summaryrefslogtreecommitdiffstats
path: root/tests/pkits
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tests/pkits/ChangeLog-201175
-rw-r--r--tests/pkits/Makefile.am75
-rw-r--r--tests/pkits/Makefile.in695
-rw-r--r--tests/pkits/README37
-rwxr-xr-xtests/pkits/basic-certificate-revocation31
-rwxr-xr-xtests/pkits/certificate-policies31
-rw-r--r--tests/pkits/common.sh275
-rwxr-xr-xtests/pkits/delta-crls31
-rwxr-xr-xtests/pkits/distribution-points31
-rwxr-xr-xtests/pkits/import-all-certs58
-rw-r--r--tests/pkits/import-all-certs.data471
-rwxr-xr-xtests/pkits/inhibit-any-policy31
-rwxr-xr-xtests/pkits/inhibit-policy-mapping31
-rwxr-xr-xtests/pkits/inittests109
-rwxr-xr-xtests/pkits/key-usage28
-rwxr-xr-xtests/pkits/name-constraints31
-rwxr-xr-xtests/pkits/policy-mappings31
-rwxr-xr-xtests/pkits/private-certificate-extensions31
-rwxr-xr-xtests/pkits/require-explicit-policy31
-rwxr-xr-xtests/pkits/runtest4
-rwxr-xr-xtests/pkits/signature-verification167
-rwxr-xr-xtests/pkits/validate-all-certs59
-rwxr-xr-xtests/pkits/validity-periods218
-rwxr-xr-xtests/pkits/verifying-basic-constraints31
-rwxr-xr-xtests/pkits/verifying-name-chaining31
-rwxr-xr-xtests/pkits/verifying-paths-self-issued31
26 files changed, 2674 insertions, 0 deletions
diff --git a/tests/pkits/ChangeLog-2011 b/tests/pkits/ChangeLog-2011
new file mode 100644
index 0000000..d66e474
--- /dev/null
+++ b/tests/pkits/ChangeLog-2011
@@ -0,0 +1,75 @@
+2011-12-01 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2009-03-03 Werner Koch <wk@g10code.com>
+
+ * inittests (clean_files): Use /bin/pwd here as well.
+
+ * Makefile.am (run-all-tests): Also use /bin/pwd here.
+
+2009-02-19 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (TESTS_ENVIRONMENT): Use /bin/pwd
+ * common.sh: Ditto.
+
+2008-02-19 Werner Koch <wk@g10code.com>
+
+ * inittests: Unpack test data onlyu if available.
+ * common.sh: Skip tests if PKITS test data is not available.
+ * Makefile.am: Do not distribute test data. This allows to
+ include the test suite in the distribution.
+
+ * signature-verification: New.
+ * validity-periods: New.
+ * verifying-name-chaining: New.
+ * basic-certificate-revocation: New.
+ * verifying-paths-self-issued: New.
+ * verifying-basic-constraints: New.
+ * key-usage: New.
+ * certificate-policies: New.
+ * require-explicit-policy: New.
+ * policy-mappings: New.
+ * inhibit-policy-mapping: New.
+ * inhibit-any-policy: New.
+ * name-constraints: New.
+ * distribution-points: New.
+ * delta-crls: New.
+ * private-certificate-extensions: New.
+ * Makefile.am (testscripts): Add them.
+
+ * import-all-certs.data: Add section numbers.
+
+2008-02-18 Werner Koch <wk@g10code.com>
+
+ * import-all-certs.data: Adjust import tests results. Almost all
+ certificates should now be importable due to relaxed basic checks.
+
+ * inittests (clean_files): Disable all dirmngr access.
+
+2006-05-02 Werner Koch <wk@g10code.com>
+
+ * PKITS_data.tar.bz2: Repackaged new copy because the old one got
+ corrupted by the conversion from CVS to SVN.
+
+2004-08-16 Werner Koch <wk@g10code.de>
+
+ Started implementing PKITS based tests.
+
+
+ Copyright 2004, 2008 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+Local Variables:
+buffer-read-only: t
+End:
diff --git a/tests/pkits/Makefile.am b/tests/pkits/Makefile.am
new file mode 100644
index 0000000..3dc2f16
--- /dev/null
+++ b/tests/pkits/Makefile.am
@@ -0,0 +1,75 @@
+# Makefile.am - tests using NIST's PKITS
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+GPGSM = ../../sm/gpgsm
+
+TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \
+ GPGSM=$(GPGSM) silent=yes
+
+
+testscripts = import-all-certs validate-all-certs \
+ signature-verification \
+ validity-periods \
+ verifying-name-chaining \
+ basic-certificate-revocation \
+ verifying-paths-self-issued \
+ verifying-basic-constraints \
+ key-usage \
+ certificate-policies \
+ require-explicit-policy \
+ policy-mappings \
+ inhibit-policy-mapping \
+ inhibit-any-policy \
+ name-constraints \
+ distribution-points \
+ delta-crls \
+ private-certificate-extensions
+
+
+EXTRA_DIST = inittests runtest common.sh $(testscripts) ChangeLog-2011 \
+ import-all-certs.data
+
+TESTS =
+
+CLEANFILES = inittests.stamp scratch.*.tmp x y z out err *.lock .\#lk* *.log
+
+DISTCLEANFILES = pubring.kbx~ random_seed
+
+all-local: inittests.stamp
+
+clean-local:
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean
+
+inittests.stamp: inittests
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
+ echo timestamp >./inittests.stamp
+
+
+run-all-tests: inittests.stamp
+ @set -e; \
+ GNUPGHOME=`/bin/pwd`; export GNUPGHOME;\
+ unset GPG_AGENT_INFO; \
+ for tst in $(testscripts); do \
+ if ./$${tst}; then : ; \
+ elif test $$? -eq 77; then echo "- SKIP $$tst"; \
+ fi; \
+ done
+
+
diff --git a/tests/pkits/Makefile.in b/tests/pkits/Makefile.in
new file mode 100644
index 0000000..accdff2
--- /dev/null
+++ b/tests/pkits/Makefile.in
@@ -0,0 +1,695 @@
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am - tests using NIST's PKITS
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+TESTS =
+subdir = tests/pkits
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
+ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/mkinstalldirs README
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+AWK_HEX_NUMBER_OPTION = @AWK_HEX_NUMBER_OPTION@
+BUILD_FILEVERSION = @BUILD_FILEVERSION@
+BUILD_HOSTNAME = @BUILD_HOSTNAME@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+BUILD_REVISION = @BUILD_REVISION@
+BUILD_TIMESTAMP = @BUILD_TIMESTAMP@
+BUILD_VERSION = @BUILD_VERSION@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ENCFS = @ENCFS@
+EXEEXT = @EXEEXT@
+FUSERMOUNT = @FUSERMOUNT@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGRT_CONFIG = @GPGRT_CONFIG@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
+GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LBER_LIBS = @LBER_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+NPTH_CFLAGS = @NPTH_CFLAGS@
+NPTH_CONFIG = @NPTH_CONFIG@
+NPTH_LIBS = @NPTH_LIBS@
+NTBTLS_CFLAGS = @NTBTLS_CFLAGS@
+NTBTLS_CONFIG = @NTBTLS_CONFIG@
+NTBTLS_LIBS = @NTBTLS_LIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
+SQLITE3_LIBS = @SQLITE3_LIBS@
+STRIP = @STRIP@
+SYSROOT = @SYSROOT@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+USE_C99_CFLAGS = @USE_C99_CFLAGS@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WINDRES = @WINDRES@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+YAT2M = @YAT2M@
+ZLIBS = @ZLIBS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+GPGSM = ../../sm/gpgsm
+TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \
+ GPGSM=$(GPGSM) silent=yes
+
+testscripts = import-all-certs validate-all-certs \
+ signature-verification \
+ validity-periods \
+ verifying-name-chaining \
+ basic-certificate-revocation \
+ verifying-paths-self-issued \
+ verifying-basic-constraints \
+ key-usage \
+ certificate-policies \
+ require-explicit-policy \
+ policy-mappings \
+ inhibit-policy-mapping \
+ inhibit-any-policy \
+ name-constraints \
+ distribution-points \
+ delta-crls \
+ private-certificate-extensions
+
+EXTRA_DIST = inittests runtest common.sh $(testscripts) ChangeLog-2011 \
+ import-all-certs.data
+
+CLEANFILES = inittests.stamp scratch.*.tmp x y z out err *.lock .\#lk* *.log
+DISTCLEANFILES = pubring.kbx~ random_seed
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/pkits/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu tests/pkits/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: all all-am all-local check check-TESTS check-am clean \
+ clean-generic clean-local cscopelist-am ctags-am distclean \
+ distclean-generic distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \
+ uninstall-am
+
+.PRECIOUS: Makefile
+
+
+all-local: inittests.stamp
+
+clean-local:
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean
+
+inittests.stamp: inittests
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
+ echo timestamp >./inittests.stamp
+
+run-all-tests: inittests.stamp
+ @set -e; \
+ GNUPGHOME=`/bin/pwd`; export GNUPGHOME;\
+ unset GPG_AGENT_INFO; \
+ for tst in $(testscripts); do \
+ if ./$${tst}; then : ; \
+ elif test $$? -eq 77; then echo "- SKIP $$tst"; \
+ fi; \
+ done
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/pkits/README b/tests/pkits/README
new file mode 100644
index 0000000..06aa97b
--- /dev/null
+++ b/tests/pkits/README
@@ -0,0 +1,37 @@
+tests/pkits/README
+
+These are tests based on NIST's Public Key Interoperability Test Suite
+(PKITS) as downloaded on 2006-05-02 from
+http://csrc.nist.gov/pki/testing/x509paths.html .
+
+README - this file.
+PKITS_data.tar.bz2 - the original ZIP file, repackaged as a tarball.
+Makefile.am - Part of our build system.
+import-all-certs - Run a simple import test on all certificates
+validate-all-certs - Run an import and validate test on all certificates
+signature-verification - PKITS test 4.1
+validity-periods - PKITS test 4.2
+verifying-name-chaining - PKITS test 4.3
+basic-certificate-revocation - PKITS test 4.4
+verifying-paths-self-issued - PKITS test 4.5
+verifying-basic-constraints - PKITS test 4.6
+key-usage - PKITS test 4.7
+certificate-policies - PKITS test 4.8
+require-explicit-policy - PKITS test 4.9
+policy-mappings - PKITS test 4.10
+inhibit-policy-mapping - PKITS test 4.11
+inhibit-any-policy - PKITS test 4.12
+name-constraints - PKITS test 4.13
+distribution-points - PKITS test 4.14
+delta-crls - PKITS test 4.15
+private-certificate-extensions - PKITS test 4.16
+
+
+The password for the p12 files is "password".
+
+You may run the tests as usual with "make check" or after a plain make
+in this directory you may run the tests individually. When run in
+this way they will print easy to parse output to stdout. To run all
+tests in this mode, use "make run-all-tests". All test scripts create
+a log file with the suffix ".log" appended to the test script's name.
+
diff --git a/tests/pkits/basic-certificate-revocation b/tests/pkits/basic-certificate-revocation
new file mode 100755
index 0000000..496a82c
--- /dev/null
+++ b/tests/pkits/basic-certificate-revocation
@@ -0,0 +1,31 @@
+#!/bin/sh
+# basic-certificate-revocation - PKITS Test 4.4 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.4
+description="Basic Certificate Revocation"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/certificate-policies b/tests/pkits/certificate-policies
new file mode 100755
index 0000000..f472201
--- /dev/null
+++ b/tests/pkits/certificate-policies
@@ -0,0 +1,31 @@
+#!/bin/sh
+# certificate-policies - PKITS Test 4.8 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.8
+description="Certificate Policies"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/common.sh b/tests/pkits/common.sh
new file mode 100644
index 0000000..697f28f
--- /dev/null
+++ b/tests/pkits/common.sh
@@ -0,0 +1,275 @@
+# common.sh - common defs for all tests -*- sh -*-
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# reset some environment variables because we do not want to test locals
+LANG=C
+LANGUAGE=C
+LC_ALL=C
+export LANG LANGUAGE LC_ALL
+
+pgmname=`basename $0`
+
+if [ "$1" = "--debug" ]; then
+ debug=yes
+ set -x
+else
+ debug=
+fi
+[ -z "$srcdir" ] && srcdir="."
+[ -z "$top_srcdir" ] && top_srcdir=".."
+[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm"
+[ -z "$silent" ] && silent=no
+
+AWK=awk
+SCRATCH="scratch.$$.tmp"
+
+# We use this as the faked system time for certain tests.
+MYTIME="20080508T120000"
+
+
+if [ "$GNUPGHOME" != "`/bin/pwd`" ]; then
+ echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
+ exit 1
+fi
+
+if [ -n "$GPG_AGENT_INFO" ]; then
+ echo "inittests: please unset GPG_AGENT_INFO" >&2
+ exit 1
+fi
+
+if [ -f "$srcdir/PKITS_data.tar.bz2" ]; then
+ :
+else
+ if [ "$pgmname" = "import-all-certs" ]; then
+ if [ "$silent" = "yes" ]; then tmp1="Note: "; tmp2=' '
+ else tmp1="- ____ "; tmp2="$tmp1"
+ fi
+ echo "${tmp1}PKITS_data.tar.bz2 is not installed"
+ echo "${tmp2}All tests will be skipped (this is not an error)"
+ fi
+ # Exit code 77 is used by the Makefile for skipping a tests.
+ exit 77
+fi
+
+#--------------------------------
+#------ utility functions -------
+#--------------------------------
+
+echo_n_init=no
+echo_n () {
+ if test "$echo_n_init" = "no"; then
+ if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
+ if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
+ echo_n_n=
+ echo_n_c='
+'
+ else
+ echo_n_n='-n'
+ echo_n_c=
+ fi
+ else
+ echo_n_n=
+ echo_n_c='\c'
+ fi
+ echo_n_init=yes
+ fi
+ echo $echo_n_n "${1}$echo_n_c"
+}
+
+setup_output () {
+ if [ -z "$first_section_set" ]; then
+ first_section_set=$section
+ fi
+ section_out="$(echo $section)"
+ if [ -z "$section_out" ]; then
+ section_out="-"
+ fi
+}
+
+fatal () {
+ echo "$pgmname: fatal:" $* >&2
+ if [ "$silent" != "yes" ]; then
+ echo "$section_out ERROR: $* (fatal)"
+ fi
+ exit 1;
+}
+
+error () {
+ echo "$pgmname:" $* >&2
+ if [ "$silent" != "yes" ]; then
+ echo "$section_out ERROR: $*"
+ fi
+ exit 1
+}
+
+info () {
+ setup_output
+ echo "$pgmname:" $* >&2
+ if [ "$silent" != "yes" ]; then
+ echo "$section_out ____ $*"
+ fi
+}
+
+info_n () {
+ setup_output
+ echo_n "$pgmname:" $* >&2
+}
+
+pass () {
+ setup_output
+ echo "PASS: " $* >&2
+ pass_count=`expr ${pass_count} + 1`
+ if [ "$silent" != "yes" ]; then
+ echo_n "$section_out PASS"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
+ echo
+ fi
+}
+
+fail () {
+ setup_output
+ echo "FAIL: " $* >&2
+ fail_count=`expr ${fail_count} + 1`
+ if [ "$silent" != "yes" ]; then
+ echo_n "$section_out FAIL"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
+ echo
+ fi
+}
+
+skip () {
+ setup_output
+ echo "SKIP: " $* >&2
+ skip_count=`expr ${skip_count} + 1`
+ if [ "$silent" != "yes" ]; then
+ echo_n "$section_out SKIP"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
+ echo
+ fi
+}
+
+unresolved () {
+ setup_output
+ echo "UNRESOLVED: " $* >&2
+ unresolved_count=`expr ${unresolved_count} + 1`
+ if [ "$silent" != "yes" ]; then
+ echo_n "$section_out UNRESOLVED"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
+ echo
+ fi
+}
+
+
+final_result () {
+ section=$first_section_set
+ [ $pass_count = 0 ] || info "$pass_count tests passed"
+ [ $fail_count = 0 ] || info "$fail_count tests failed"
+ [ $skip_count = 0 ] || info "$unsupported_count tests skipped"
+ [ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved"
+ [ -z "$debug" -a -f "$SCRATCH" ] && rm "$SCRATCH"
+ if [ $fail_count = 0 ]; then
+ info "all tests passed"
+ else
+ exit 1
+ fi
+}
+
+
+clean_homedir () {
+ [ -f pubring.kbx ] && rm pubring.kbx
+ if [ -d private-keys-v1.d ]; then
+ rm private-keys-v1.d/* 2>/dev/null || true
+ rmdir private-keys-v1.d
+ fi
+}
+
+start_test () {
+ section="$1"
+ description="$2"
+ test_status=none
+ echo "BEGIN TEST $section ($description)" >&2
+}
+
+end_test () {
+ case "$test_status" in
+ none) skip "($description) - test not implemented";;
+ pass) pass "($description)";;
+ fail) fail "($description)";;
+ setup) fail "($description) - setup failed";;
+ ns) skip "($description) - not supported";;
+ nys) skip "($description) - not yet supported";;
+ *) unresolved "$(description)";;
+ esac
+ echo "END TEST $section" >&2
+}
+
+set_status () {
+ if [ "$test_status" = "none" ]; then
+ test_status=$1
+ fi
+}
+
+need_cert () {
+ if [ "$2" = "--import-anyway" ]; then
+ if ! ${GPGSM} -q --debug-no-chain-validation --import certs/$1.crt
+ then
+ set_status setup
+ fi
+ else
+ if ! ${GPGSM} -q --import certs/$1.crt; then
+ set_status setup
+ fi
+ fi
+}
+
+need_crl () {
+ # CRL are not yet implemented
+ #set_status setup
+ :
+}
+
+
+
+set -e
+
+pass_count=0
+fail_count=0
+skip_count=0
+unresolved_count=0
+first_section_set=""
+section_out=""
+test_status=none
+
+# User settable variables
+section=""
+description=""
+
+
+#trap cleanup SIGHUP SIGINT SIGQUIT
+[ -z "$debug" ] && exec 2> ${pgmname}.log
+
+:
+# end
diff --git a/tests/pkits/delta-crls b/tests/pkits/delta-crls
new file mode 100755
index 0000000..2b91288
--- /dev/null
+++ b/tests/pkits/delta-crls
@@ -0,0 +1,31 @@
+#!/bin/sh
+# delta-crls - PKITS Test 4.15 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.15
+description="Delta-CRLs"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/distribution-points b/tests/pkits/distribution-points
new file mode 100755
index 0000000..2d59fcd
--- /dev/null
+++ b/tests/pkits/distribution-points
@@ -0,0 +1,31 @@
+#!/bin/sh
+# distribution-points - PKITS Test 4.14 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.14
+description="Distribution Points"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/import-all-certs b/tests/pkits/import-all-certs
new file mode 100755
index 0000000..51f3253
--- /dev/null
+++ b/tests/pkits/import-all-certs
@@ -0,0 +1,58 @@
+#!/bin/sh
+# import-all-certs - GnuPG import test -*- sh -*-
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=6
+description="GnuPG Import"
+info "Running $description tests"
+
+while read flag dummy section name; do
+ case $flag in \#*) continue ;; esac
+ [ -z "$(echo $flag)" ] && continue;
+
+ description="import $name"
+ if ${GPGSM} -q --import certs/$name ; then
+ if [ "$flag" = 'p' ]; then
+ pass "importing certificate \`$name' succeeded"
+ elif [ "$flag" = 'f' ]; then
+ fail "importing certificate \`$name' succeeded"
+ elif [ "$flag" = '?' ]; then
+ unresolved "importing certificate \`$name' succeeded"
+ elif [ "$flag" = 'u' ]; then
+ skip "importing certificate \`$name' succeeded"
+ else
+ info "importing certificate \`$name' succeeded - (flag=$flag)"
+ fi
+ else
+ if [ "$flag" = 'p' ]; then
+ fail "importing certificate \`$name' failed"
+ elif [ "$flag" = 'f' ]; then
+ pass "importing certificate \`$name' failed"
+ elif [ "$flag" = '?' ]; then
+ unresolved "importing certificate \`$name' failed"
+ elif [ "$flag" = 'u' ]; then
+ skip "importing certificate \`$name' failed"
+ else
+ info "importing certificate \`$name' failed - (flag=$flag)"
+ fi
+ fi
+done < $srcdir/import-all-certs.data
+
+final_result
diff --git a/tests/pkits/import-all-certs.data b/tests/pkits/import-all-certs.data
new file mode 100644
index 0000000..e91b9f1
--- /dev/null
+++ b/tests/pkits/import-all-certs.data
@@ -0,0 +1,471 @@
+# The first column is for the basic import test, the second for a
+# validation test, the third is the section number and th foruth the
+# filename of the certificate.
+
+# Make sure that the root certificate is imported first
+p p 6.1.5.1 TrustAnchorRootCertificate.crt
+
+p p 6.1.5.168 AllCertificatesNoPoliciesTest2EE.crt
+p p 6.1.5.204 AllCertificatesSamePoliciesTest10EE.crt
+p p 6.1.5.211 AllCertificatesSamePoliciesTest13EE.crt
+p p 6.1.5.207 AllCertificatesanyPolicyTest11EE.crt
+p p 6.1.5.212 AnyPolicyTest14EE.crt
+p p 6.1.5.41 BadCRLIssuerNameCACert.crt
+p p 6.1.5.38 BadCRLSignatureCACert.crt
+f f 6.1.5.6 BadSignedCACert.crt
+p f 6.1.5.16 BadnotAfterDateCACert.crt
+
+# UTC: "470101120100Z" i.e. not before 2047-01-01
+p f 6.1.5.10 BadnotBeforeDateCACert.crt
+
+p p 6.1.5.88 BasicSelfIssuedCRLSigningKeyCACert.crt
+p p 6.1.5.90 BasicSelfIssuedCRLSigningKeyCRLCert.crt
+
+p p 6.1.5.76 BasicSelfIssuedNewKeyCACert.crt
+p p 6.1.5.78 BasicSelfIssuedNewKeyOldWithNewCACert.crt
+p p 6.1.5.81 BasicSelfIssuedOldKeyCACert.crt
+p p 6.1.5.83 BasicSelfIssuedOldKeyNewWithOldCACert.crt
+
+p p 6.1.5.218 CPSPointerQualifierTest20EE.crt
+
+p u 6.1.5.572 DSACACert.crt
+u u 6.1.5.575 DSAParametersInheritedCACert.crt
+
+p p 6.1.5.210 DifferentPoliciesTest12EE.crt
+p p 6.1.5.171 DifferentPoliciesTest3EE.crt
+p p 6.1.5.174 DifferentPoliciesTest4EE.crt
+p p 6.1.5.177 DifferentPoliciesTest5EE.crt
+p p 6.1.5.191 DifferentPoliciesTest7EE.crt
+p p 6.1.5.198 DifferentPoliciesTest8EE.crt
+p p 6.1.5.203 DifferentPoliciesTest9EE.crt
+p p 6.1.5.64 GeneralizedTimeCRLnextUpdateCACert.crt
+p p 6.1.5.3 GoodCACert.crt
+p p 6.1.5.172 GoodsubCACert.crt
+
+# gpgsm: critical certificate extension 2.5.29.33 (policyMappings)
+# is not supported
+p u 6.1.5.300 GoodsubCAPanyPolicyMapping1to2CACert.crt
+
+p f 6.1.5.43 InvalidBadCRLIssuerNameTest5EE.crt
+
+p f 6.1.5.40 InvalidBadCRLSignatureTest4EE.crt
+p f 6.1.5.93 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
+
+p f 6.1.5.94 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
+
+p f 6.1.5.87 InvalidBasicSelfIssuedNewWithOldTest5EE.crt
+
+p f 6.1.5.80 InvalidBasicSelfIssuedOldWithNewTest2EE.crt
+
+p f 6.1.5.8 InvalidCASignatureTest2EE.crt
+
+p f 6.1.5.18 InvalidCAnotAfterDateTest5EE.crt
+p f 6.1.5.12 InvalidCAnotBeforeDateTest1EE.crt
+p f 6.1.5.439 InvalidDNSnameConstraintsTest31EE.crt
+p f 6.1.5.443 InvalidDNSnameConstraintsTest33EE.crt
+p f 6.1.5.562 InvalidDNSnameConstraintsTest38EE.crt
+p f 6.1.5.434 InvalidDNandRFC822nameConstraintsTest28EE.crt
+p f 6.1.5.435 InvalidDNandRFC822nameConstraintsTest29EE.crt
+p f 6.1.5.399 InvalidDNnameConstraintsTest10EE.crt
+p f 6.1.5.403 InvalidDNnameConstraintsTest12EE.crt
+p f 6.1.5.406 InvalidDNnameConstraintsTest13EE.crt
+p f 6.1.5.410 InvalidDNnameConstraintsTest15EE.crt
+p f 6.1.5.411 InvalidDNnameConstraintsTest16EE.crt
+p f 6.1.5.414 InvalidDNnameConstraintsTest17EE.crt
+
+p f 6.1.5.418 InvalidDNnameConstraintsTest20EE.crt
+
+p f 6.1.5.383 InvalidDNnameConstraintsTest2EE.crt
+p f 6.1.5.384 InvalidDNnameConstraintsTest3EE.crt
+p f 6.1.5.392 InvalidDNnameConstraintsTest7EE.crt
+p f 6.1.5.395 InvalidDNnameConstraintsTest8EE.crt
+p f 6.1.5.396 InvalidDNnameConstraintsTest9EE.crt
+
+p u 6.1.5.578 InvalidDSASignatureTest6EE.crt
+
+p f 6.1.5.9 InvalidEESignatureTest3EE.crt
+
+p f 6.1.5.19 InvalidEEnotAfterDateTest6EE.crt
+p f 6.1.5.13 InvalidEEnotBeforeDateTest2EE.crt
+p f 6.1.5.500 InvalidIDPwithindirectCRLTest23EE.crt
+p f 6.1.5.504 InvalidIDPwithindirectCRLTest26EE.crt
+p f 6.1.5.75 InvalidLongSerialNumberTest18EE.crt
+p f 6.1.5.293 InvalidMappingFromanyPolicyTest7EE.crt
+p f 6.1.5.296 InvalidMappingToanyPolicyTest8EE.crt
+p f 6.1.5.33 InvalidMissingCRLTest1EE.crt
+p f 6.1.5.97 InvalidMissingbasicConstraintsTest1EE.crt
+p f 6.1.5.25 InvalidNameChainingOrderTest2EE.crt
+p f 6.1.5.22 InvalidNameChainingTest1EE.crt
+p f 6.1.5.70 InvalidNegativeSerialNumberTest15EE.crt
+p f 6.1.5.60 InvalidOldCRLnextUpdateTest11EE.crt
+p f 6.1.5.302 InvalidPolicyMappingTest10EE.crt
+p f 6.1.5.276 InvalidPolicyMappingTest2EE.crt
+p f 6.1.5.284 InvalidPolicyMappingTest4EE.crt
+p f 6.1.5.422 InvalidRFC822nameConstraintsTest22EE.crt
+p f 6.1.5.426 InvalidRFC822nameConstraintsTest24EE.crt
+p f 6.1.5.430 InvalidRFC822nameConstraintsTest26EE.crt
+p f 6.1.5.36 InvalidRevokedCATest2EE.crt
+p f 6.1.5.37 InvalidRevokedEETest3EE.crt
+
+p f 6.1.5.379 InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
+
+p f 6.1.5.376 InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
+p f 6.1.5.348 InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
+p f 6.1.5.349 InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
+p f 6.1.5.345 InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
+p f 6.1.5.346 InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
+p f 6.1.5.143 InvalidSelfIssuedpathLenConstraintTest16EE.crt
+p f 6.1.5.270 InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
+p f 6.1.5.272 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
+
+p f 6.1.5.567 InvalidSeparateCertificateandCRLKeysTest20EE.crt
+p f 6.1.5.571 InvalidSeparateCertificateandCRLKeysTest21EE.crt
+
+p f 6.1.5.447 InvalidURInameConstraintsTest35EE.crt
+p f 6.1.5.451 InvalidURInameConstraintsTest37EE.crt
+p f 6.1.5.53 InvalidUnknownCRLEntryExtensionTest8EE.crt
+p f 6.1.5.57 InvalidUnknownCRLExtensionTest10EE.crt
+p f 6.1.5.56 InvalidUnknownCRLExtensionTest9EE.crt
+p f 6.1.5.546 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
+p f 6.1.5.46 InvalidWrongCRLTest6EE.crt
+p f 6.1.5.100 InvalidcAFalseTest2EE.crt
+p f 6.1.5.103 InvalidcAFalseTest3EE.crt
+p f 6.1.5.505 InvalidcRLIssuerTest27EE.crt
+p f 6.1.5.519 InvalidcRLIssuerTest31EE.crt
+p f 6.1.5.520 InvalidcRLIssuerTest32EE.crt
+p f 6.1.5.522 InvalidcRLIssuerTest34EE.crt
+p f 6.1.5.523 InvalidcRLIssuerTest35EE.crt
+p f 6.1.5.526 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
+p f 6.1.5.544 InvaliddeltaCRLTest10EE.crt
+p f 6.1.5.531 InvaliddeltaCRLTest3EE.crt
+p f 6.1.5.532 InvaliddeltaCRLTest4EE.crt
+p f 6.1.5.534 InvaliddeltaCRLTest6EE.crt
+p f 6.1.5.540 InvaliddeltaCRLTest9EE.crt
+p f 6.1.5.455 InvaliddistributionPointTest2EE.crt
+p f 6.1.5.456 InvaliddistributionPointTest3EE.crt
+p f 6.1.5.461 InvaliddistributionPointTest6EE.crt
+p f 6.1.5.463 InvaliddistributionPointTest8EE.crt
+p f 6.1.5.464 InvaliddistributionPointTest9EE.crt
+p f 6.1.5.352 InvalidinhibitAnyPolicyTest1EE.crt
+p f 6.1.5.359 InvalidinhibitAnyPolicyTest4EE.crt
+p f 6.1.5.366 InvalidinhibitAnyPolicyTest5EE.crt
+p f 6.1.5.369 InvalidinhibitAnyPolicyTest6EE.crt
+p f 6.1.5.313 InvalidinhibitPolicyMappingTest1EE.crt
+p f 6.1.5.321 InvalidinhibitPolicyMappingTest3EE.crt
+p f 6.1.5.331 InvalidinhibitPolicyMappingTest5EE.crt
+p f 6.1.5.336 InvalidinhibitPolicyMappingTest6EE.crt
+p f 6.1.5.162 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
+p f 6.1.5.153 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
+p f 6.1.5.165 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
+p f 6.1.5.156 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
+p f 6.1.5.477 InvalidonlyContainsAttributeCertsTest14EE.crt
+p f 6.1.5.473 InvalidonlyContainsCACertsTest12EE.crt
+p f 6.1.5.470 InvalidonlyContainsUserCertsTest11EE.crt
+p f 6.1.5.481 InvalidonlySomeReasonsTest15EE.crt
+p f 6.1.5.482 InvalidonlySomeReasonsTest16EE.crt
+p f 6.1.5.486 InvalidonlySomeReasonsTest17EE.crt
+p f 6.1.5.495 InvalidonlySomeReasonsTest20EE.crt
+p f 6.1.5.496 InvalidonlySomeReasonsTest21EE.crt
+p f 6.1.5.122 InvalidpathLenConstraintTest10EE.crt
+p f 6.1.5.129 InvalidpathLenConstraintTest11EE.crt
+p f 6.1.5.130 InvalidpathLenConstraintTest12EE.crt
+p f 6.1.5.111 InvalidpathLenConstraintTest5EE.crt
+p f 6.1.5.112 InvalidpathLenConstraintTest6EE.crt
+p f 6.1.5.121 InvalidpathLenConstraintTest9EE.crt
+p f 6.1.5.63 Invalidpre2000CRLnextUpdateTest12EE.crt
+p f 6.1.5.20 Invalidpre2000UTCEEnotAfterDateTest7EE.crt
+p f 6.1.5.245 InvalidrequireExplicitPolicyTest3EE.crt
+p f 6.1.5.263 InvalidrequireExplicitPolicyTest5EE.crt
+p p 6.1.5.71 LongSerialNumberCACert.crt
+p p 6.1.5.273 Mapping1to2CACert.crt
+p p 6.1.5.291 MappingFromanyPolicyCACert.crt
+p p 6.1.5.294 MappingToanyPolicyCACert.crt
+p p 6.1.5.95 MissingbasicConstraintsCACert.crt
+p p 6.1.5.23 NameOrderingCACert.crt
+p p 6.1.5.67 NegativeSerialNumberCACert.crt
+p p 6.1.5.32 NoCRLCACert.crt
+p p 6.1.5.166 NoPoliciesCACert.crt
+p p 6.1.5.465 NoissuingDistributionPointCACert.crt
+p p 6.1.5.58 OldCRLnextUpdateCACert.crt
+p p 6.1.5.184 OverlappingPoliciesTest6EE.crt
+p p 6.1.5.277 P12Mapping1to3CACert.crt
+p p 6.1.5.279 P12Mapping1to3subCACert.crt
+p p 6.1.5.281 P12Mapping1to3subsubCACert.crt
+p p 6.1.5.285 P1Mapping1to234CACert.crt
+p p 6.1.5.287 P1Mapping1to234subCACert.crt
+p p 6.1.5.305 P1anyPolicyMapping1to2CACert.crt
+p p 6.1.5.297 PanyPolicyMapping1to2CACert.crt
+p p 6.1.5.178 PoliciesP1234CACert.crt
+p p 6.1.5.180 PoliciesP1234subCAP123Cert.crt
+p p 6.1.5.182 PoliciesP1234subsubCAP123P12Cert.crt
+p p 6.1.5.185 PoliciesP123CACert.crt
+p p 6.1.5.187 PoliciesP123subCAP12Cert.crt
+p p 6.1.5.189 PoliciesP123subsubCAP12P1Cert.crt
+p p 6.1.5.199 PoliciesP123subsubCAP12P2Cert.crt
+p p 6.1.5.201 PoliciesP123subsubsubCAP12P2P1Cert.crt
+p p 6.1.5.192 PoliciesP12CACert.crt
+p p 6.1.5.194 PoliciesP12subCAP1Cert.crt
+p p 6.1.5.196 PoliciesP12subsubCAP1P2Cert.crt
+p p 6.1.5.175 PoliciesP2subCA2Cert.crt
+p p 6.1.5.169 PoliciesP2subCACert.crt
+p p 6.1.5.208 PoliciesP3CACert.crt
+p p 6.1.5.547 RFC3280MandatoryAttributeTypesCACert.crt
+p p 6.1.5.550 RFC3280OptionalAttributeTypesCACert.crt
+p p 6.1.5.34 RevokedsubCACert.crt
+p p 6.1.5.556 RolloverfromPrintableStringtoUTF8StringCACert.crt
+p p 6.1.5.569 SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
+p p 6.1.5.568 SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
+p p 6.1.5.564 SeparateCertificateandCRLKeysCRLSigningCert.crt
+p p 6.1.5.563 SeparateCertificateandCRLKeysCertificateSigningCACert.crt
+p p 6.1.5.47 TwoCRLsCACert.crt
+p p 6.1.5.29 UIDCACert.crt
+p p 6.1.5.559 UTF8StringCaseInsensitiveMatchCACert.crt
+p p 6.1.5.553 UTF8StringEncodedNamesCACert.crt
+p p 6.1.5.51 UnknownCRLEntryExtensionCACert.crt
+p p 6.1.5.54 UnknownCRLExtensionCACert.crt
+p p 6.1.5.213 UserNoticeQualifierTest15EE.crt
+p p 6.1.5.214 UserNoticeQualifierTest16EE.crt
+p p 6.1.5.215 UserNoticeQualifierTest17EE.crt
+p p 6.1.5.216 UserNoticeQualifierTest18EE.crt
+p p 6.1.5.217 UserNoticeQualifierTest19EE.crt
+p p 6.1.5.92 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
+
+p p 6.1.5.85 ValidBasicSelfIssuedNewWithOldTest3EE.crt
+p p 6.1.5.86 ValidBasicSelfIssuedNewWithOldTest4EE.crt
+p p 6.1.5.79 ValidBasicSelfIssuedOldWithNewTest1EE.crt
+
+p p 6.1.5.5 ValidCertificatePathTest1EE.crt
+p p 6.1.5.438 ValidDNSnameConstraintsTest30EE.crt
+p p 6.1.5.442 ValidDNSnameConstraintsTest32EE.crt
+p p 6.1.5.433 ValidDNandRFC822nameConstraintsTest27EE.crt
+p p 6.1.5.400 ValidDNnameConstraintsTest11EE.crt
+
+# This certificate has an empty subject sequence. Our parser does not
+# support this yet and it is unlikely that gpgsm will be able to cope
+# with it at all.
+u u 6.1.5.407 ValidDNnameConstraintsTest14EE.crt
+
+p p 6.1.5.415 ValidDNnameConstraintsTest18EE.crt
+p p 6.1.5.417 ValidDNnameConstraintsTest19EE.crt
+
+p p 6.1.5.382 ValidDNnameConstraintsTest1EE.crt
+p p 6.1.5.385 ValidDNnameConstraintsTest4EE.crt
+p p 6.1.5.388 ValidDNnameConstraintsTest5EE.crt
+p p 6.1.5.391 ValidDNnameConstraintsTest6EE.crt
+
+u p 6.1.5.577 ValidDSAParameterInheritanceTest5EE.crt
+u p 6.1.5.574 ValidDSASignaturesTest4EE.crt
+
+p p 6.1.5.66 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
+p p 6.1.5.21 ValidGeneralizedTimenotAfterDateTest8EE.crt
+p p 6.1.5.15 ValidGeneralizedTimenotBeforeDateTest4EE.crt
+p p 6.1.5.499 ValidIDPwithindirectCRLTest22EE.crt
+p p 6.1.5.502 ValidIDPwithindirectCRLTest24EE.crt
+p p 6.1.5.503 ValidIDPwithindirectCRLTest25EE.crt
+p p 6.1.5.73 ValidLongSerialNumberTest16EE.crt
+p p 6.1.5.74 ValidLongSerialNumberTest17EE.crt
+p p 6.1.5.28 ValidNameChainingCapitalizationTest5EE.crt
+p p 6.1.5.26 ValidNameChainingWhitespaceTest3EE.crt
+p p 6.1.5.27 ValidNameChainingWhitespaceTest4EE.crt
+p p 6.1.5.31 ValidNameUIDsTest6EE.crt
+p p 6.1.5.69 ValidNegativeSerialNumberTest14EE.crt
+p p 6.1.5.467 ValidNoissuingDistributionPointTest10EE.crt
+p p 6.1.5.303 ValidPolicyMappingTest11EE.crt
+p p 6.1.5.304 ValidPolicyMappingTest12EE.crt
+p p 6.1.5.307 ValidPolicyMappingTest13EE.crt
+p p 6.1.5.308 ValidPolicyMappingTest14EE.crt
+p p 6.1.5.275 ValidPolicyMappingTest1EE.crt
+p p 6.1.5.283 ValidPolicyMappingTest3EE.crt
+p p 6.1.5.289 ValidPolicyMappingTest5EE.crt
+p p 6.1.5.290 ValidPolicyMappingTest6EE.crt
+p p 6.1.5.299 ValidPolicyMappingTest9EE.crt
+p p 6.1.5.549 ValidRFC3280MandatoryAttributeTypesTest7EE.crt
+p p 6.1.5.552 ValidRFC3280OptionalAttributeTypesTest8EE.crt
+p p 6.1.5.421 ValidRFC822nameConstraintsTest21EE.crt
+p p 6.1.5.425 ValidRFC822nameConstraintsTest23EE.crt
+p p 6.1.5.429 ValidRFC822nameConstraintsTest25EE.crt
+p p 6.1.5.558 ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
+p p 6.1.5.373 ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
+
+p p 6.1.5.378 ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
+
+p p 6.1.5.342 ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
+
+p ? 6.1.5.140 ValidSelfIssuedpathLenConstraintTest15EE.crt
+
+p p 6.1.5.150 ValidSelfIssuedpathLenConstraintTest17EE.crt
+
+p ? 6.1.5.267 ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
+
+p ? 6.1.5.566 ValidSeparateCertificateandCRLKeysTest19EE.crt
+
+p p 6.1.5.50 ValidTwoCRLsTest7EE.crt
+p p 6.1.5.446 ValidURInameConstraintsTest34EE.crt
+p p 6.1.5.450 ValidURInameConstraintsTest36EE.crt
+p p 6.1.5.561 ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
+p p 6.1.5.555 ValidUTF8StringEncodedNamesTest9EE.crt
+p p 6.1.5.545 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
+p p 6.1.5.106 ValidbasicConstraintsNotCriticalTest4EE.crt
+p p 6.1.5.510 ValidcRLIssuerTest28EE.crt
+p p 6.1.5.511 ValidcRLIssuerTest29EE.crt
+p p 6.1.5.515 ValidcRLIssuerTest30EE.crt
+p p 6.1.5.521 ValidcRLIssuerTest33EE.crt
+p p 6.1.5.530 ValiddeltaCRLTest2EE.crt
+p p 6.1.5.533 ValiddeltaCRLTest5EE.crt
+p p 6.1.5.535 ValiddeltaCRLTest7EE.crt
+p p 6.1.5.539 ValiddeltaCRLTest8EE.crt
+p p 6.1.5.454 ValiddistributionPointTest1EE.crt
+p p 6.1.5.457 ValiddistributionPointTest4EE.crt
+p p 6.1.5.460 ValiddistributionPointTest5EE.crt
+p p 6.1.5.462 ValiddistributionPointTest7EE.crt
+p p 6.1.5.353 ValidinhibitAnyPolicyTest2EE.crt
+p p 6.1.5.318 ValidinhibitPolicyMappingTest2EE.crt
+p p 6.1.5.322 ValidinhibitPolicyMappingTest4EE.crt
+p p 6.1.5.159 ValidkeyUsageNotCriticalTest3EE.crt
+p p 6.1.5.474 ValidonlyContainsCACertsTest13EE.crt
+p p 6.1.5.490 ValidonlySomeReasonsTest18EE.crt
+p p 6.1.5.494 ValidonlySomeReasonsTest19EE.crt
+p p 6.1.5.137 ValidpathLenConstraintTest13EE.crt
+p p 6.1.5.138 ValidpathLenConstraintTest14EE.crt
+p p 6.1.5.113 ValidpathLenConstraintTest7EE.crt
+p p 6.1.5.114 ValidpathLenConstraintTest8EE.crt
+p p 6.1.5.14 Validpre2000UTCnotBeforeDateTest3EE.crt
+p p 6.1.5.227 ValidrequireExplicitPolicyTest1EE.crt
+p p 6.1.5.236 ValidrequireExplicitPolicyTest2EE.crt
+p p 6.1.5.254 ValidrequireExplicitPolicyTest4EE.crt
+p p 6.1.5.44 WrongCRLCACert.crt
+p p 6.1.5.205 anyPolicyCACert.crt
+p p 6.1.5.98 basicConstraintsCriticalcAFalseCACert.crt
+p p 6.1.5.104 basicConstraintsNotCriticalCACert.crt
+p p 6.1.5.101 basicConstraintsNotCriticalcAFalseCACert.crt
+p p 6.1.5.527 deltaCRLCA1Cert.crt
+p p 6.1.5.536 deltaCRLCA2Cert.crt
+p p 6.1.5.541 deltaCRLCA3Cert.crt
+p p 6.1.5.524 deltaCRLIndicatorNoBaseCACert.crt
+p p 6.1.5.452 distributionPoint1CACert.crt
+p p 6.1.5.458 distributionPoint2CACert.crt
+p p 6.1.5.497 indirectCRLCA1Cert.crt
+p p 6.1.5.501 indirectCRLCA2Cert.crt
+p p 6.1.5.506 indirectCRLCA3Cert.crt
+p p 6.1.5.508 indirectCRLCA3cRLIssuerCert.crt
+p p 6.1.5.512 indirectCRLCA4Cert.crt
+p p 6.1.5.513 indirectCRLCA4cRLIssuerCert.crt
+p p 6.1.5.516 indirectCRLCA5Cert.crt
+p p 6.1.5.518 indirectCRLCA6Cert.crt
+p p 6.1.5.350 inhibitAnyPolicy0CACert.crt
+p p 6.1.5.354 inhibitAnyPolicy1CACert.crt
+
+p ? 6.1.5.370 inhibitAnyPolicy1SelfIssuedCACert.crt
+p ? 6.1.5.377 inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
+
+p p 6.1.5.356 inhibitAnyPolicy1subCA1Cert.crt
+
+? ? 6.1.5.371 inhibitAnyPolicy1subCA2Cert.crt
+
+p p 6.1.5.367 inhibitAnyPolicy1subCAIAP5Cert.crt
+p p 6.1.5.374 inhibitAnyPolicy1subsubCA2Cert.crt
+p p 6.1.5.360 inhibitAnyPolicy5CACert.crt
+p p 6.1.5.362 inhibitAnyPolicy5subCACert.crt
+p p 6.1.5.364 inhibitAnyPolicy5subsubCACert.crt
+p p 6.1.5.358 inhibitAnyPolicyTest3EE.crt
+p p 6.1.5.309 inhibitPolicyMapping0CACert.crt
+p p 6.1.5.311 inhibitPolicyMapping0subCACert.crt
+p p 6.1.5.314 inhibitPolicyMapping1P12CACert.crt
+p p 6.1.5.316 inhibitPolicyMapping1P12subCACert.crt
+p p 6.1.5.332 inhibitPolicyMapping1P12subCAIPM5Cert.crt
+p p 6.1.5.319 inhibitPolicyMapping1P12subsubCACert.crt
+p p 6.1.5.334 inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
+p p 6.1.5.337 inhibitPolicyMapping1P1CACert.crt
+
+# For yet unknown reasons gpgsm claims a bad signature.
+? ? 6.1.5.339 inhibitPolicyMapping1P1SelfIssuedCACert.crt
+? ? 6.1.5.347 inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
+? ? 6.1.5.340 inhibitPolicyMapping1P1subCACert.crt
+
+p p 6.1.5.343 inhibitPolicyMapping1P1subsubCACert.crt
+p p 6.1.5.323 inhibitPolicyMapping5CACert.crt
+p p 6.1.5.325 inhibitPolicyMapping5subCACert.crt
+p p 6.1.5.327 inhibitPolicyMapping5subsubCACert.crt
+p p 6.1.5.329 inhibitPolicyMapping5subsubsubCACert.crt
+p p 6.1.5.160 keyUsageCriticalcRLSignFalseCACert.crt
+p p 6.1.5.151 keyUsageCriticalkeyCertSignFalseCACert.crt
+p p 6.1.5.157 keyUsageNotCriticalCACert.crt
+p p 6.1.5.163 keyUsageNotCriticalcRLSignFalseCACert.crt
+p p 6.1.5.154 keyUsageNotCriticalkeyCertSignFalseCACert.crt
+p p 6.1.5.380 nameConstraintsDN1CACert.crt
+
+? ? 6.1.5.416 nameConstraintsDN1SelfIssuedCACert.crt
+
+p p 6.1.5.401 nameConstraintsDN1subCA1Cert.crt
+p p 6.1.5.404 nameConstraintsDN1subCA2Cert.crt
+p p 6.1.5.431 nameConstraintsDN1subCA3Cert.crt
+p p 6.1.5.386 nameConstraintsDN2CACert.crt
+p p 6.1.5.389 nameConstraintsDN3CACert.crt
+p p 6.1.5.408 nameConstraintsDN3subCA1Cert.crt
+p p 6.1.5.412 nameConstraintsDN3subCA2Cert.crt
+p p 6.1.5.393 nameConstraintsDN4CACert.crt
+p p 6.1.5.397 nameConstraintsDN5CACert.crt
+p p 6.1.5.436 nameConstraintsDNS1CACert.crt
+p p 6.1.5.440 nameConstraintsDNS2CACert.crt
+p p 6.1.5.419 nameConstraintsRFC822CA1Cert.crt
+p p 6.1.5.423 nameConstraintsRFC822CA2Cert.crt
+p p 6.1.5.427 nameConstraintsRFC822CA3Cert.crt
+p p 6.1.5.444 nameConstraintsURI1CACert.crt
+p p 6.1.5.448 nameConstraintsURI2CACert.crt
+p p 6.1.5.475 onlyContainsAttributeCertsCACert.crt
+p p 6.1.5.471 onlyContainsCACertsCACert.crt
+p p 6.1.5.468 onlyContainsUserCertsCACert.crt
+p p 6.1.5.478 onlySomeReasonsCA1Cert.crt
+p p 6.1.5.483 onlySomeReasonsCA2Cert.crt
+p p 6.1.5.487 onlySomeReasonsCA3Cert.crt
+p p 6.1.5.491 onlySomeReasonsCA4Cert.crt
+p p 6.1.5.107 pathLenConstraint0CACert.crt
+
+? ? 6.1.5.139 pathLenConstraint0SelfIssuedCACert.crt
+? ? 6.1.5.141 pathLenConstraint0subCA2Cert.crt
+
+p p 6.1.5.109 pathLenConstraint0subCACert.crt
+p p 6.1.5.144 pathLenConstraint1CACert.crt
+
+? ? 6.1.5.146 pathLenConstraint1SelfIssuedCACert.crt
+? ? 6.1.5.149 pathLenConstraint1SelfIssuedsubCACert.crt
+? ? 6.1.5.147 pathLenConstraint1subCACert.crt
+
+p p 6.1.5.115 pathLenConstraint6CACert.crt
+p p 6.1.5.117 pathLenConstraint6subCA0Cert.crt
+p p 6.1.5.123 pathLenConstraint6subCA1Cert.crt
+p p 6.1.5.131 pathLenConstraint6subCA4Cert.crt
+p p 6.1.5.119 pathLenConstraint6subsubCA00Cert.crt
+p p 6.1.5.125 pathLenConstraint6subsubCA11Cert.crt
+p p 6.1.5.133 pathLenConstraint6subsubCA41Cert.crt
+p p 6.1.5.127 pathLenConstraint6subsubsubCA11XCert.crt
+p p 6.1.5.135 pathLenConstraint6subsubsubCA41XCert.crt
+p p 6.1.5.61 pre2000CRLnextUpdateCACert.crt
+p p 6.1.5.246 requireExplicitPolicy0CACert.crt
+p p 6.1.5.248 requireExplicitPolicy0subCACert.crt
+p p 6.1.5.250 requireExplicitPolicy0subsubCACert.crt
+p p 6.1.5.252 requireExplicitPolicy0subsubsubCACert.crt
+p p 6.1.5.219 requireExplicitPolicy10CACert.crt
+p p 6.1.5.221 requireExplicitPolicy10subCACert.crt
+p p 6.1.5.223 requireExplicitPolicy10subsubCACert.crt
+p p 6.1.5.225 requireExplicitPolicy10subsubsubCACert.crt
+p p 6.1.5.264 requireExplicitPolicy2CACert.crt
+
+# For yet unknown reasons gpgsm claims a bad signature.
+? ? 6.1.5.266 requireExplicitPolicy2SelfIssuedCACert.crt
+? ? 6.1.5.271 requireExplicitPolicy2SelfIssuedsubCACert.crt
+? ? 6.1.5.268 requireExplicitPolicy2subCACert.crt
+
+p p 6.1.5.237 requireExplicitPolicy4CACert.crt
+p p 6.1.5.239 requireExplicitPolicy4subCACert.crt
+p p 6.1.5.241 requireExplicitPolicy4subsubCACert.crt
+p p 6.1.5.243 requireExplicitPolicy4subsubsubCACert.crt
+p p 6.1.5.228 requireExplicitPolicy5CACert.crt
+p p 6.1.5.230 requireExplicitPolicy5subCACert.crt
+p p 6.1.5.232 requireExplicitPolicy5subsubCACert.crt
+p p 6.1.5.234 requireExplicitPolicy5subsubsubCACert.crt
+p p 6.1.5.255 requireExplicitPolicy7CACert.crt
+p p 6.1.5.257 requireExplicitPolicy7subCARE2Cert.crt
+p p 6.1.5.259 requireExplicitPolicy7subsubCARE2RE4Cert.crt
+p p 6.1.5.261 requireExplicitPolicy7subsubsubCARE2RE4Cert.crt
+
diff --git a/tests/pkits/inhibit-any-policy b/tests/pkits/inhibit-any-policy
new file mode 100755
index 0000000..5e625e2
--- /dev/null
+++ b/tests/pkits/inhibit-any-policy
@@ -0,0 +1,31 @@
+#!/bin/sh
+# inhibit-any-policy - PKITS Test 4.12 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.12
+description="Inhibit Any Policy"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/inhibit-policy-mapping b/tests/pkits/inhibit-policy-mapping
new file mode 100755
index 0000000..1da5f35
--- /dev/null
+++ b/tests/pkits/inhibit-policy-mapping
@@ -0,0 +1,31 @@
+#!/bin/sh
+# inhibit-policy-mapping - PKITS Test 4.11 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.11
+description="Inhibit Policy Mapping"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/inittests b/tests/pkits/inittests
new file mode 100755
index 0000000..deb1854
--- /dev/null
+++ b/tests/pkits/inittests
@@ -0,0 +1,109 @@
+#!/bin/sh
+# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*-
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+set -e
+
+
+clean_files='
+ReadMe.txt pkits.ldif pkits.schema
+gpgsm.conf gpg-agent.conf trustlist.txt policies.txt pubring.kbx
+msg msg.sig msg.unsig
+'
+
+[ -z "$srcdir" ] && srcdir=.
+[ -z "$GPGSM" ] && GPGSM=../../sm/gpgsm
+
+#if [ -f $srcdir/README ] \
+# && grep tests/pkits/README README >/dev/null 2>&1; then
+# :
+#else
+# # During make distclean the Makefile has already been removed,
+# # so we need this extra test.
+# if ! grep gnupg-test-pkits-directory testdir.stamp >/dev/null 2>&1; then
+# echo "inittests: please cd to the tests/pkits directory first" >&2
+# exit 1
+# fi
+#fi
+
+if [ "$1" = "--clean" ]; then
+ if [ -d private-keys-v1.d ]; then
+ rm private-keys-v1.d/* 2>/dev/null || true
+ rmdir private-keys-v1.d
+ fi
+ rm ${clean_files} testdir.stamp 2>/dev/null || true
+ for i in certs certpairs crls pkcs12 smime; do
+ if [ -d $i ]; then
+ rm $i/* 2>/dev/null || true
+ rmdir $i
+ fi
+ done
+ exit 0
+fi
+
+if [ "$GNUPGHOME" != "`/bin/pwd`" ]; then
+ echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
+ exit 1
+fi
+
+if [ -n "$GPG_AGENT_INFO" ]; then
+ echo "inittests: please unset GPG_AGENT_INFO" >&2
+ exit 1
+fi
+
+if test -f "$srcdir/PKITS_data.tar.bz2"; then
+ if ! bunzip2 -c "$srcdir/PKITS_data.tar.bz2" | tar xf - ; then
+ echo "inittests: failed to untar the test data" >&2
+ exit 1
+ fi
+fi
+
+# A stamp file used with --clean
+echo gnupg-test-pkits-directory > testdir.stamp
+
+
+# Create the configuration scripts
+cat > gpgsm.conf <<EOF
+no-secmem-warning
+no-greeting
+batch
+disable-crl-checks
+disable-dirmngr
+agent-program ../../agent/gpg-agent
+no-common-certs-import
+EOF
+
+# The set of NIST test policies which should be used if anyPolicy is
+# not supported.
+cat > policies.txt <<EOF
+2.16.840.1.101.3.2.1.48.1
+2.16.840.1.101.3.2.1.48.2
+2.16.840.1.101.3.2.1.48.3
+2.16.840.1.101.3.2.1.48.4
+2.16.840.1.101.3.2.1.48.5
+2.16.840.1.101.3.2.1.48.6
+EOF
+
+# Fixme: we need to write a dummy pinentry program
+cat > gpg-agent.conf <<EOF
+no-grab
+disable-scdaemon
+EOF
+
+# Mark the root CA trusted
+cat > trustlist.txt <<EOF
+# /CN=Trust Anchor/O=Test Certificates/C=US
+66:8A:47:56:A2:DC:88:FF:DA:B8:95:E1:3C:63:37:55:5F:0A:F7:BF S
+EOF
+
+# Define the standard policies as NIST test-policy-1
+#cat >policies.txt <<EOF
+#2.16.840.1.101.3.2.1.48.1
+#EOF
diff --git a/tests/pkits/key-usage b/tests/pkits/key-usage
new file mode 100755
index 0000000..6e10bb9
--- /dev/null
+++ b/tests/pkits/key-usage
@@ -0,0 +1,28 @@
+#!/bin/sh
+# key-usage - PKITS Test 4.7 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.7
+description="Key Usage"
+info "Running $description tests"
+
+
+
+final_result
diff --git a/tests/pkits/name-constraints b/tests/pkits/name-constraints
new file mode 100755
index 0000000..8e36c28
--- /dev/null
+++ b/tests/pkits/name-constraints
@@ -0,0 +1,31 @@
+#!/bin/sh
+# name-constraints - PKITS Test 4.13 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.13
+description="Name Constraints"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/policy-mappings b/tests/pkits/policy-mappings
new file mode 100755
index 0000000..8ce9ee8
--- /dev/null
+++ b/tests/pkits/policy-mappings
@@ -0,0 +1,31 @@
+#!/bin/sh
+# policy-mappings - PKITS Test 4.10 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.10
+description="Policy Mappings"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/private-certificate-extensions b/tests/pkits/private-certificate-extensions
new file mode 100755
index 0000000..43f3425
--- /dev/null
+++ b/tests/pkits/private-certificate-extensions
@@ -0,0 +1,31 @@
+#!/bin/sh
+# private-certificate-extensions - PKITS Test 4.16 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.16
+description="Private Certificate Extensions"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/require-explicit-policy b/tests/pkits/require-explicit-policy
new file mode 100755
index 0000000..ceb87bd
--- /dev/null
+++ b/tests/pkits/require-explicit-policy
@@ -0,0 +1,31 @@
+#!/bin/sh
+# require-explicit-policy - PKITS Test 4.9 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.9
+description="Require Explicit Policy"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/runtest b/tests/pkits/runtest
new file mode 100755
index 0000000..f054a34
--- /dev/null
+++ b/tests/pkits/runtest
@@ -0,0 +1,4 @@
+#!/bin/sh
+[ -x "$1" ] && exec $1 $2
+exec sh $1 $2
+
diff --git a/tests/pkits/signature-verification b/tests/pkits/signature-verification
new file mode 100755
index 0000000..7765371
--- /dev/null
+++ b/tests/pkits/signature-verification
@@ -0,0 +1,167 @@
+#!/bin/sh
+# signature-verification - PKITS Test 4.1 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.1
+description="Signature Verification"
+info "Running $description tests"
+
+
+start_test 4.1.1 "Valid Signatures Test1"
+# The purpose of this test is to verify an application's ability to
+# name chain, signature chain, and check validity dates, on
+# certificates in a certification path. It also tests processing of
+# the basic constraints and key usage extensions in intermediate
+# certificates.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert GoodCACert
+need_crl GoodCACRL
+need_cert ValidCertificatePathTest1EE
+if $GPGSM --with-colons --with-validation --list-key 0x126B7002 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ -n "$tmp" ] && set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedValidSignaturesTest1.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_FULLY >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+
+start_test 4.1.2 "Invalid CA Signatures Test2"
+# The purpose of this test is to verify an application's ability to
+# recognize an invalid signature on an intermediate certificate in a
+# certification path.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert BadSignedCACert --import-anyway
+need_crl BadSignedCACRL
+need_cert InvalidCASignatureTest2EE --import-anyway
+if $GPGSM --with-colons --with-validation --list-key 0xD667FE3C >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidCASignatureTest2.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_NEVER >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+
+start_test 4.1.3 "Invalid EE Signature Test3"
+# The purpose of this test is to verify an application's ability to
+# recognize an invalid signature on an end entity certificate in a
+# certification path.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert GoodCACert
+need_crl GoodCACRL
+need_cert InvalidEESignatureTest3EE --import-anyway
+if $GPGSM --with-colons --with-validation --list-key 0x42E1AEE3 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidEESignatureTest3.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_NEVER >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+start_test 4.1.4 "Valid DSA Signatures Test4"
+# The purpose of this test is to verify an application's ability to
+# validate certificate in which DSA signatures are used. The
+# intermediate CA and the end entity have DSA key pairs.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert DSACACert
+need_crl DSACACRL
+need_cert ValidDSASignaturesTest4EE
+if $GPGSM --with-colons --with-validation --list-key 0x820A72B8 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ -n "$tmp" ] && set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ # Note: This S/MIME file uses LF and not CR,LF. */
+ if sed '1,/^$/d' smime/SignedValidDSASignaturesTest4.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_FULLY >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+start_test 4.1.5 "Valid DSA Parameter Inheritance Test5"
+# The purpose of this test is to verify an application's ability to
+# validate DSA signatures when the DSA parameters are not included in
+# a certificate and need to be inherited from a previous certificate
+# in the path. The intermediate CAs and the end entity have DSA key
+# pairs.
+set_status nys
+end_test
+
+
+start_test 4.1.6 "Invalid DSA Signature Test6"
+# The purpose of this test is to verify an application's ability to
+# determine when a DSA signature is invalid. The intermediate CA and
+# the end entity have DSA key pairs.
+set_status nys
+end_test
+
+
+
+final_result
diff --git a/tests/pkits/validate-all-certs b/tests/pkits/validate-all-certs
new file mode 100755
index 0000000..b9da579
--- /dev/null
+++ b/tests/pkits/validate-all-certs
@@ -0,0 +1,59 @@
+#!/bin/sh
+# validate-all-certs - GnuPG import and validate tests -*- sh -*-
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=6
+description="GnuPG Import with Validation"
+info "Running $description tests"
+
+while read dummy flag section name; do
+ case $dummy in \#*) continue;; esac
+ [ -z "$(echo $dummy)" ] && continue;
+
+ description="import and validate $name"
+ if ${GPGSM} -q --import --with-validation --disable-crl-checks \
+ certs/$name ; then
+ if [ "$flag" = 'p' ]; then
+ pass "validating certificate \`$name' succeeded"
+ elif [ "$flag" = 'f' ]; then
+ fail "validating certificate \`$name' succeeded"
+ elif [ "$flag" = '?' ]; then
+ unresolved "validating certificate \`$name' succeeded"
+ elif [ "$flag" = 'u' ]; then
+ skip "validating certificate \`$name' succeeded"
+ else
+ info "validating certificate \`$name' succeeded - (flag=$flag)"
+ fi
+ else
+ if [ "$flag" = 'p' ]; then
+ fail "validating certificate \`$name' failed"
+ elif [ "$flag" = 'f' ]; then
+ pass "validating certificate \`$name' failed"
+ elif [ "$flag" = '?' ]; then
+ unresolved "validating certificate \`$name' failed"
+ elif [ "$flag" = 'u' ]; then
+ skip "validating certificate \`$name' failed"
+ else
+ info "validating certificate \`$name' failed - (flag=$flag)"
+ fi
+ fi
+done < $srcdir/import-all-certs.data
+
+final_result
diff --git a/tests/pkits/validity-periods b/tests/pkits/validity-periods
new file mode 100755
index 0000000..90f1764
--- /dev/null
+++ b/tests/pkits/validity-periods
@@ -0,0 +1,218 @@
+#!/bin/sh
+# validity-periods - PKITS Test 4.2 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.2
+description="Validity Periods"
+info "Running $description tests"
+
+start_test 4.2.1 "Invalid CA notBefore Date Test1"
+# In this test, the intermediate certificate's notBefore date is after
+# the current date.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert BadnotBeforeDateCACert
+need_crl BadnotBeforeDateCACRL
+need_cert InvalidCAnotBeforeDateTest1EE
+if $GPGSM --faked-system-time $MYTIME \
+ --with-colons --with-validation --list-key 0x459ADD33 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidCAnotBeforeDateTest1.eml \
+ | $GPGSM --faked-system-time $MYTIME \
+ --verify --assume-base64 --status-fd 1 --logger-fd 1 \
+ | tee $SCRATCH \
+ | grep TRUST_UNDEFINED >/dev/null; then
+ if grep 'intermediate certificate not yet valid' $SCRATCH >/dev/null \
+ && grep 'invalid certification chain: Certificate too young' \
+ $SCRATCH >/dev/null
+ then
+ set_status pass
+ fi
+ fi
+ set_status fail
+fi
+end_test
+
+
+start_test 4.2.2 "Invalid EE notBefore Date Test2"
+# In this test, the end entity certificate's notBefore date is after
+# the current date.
+
+# Procedure: Validate Invalid EE notBefore Date Test2 EE using the
+# default settings or open and verify Signed Test Message 6.2.2.5
+# using the default settings.
+
+# Expected Result: The path should not validate successfully as the
+# notBefore date in the end entity certificate is after the current
+# date.
+
+# Certification Path: The certification path is composed of the
+# following objects: Trust Anchor Root Certificate, Trust Anchor
+# Root CRL Good CA Cert, Good CA CRL Invalid EE notBefore Date
+# Test2 EE
+
+end_test
+
+
+
+start_test 4.2.3 "Valid pre2000 UTC notBefore Date Test3"
+# In this test, the end entity certificate's notBefore date is set to
+# 1950 and is encoded in UTCTime.
+#
+# Procedure: Validate Valid pre2000 UTC notBefore Date Test3 EE
+# using the default settings or open and
+# verify Signed Test Message 6.2.2.6 using
+# the default settings.
+#
+# Expected Result: The path should validate successfully as the
+# notBefore date in the end entity
+# certificate is before the current date.
+#
+# Certification Path: The certification path is composed of the
+# following objects: Trust Anchor Root Certificate,
+# Trust Anchor Root CRL Good CA Cert, Good CA CRL Valid
+# pre2000 UTC notBefore Date Test3 EE
+#
+end_test
+
+
+
+start_test 4.2.4 "Valid GeneralizedTime notBefore Date Test4"
+# In this test, the end entity certificate's notBefore date is
+# specified in GeneralizedTime.
+#
+# Procedure: Validate Valid GeneralizedTime notBefore Date Test4 EE
+# using the default settings or open and
+# verify Signed Test Message 6.2.2.7 using
+# the default settings.
+#
+# Expected Result: The path should validate successfully.
+#
+# Certification Path:
+# The certification path is composed of the following objects:
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Good CA Cert, Good CA CRL
+# Valid GeneralizedTime notBefore Date Test4 EE
+#
+end_test
+
+
+
+start_test 4.2.5 "Invalid CA notAfter Date Test5"
+# In this test, the intermediate certificate's notAfter date is before
+# the current date.
+
+# Procedure: Validate Invalid CA notAfter Date Test5 EE using the
+# default settings or open and verify
+# Signed Test Message 6.2.2.8 using the
+# default settings.
+#
+# Expected Result: The path should not validate successfully as the
+# notAfter date in the intermediate
+# certificate is before the current date.
+#
+# Certification Path: The certification path is composed of the
+# following objects:
+#
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Bad notAfter Date CA Cert, Bad notAfter Date CA CRL
+# Invalid CA notAfter Date Test5 EE
+#
+end_test
+
+
+start_test 4.2.6 "Invalid EE notAfter Date Test6"
+# In this test, the end entity certificate's notAfter date is before
+# the current date.
+
+# Procedure: Validate Invalid EE notAfter Date Test6 EE using the
+# default settings or open and verify
+# Signed Test Message 6.2.2.9 using the
+# default settings.
+#
+# Expected Result: The path should not validate successfully as the
+# notAfter date in the end certificate is
+# before the current date.
+#
+# Certification Path: The certification path is composed of the
+# following objects:
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Good CA Cert, Good CA CRL
+# Invalid EE notAfter Date Test6 EE
+
+end_test
+
+
+start_test 4.2.7 "Invalid pre2000 UTC EE notAfter Date Test7"
+# In this test, the end entity certificate's notAfter date is 1999 and
+# is encoded in UTCTime.
+
+# Procedure: Validate Invalid pre2000 UTC EE notAfter Date Test7 EE
+# using the default settings or open and
+# verify Signed Test Message 6.2.2.10 using
+# the default settings.
+#
+# Expected Result: The path should not validate successfully as the
+# notAfter date in the end certificate is
+# before the current date.
+#
+#
+# Certification Path: The certification path is composed of the
+# following objects:
+#
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Good CA Cert, Good CA CRL
+# Invalid pre2000 UTC EE notAfter Date Test7 EE
+
+end_test
+
+
+
+start_test 4.2.8 "Valid GeneralizedTime notAfter Date Test8"
+# In this test, the end entity certificate's notAfter date is 2050 and
+# is encoded in GeneralizedTime.
+
+# Procedure: Validate Valid GeneralizedTime notAfter Date Test8 EE
+# using the default settings or open and
+# verify Signed Test Message 6.2.2.11 using
+# the default settings.
+#
+# Expected Result: The path should validate successfully as the
+# notAfter date in the end certificate is
+# after the current date.
+#
+#
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Good CA Cert, Good CA CRL
+# Valid GeneralizedTime notAfter Date Test8 EE
+
+end_test
+
+
+
+
+final_result
diff --git a/tests/pkits/verifying-basic-constraints b/tests/pkits/verifying-basic-constraints
new file mode 100755
index 0000000..0e052f3
--- /dev/null
+++ b/tests/pkits/verifying-basic-constraints
@@ -0,0 +1,31 @@
+#!/bin/sh
+# verifying-basic-constraints - PKITS Test 4.6 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.6
+description="Verifying Basic Constraints"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/verifying-name-chaining b/tests/pkits/verifying-name-chaining
new file mode 100755
index 0000000..9bdbb59
--- /dev/null
+++ b/tests/pkits/verifying-name-chaining
@@ -0,0 +1,31 @@
+#!/bin/sh
+# verifying-name-chaining - PKITS Test 4.3 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.3
+description="Verifying Name Chaining"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/verifying-paths-self-issued b/tests/pkits/verifying-paths-self-issued
new file mode 100755
index 0000000..443d7ad
--- /dev/null
+++ b/tests/pkits/verifying-paths-self-issued
@@ -0,0 +1,31 @@
+#!/bin/sh
+# verifying-paths-self-issued - PKITS Test 4.5 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.5
+description="Verifying Paths with Self-Issued Certificates"
+info "Running $description tests"
+
+
+
+
+
+
+final_result