Make TSA tests use the noprompt mode of utilities rather than piping

the result into interative utilities.

Make TSA tests use the noprompt mode of utilities rather than piping
the result into interative utilities.
cf32ad7f · Dr. Stephen Henson · ad0e4396 · cf32ad7f · cf32ad7f
隐藏空白更改
内联并排

Showing with 38 addition and 51 deletion

test/CAtsa.cnf test/CAtsa.cnf +18 -24

test/testtsa test/testtsa +20 -27

未找到文件。
--- a/test/CAtsa.cnf
+++ b/test/CAtsa.cnf
@@ -11,6 +11,9 @@ RANDFILE		= $ENV::HOME/.rnd
 # Extra OBJECT IDENTIFIER info:
 oid_section		= new_oids

+TSDNSECT		= ts_cert_dn
+INDEX			= 1
+
 [ new_oids ]

 # Policies used by the TSA tests.
@@ -53,36 +56,27 @@ emailAddress		= optional
 [ req ]
 default_bits		= 1024
 default_md		= sha1
-distinguished_name	= req_distinguished_name
+distinguished_name	= $ENV::TSDNSECT
 encrypt_rsa_key		= no
+prompt 			= no
 # attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert

 string_mask = nombstr

-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= HU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= 
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= 
+[ ts_ca_dn ]
+countryName			= HU
+stateOrProvinceName		= Budapest
+localityName			= Budapest
+organizationName		= Gov-CA Ltd.
+commonName			= ca1

-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
+[ ts_cert_dn ]
+countryName			= HU
+stateOrProvinceName		= Budapest
+localityName			= Buda
+organizationName		= Hun-TSA Ltd.
+commonName			= tsa$ENV::INDEX

 [ tsa_cert ]

@@ -138,7 +132,7 @@ dir		= .			# TSA root directory
 serial		= $dir/tsa_serial	# The current serial number (mandatory)
 signer_cert	= $dir/tsa_cert1.pem 	# The TSA signing certificate
 					# (optional)
-certs		= $dir/demoCA/cacert.pem# Certificate chain to include in reply
+certs		= $dir/tsaca.pem	# Certificate chain to include in reply
 					# (optional)
 signer_key	= $dir/tsa_key1.pem	# The TSA private key (optional)


--- a/test/testtsa
+++ b/test/testtsa
@@ -39,36 +39,29 @@ clean_up_dir () {
 create_ca () {

    echo "Creating a new CA for the TSA tests..."
-    /bin/rm -fr demoCA
-    $SH ../../apps/CA.sh -newca <<EOF
-
-HU
-Budapest
-Budapest
-Gov-CA Ltd.
-ca1
-EOF
+    TSDNSECT=ts_ca_dn
+    export TSDNSECT   
+    ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
+	-out tsaca.pem -keyout tsacakey.pem
    test $? != 0 && error
 }

 create_tsa_cert () {

    INDEX=$1
+    export INDEX
    EXT=$2
-    ../../util/shlib_wrap.sh ../../apps/openssl req -new -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem <<EOF
-HU
-Budapest
-Buda
-Hun-TSA Ltd.
-tsa${INDEX}
-EOF
-    test $? != 0 && error
+    TSDNSECT=ts_cert_dn
+    export TSDNSECT   

-    ../../util/shlib_wrap.sh ../../apps/openssl ca -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
-	-extensions $EXT <<EOF
-y
-y
-EOF
+    ../../util/shlib_wrap.sh ../../apps/openssl req -new \
+	-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
+    test $? != 0 && error
+echo Using extension $EXT
+    ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
+	-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
+	-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
+	-extfile $OPENSSL_CONF -extensions $EXT
    test $? != 0 && error
 }

@@ -128,10 +121,10 @@ time_stamp_response_token_test () {

 verify_time_stamp_response () {

-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem
    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile demoCA/cacert.pem \
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem
    test $? != 0 && error
 }
@@ -142,16 +135,16 @@ verify_time_stamp_token () {
    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
-	-CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem
+	-CAfile tsaca.pem -untrusted tsa_cert1.pem
    test $? != 0 && error
    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
-	-CAfile demoCA/cacert.pem -untrusted tsa_cert1.pem
+	-CAfile tsaca.pem -untrusted tsa_cert1.pem
    test $? != 0 && error
 }

 verify_time_stamp_response_fail () {

-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile demoCA/cacert.pem \
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
 	-untrusted tsa_cert1.pem
    # Checks if the verification failed, as it should have.
    test $? = 0 && error