diff options
Diffstat (limited to 'tests/pkits')
26 files changed, 2674 insertions, 0 deletions
diff --git a/tests/pkits/ChangeLog-2011 b/tests/pkits/ChangeLog-2011 new file mode 100644 index 0000000..d66e474 --- /dev/null +++ b/tests/pkits/ChangeLog-2011 @@ -0,0 +1,75 @@ +2011-12-01 Werner Koch <wk@g10code.com> + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2009-03-03 Werner Koch <wk@g10code.com> + + * inittests (clean_files): Use /bin/pwd here as well. + + * Makefile.am (run-all-tests): Also use /bin/pwd here. + +2009-02-19 Werner Koch <wk@g10code.com> + + * Makefile.am (TESTS_ENVIRONMENT): Use /bin/pwd + * common.sh: Ditto. + +2008-02-19 Werner Koch <wk@g10code.com> + + * inittests: Unpack test data onlyu if available. + * common.sh: Skip tests if PKITS test data is not available. + * Makefile.am: Do not distribute test data. This allows to + include the test suite in the distribution. + + * signature-verification: New. + * validity-periods: New. + * verifying-name-chaining: New. + * basic-certificate-revocation: New. + * verifying-paths-self-issued: New. + * verifying-basic-constraints: New. + * key-usage: New. + * certificate-policies: New. + * require-explicit-policy: New. + * policy-mappings: New. + * inhibit-policy-mapping: New. + * inhibit-any-policy: New. + * name-constraints: New. + * distribution-points: New. + * delta-crls: New. + * private-certificate-extensions: New. + * Makefile.am (testscripts): Add them. + + * import-all-certs.data: Add section numbers. + +2008-02-18 Werner Koch <wk@g10code.com> + + * import-all-certs.data: Adjust import tests results. Almost all + certificates should now be importable due to relaxed basic checks. + + * inittests (clean_files): Disable all dirmngr access. + +2006-05-02 Werner Koch <wk@g10code.com> + + * PKITS_data.tar.bz2: Repackaged new copy because the old one got + corrupted by the conversion from CVS to SVN. + +2004-08-16 Werner Koch <wk@g10code.de> + + Started implementing PKITS based tests. + + + Copyright 2004, 2008 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/tests/pkits/Makefile.am b/tests/pkits/Makefile.am new file mode 100644 index 0000000..3dc2f16 --- /dev/null +++ b/tests/pkits/Makefile.am @@ -0,0 +1,75 @@ +# Makefile.am - tests using NIST's PKITS +# Copyright (C) 2004, 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <https://www.gnu.org/licenses/>. + +## Process this file with automake to produce Makefile.in + +GPGSM = ../../sm/gpgsm + +TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \ + GPGSM=$(GPGSM) silent=yes + + +testscripts = import-all-certs validate-all-certs \ + signature-verification \ + validity-periods \ + verifying-name-chaining \ + basic-certificate-revocation \ + verifying-paths-self-issued \ + verifying-basic-constraints \ + key-usage \ + certificate-policies \ + require-explicit-policy \ + policy-mappings \ + inhibit-policy-mapping \ + inhibit-any-policy \ + name-constraints \ + distribution-points \ + delta-crls \ + private-certificate-extensions + + +EXTRA_DIST = inittests runtest common.sh $(testscripts) ChangeLog-2011 \ + import-all-certs.data + +TESTS = + +CLEANFILES = inittests.stamp scratch.*.tmp x y z out err *.lock .\#lk* *.log + +DISTCLEANFILES = pubring.kbx~ random_seed + +all-local: inittests.stamp + +clean-local: + srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean + +inittests.stamp: inittests + srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests + echo timestamp >./inittests.stamp + + +run-all-tests: inittests.stamp + @set -e; \ + GNUPGHOME=`/bin/pwd`; export GNUPGHOME;\ + unset GPG_AGENT_INFO; \ + for tst in $(testscripts); do \ + if ./$${tst}; then : ; \ + elif test $$? -eq 77; then echo "- SKIP $$tst"; \ + fi; \ + done + + diff --git a/tests/pkits/Makefile.in b/tests/pkits/Makefile.in new file mode 100644 index 0000000..accdff2 --- /dev/null +++ b/tests/pkits/Makefile.in @@ -0,0 +1,695 @@ +# Makefile.in generated by automake 1.16.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2020 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Makefile.am - tests using NIST's PKITS +# Copyright (C) 2004, 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <https://www.gnu.org/licenses/>. +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +TESTS = +subdir = tests/pkits +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \ + $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \ + $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \ + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \ + $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red='[0;31m'; \ + grn='[0;32m'; \ + lgn='[1;32m'; \ + blu='[1;34m'; \ + mgn='[0;35m'; \ + brg='[1m'; \ + std='[m'; \ + fi; \ +} +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/mkinstalldirs README +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +AWK_HEX_NUMBER_OPTION = @AWK_HEX_NUMBER_OPTION@ +BUILD_FILEVERSION = @BUILD_FILEVERSION@ +BUILD_HOSTNAME = @BUILD_HOSTNAME@ +BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@ +BUILD_REVISION = @BUILD_REVISION@ +BUILD_TIMESTAMP = @BUILD_TIMESTAMP@ +BUILD_VERSION = @BUILD_VERSION@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CC_FOR_BUILD = @CC_FOR_BUILD@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DL_LIBS = @DL_LIBS@ +DNSLIBS = @DNSLIBS@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ENCFS = @ENCFS@ +EXEEXT = @EXEEXT@ +FUSERMOUNT = @FUSERMOUNT@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@ +GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@ +GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@ +GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@ +GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@ +GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@ +GPGKEYS_LDAP = @GPGKEYS_LDAP@ +GPGRT_CONFIG = @GPGRT_CONFIG@ +GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@ +GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@ +GPG_ERROR_LIBS = @GPG_ERROR_LIBS@ +GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@ +GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +KSBA_CFLAGS = @KSBA_CFLAGS@ +KSBA_CONFIG = @KSBA_CONFIG@ +KSBA_LIBS = @KSBA_LIBS@ +LBER_LIBS = @LBER_LIBS@ +LDAPLIBS = @LDAPLIBS@ +LDAP_CPPFLAGS = @LDAP_CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ +LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ +LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ +LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ +LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ +LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBOBJS = @LIBOBJS@ +LIBREADLINE = @LIBREADLINE@ +LIBS = @LIBS@ +LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@ +LIBUSB_LIBS = @LIBUSB_LIBS@ +LIBUTIL_LIBS = @LIBUTIL_LIBS@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NETLIBS = @NETLIBS@ +NPTH_CFLAGS = @NPTH_CFLAGS@ +NPTH_CONFIG = @NPTH_CONFIG@ +NPTH_LIBS = @NPTH_LIBS@ +NTBTLS_CFLAGS = @NTBTLS_CFLAGS@ +NTBTLS_CONFIG = @NTBTLS_CONFIG@ +NTBTLS_LIBS = @NTBTLS_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_GT = @PACKAGE_GT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POSUB = @POSUB@ +RANLIB = @RANLIB@ +SENDMAIL = @SENDMAIL@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SHRED = @SHRED@ +SQLITE3_CFLAGS = @SQLITE3_CFLAGS@ +SQLITE3_LIBS = @SQLITE3_LIBS@ +STRIP = @STRIP@ +SYSROOT = @SYSROOT@ +SYS_SOCKET_H = @SYS_SOCKET_H@ +TAR = @TAR@ +USE_C99_CFLAGS = @USE_C99_CFLAGS@ +USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +W32SOCKLIBS = @W32SOCKLIBS@ +WINDRES = @WINDRES@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YAT2M = @YAT2M@ +ZLIBS = @ZLIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +GPGSM = ../../sm/gpgsm +TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \ + GPGSM=$(GPGSM) silent=yes + +testscripts = import-all-certs validate-all-certs \ + signature-verification \ + validity-periods \ + verifying-name-chaining \ + basic-certificate-revocation \ + verifying-paths-self-issued \ + verifying-basic-constraints \ + key-usage \ + certificate-policies \ + require-explicit-policy \ + policy-mappings \ + inhibit-policy-mapping \ + inhibit-any-policy \ + name-constraints \ + distribution-points \ + delta-crls \ + private-certificate-extensions + +EXTRA_DIST = inittests runtest common.sh $(testscripts) ChangeLog-2011 \ + import-all-certs.data + +CLEANFILES = inittests.stamp scratch.*.tmp x y z out err *.lock .\#lk* *.log +DISTCLEANFILES = pubring.kbx~ random_seed +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/pkits/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu tests/pkits/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile all-local +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: all all-am all-local check check-TESTS check-am clean \ + clean-generic clean-local cscopelist-am ctags-am distclean \ + distclean-generic distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am + +.PRECIOUS: Makefile + + +all-local: inittests.stamp + +clean-local: + srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean + +inittests.stamp: inittests + srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests + echo timestamp >./inittests.stamp + +run-all-tests: inittests.stamp + @set -e; \ + GNUPGHOME=`/bin/pwd`; export GNUPGHOME;\ + unset GPG_AGENT_INFO; \ + for tst in $(testscripts); do \ + if ./$${tst}; then : ; \ + elif test $$? -eq 77; then echo "- SKIP $$tst"; \ + fi; \ + done + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tests/pkits/README b/tests/pkits/README new file mode 100644 index 0000000..06aa97b --- /dev/null +++ b/tests/pkits/README @@ -0,0 +1,37 @@ +tests/pkits/README + +These are tests based on NIST's Public Key Interoperability Test Suite +(PKITS) as downloaded on 2006-05-02 from +http://csrc.nist.gov/pki/testing/x509paths.html . + +README - this file. +PKITS_data.tar.bz2 - the original ZIP file, repackaged as a tarball. +Makefile.am - Part of our build system. +import-all-certs - Run a simple import test on all certificates +validate-all-certs - Run an import and validate test on all certificates +signature-verification - PKITS test 4.1 +validity-periods - PKITS test 4.2 +verifying-name-chaining - PKITS test 4.3 +basic-certificate-revocation - PKITS test 4.4 +verifying-paths-self-issued - PKITS test 4.5 +verifying-basic-constraints - PKITS test 4.6 +key-usage - PKITS test 4.7 +certificate-policies - PKITS test 4.8 +require-explicit-policy - PKITS test 4.9 +policy-mappings - PKITS test 4.10 +inhibit-policy-mapping - PKITS test 4.11 +inhibit-any-policy - PKITS test 4.12 +name-constraints - PKITS test 4.13 +distribution-points - PKITS test 4.14 +delta-crls - PKITS test 4.15 +private-certificate-extensions - PKITS test 4.16 + + +The password for the p12 files is "password". + +You may run the tests as usual with "make check" or after a plain make +in this directory you may run the tests individually. When run in +this way they will print easy to parse output to stdout. To run all +tests in this mode, use "make run-all-tests". All test scripts create +a log file with the suffix ".log" appended to the test script's name. + diff --git a/tests/pkits/basic-certificate-revocation b/tests/pkits/basic-certificate-revocation new file mode 100755 index 0000000..496a82c --- /dev/null +++ b/tests/pkits/basic-certificate-revocation @@ -0,0 +1,31 @@ +#!/bin/sh +# basic-certificate-revocation - PKITS Test 4.4 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.4 +description="Basic Certificate Revocation" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/certificate-policies b/tests/pkits/certificate-policies new file mode 100755 index 0000000..f472201 --- /dev/null +++ b/tests/pkits/certificate-policies @@ -0,0 +1,31 @@ +#!/bin/sh +# certificate-policies - PKITS Test 4.8 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.8 +description="Certificate Policies" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/common.sh b/tests/pkits/common.sh new file mode 100644 index 0000000..697f28f --- /dev/null +++ b/tests/pkits/common.sh @@ -0,0 +1,275 @@ +# common.sh - common defs for all tests -*- sh -*- +# Copyright (C) 2004, 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +# reset some environment variables because we do not want to test locals +LANG=C +LANGUAGE=C +LC_ALL=C +export LANG LANGUAGE LC_ALL + +pgmname=`basename $0` + +if [ "$1" = "--debug" ]; then + debug=yes + set -x +else + debug= +fi +[ -z "$srcdir" ] && srcdir="." +[ -z "$top_srcdir" ] && top_srcdir=".." +[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm" +[ -z "$silent" ] && silent=no + +AWK=awk +SCRATCH="scratch.$$.tmp" + +# We use this as the faked system time for certain tests. +MYTIME="20080508T120000" + + +if [ "$GNUPGHOME" != "`/bin/pwd`" ]; then + echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2 + exit 1 +fi + +if [ -n "$GPG_AGENT_INFO" ]; then + echo "inittests: please unset GPG_AGENT_INFO" >&2 + exit 1 +fi + +if [ -f "$srcdir/PKITS_data.tar.bz2" ]; then + : +else + if [ "$pgmname" = "import-all-certs" ]; then + if [ "$silent" = "yes" ]; then tmp1="Note: "; tmp2=' ' + else tmp1="- ____ "; tmp2="$tmp1" + fi + echo "${tmp1}PKITS_data.tar.bz2 is not installed" + echo "${tmp2}All tests will be skipped (this is not an error)" + fi + # Exit code 77 is used by the Makefile for skipping a tests. + exit 77 +fi + +#-------------------------------- +#------ utility functions ------- +#-------------------------------- + +echo_n_init=no +echo_n () { + if test "$echo_n_init" = "no"; then + if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + echo_n_n= + echo_n_c=' +' + else + echo_n_n='-n' + echo_n_c= + fi + else + echo_n_n= + echo_n_c='\c' + fi + echo_n_init=yes + fi + echo $echo_n_n "${1}$echo_n_c" +} + +setup_output () { + if [ -z "$first_section_set" ]; then + first_section_set=$section + fi + section_out="$(echo $section)" + if [ -z "$section_out" ]; then + section_out="-" + fi +} + +fatal () { + echo "$pgmname: fatal:" $* >&2 + if [ "$silent" != "yes" ]; then + echo "$section_out ERROR: $* (fatal)" + fi + exit 1; +} + +error () { + echo "$pgmname:" $* >&2 + if [ "$silent" != "yes" ]; then + echo "$section_out ERROR: $*" + fi + exit 1 +} + +info () { + setup_output + echo "$pgmname:" $* >&2 + if [ "$silent" != "yes" ]; then + echo "$section_out ____ $*" + fi +} + +info_n () { + setup_output + echo_n "$pgmname:" $* >&2 +} + +pass () { + setup_output + echo "PASS: " $* >&2 + pass_count=`expr ${pass_count} + 1` + if [ "$silent" != "yes" ]; then + echo_n "$section_out PASS" + if [ -n "$1" ]; then echo_n " $1" + elif [ -n "$description" ]; then echo_n " ($description)" + fi + echo + fi +} + +fail () { + setup_output + echo "FAIL: " $* >&2 + fail_count=`expr ${fail_count} + 1` + if [ "$silent" != "yes" ]; then + echo_n "$section_out FAIL" + if [ -n "$1" ]; then echo_n " $1" + elif [ -n "$description" ]; then echo_n " ($description)" + fi + echo + fi +} + +skip () { + setup_output + echo "SKIP: " $* >&2 + skip_count=`expr ${skip_count} + 1` + if [ "$silent" != "yes" ]; then + echo_n "$section_out SKIP" + if [ -n "$1" ]; then echo_n " $1" + elif [ -n "$description" ]; then echo_n " ($description)" + fi + echo + fi +} + +unresolved () { + setup_output + echo "UNRESOLVED: " $* >&2 + unresolved_count=`expr ${unresolved_count} + 1` + if [ "$silent" != "yes" ]; then + echo_n "$section_out UNRESOLVED" + if [ -n "$1" ]; then echo_n " $1" + elif [ -n "$description" ]; then echo_n " ($description)" + fi + echo + fi +} + + +final_result () { + section=$first_section_set + [ $pass_count = 0 ] || info "$pass_count tests passed" + [ $fail_count = 0 ] || info "$fail_count tests failed" + [ $skip_count = 0 ] || info "$unsupported_count tests skipped" + [ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved" + [ -z "$debug" -a -f "$SCRATCH" ] && rm "$SCRATCH" + if [ $fail_count = 0 ]; then + info "all tests passed" + else + exit 1 + fi +} + + +clean_homedir () { + [ -f pubring.kbx ] && rm pubring.kbx + if [ -d private-keys-v1.d ]; then + rm private-keys-v1.d/* 2>/dev/null || true + rmdir private-keys-v1.d + fi +} + +start_test () { + section="$1" + description="$2" + test_status=none + echo "BEGIN TEST $section ($description)" >&2 +} + +end_test () { + case "$test_status" in + none) skip "($description) - test not implemented";; + pass) pass "($description)";; + fail) fail "($description)";; + setup) fail "($description) - setup failed";; + ns) skip "($description) - not supported";; + nys) skip "($description) - not yet supported";; + *) unresolved "$(description)";; + esac + echo "END TEST $section" >&2 +} + +set_status () { + if [ "$test_status" = "none" ]; then + test_status=$1 + fi +} + +need_cert () { + if [ "$2" = "--import-anyway" ]; then + if ! ${GPGSM} -q --debug-no-chain-validation --import certs/$1.crt + then + set_status setup + fi + else + if ! ${GPGSM} -q --import certs/$1.crt; then + set_status setup + fi + fi +} + +need_crl () { + # CRL are not yet implemented + #set_status setup + : +} + + + +set -e + +pass_count=0 +fail_count=0 +skip_count=0 +unresolved_count=0 +first_section_set="" +section_out="" +test_status=none + +# User settable variables +section="" +description="" + + +#trap cleanup SIGHUP SIGINT SIGQUIT +[ -z "$debug" ] && exec 2> ${pgmname}.log + +: +# end diff --git a/tests/pkits/delta-crls b/tests/pkits/delta-crls new file mode 100755 index 0000000..2b91288 --- /dev/null +++ b/tests/pkits/delta-crls @@ -0,0 +1,31 @@ +#!/bin/sh +# delta-crls - PKITS Test 4.15 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.15 +description="Delta-CRLs" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/distribution-points b/tests/pkits/distribution-points new file mode 100755 index 0000000..2d59fcd --- /dev/null +++ b/tests/pkits/distribution-points @@ -0,0 +1,31 @@ +#!/bin/sh +# distribution-points - PKITS Test 4.14 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.14 +description="Distribution Points" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/import-all-certs b/tests/pkits/import-all-certs new file mode 100755 index 0000000..51f3253 --- /dev/null +++ b/tests/pkits/import-all-certs @@ -0,0 +1,58 @@ +#!/bin/sh +# import-all-certs - GnuPG import test -*- sh -*- +# Copyright (C) 2004, 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=6 +description="GnuPG Import" +info "Running $description tests" + +while read flag dummy section name; do + case $flag in \#*) continue ;; esac + [ -z "$(echo $flag)" ] && continue; + + description="import $name" + if ${GPGSM} -q --import certs/$name ; then + if [ "$flag" = 'p' ]; then + pass "importing certificate \`$name' succeeded" + elif [ "$flag" = 'f' ]; then + fail "importing certificate \`$name' succeeded" + elif [ "$flag" = '?' ]; then + unresolved "importing certificate \`$name' succeeded" + elif [ "$flag" = 'u' ]; then + skip "importing certificate \`$name' succeeded" + else + info "importing certificate \`$name' succeeded - (flag=$flag)" + fi + else + if [ "$flag" = 'p' ]; then + fail "importing certificate \`$name' failed" + elif [ "$flag" = 'f' ]; then + pass "importing certificate \`$name' failed" + elif [ "$flag" = '?' ]; then + unresolved "importing certificate \`$name' failed" + elif [ "$flag" = 'u' ]; then + skip "importing certificate \`$name' failed" + else + info "importing certificate \`$name' failed - (flag=$flag)" + fi + fi +done < $srcdir/import-all-certs.data + +final_result diff --git a/tests/pkits/import-all-certs.data b/tests/pkits/import-all-certs.data new file mode 100644 index 0000000..e91b9f1 --- /dev/null +++ b/tests/pkits/import-all-certs.data @@ -0,0 +1,471 @@ +# The first column is for the basic import test, the second for a +# validation test, the third is the section number and th foruth the +# filename of the certificate. + +# Make sure that the root certificate is imported first +p p 6.1.5.1 TrustAnchorRootCertificate.crt + +p p 6.1.5.168 AllCertificatesNoPoliciesTest2EE.crt +p p 6.1.5.204 AllCertificatesSamePoliciesTest10EE.crt +p p 6.1.5.211 AllCertificatesSamePoliciesTest13EE.crt +p p 6.1.5.207 AllCertificatesanyPolicyTest11EE.crt +p p 6.1.5.212 AnyPolicyTest14EE.crt +p p 6.1.5.41 BadCRLIssuerNameCACert.crt +p p 6.1.5.38 BadCRLSignatureCACert.crt +f f 6.1.5.6 BadSignedCACert.crt +p f 6.1.5.16 BadnotAfterDateCACert.crt + +# UTC: "470101120100Z" i.e. not before 2047-01-01 +p f 6.1.5.10 BadnotBeforeDateCACert.crt + +p p 6.1.5.88 BasicSelfIssuedCRLSigningKeyCACert.crt +p p 6.1.5.90 BasicSelfIssuedCRLSigningKeyCRLCert.crt + +p p 6.1.5.76 BasicSelfIssuedNewKeyCACert.crt +p p 6.1.5.78 BasicSelfIssuedNewKeyOldWithNewCACert.crt +p p 6.1.5.81 BasicSelfIssuedOldKeyCACert.crt +p p 6.1.5.83 BasicSelfIssuedOldKeyNewWithOldCACert.crt + +p p 6.1.5.218 CPSPointerQualifierTest20EE.crt + +p u 6.1.5.572 DSACACert.crt +u u 6.1.5.575 DSAParametersInheritedCACert.crt + +p p 6.1.5.210 DifferentPoliciesTest12EE.crt +p p 6.1.5.171 DifferentPoliciesTest3EE.crt +p p 6.1.5.174 DifferentPoliciesTest4EE.crt +p p 6.1.5.177 DifferentPoliciesTest5EE.crt +p p 6.1.5.191 DifferentPoliciesTest7EE.crt +p p 6.1.5.198 DifferentPoliciesTest8EE.crt +p p 6.1.5.203 DifferentPoliciesTest9EE.crt +p p 6.1.5.64 GeneralizedTimeCRLnextUpdateCACert.crt +p p 6.1.5.3 GoodCACert.crt +p p 6.1.5.172 GoodsubCACert.crt + +# gpgsm: critical certificate extension 2.5.29.33 (policyMappings) +# is not supported +p u 6.1.5.300 GoodsubCAPanyPolicyMapping1to2CACert.crt + +p f 6.1.5.43 InvalidBadCRLIssuerNameTest5EE.crt + +p f 6.1.5.40 InvalidBadCRLSignatureTest4EE.crt +p f 6.1.5.93 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt + +p f 6.1.5.94 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt + +p f 6.1.5.87 InvalidBasicSelfIssuedNewWithOldTest5EE.crt + +p f 6.1.5.80 InvalidBasicSelfIssuedOldWithNewTest2EE.crt + +p f 6.1.5.8 InvalidCASignatureTest2EE.crt + +p f 6.1.5.18 InvalidCAnotAfterDateTest5EE.crt +p f 6.1.5.12 InvalidCAnotBeforeDateTest1EE.crt +p f 6.1.5.439 InvalidDNSnameConstraintsTest31EE.crt +p f 6.1.5.443 InvalidDNSnameConstraintsTest33EE.crt +p f 6.1.5.562 InvalidDNSnameConstraintsTest38EE.crt +p f 6.1.5.434 InvalidDNandRFC822nameConstraintsTest28EE.crt +p f 6.1.5.435 InvalidDNandRFC822nameConstraintsTest29EE.crt +p f 6.1.5.399 InvalidDNnameConstraintsTest10EE.crt +p f 6.1.5.403 InvalidDNnameConstraintsTest12EE.crt +p f 6.1.5.406 InvalidDNnameConstraintsTest13EE.crt +p f 6.1.5.410 InvalidDNnameConstraintsTest15EE.crt +p f 6.1.5.411 InvalidDNnameConstraintsTest16EE.crt +p f 6.1.5.414 InvalidDNnameConstraintsTest17EE.crt + +p f 6.1.5.418 InvalidDNnameConstraintsTest20EE.crt + +p f 6.1.5.383 InvalidDNnameConstraintsTest2EE.crt +p f 6.1.5.384 InvalidDNnameConstraintsTest3EE.crt +p f 6.1.5.392 InvalidDNnameConstraintsTest7EE.crt +p f 6.1.5.395 InvalidDNnameConstraintsTest8EE.crt +p f 6.1.5.396 InvalidDNnameConstraintsTest9EE.crt + +p u 6.1.5.578 InvalidDSASignatureTest6EE.crt + +p f 6.1.5.9 InvalidEESignatureTest3EE.crt + +p f 6.1.5.19 InvalidEEnotAfterDateTest6EE.crt +p f 6.1.5.13 InvalidEEnotBeforeDateTest2EE.crt +p f 6.1.5.500 InvalidIDPwithindirectCRLTest23EE.crt +p f 6.1.5.504 InvalidIDPwithindirectCRLTest26EE.crt +p f 6.1.5.75 InvalidLongSerialNumberTest18EE.crt +p f 6.1.5.293 InvalidMappingFromanyPolicyTest7EE.crt +p f 6.1.5.296 InvalidMappingToanyPolicyTest8EE.crt +p f 6.1.5.33 InvalidMissingCRLTest1EE.crt +p f 6.1.5.97 InvalidMissingbasicConstraintsTest1EE.crt +p f 6.1.5.25 InvalidNameChainingOrderTest2EE.crt +p f 6.1.5.22 InvalidNameChainingTest1EE.crt +p f 6.1.5.70 InvalidNegativeSerialNumberTest15EE.crt +p f 6.1.5.60 InvalidOldCRLnextUpdateTest11EE.crt +p f 6.1.5.302 InvalidPolicyMappingTest10EE.crt +p f 6.1.5.276 InvalidPolicyMappingTest2EE.crt +p f 6.1.5.284 InvalidPolicyMappingTest4EE.crt +p f 6.1.5.422 InvalidRFC822nameConstraintsTest22EE.crt +p f 6.1.5.426 InvalidRFC822nameConstraintsTest24EE.crt +p f 6.1.5.430 InvalidRFC822nameConstraintsTest26EE.crt +p f 6.1.5.36 InvalidRevokedCATest2EE.crt +p f 6.1.5.37 InvalidRevokedEETest3EE.crt + +p f 6.1.5.379 InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt + +p f 6.1.5.376 InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt +p f 6.1.5.348 InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt +p f 6.1.5.349 InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt +p f 6.1.5.345 InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt +p f 6.1.5.346 InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt +p f 6.1.5.143 InvalidSelfIssuedpathLenConstraintTest16EE.crt +p f 6.1.5.270 InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt +p f 6.1.5.272 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt + +p f 6.1.5.567 InvalidSeparateCertificateandCRLKeysTest20EE.crt +p f 6.1.5.571 InvalidSeparateCertificateandCRLKeysTest21EE.crt + +p f 6.1.5.447 InvalidURInameConstraintsTest35EE.crt +p f 6.1.5.451 InvalidURInameConstraintsTest37EE.crt +p f 6.1.5.53 InvalidUnknownCRLEntryExtensionTest8EE.crt +p f 6.1.5.57 InvalidUnknownCRLExtensionTest10EE.crt +p f 6.1.5.56 InvalidUnknownCRLExtensionTest9EE.crt +p f 6.1.5.546 InvalidUnknownCriticalCertificateExtensionTest2EE.crt +p f 6.1.5.46 InvalidWrongCRLTest6EE.crt +p f 6.1.5.100 InvalidcAFalseTest2EE.crt +p f 6.1.5.103 InvalidcAFalseTest3EE.crt +p f 6.1.5.505 InvalidcRLIssuerTest27EE.crt +p f 6.1.5.519 InvalidcRLIssuerTest31EE.crt +p f 6.1.5.520 InvalidcRLIssuerTest32EE.crt +p f 6.1.5.522 InvalidcRLIssuerTest34EE.crt +p f 6.1.5.523 InvalidcRLIssuerTest35EE.crt +p f 6.1.5.526 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt +p f 6.1.5.544 InvaliddeltaCRLTest10EE.crt +p f 6.1.5.531 InvaliddeltaCRLTest3EE.crt +p f 6.1.5.532 InvaliddeltaCRLTest4EE.crt +p f 6.1.5.534 InvaliddeltaCRLTest6EE.crt +p f 6.1.5.540 InvaliddeltaCRLTest9EE.crt +p f 6.1.5.455 InvaliddistributionPointTest2EE.crt +p f 6.1.5.456 InvaliddistributionPointTest3EE.crt +p f 6.1.5.461 InvaliddistributionPointTest6EE.crt +p f 6.1.5.463 InvaliddistributionPointTest8EE.crt +p f 6.1.5.464 InvaliddistributionPointTest9EE.crt +p f 6.1.5.352 InvalidinhibitAnyPolicyTest1EE.crt +p f 6.1.5.359 InvalidinhibitAnyPolicyTest4EE.crt +p f 6.1.5.366 InvalidinhibitAnyPolicyTest5EE.crt +p f 6.1.5.369 InvalidinhibitAnyPolicyTest6EE.crt +p f 6.1.5.313 InvalidinhibitPolicyMappingTest1EE.crt +p f 6.1.5.321 InvalidinhibitPolicyMappingTest3EE.crt +p f 6.1.5.331 InvalidinhibitPolicyMappingTest5EE.crt +p f 6.1.5.336 InvalidinhibitPolicyMappingTest6EE.crt +p f 6.1.5.162 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt +p f 6.1.5.153 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt +p f 6.1.5.165 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt +p f 6.1.5.156 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt +p f 6.1.5.477 InvalidonlyContainsAttributeCertsTest14EE.crt +p f 6.1.5.473 InvalidonlyContainsCACertsTest12EE.crt +p f 6.1.5.470 InvalidonlyContainsUserCertsTest11EE.crt +p f 6.1.5.481 InvalidonlySomeReasonsTest15EE.crt +p f 6.1.5.482 InvalidonlySomeReasonsTest16EE.crt +p f 6.1.5.486 InvalidonlySomeReasonsTest17EE.crt +p f 6.1.5.495 InvalidonlySomeReasonsTest20EE.crt +p f 6.1.5.496 InvalidonlySomeReasonsTest21EE.crt +p f 6.1.5.122 InvalidpathLenConstraintTest10EE.crt +p f 6.1.5.129 InvalidpathLenConstraintTest11EE.crt +p f 6.1.5.130 InvalidpathLenConstraintTest12EE.crt +p f 6.1.5.111 InvalidpathLenConstraintTest5EE.crt +p f 6.1.5.112 InvalidpathLenConstraintTest6EE.crt +p f 6.1.5.121 InvalidpathLenConstraintTest9EE.crt +p f 6.1.5.63 Invalidpre2000CRLnextUpdateTest12EE.crt +p f 6.1.5.20 Invalidpre2000UTCEEnotAfterDateTest7EE.crt +p f 6.1.5.245 InvalidrequireExplicitPolicyTest3EE.crt +p f 6.1.5.263 InvalidrequireExplicitPolicyTest5EE.crt +p p 6.1.5.71 LongSerialNumberCACert.crt +p p 6.1.5.273 Mapping1to2CACert.crt +p p 6.1.5.291 MappingFromanyPolicyCACert.crt +p p 6.1.5.294 MappingToanyPolicyCACert.crt +p p 6.1.5.95 MissingbasicConstraintsCACert.crt +p p 6.1.5.23 NameOrderingCACert.crt +p p 6.1.5.67 NegativeSerialNumberCACert.crt +p p 6.1.5.32 NoCRLCACert.crt +p p 6.1.5.166 NoPoliciesCACert.crt +p p 6.1.5.465 NoissuingDistributionPointCACert.crt +p p 6.1.5.58 OldCRLnextUpdateCACert.crt +p p 6.1.5.184 OverlappingPoliciesTest6EE.crt +p p 6.1.5.277 P12Mapping1to3CACert.crt +p p 6.1.5.279 P12Mapping1to3subCACert.crt +p p 6.1.5.281 P12Mapping1to3subsubCACert.crt +p p 6.1.5.285 P1Mapping1to234CACert.crt +p p 6.1.5.287 P1Mapping1to234subCACert.crt +p p 6.1.5.305 P1anyPolicyMapping1to2CACert.crt +p p 6.1.5.297 PanyPolicyMapping1to2CACert.crt +p p 6.1.5.178 PoliciesP1234CACert.crt +p p 6.1.5.180 PoliciesP1234subCAP123Cert.crt +p p 6.1.5.182 PoliciesP1234subsubCAP123P12Cert.crt +p p 6.1.5.185 PoliciesP123CACert.crt +p p 6.1.5.187 PoliciesP123subCAP12Cert.crt +p p 6.1.5.189 PoliciesP123subsubCAP12P1Cert.crt +p p 6.1.5.199 PoliciesP123subsubCAP12P2Cert.crt +p p 6.1.5.201 PoliciesP123subsubsubCAP12P2P1Cert.crt +p p 6.1.5.192 PoliciesP12CACert.crt +p p 6.1.5.194 PoliciesP12subCAP1Cert.crt +p p 6.1.5.196 PoliciesP12subsubCAP1P2Cert.crt +p p 6.1.5.175 PoliciesP2subCA2Cert.crt +p p 6.1.5.169 PoliciesP2subCACert.crt +p p 6.1.5.208 PoliciesP3CACert.crt +p p 6.1.5.547 RFC3280MandatoryAttributeTypesCACert.crt +p p 6.1.5.550 RFC3280OptionalAttributeTypesCACert.crt +p p 6.1.5.34 RevokedsubCACert.crt +p p 6.1.5.556 RolloverfromPrintableStringtoUTF8StringCACert.crt +p p 6.1.5.569 SeparateCertificateandCRLKeysCA2CRLSigningCert.crt +p p 6.1.5.568 SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt +p p 6.1.5.564 SeparateCertificateandCRLKeysCRLSigningCert.crt +p p 6.1.5.563 SeparateCertificateandCRLKeysCertificateSigningCACert.crt +p p 6.1.5.47 TwoCRLsCACert.crt +p p 6.1.5.29 UIDCACert.crt +p p 6.1.5.559 UTF8StringCaseInsensitiveMatchCACert.crt +p p 6.1.5.553 UTF8StringEncodedNamesCACert.crt +p p 6.1.5.51 UnknownCRLEntryExtensionCACert.crt +p p 6.1.5.54 UnknownCRLExtensionCACert.crt +p p 6.1.5.213 UserNoticeQualifierTest15EE.crt +p p 6.1.5.214 UserNoticeQualifierTest16EE.crt +p p 6.1.5.215 UserNoticeQualifierTest17EE.crt +p p 6.1.5.216 UserNoticeQualifierTest18EE.crt +p p 6.1.5.217 UserNoticeQualifierTest19EE.crt +p p 6.1.5.92 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt + +p p 6.1.5.85 ValidBasicSelfIssuedNewWithOldTest3EE.crt +p p 6.1.5.86 ValidBasicSelfIssuedNewWithOldTest4EE.crt +p p 6.1.5.79 ValidBasicSelfIssuedOldWithNewTest1EE.crt + +p p 6.1.5.5 ValidCertificatePathTest1EE.crt +p p 6.1.5.438 ValidDNSnameConstraintsTest30EE.crt +p p 6.1.5.442 ValidDNSnameConstraintsTest32EE.crt +p p 6.1.5.433 ValidDNandRFC822nameConstraintsTest27EE.crt +p p 6.1.5.400 ValidDNnameConstraintsTest11EE.crt + +# This certificate has an empty subject sequence. Our parser does not +# support this yet and it is unlikely that gpgsm will be able to cope +# with it at all. +u u 6.1.5.407 ValidDNnameConstraintsTest14EE.crt + +p p 6.1.5.415 ValidDNnameConstraintsTest18EE.crt +p p 6.1.5.417 ValidDNnameConstraintsTest19EE.crt + +p p 6.1.5.382 ValidDNnameConstraintsTest1EE.crt +p p 6.1.5.385 ValidDNnameConstraintsTest4EE.crt +p p 6.1.5.388 ValidDNnameConstraintsTest5EE.crt +p p 6.1.5.391 ValidDNnameConstraintsTest6EE.crt + +u p 6.1.5.577 ValidDSAParameterInheritanceTest5EE.crt +u p 6.1.5.574 ValidDSASignaturesTest4EE.crt + +p p 6.1.5.66 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt +p p 6.1.5.21 ValidGeneralizedTimenotAfterDateTest8EE.crt +p p 6.1.5.15 ValidGeneralizedTimenotBeforeDateTest4EE.crt +p p 6.1.5.499 ValidIDPwithindirectCRLTest22EE.crt +p p 6.1.5.502 ValidIDPwithindirectCRLTest24EE.crt +p p 6.1.5.503 ValidIDPwithindirectCRLTest25EE.crt +p p 6.1.5.73 ValidLongSerialNumberTest16EE.crt +p p 6.1.5.74 ValidLongSerialNumberTest17EE.crt +p p 6.1.5.28 ValidNameChainingCapitalizationTest5EE.crt +p p 6.1.5.26 ValidNameChainingWhitespaceTest3EE.crt +p p 6.1.5.27 ValidNameChainingWhitespaceTest4EE.crt +p p 6.1.5.31 ValidNameUIDsTest6EE.crt +p p 6.1.5.69 ValidNegativeSerialNumberTest14EE.crt +p p 6.1.5.467 ValidNoissuingDistributionPointTest10EE.crt +p p 6.1.5.303 ValidPolicyMappingTest11EE.crt +p p 6.1.5.304 ValidPolicyMappingTest12EE.crt +p p 6.1.5.307 ValidPolicyMappingTest13EE.crt +p p 6.1.5.308 ValidPolicyMappingTest14EE.crt +p p 6.1.5.275 ValidPolicyMappingTest1EE.crt +p p 6.1.5.283 ValidPolicyMappingTest3EE.crt +p p 6.1.5.289 ValidPolicyMappingTest5EE.crt +p p 6.1.5.290 ValidPolicyMappingTest6EE.crt +p p 6.1.5.299 ValidPolicyMappingTest9EE.crt +p p 6.1.5.549 ValidRFC3280MandatoryAttributeTypesTest7EE.crt +p p 6.1.5.552 ValidRFC3280OptionalAttributeTypesTest8EE.crt +p p 6.1.5.421 ValidRFC822nameConstraintsTest21EE.crt +p p 6.1.5.425 ValidRFC822nameConstraintsTest23EE.crt +p p 6.1.5.429 ValidRFC822nameConstraintsTest25EE.crt +p p 6.1.5.558 ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt +p p 6.1.5.373 ValidSelfIssuedinhibitAnyPolicyTest7EE.crt + +p p 6.1.5.378 ValidSelfIssuedinhibitAnyPolicyTest9EE.crt + +p p 6.1.5.342 ValidSelfIssuedinhibitPolicyMappingTest7EE.crt + +p ? 6.1.5.140 ValidSelfIssuedpathLenConstraintTest15EE.crt + +p p 6.1.5.150 ValidSelfIssuedpathLenConstraintTest17EE.crt + +p ? 6.1.5.267 ValidSelfIssuedrequireExplicitPolicyTest6EE.crt + +p ? 6.1.5.566 ValidSeparateCertificateandCRLKeysTest19EE.crt + +p p 6.1.5.50 ValidTwoCRLsTest7EE.crt +p p 6.1.5.446 ValidURInameConstraintsTest34EE.crt +p p 6.1.5.450 ValidURInameConstraintsTest36EE.crt +p p 6.1.5.561 ValidUTF8StringCaseInsensitiveMatchTest11EE.crt +p p 6.1.5.555 ValidUTF8StringEncodedNamesTest9EE.crt +p p 6.1.5.545 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt +p p 6.1.5.106 ValidbasicConstraintsNotCriticalTest4EE.crt +p p 6.1.5.510 ValidcRLIssuerTest28EE.crt +p p 6.1.5.511 ValidcRLIssuerTest29EE.crt +p p 6.1.5.515 ValidcRLIssuerTest30EE.crt +p p 6.1.5.521 ValidcRLIssuerTest33EE.crt +p p 6.1.5.530 ValiddeltaCRLTest2EE.crt +p p 6.1.5.533 ValiddeltaCRLTest5EE.crt +p p 6.1.5.535 ValiddeltaCRLTest7EE.crt +p p 6.1.5.539 ValiddeltaCRLTest8EE.crt +p p 6.1.5.454 ValiddistributionPointTest1EE.crt +p p 6.1.5.457 ValiddistributionPointTest4EE.crt +p p 6.1.5.460 ValiddistributionPointTest5EE.crt +p p 6.1.5.462 ValiddistributionPointTest7EE.crt +p p 6.1.5.353 ValidinhibitAnyPolicyTest2EE.crt +p p 6.1.5.318 ValidinhibitPolicyMappingTest2EE.crt +p p 6.1.5.322 ValidinhibitPolicyMappingTest4EE.crt +p p 6.1.5.159 ValidkeyUsageNotCriticalTest3EE.crt +p p 6.1.5.474 ValidonlyContainsCACertsTest13EE.crt +p p 6.1.5.490 ValidonlySomeReasonsTest18EE.crt +p p 6.1.5.494 ValidonlySomeReasonsTest19EE.crt +p p 6.1.5.137 ValidpathLenConstraintTest13EE.crt +p p 6.1.5.138 ValidpathLenConstraintTest14EE.crt +p p 6.1.5.113 ValidpathLenConstraintTest7EE.crt +p p 6.1.5.114 ValidpathLenConstraintTest8EE.crt +p p 6.1.5.14 Validpre2000UTCnotBeforeDateTest3EE.crt +p p 6.1.5.227 ValidrequireExplicitPolicyTest1EE.crt +p p 6.1.5.236 ValidrequireExplicitPolicyTest2EE.crt +p p 6.1.5.254 ValidrequireExplicitPolicyTest4EE.crt +p p 6.1.5.44 WrongCRLCACert.crt +p p 6.1.5.205 anyPolicyCACert.crt +p p 6.1.5.98 basicConstraintsCriticalcAFalseCACert.crt +p p 6.1.5.104 basicConstraintsNotCriticalCACert.crt +p p 6.1.5.101 basicConstraintsNotCriticalcAFalseCACert.crt +p p 6.1.5.527 deltaCRLCA1Cert.crt +p p 6.1.5.536 deltaCRLCA2Cert.crt +p p 6.1.5.541 deltaCRLCA3Cert.crt +p p 6.1.5.524 deltaCRLIndicatorNoBaseCACert.crt +p p 6.1.5.452 distributionPoint1CACert.crt +p p 6.1.5.458 distributionPoint2CACert.crt +p p 6.1.5.497 indirectCRLCA1Cert.crt +p p 6.1.5.501 indirectCRLCA2Cert.crt +p p 6.1.5.506 indirectCRLCA3Cert.crt +p p 6.1.5.508 indirectCRLCA3cRLIssuerCert.crt +p p 6.1.5.512 indirectCRLCA4Cert.crt +p p 6.1.5.513 indirectCRLCA4cRLIssuerCert.crt +p p 6.1.5.516 indirectCRLCA5Cert.crt +p p 6.1.5.518 indirectCRLCA6Cert.crt +p p 6.1.5.350 inhibitAnyPolicy0CACert.crt +p p 6.1.5.354 inhibitAnyPolicy1CACert.crt + +p ? 6.1.5.370 inhibitAnyPolicy1SelfIssuedCACert.crt +p ? 6.1.5.377 inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt + +p p 6.1.5.356 inhibitAnyPolicy1subCA1Cert.crt + +? ? 6.1.5.371 inhibitAnyPolicy1subCA2Cert.crt + +p p 6.1.5.367 inhibitAnyPolicy1subCAIAP5Cert.crt +p p 6.1.5.374 inhibitAnyPolicy1subsubCA2Cert.crt +p p 6.1.5.360 inhibitAnyPolicy5CACert.crt +p p 6.1.5.362 inhibitAnyPolicy5subCACert.crt +p p 6.1.5.364 inhibitAnyPolicy5subsubCACert.crt +p p 6.1.5.358 inhibitAnyPolicyTest3EE.crt +p p 6.1.5.309 inhibitPolicyMapping0CACert.crt +p p 6.1.5.311 inhibitPolicyMapping0subCACert.crt +p p 6.1.5.314 inhibitPolicyMapping1P12CACert.crt +p p 6.1.5.316 inhibitPolicyMapping1P12subCACert.crt +p p 6.1.5.332 inhibitPolicyMapping1P12subCAIPM5Cert.crt +p p 6.1.5.319 inhibitPolicyMapping1P12subsubCACert.crt +p p 6.1.5.334 inhibitPolicyMapping1P12subsubCAIPM5Cert.crt +p p 6.1.5.337 inhibitPolicyMapping1P1CACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? 6.1.5.339 inhibitPolicyMapping1P1SelfIssuedCACert.crt +? ? 6.1.5.347 inhibitPolicyMapping1P1SelfIssuedsubCACert.crt +? ? 6.1.5.340 inhibitPolicyMapping1P1subCACert.crt + +p p 6.1.5.343 inhibitPolicyMapping1P1subsubCACert.crt +p p 6.1.5.323 inhibitPolicyMapping5CACert.crt +p p 6.1.5.325 inhibitPolicyMapping5subCACert.crt +p p 6.1.5.327 inhibitPolicyMapping5subsubCACert.crt +p p 6.1.5.329 inhibitPolicyMapping5subsubsubCACert.crt +p p 6.1.5.160 keyUsageCriticalcRLSignFalseCACert.crt +p p 6.1.5.151 keyUsageCriticalkeyCertSignFalseCACert.crt +p p 6.1.5.157 keyUsageNotCriticalCACert.crt +p p 6.1.5.163 keyUsageNotCriticalcRLSignFalseCACert.crt +p p 6.1.5.154 keyUsageNotCriticalkeyCertSignFalseCACert.crt +p p 6.1.5.380 nameConstraintsDN1CACert.crt + +? ? 6.1.5.416 nameConstraintsDN1SelfIssuedCACert.crt + +p p 6.1.5.401 nameConstraintsDN1subCA1Cert.crt +p p 6.1.5.404 nameConstraintsDN1subCA2Cert.crt +p p 6.1.5.431 nameConstraintsDN1subCA3Cert.crt +p p 6.1.5.386 nameConstraintsDN2CACert.crt +p p 6.1.5.389 nameConstraintsDN3CACert.crt +p p 6.1.5.408 nameConstraintsDN3subCA1Cert.crt +p p 6.1.5.412 nameConstraintsDN3subCA2Cert.crt +p p 6.1.5.393 nameConstraintsDN4CACert.crt +p p 6.1.5.397 nameConstraintsDN5CACert.crt +p p 6.1.5.436 nameConstraintsDNS1CACert.crt +p p 6.1.5.440 nameConstraintsDNS2CACert.crt +p p 6.1.5.419 nameConstraintsRFC822CA1Cert.crt +p p 6.1.5.423 nameConstraintsRFC822CA2Cert.crt +p p 6.1.5.427 nameConstraintsRFC822CA3Cert.crt +p p 6.1.5.444 nameConstraintsURI1CACert.crt +p p 6.1.5.448 nameConstraintsURI2CACert.crt +p p 6.1.5.475 onlyContainsAttributeCertsCACert.crt +p p 6.1.5.471 onlyContainsCACertsCACert.crt +p p 6.1.5.468 onlyContainsUserCertsCACert.crt +p p 6.1.5.478 onlySomeReasonsCA1Cert.crt +p p 6.1.5.483 onlySomeReasonsCA2Cert.crt +p p 6.1.5.487 onlySomeReasonsCA3Cert.crt +p p 6.1.5.491 onlySomeReasonsCA4Cert.crt +p p 6.1.5.107 pathLenConstraint0CACert.crt + +? ? 6.1.5.139 pathLenConstraint0SelfIssuedCACert.crt +? ? 6.1.5.141 pathLenConstraint0subCA2Cert.crt + +p p 6.1.5.109 pathLenConstraint0subCACert.crt +p p 6.1.5.144 pathLenConstraint1CACert.crt + +? ? 6.1.5.146 pathLenConstraint1SelfIssuedCACert.crt +? ? 6.1.5.149 pathLenConstraint1SelfIssuedsubCACert.crt +? ? 6.1.5.147 pathLenConstraint1subCACert.crt + +p p 6.1.5.115 pathLenConstraint6CACert.crt +p p 6.1.5.117 pathLenConstraint6subCA0Cert.crt +p p 6.1.5.123 pathLenConstraint6subCA1Cert.crt +p p 6.1.5.131 pathLenConstraint6subCA4Cert.crt +p p 6.1.5.119 pathLenConstraint6subsubCA00Cert.crt +p p 6.1.5.125 pathLenConstraint6subsubCA11Cert.crt +p p 6.1.5.133 pathLenConstraint6subsubCA41Cert.crt +p p 6.1.5.127 pathLenConstraint6subsubsubCA11XCert.crt +p p 6.1.5.135 pathLenConstraint6subsubsubCA41XCert.crt +p p 6.1.5.61 pre2000CRLnextUpdateCACert.crt +p p 6.1.5.246 requireExplicitPolicy0CACert.crt +p p 6.1.5.248 requireExplicitPolicy0subCACert.crt +p p 6.1.5.250 requireExplicitPolicy0subsubCACert.crt +p p 6.1.5.252 requireExplicitPolicy0subsubsubCACert.crt +p p 6.1.5.219 requireExplicitPolicy10CACert.crt +p p 6.1.5.221 requireExplicitPolicy10subCACert.crt +p p 6.1.5.223 requireExplicitPolicy10subsubCACert.crt +p p 6.1.5.225 requireExplicitPolicy10subsubsubCACert.crt +p p 6.1.5.264 requireExplicitPolicy2CACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? 6.1.5.266 requireExplicitPolicy2SelfIssuedCACert.crt +? ? 6.1.5.271 requireExplicitPolicy2SelfIssuedsubCACert.crt +? ? 6.1.5.268 requireExplicitPolicy2subCACert.crt + +p p 6.1.5.237 requireExplicitPolicy4CACert.crt +p p 6.1.5.239 requireExplicitPolicy4subCACert.crt +p p 6.1.5.241 requireExplicitPolicy4subsubCACert.crt +p p 6.1.5.243 requireExplicitPolicy4subsubsubCACert.crt +p p 6.1.5.228 requireExplicitPolicy5CACert.crt +p p 6.1.5.230 requireExplicitPolicy5subCACert.crt +p p 6.1.5.232 requireExplicitPolicy5subsubCACert.crt +p p 6.1.5.234 requireExplicitPolicy5subsubsubCACert.crt +p p 6.1.5.255 requireExplicitPolicy7CACert.crt +p p 6.1.5.257 requireExplicitPolicy7subCARE2Cert.crt +p p 6.1.5.259 requireExplicitPolicy7subsubCARE2RE4Cert.crt +p p 6.1.5.261 requireExplicitPolicy7subsubsubCARE2RE4Cert.crt + diff --git a/tests/pkits/inhibit-any-policy b/tests/pkits/inhibit-any-policy new file mode 100755 index 0000000..5e625e2 --- /dev/null +++ b/tests/pkits/inhibit-any-policy @@ -0,0 +1,31 @@ +#!/bin/sh +# inhibit-any-policy - PKITS Test 4.12 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.12 +description="Inhibit Any Policy" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/inhibit-policy-mapping b/tests/pkits/inhibit-policy-mapping new file mode 100755 index 0000000..1da5f35 --- /dev/null +++ b/tests/pkits/inhibit-policy-mapping @@ -0,0 +1,31 @@ +#!/bin/sh +# inhibit-policy-mapping - PKITS Test 4.11 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.11 +description="Inhibit Policy Mapping" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/inittests b/tests/pkits/inittests new file mode 100755 index 0000000..deb1854 --- /dev/null +++ b/tests/pkits/inittests @@ -0,0 +1,109 @@ +#!/bin/sh +# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*- +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +set -e + + +clean_files=' +ReadMe.txt pkits.ldif pkits.schema +gpgsm.conf gpg-agent.conf trustlist.txt policies.txt pubring.kbx +msg msg.sig msg.unsig +' + +[ -z "$srcdir" ] && srcdir=. +[ -z "$GPGSM" ] && GPGSM=../../sm/gpgsm + +#if [ -f $srcdir/README ] \ +# && grep tests/pkits/README README >/dev/null 2>&1; then +# : +#else +# # During make distclean the Makefile has already been removed, +# # so we need this extra test. +# if ! grep gnupg-test-pkits-directory testdir.stamp >/dev/null 2>&1; then +# echo "inittests: please cd to the tests/pkits directory first" >&2 +# exit 1 +# fi +#fi + +if [ "$1" = "--clean" ]; then + if [ -d private-keys-v1.d ]; then + rm private-keys-v1.d/* 2>/dev/null || true + rmdir private-keys-v1.d + fi + rm ${clean_files} testdir.stamp 2>/dev/null || true + for i in certs certpairs crls pkcs12 smime; do + if [ -d $i ]; then + rm $i/* 2>/dev/null || true + rmdir $i + fi + done + exit 0 +fi + +if [ "$GNUPGHOME" != "`/bin/pwd`" ]; then + echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2 + exit 1 +fi + +if [ -n "$GPG_AGENT_INFO" ]; then + echo "inittests: please unset GPG_AGENT_INFO" >&2 + exit 1 +fi + +if test -f "$srcdir/PKITS_data.tar.bz2"; then + if ! bunzip2 -c "$srcdir/PKITS_data.tar.bz2" | tar xf - ; then + echo "inittests: failed to untar the test data" >&2 + exit 1 + fi +fi + +# A stamp file used with --clean +echo gnupg-test-pkits-directory > testdir.stamp + + +# Create the configuration scripts +cat > gpgsm.conf <<EOF +no-secmem-warning +no-greeting +batch +disable-crl-checks +disable-dirmngr +agent-program ../../agent/gpg-agent +no-common-certs-import +EOF + +# The set of NIST test policies which should be used if anyPolicy is +# not supported. +cat > policies.txt <<EOF +2.16.840.1.101.3.2.1.48.1 +2.16.840.1.101.3.2.1.48.2 +2.16.840.1.101.3.2.1.48.3 +2.16.840.1.101.3.2.1.48.4 +2.16.840.1.101.3.2.1.48.5 +2.16.840.1.101.3.2.1.48.6 +EOF + +# Fixme: we need to write a dummy pinentry program +cat > gpg-agent.conf <<EOF +no-grab +disable-scdaemon +EOF + +# Mark the root CA trusted +cat > trustlist.txt <<EOF +# /CN=Trust Anchor/O=Test Certificates/C=US +66:8A:47:56:A2:DC:88:FF:DA:B8:95:E1:3C:63:37:55:5F:0A:F7:BF S +EOF + +# Define the standard policies as NIST test-policy-1 +#cat >policies.txt <<EOF +#2.16.840.1.101.3.2.1.48.1 +#EOF diff --git a/tests/pkits/key-usage b/tests/pkits/key-usage new file mode 100755 index 0000000..6e10bb9 --- /dev/null +++ b/tests/pkits/key-usage @@ -0,0 +1,28 @@ +#!/bin/sh +# key-usage - PKITS Test 4.7 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.7 +description="Key Usage" +info "Running $description tests" + + + +final_result diff --git a/tests/pkits/name-constraints b/tests/pkits/name-constraints new file mode 100755 index 0000000..8e36c28 --- /dev/null +++ b/tests/pkits/name-constraints @@ -0,0 +1,31 @@ +#!/bin/sh +# name-constraints - PKITS Test 4.13 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.13 +description="Name Constraints" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/policy-mappings b/tests/pkits/policy-mappings new file mode 100755 index 0000000..8ce9ee8 --- /dev/null +++ b/tests/pkits/policy-mappings @@ -0,0 +1,31 @@ +#!/bin/sh +# policy-mappings - PKITS Test 4.10 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.10 +description="Policy Mappings" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/private-certificate-extensions b/tests/pkits/private-certificate-extensions new file mode 100755 index 0000000..43f3425 --- /dev/null +++ b/tests/pkits/private-certificate-extensions @@ -0,0 +1,31 @@ +#!/bin/sh +# private-certificate-extensions - PKITS Test 4.16 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.16 +description="Private Certificate Extensions" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/require-explicit-policy b/tests/pkits/require-explicit-policy new file mode 100755 index 0000000..ceb87bd --- /dev/null +++ b/tests/pkits/require-explicit-policy @@ -0,0 +1,31 @@ +#!/bin/sh +# require-explicit-policy - PKITS Test 4.9 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.9 +description="Require Explicit Policy" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/runtest b/tests/pkits/runtest new file mode 100755 index 0000000..f054a34 --- /dev/null +++ b/tests/pkits/runtest @@ -0,0 +1,4 @@ +#!/bin/sh +[ -x "$1" ] && exec $1 $2 +exec sh $1 $2 + diff --git a/tests/pkits/signature-verification b/tests/pkits/signature-verification new file mode 100755 index 0000000..7765371 --- /dev/null +++ b/tests/pkits/signature-verification @@ -0,0 +1,167 @@ +#!/bin/sh +# signature-verification - PKITS Test 4.1 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.1 +description="Signature Verification" +info "Running $description tests" + + +start_test 4.1.1 "Valid Signatures Test1" +# The purpose of this test is to verify an application's ability to +# name chain, signature chain, and check validity dates, on +# certificates in a certification path. It also tests processing of +# the basic constraints and key usage extensions in intermediate +# certificates. +clean_homedir +need_cert TrustAnchorRootCertificate +need_crl TrustAnchorRootCRL +need_cert GoodCACert +need_crl GoodCACRL +need_cert ValidCertificatePathTest1EE +if $GPGSM --with-colons --with-validation --list-key 0x126B7002 >$SCRATCH; then + tmp=$($AWK -F: '$1 == "crt" {any=1; print $2}; + END {if(!any) print "error"}' $SCRATCH) + [ -n "$tmp" ] && set_status fail +else + set_status fail +fi +if [ "$test_status" = "none" ]; then + if sed '1,/^.$/d' smime/SignedValidSignaturesTest1.eml \ + | $GPGSM --verify --assume-base64 --status-fd 1 \ + | grep TRUST_FULLY >/dev/null; then + set_status pass + else + set_status fail + fi +fi +end_test + + + +start_test 4.1.2 "Invalid CA Signatures Test2" +# The purpose of this test is to verify an application's ability to +# recognize an invalid signature on an intermediate certificate in a +# certification path. +clean_homedir +need_cert TrustAnchorRootCertificate +need_crl TrustAnchorRootCRL +need_cert BadSignedCACert --import-anyway +need_crl BadSignedCACRL +need_cert InvalidCASignatureTest2EE --import-anyway +if $GPGSM --with-colons --with-validation --list-key 0xD667FE3C >$SCRATCH; then + tmp=$($AWK -F: '$1 == "crt" {any=1; print $2}; + END {if(!any) print "error"}' $SCRATCH) + [ "$tmp" = "i" ] || set_status fail +else + set_status fail +fi +if [ "$test_status" = "none" ]; then + if sed '1,/^.$/d' smime/SignedInvalidCASignatureTest2.eml \ + | $GPGSM --verify --assume-base64 --status-fd 1 \ + | grep TRUST_NEVER >/dev/null; then + set_status pass + else + set_status fail + fi +fi +end_test + + + +start_test 4.1.3 "Invalid EE Signature Test3" +# The purpose of this test is to verify an application's ability to +# recognize an invalid signature on an end entity certificate in a +# certification path. +clean_homedir +need_cert TrustAnchorRootCertificate +need_crl TrustAnchorRootCRL +need_cert GoodCACert +need_crl GoodCACRL +need_cert InvalidEESignatureTest3EE --import-anyway +if $GPGSM --with-colons --with-validation --list-key 0x42E1AEE3 >$SCRATCH; then + tmp=$($AWK -F: '$1 == "crt" {any=1; print $2}; + END {if(!any) print "error"}' $SCRATCH) + [ "$tmp" = "i" ] || set_status fail +else + set_status fail +fi +if [ "$test_status" = "none" ]; then + if sed '1,/^.$/d' smime/SignedInvalidEESignatureTest3.eml \ + | $GPGSM --verify --assume-base64 --status-fd 1 \ + | grep TRUST_NEVER >/dev/null; then + set_status pass + else + set_status fail + fi +fi +end_test + + +start_test 4.1.4 "Valid DSA Signatures Test4" +# The purpose of this test is to verify an application's ability to +# validate certificate in which DSA signatures are used. The +# intermediate CA and the end entity have DSA key pairs. +clean_homedir +need_cert TrustAnchorRootCertificate +need_crl TrustAnchorRootCRL +need_cert DSACACert +need_crl DSACACRL +need_cert ValidDSASignaturesTest4EE +if $GPGSM --with-colons --with-validation --list-key 0x820A72B8 >$SCRATCH; then + tmp=$($AWK -F: '$1 == "crt" {any=1; print $2}; + END {if(!any) print "error"}' $SCRATCH) + [ -n "$tmp" ] && set_status fail +else + set_status fail +fi +if [ "$test_status" = "none" ]; then + # Note: This S/MIME file uses LF and not CR,LF. */ + if sed '1,/^$/d' smime/SignedValidDSASignaturesTest4.eml \ + | $GPGSM --verify --assume-base64 --status-fd 1 \ + | grep TRUST_FULLY >/dev/null; then + set_status pass + else + set_status fail + fi +fi +end_test + + +start_test 4.1.5 "Valid DSA Parameter Inheritance Test5" +# The purpose of this test is to verify an application's ability to +# validate DSA signatures when the DSA parameters are not included in +# a certificate and need to be inherited from a previous certificate +# in the path. The intermediate CAs and the end entity have DSA key +# pairs. +set_status nys +end_test + + +start_test 4.1.6 "Invalid DSA Signature Test6" +# The purpose of this test is to verify an application's ability to +# determine when a DSA signature is invalid. The intermediate CA and +# the end entity have DSA key pairs. +set_status nys +end_test + + + +final_result diff --git a/tests/pkits/validate-all-certs b/tests/pkits/validate-all-certs new file mode 100755 index 0000000..b9da579 --- /dev/null +++ b/tests/pkits/validate-all-certs @@ -0,0 +1,59 @@ +#!/bin/sh +# validate-all-certs - GnuPG import and validate tests -*- sh -*- +# Copyright (C) 2004, 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=6 +description="GnuPG Import with Validation" +info "Running $description tests" + +while read dummy flag section name; do + case $dummy in \#*) continue;; esac + [ -z "$(echo $dummy)" ] && continue; + + description="import and validate $name" + if ${GPGSM} -q --import --with-validation --disable-crl-checks \ + certs/$name ; then + if [ "$flag" = 'p' ]; then + pass "validating certificate \`$name' succeeded" + elif [ "$flag" = 'f' ]; then + fail "validating certificate \`$name' succeeded" + elif [ "$flag" = '?' ]; then + unresolved "validating certificate \`$name' succeeded" + elif [ "$flag" = 'u' ]; then + skip "validating certificate \`$name' succeeded" + else + info "validating certificate \`$name' succeeded - (flag=$flag)" + fi + else + if [ "$flag" = 'p' ]; then + fail "validating certificate \`$name' failed" + elif [ "$flag" = 'f' ]; then + pass "validating certificate \`$name' failed" + elif [ "$flag" = '?' ]; then + unresolved "validating certificate \`$name' failed" + elif [ "$flag" = 'u' ]; then + skip "validating certificate \`$name' failed" + else + info "validating certificate \`$name' failed - (flag=$flag)" + fi + fi +done < $srcdir/import-all-certs.data + +final_result diff --git a/tests/pkits/validity-periods b/tests/pkits/validity-periods new file mode 100755 index 0000000..90f1764 --- /dev/null +++ b/tests/pkits/validity-periods @@ -0,0 +1,218 @@ +#!/bin/sh +# validity-periods - PKITS Test 4.2 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.2 +description="Validity Periods" +info "Running $description tests" + +start_test 4.2.1 "Invalid CA notBefore Date Test1" +# In this test, the intermediate certificate's notBefore date is after +# the current date. +clean_homedir +need_cert TrustAnchorRootCertificate +need_crl TrustAnchorRootCRL +need_cert BadnotBeforeDateCACert +need_crl BadnotBeforeDateCACRL +need_cert InvalidCAnotBeforeDateTest1EE +if $GPGSM --faked-system-time $MYTIME \ + --with-colons --with-validation --list-key 0x459ADD33 >$SCRATCH; then + tmp=$($AWK -F: '$1 == "crt" {any=1; print $2}; + END {if(!any) print "error"}' $SCRATCH) + [ "$tmp" = "i" ] || set_status fail +else + set_status fail +fi +if [ "$test_status" = "none" ]; then + if sed '1,/^.$/d' smime/SignedInvalidCAnotBeforeDateTest1.eml \ + | $GPGSM --faked-system-time $MYTIME \ + --verify --assume-base64 --status-fd 1 --logger-fd 1 \ + | tee $SCRATCH \ + | grep TRUST_UNDEFINED >/dev/null; then + if grep 'intermediate certificate not yet valid' $SCRATCH >/dev/null \ + && grep 'invalid certification chain: Certificate too young' \ + $SCRATCH >/dev/null + then + set_status pass + fi + fi + set_status fail +fi +end_test + + +start_test 4.2.2 "Invalid EE notBefore Date Test2" +# In this test, the end entity certificate's notBefore date is after +# the current date. + +# Procedure: Validate Invalid EE notBefore Date Test2 EE using the +# default settings or open and verify Signed Test Message 6.2.2.5 +# using the default settings. + +# Expected Result: The path should not validate successfully as the +# notBefore date in the end entity certificate is after the current +# date. + +# Certification Path: The certification path is composed of the +# following objects: Trust Anchor Root Certificate, Trust Anchor +# Root CRL Good CA Cert, Good CA CRL Invalid EE notBefore Date +# Test2 EE + +end_test + + + +start_test 4.2.3 "Valid pre2000 UTC notBefore Date Test3" +# In this test, the end entity certificate's notBefore date is set to +# 1950 and is encoded in UTCTime. +# +# Procedure: Validate Valid pre2000 UTC notBefore Date Test3 EE +# using the default settings or open and +# verify Signed Test Message 6.2.2.6 using +# the default settings. +# +# Expected Result: The path should validate successfully as the +# notBefore date in the end entity +# certificate is before the current date. +# +# Certification Path: The certification path is composed of the +# following objects: Trust Anchor Root Certificate, +# Trust Anchor Root CRL Good CA Cert, Good CA CRL Valid +# pre2000 UTC notBefore Date Test3 EE +# +end_test + + + +start_test 4.2.4 "Valid GeneralizedTime notBefore Date Test4" +# In this test, the end entity certificate's notBefore date is +# specified in GeneralizedTime. +# +# Procedure: Validate Valid GeneralizedTime notBefore Date Test4 EE +# using the default settings or open and +# verify Signed Test Message 6.2.2.7 using +# the default settings. +# +# Expected Result: The path should validate successfully. +# +# Certification Path: +# The certification path is composed of the following objects: +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Good CA Cert, Good CA CRL +# Valid GeneralizedTime notBefore Date Test4 EE +# +end_test + + + +start_test 4.2.5 "Invalid CA notAfter Date Test5" +# In this test, the intermediate certificate's notAfter date is before +# the current date. + +# Procedure: Validate Invalid CA notAfter Date Test5 EE using the +# default settings or open and verify +# Signed Test Message 6.2.2.8 using the +# default settings. +# +# Expected Result: The path should not validate successfully as the +# notAfter date in the intermediate +# certificate is before the current date. +# +# Certification Path: The certification path is composed of the +# following objects: +# +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Bad notAfter Date CA Cert, Bad notAfter Date CA CRL +# Invalid CA notAfter Date Test5 EE +# +end_test + + +start_test 4.2.6 "Invalid EE notAfter Date Test6" +# In this test, the end entity certificate's notAfter date is before +# the current date. + +# Procedure: Validate Invalid EE notAfter Date Test6 EE using the +# default settings or open and verify +# Signed Test Message 6.2.2.9 using the +# default settings. +# +# Expected Result: The path should not validate successfully as the +# notAfter date in the end certificate is +# before the current date. +# +# Certification Path: The certification path is composed of the +# following objects: +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Good CA Cert, Good CA CRL +# Invalid EE notAfter Date Test6 EE + +end_test + + +start_test 4.2.7 "Invalid pre2000 UTC EE notAfter Date Test7" +# In this test, the end entity certificate's notAfter date is 1999 and +# is encoded in UTCTime. + +# Procedure: Validate Invalid pre2000 UTC EE notAfter Date Test7 EE +# using the default settings or open and +# verify Signed Test Message 6.2.2.10 using +# the default settings. +# +# Expected Result: The path should not validate successfully as the +# notAfter date in the end certificate is +# before the current date. +# +# +# Certification Path: The certification path is composed of the +# following objects: +# +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Good CA Cert, Good CA CRL +# Invalid pre2000 UTC EE notAfter Date Test7 EE + +end_test + + + +start_test 4.2.8 "Valid GeneralizedTime notAfter Date Test8" +# In this test, the end entity certificate's notAfter date is 2050 and +# is encoded in GeneralizedTime. + +# Procedure: Validate Valid GeneralizedTime notAfter Date Test8 EE +# using the default settings or open and +# verify Signed Test Message 6.2.2.11 using +# the default settings. +# +# Expected Result: The path should validate successfully as the +# notAfter date in the end certificate is +# after the current date. +# +# +# Trust Anchor Root Certificate, Trust Anchor Root CRL +# Good CA Cert, Good CA CRL +# Valid GeneralizedTime notAfter Date Test8 EE + +end_test + + + + +final_result diff --git a/tests/pkits/verifying-basic-constraints b/tests/pkits/verifying-basic-constraints new file mode 100755 index 0000000..0e052f3 --- /dev/null +++ b/tests/pkits/verifying-basic-constraints @@ -0,0 +1,31 @@ +#!/bin/sh +# verifying-basic-constraints - PKITS Test 4.6 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.6 +description="Verifying Basic Constraints" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/verifying-name-chaining b/tests/pkits/verifying-name-chaining new file mode 100755 index 0000000..9bdbb59 --- /dev/null +++ b/tests/pkits/verifying-name-chaining @@ -0,0 +1,31 @@ +#!/bin/sh +# verifying-name-chaining - PKITS Test 4.3 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.3 +description="Verifying Name Chaining" +info "Running $description tests" + + + + + + +final_result diff --git a/tests/pkits/verifying-paths-self-issued b/tests/pkits/verifying-paths-self-issued new file mode 100755 index 0000000..443d7ad --- /dev/null +++ b/tests/pkits/verifying-paths-self-issued @@ -0,0 +1,31 @@ +#!/bin/sh +# verifying-paths-self-issued - PKITS Test 4.5 -*- sh -*- +# Copyright (C) 2008 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. + +. ${srcdir:-.}/common.sh || exit 2 + +section=4.5 +description="Verifying Paths with Self-Issued Certificates" +info "Running $description tests" + + + + + + +final_result |