summaryrefslogtreecommitdiffstats
path: root/tests/pkits/signature-verification
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:14:06 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:14:06 +0000
commiteee068778cb28ecf3c14e1bf843a95547d72c42d (patch)
tree0e07b30ddc5ea579d682d5dbe57998200d1c9ab7 /tests/pkits/signature-verification
parentInitial commit. (diff)
downloadgnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.tar.xz
gnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.zip
Adding upstream version 2.2.40.upstream/2.2.40upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/pkits/signature-verification')
-rwxr-xr-xtests/pkits/signature-verification167
1 files changed, 167 insertions, 0 deletions
diff --git a/tests/pkits/signature-verification b/tests/pkits/signature-verification
new file mode 100755
index 0000000..7765371
--- /dev/null
+++ b/tests/pkits/signature-verification
@@ -0,0 +1,167 @@
+#!/bin/sh
+# signature-verification - PKITS Test 4.1 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.1
+description="Signature Verification"
+info "Running $description tests"
+
+
+start_test 4.1.1 "Valid Signatures Test1"
+# The purpose of this test is to verify an application's ability to
+# name chain, signature chain, and check validity dates, on
+# certificates in a certification path. It also tests processing of
+# the basic constraints and key usage extensions in intermediate
+# certificates.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert GoodCACert
+need_crl GoodCACRL
+need_cert ValidCertificatePathTest1EE
+if $GPGSM --with-colons --with-validation --list-key 0x126B7002 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ -n "$tmp" ] && set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedValidSignaturesTest1.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_FULLY >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+
+start_test 4.1.2 "Invalid CA Signatures Test2"
+# The purpose of this test is to verify an application's ability to
+# recognize an invalid signature on an intermediate certificate in a
+# certification path.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert BadSignedCACert --import-anyway
+need_crl BadSignedCACRL
+need_cert InvalidCASignatureTest2EE --import-anyway
+if $GPGSM --with-colons --with-validation --list-key 0xD667FE3C >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidCASignatureTest2.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_NEVER >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+
+start_test 4.1.3 "Invalid EE Signature Test3"
+# The purpose of this test is to verify an application's ability to
+# recognize an invalid signature on an end entity certificate in a
+# certification path.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert GoodCACert
+need_crl GoodCACRL
+need_cert InvalidEESignatureTest3EE --import-anyway
+if $GPGSM --with-colons --with-validation --list-key 0x42E1AEE3 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidEESignatureTest3.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_NEVER >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+start_test 4.1.4 "Valid DSA Signatures Test4"
+# The purpose of this test is to verify an application's ability to
+# validate certificate in which DSA signatures are used. The
+# intermediate CA and the end entity have DSA key pairs.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert DSACACert
+need_crl DSACACRL
+need_cert ValidDSASignaturesTest4EE
+if $GPGSM --with-colons --with-validation --list-key 0x820A72B8 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ -n "$tmp" ] && set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ # Note: This S/MIME file uses LF and not CR,LF. */
+ if sed '1,/^$/d' smime/SignedValidDSASignaturesTest4.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_FULLY >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+start_test 4.1.5 "Valid DSA Parameter Inheritance Test5"
+# The purpose of this test is to verify an application's ability to
+# validate DSA signatures when the DSA parameters are not included in
+# a certificate and need to be inherited from a previous certificate
+# in the path. The intermediate CAs and the end entity have DSA key
+# pairs.
+set_status nys
+end_test
+
+
+start_test 4.1.6 "Invalid DSA Signature Test6"
+# The purpose of this test is to verify an application's ability to
+# determine when a DSA signature is invalid. The intermediate CA and
+# the end entity have DSA key pairs.
+set_status nys
+end_test
+
+
+
+final_result