diff options
Diffstat (limited to '')
-rwxr-xr-x | tests/pkits/validity-periods | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/tests/pkits/validity-periods b/tests/pkits/validity-periods new file mode 100755 index 0000000..90f1764 --- /dev/null +++ b/tests/pkits/validity-periods @@ -0,0 +1,218 @@ +#!/bin/sh +# validity-periods - PKITS Test 4.2 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.2 +description="Validity Periods" +info "Running $description tests" + +start_test 4.2.1 "Invalid CA notBefore Date Test1" +# In this test, the intermediate certificate's notBefore date is after +# the current date. +clean_homedir +need_cert TrustAnchorRootCertificate +need_crl TrustAnchorRootCRL +need_cert BadnotBeforeDateCACert +need_crl BadnotBeforeDateCACRL +need_cert InvalidCAnotBeforeDateTest1EE +if $GPGSM --faked-system-time $MYTIME \ + --with-colons --with-validation --list-key 0x459ADD33 >$SCRATCH; then + tmp=$($AWK -F: '$1 == "crt" {any=1; print $2}; + END {if(!any) print "error"}' $SCRATCH) + [ "$tmp" = "i" ] || set_status fail +else + set_status fail +fi +if [ "$test_status" = "none" ]; then + if sed '1,/^.$/d' smime/SignedInvalidCAnotBeforeDateTest1.eml \ + | $GPGSM --faked-system-time $MYTIME \ + --verify --assume-base64 --status-fd 1 --logger-fd 1 \ + | tee $SCRATCH \ + | grep TRUST_UNDEFINED >/dev/null; then + if grep 'intermediate certificate not yet valid' $SCRATCH >/dev/null \ + && grep 'invalid certification chain: Certificate too young' \ + $SCRATCH >/dev/null + then + set_status pass + fi + fi + set_status fail +fi +end_test + + +start_test 4.2.2 "Invalid EE notBefore Date Test2" +# In this test, the end entity certificate's notBefore date is after +# the current date. + +# Procedure: Validate Invalid EE notBefore Date Test2 EE using the +# default settings or open and verify Signed Test Message 6.2.2.5 +# using the default settings. + +# Expected Result: The path should not validate successfully as the +# notBefore date in the end entity certificate is after the current +# date. + +# Certification Path: The certification path is composed of the +# following objects: Trust Anchor Root Certificate, Trust Anchor +# Root CRL Good CA Cert, Good CA CRL Invalid EE notBefore Date +# Test2 EE + +end_test + + + +start_test 4.2.3 "Valid pre2000 UTC notBefore Date Test3" +# In this test, the end entity certificate's notBefore date is set to +# 1950 and is encoded in UTCTime. +# +# Procedure: Validate Valid pre2000 UTC notBefore Date Test3 EE +# using the default settings or open and +# verify Signed Test Message 6.2.2.6 using +# the default settings. +# +# Expected Result: The path should validate successfully as the +# notBefore date in the end entity +# certificate is before the current date. +# +# Certification Path: The certification path is composed of the +# following objects: Trust Anchor Root Certificate, +# Trust Anchor Root CRL Good CA Cert, Good CA CRL Valid +# pre2000 UTC notBefore Date Test3 EE +# +end_test + + + +start_test 4.2.4 "Valid GeneralizedTime notBefore Date Test4" +# In this test, the end entity certificate's notBefore date is +# specified in GeneralizedTime. +# +# Procedure: Validate Valid GeneralizedTime notBefore Date Test4 EE +# using the default settings or open and +# verify Signed Test Message 6.2.2.7 using +# the default settings. +# +# Expected Result: The path should validate successfully. +# +# Certification Path: +# The certification path is composed of the following objects: +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Good CA Cert, Good CA CRL +# Valid GeneralizedTime notBefore Date Test4 EE +# +end_test + + + +start_test 4.2.5 "Invalid CA notAfter Date Test5" +# In this test, the intermediate certificate's notAfter date is before +# the current date. + +# Procedure: Validate Invalid CA notAfter Date Test5 EE using the +# default settings or open and verify +# Signed Test Message 6.2.2.8 using the +# default settings. +# +# Expected Result: The path should not validate successfully as the +# notAfter date in the intermediate +# certificate is before the current date. +# +# Certification Path: The certification path is composed of the +# following objects: +# +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Bad notAfter Date CA Cert, Bad notAfter Date CA CRL +# Invalid CA notAfter Date Test5 EE +# +end_test + + +start_test 4.2.6 "Invalid EE notAfter Date Test6" +# In this test, the end entity certificate's notAfter date is before +# the current date. + +# Procedure: Validate Invalid EE notAfter Date Test6 EE using the +# default settings or open and verify +# Signed Test Message 6.2.2.9 using the +# default settings. +# +# Expected Result: The path should not validate successfully as the +# notAfter date in the end certificate is +# before the current date. +# +# Certification Path: The certification path is composed of the +# following objects: +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Good CA Cert, Good CA CRL +# Invalid EE notAfter Date Test6 EE + +end_test + + +start_test 4.2.7 "Invalid pre2000 UTC EE notAfter Date Test7" +# In this test, the end entity certificate's notAfter date is 1999 and +# is encoded in UTCTime. + +# Procedure: Validate Invalid pre2000 UTC EE notAfter Date Test7 EE +# using the default settings or open and +# verify Signed Test Message 6.2.2.10 using +# the default settings. +# +# Expected Result: The path should not validate successfully as the +# notAfter date in the end certificate is +# before the current date. +# +# +# Certification Path: The certification path is composed of the +# following objects: +# +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Good CA Cert, Good CA CRL +# Invalid pre2000 UTC EE notAfter Date Test7 EE + +end_test + + + +start_test 4.2.8 "Valid GeneralizedTime notAfter Date Test8" +# In this test, the end entity certificate's notAfter date is 2050 and +# is encoded in GeneralizedTime. + +# Procedure: Validate Valid GeneralizedTime notAfter Date Test8 EE +# using the default settings or open and +# verify Signed Test Message 6.2.2.11 using +# the default settings. +# +# Expected Result: The path should validate successfully as the +# notAfter date in the end certificate is +# after the current date. +# +# +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Good CA Cert, Good CA CRL +# Valid GeneralizedTime notAfter Date Test8 EE + +end_test + + + + +final_result |