $2}; END {if(!any) print "error"}' $SCRATCH) [ "$tmp" = "i" ] || set_status fail else set_status fail fi if [ "$test_status" = "none" ]; then if sed '1,/^.$/d' smime/SignedInvalidCAnotBeforeDateTest1.eml \ | $GPGSM --faked-system-time $MYTIME \ --verify --assume-base64 --status-fd 1 --logger-fd 1 \ | tee $SCRATCH \ | grep TRUST_UNDEFINED >/dev/null; then if grep 'intermediate certificate not yet valid' $SCRATCH >/dev/null \ && grep 'invalid certification chain: Certificate too young' \ $SCRATCH >/dev/null then set_status pass fi fi set_status fail fi end_test start_test 4.2.2 "Invalid EE notBefore Date Test2" # In this test, the end entity certificate's notBefore date is after # the current date. # Procedure: Validate Invalid EE notBefore Date Test2 EE using the # default settings or open and verify Signed Test Message 6.2.2.5 # using the default settings. # Expected Result: The path should not validate successfully as the # notBefore date in the end entity certificate is after the current # date. # Certification Path: The certification path is composed of the # following objects: Trust Anchor Root Certificate, Trust Anchor # Root CRL Good CA Cert, Good CA CRL Invalid EE notBefore Date # Test2 EE end_test start_test 4.2.3 "Valid pre2000 UTC notBefore Date Test3" # In this test, the end entity certificate's notBefore date is set to # 1950 and is encoded in UTCTime. # # Procedure: Validate Valid pre2000 UTC notBefore Date Test3 EE # using the default settings or open and # verify Signed Test Message 6.2.2.6 using # the default settings. # # Expected Result: The path should validate successfully as the # notBefore date in the end entity # certificate is before the current date. # # Certification Path: The certification path is composed of the # following objects: Trust Anchor Root Certificate, # Trust Anchor Root CRL Good CA Cert, Good CA CRL Valid # pre2000 UTC notBefore Date Test3 EE # end_test start_test 4.2.4 "Valid GeneralizedTime notBefore Date Test4" # In this test, the end entity certificate's notBefore date is # specified in GeneralizedTime. # # Procedure: Validate Valid GeneralizedTime notBefore Date Test4 EE # using the default settings or open and # verify Signed Test Message 6.2.2.7 using # the default settings. # # Expected Result: The path should validate successfully. # # Certification Path: # The certification path is composed of the following objects: # Trust Anchor Root Certificate, Trust Anchor Root CRL # Good CA Cert, Good CA CRL # Valid GeneralizedTime notBefore Date Test4 EE # end_test start_test 4.2.5 "Invalid CA notAfter Date Test5" # In this test, the intermediate certificate's notAfter date is before # the current date. # Procedure: Validate Invalid CA notAfter Date Test5 EE using the # default settings or open and verify # Signed Test Message 6.2.2.8 using the # default settings. # # Expected Result: The path should not validate successfully as the # notAfter date in the intermediate # certificate is before the current date. # # Certification Path: The certification path is composed of the # following objects: # # Trust Anchor Root Certificate, Trust Anchor Root CRL # Bad notAfter Date CA Cert, Bad notAfter Date CA CRL # Invalid CA notAfter Date Test5 EE # end_test start_test 4.2.6 "Invalid EE notAfter Date Test6" # In this test, the end entity certificate's notAfter date is before # the current date. # Procedure: Validate Invalid EE notAfter Date Test6 EE using the # default settings or open and verify # Signed Test Message 6.2.2.9 using the # default settings. # # Expected Result: The path should not validate successfully as the # notAfter date in the end certificate is # before the current date. # # Certification Path: The certification path is composed of the # following objects: # Trust Anchor Root Certificate, Trust Anchor Root CRL # Good CA Cert, Good CA CRL # Invalid EE notAfter Date Test6 EE end_test start_test 4.2.7 "Invalid pre2000 UTC EE notAfter Date Test7" # In this test, the end entity certificate's notAfter date is 1999 and # is encoded in UTCTime. # Procedure: Validate Invalid pre2000 UTC EE notAfter Date Test7 EE # using the default settings or open and # verify Signed Test Message 6.2.2.10 using # the default settings. # # Expected Result: The path should not validate successfully as the # notAfter date in the end certificate is # before the current date. # # # Certification Path: The certification path is composed of the # following objects: # # Trust Anchor Root Certificate, Trust Anchor Root CRL # Good CA Cert, Good CA CRL # Invalid pre2000 UTC EE notAfter Date Test7 EE end_test start_test 4.2.8 "Valid GeneralizedTime notAfter Date Test8" # In this test, the end entity certificate's notAfter date is 2050 and # is encoded in GeneralizedTime. # Procedure: Validate Valid GeneralizedTime notAfter Date Test8 EE # using the default settings or open and # verify Signed Test Message 6.2.2.11 using # the default settings. # # Expected Result: The path should validate successfully as the # notAfter date in the end certificate is # after the current date. # # # Trust Anchor Root Certificate, Trust Anchor Root CRL # Good CA Cert, Good CA CRL # Valid GeneralizedTime notAfter Date Test8 EE end_test final_result