diff options
Diffstat (limited to '')
27 files changed, 1070 insertions, 29 deletions
diff --git a/tests/ChangeLog b/tests/ChangeLog index c6b3b9af1..f12d9afbe 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,29 @@ +2006-06-08 Marcus Brinkmann <[email protected]> + + * asschk.c (__func__) [__STDC_VERSION__ < 199901L && __GNUC__ >= 2]: + Define macro to __FUNCTION__. + (die): Use __func__ instead of __FUNCTION__. + +2005-10-07 Marcus Brinkmann <[email protected]> + + * Makefile.am (TESTS_ENVIRONMENT): Remove LD_LIBRARY_PATH hack. + It's the responsibility of the person building the software to set + it properly. + +2004-09-30 Werner Koch <[email protected]> + + * Makefile.am (SUBDIRS): Remove pkits until the copyright issues + have been cleared. + +2004-08-16 Werner Koch <[email protected]> + + * Makefile.am: Descend into the new pkits directory + +2004-02-20 Werner Koch <[email protected]> + + * Makefile.am: Reset GPG_AGENT_INFO here + * runtest: and not anymore here. + 2002-12-04 Werner Koch <[email protected]> * inittests (gpgsm.conf): Fake system time. diff --git a/tests/Makefile.am b/tests/Makefile.am index 622b5fe58..38b64c6ea 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -15,34 +15,26 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. ## Process this file with automake to produce Makefile.in + +#if RUN_PKITS_TESTS +#pkits = pkits +#else +#pkits = +#endif +# +#SUBDIRS = . ${pkits} + + GPGSM = ../sm/gpgsm -# We can't unset a variable here so we unset GPG_AGENT_INFO in runtest -TESTS_ENVIRONMENT = GNUPGHOME=`pwd` LC_ALL=C GPGSM=$(GPGSM) \ - LD_LIBRARY_PATH=$$(seen=0; \ - for i in $(LDFLAGS) $(LIBGCRYPT_LIBS) $(PTH_LIBS); \ - do \ - if echo "$$i" | egrep '^-L' >/dev/null 2>&1; \ - then \ - if test $$seen = 0; \ - then \ - seen=1; \ - else \ - printf ":"; \ - fi; \ - printf "%s" "$${i}" | sed 's/^-L//'; \ - fi; \ - done; \ - if test $$seen != 0 \ - && test x$${LD_LIBRARY_PATH} != x; \ - then \ - printf ":"; \ - fi; \ - printf "%s" "$${LD_LIBRARY_PATH}") $(srcdir)/runtest + +TESTS_ENVIRONMENT = GNUPGHOME=`pwd` GPG_AGENT_INFO= LC_ALL=C GPGSM=$(GPGSM) \ + $(srcdir)/runtest testscripts = sm-sign+verify sm-verify @@ -57,7 +49,7 @@ EXTRA_DIST = runtest inittests $(testscripts) \ TESTS = $(testscripts) -CLEANFILES = inittests.stamp x y y z out err +CLEANFILES = inittests.stamp x y y z out err \ *.lock .\#lk* DISTCLEANFILES = pubring.kbx~ random_seed diff --git a/tests/asschk.c b/tests/asschk.c index 83a8ca5af..40b95ba7d 100644 --- a/tests/asschk.c +++ b/tests/asschk.c @@ -15,7 +15,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. */ /* This is a simple stand-alone Assuan server test program. We don't @@ -59,10 +60,10 @@ Print VALUE. openfile <filename> - Open file FILENAME for read access and retrun the file descriptor. + Open file FILENAME for read access and return the file descriptor. createfile <filename> - Create file FILENAME, open for write access and retrun the file + Create file FILENAME, open for write access and return the file descriptor. pipeserver <program> @@ -116,6 +117,18 @@ # define ATTR_PRINTF(f,a) #endif +#if __STDC_VERSION__ < 199901L +# if __GNUC__ >= 2 +# define __func__ __FUNCTION__ +# else +/* Let's try our luck here. Some systems may provide __func__ without + providing __STDC_VERSION__ 199901L. */ +# if 0 +# define __func__ "<unknown>" +# endif +# endif +#endif + #define spacep(p) (*(p) == ' ' || *(p) == '\t') #define MAX_LINELEN 2048 @@ -188,7 +201,7 @@ die (const char *format, ...) exit (1); } -#define die(format, args...) (die) ("%s: " format, __FUNCTION__ , ##args) +#define die(format, args...) (die) ("%s: " format, __func__ , ##args) static void err (const char *format, ...) diff --git a/tests/extrasamples/README b/tests/extrasamples/README new file mode 100644 index 000000000..31efcbde0 --- /dev/null +++ b/tests/extrasamples/README @@ -0,0 +1,11 @@ +Extra test data where it is not clear whether we may distribute them. Thus +we only keep them in the CVS. + +dod-test9.p12 A file from the DoD X.509 tests suite, September 2001. + Passphrase is "password". + +siemens-ZZZZZ000.crt +siemens-ZZZZZ0EE.crt + Two certificates from the Siemens CA featuring a trailing + garbage byte and crlDPs with several names. + diff --git a/tests/extrasamples/dod-test9.p12 b/tests/extrasamples/dod-test9.p12 Binary files differnew file mode 100644 index 000000000..a109b1aa9 --- /dev/null +++ b/tests/extrasamples/dod-test9.p12 diff --git a/tests/extrasamples/siemens-ZZZZZ000.crt b/tests/extrasamples/siemens-ZZZZZ000.crt Binary files differnew file mode 100644 index 000000000..6807b5c26 --- /dev/null +++ b/tests/extrasamples/siemens-ZZZZZ000.crt diff --git a/tests/extrasamples/siemens-ZZZZZ0EE.crt b/tests/extrasamples/siemens-ZZZZZ0EE.crt Binary files differnew file mode 100644 index 000000000..e8a50dbb0 --- /dev/null +++ b/tests/extrasamples/siemens-ZZZZZ0EE.crt diff --git a/tests/pkits/ChangeLog b/tests/pkits/ChangeLog new file mode 100644 index 000000000..084e6cec8 --- /dev/null +++ b/tests/pkits/ChangeLog @@ -0,0 +1,23 @@ +2006-05-02 Werner Koch <[email protected]> + + * PKITS_data.tar.bz2: Repackaged new copy becuase the old one got + corrupted by the conversion fromCVS to SVN. + +2004-08-16 Werner Koch <[email protected]> + + Started implementing PKITS based tests. + + + Copyright 2004 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + + + diff --git a/tests/pkits/Makefile.am b/tests/pkits/Makefile.am new file mode 100644 index 000000000..d53d35a25 --- /dev/null +++ b/tests/pkits/Makefile.am @@ -0,0 +1,70 @@ +# Makefile.am - tests using NIST's PKITS +# Copyright (C) 2004 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +## Process this file with automake to produce Makefile.in + +GPGSM = ../../sm/gpgsm + +TESTS_ENVIRONMENT = GNUPGHOME=`pwd` GPG_AGENT_INFO= LC_ALL=C GPGSM=$(GPGSM) \ + LD_LIBRARY_PATH=$$(seen=0; \ + for i in $(LDFLAGS) $(LIBGCRYPT_LIBS) $(PTH_LIBS); \ + do \ + if echo "$$i" | egrep '^-L' >/dev/null 2>&1; \ + then \ + if test $$seen = 0; \ + then \ + seen=1; \ + else \ + printf ":"; \ + fi; \ + printf "%s" "$${i}" | sed 's/^-L//'; \ + fi; \ + done; \ + if test $$seen != 0 \ + && test x$${LD_LIBRARY_PATH} != x; \ + then \ + printf ":"; \ + fi; \ + printf "%s" "$${LD_LIBRARY_PATH}") $(srcdir)/runtest + + + +testscripts = import-all-certs validate-all-certs + + + +EXTRA_DIST = PKITS_data.tar.bz2 inittests runtest $(testscripts) + import-all-certs.data + +TESTS = $(testscripts) + +CLEANFILES = inittests.stamp x y y z out err *.lock .\#lk* *.log + +DISTCLEANFILES = pubring.kbx~ random_seed + +all-local: inittests.stamp + +clean-local: + srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean + +inittests.stamp: inittests + srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests + echo timestamp >./inittests.stamp + diff --git a/tests/pkits/PKITS_data.tar.bz2 b/tests/pkits/PKITS_data.tar.bz2 Binary files differnew file mode 100644 index 000000000..687d504f6 --- /dev/null +++ b/tests/pkits/PKITS_data.tar.bz2 diff --git a/tests/pkits/README b/tests/pkits/README new file mode 100644 index 000000000..79678cf30 --- /dev/null +++ b/tests/pkits/README @@ -0,0 +1,12 @@ +tests/pkits/README + +These are tests based on NIST's Public Key Interoperability Test Suite +(PKITS) as downloaded on 2006-05-02 from +http://csrc.nist.gov/pki/testing/x509paths.html . + +README - this file. +PKITS_data.tar.bz2 - the orginal ZIP file, repackaged as a tarball. +Makefile.am - Part of our build system. + + +The password for the p12 files is "password". diff --git a/tests/pkits/common.sh b/tests/pkits/common.sh new file mode 100644 index 000000000..09fb62bc8 --- /dev/null +++ b/tests/pkits/common.sh @@ -0,0 +1,136 @@ +#!/bin/sh +# common.sh - common defs for all tests -*- sh -*- +# Copyright (C) 2004 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +# reset some environment variables because we do not want to test locals +export LANG=C +export LANGUAGE=C +export LC_ALL=C + + +[ "$VERBOSE" = yes ] && set -x +[ -z "$srcdir" ] && srcdir="." +[ -z "$top_srcdir" ] && top_srcdir=".." +[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm" + + +if [ "$GNUPGHOME" != "`pwd`" ]; then + echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2 + exit 1 +fi + +if [ -n "$GPG_AGENT_INFO" ]; then + echo "inittests: please unset GPG_AGENT_INFO" >&2 + exit 1 +fi + + + +#-------------------------------- +#------ utility functions ------- +#-------------------------------- + +echo_n_init=no +echo_n () { + if test "$echo_n_init" = "no"; then + if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + echo_n_n= + echo_n_c=' +' + else + echo_n_n='-n' + echo_n_c= + fi + else + echo_n_n= + echo_n_c='\c' + fi + echo_n_init=yes + fi + echo $echo_n_n "${1}$echo_n_c" +} + +fatal () { + echo "$pgmname: fatal:" $* >&2 + exit 1; +} + +error () { + echo "$pgmname:" $* >&2 + exit 1 +} + +info () { + echo "$pgmname:" $* >&2 +} + +info_n () { + $echo_n "$pgmname:" $* >&2 +} + +pass () { + echo "PASS: " $* >&2 + pass_count=`expr ${pass_count} + 1` +} + +fail () { + echo "FAIL: " $* >&2 + fail_count=`expr ${fail_count} + 1` +} + +unresolved () { + echo "UNRESOLVED: " $* >&2 + unresolved_count=`expr ${unresolved_count} + 1` +} + +unsupported () { + echo "UNSUPPORTED: " $* >&2 + unsupported_count=`expr ${unsupported_count} + 1` +} + + +final_result () { + [ $pass_count = 0 ] || info "$pass_count tests passed" + [ $fail_count = 0 ] || info "$fail_count tests failed" + [ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved" + [ $unsupported_count = 0 ] || info "$unsupported_count tests unsupported" + if [ $fail_count = 0 ]; then + info "all tests passed" + else + exit 1 + fi +} + +set -e + +pgmname=`basename $0` + +pass_count=0 +fail_count=0 +unresolved_count=0 +unsupported_count=0 + + +#trap cleanup SIGHUP SIGINT SIGQUIT +exec 2> ${pgmname}.log + +: +# end diff --git a/tests/pkits/import-all-certs b/tests/pkits/import-all-certs new file mode 100755 index 000000000..2d70d06df --- /dev/null +++ b/tests/pkits/import-all-certs @@ -0,0 +1,54 @@ +#!/bin/sh +# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*- +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +. ${srcdir:-.}/common.sh || exit 2 + +while read flag dummy name; do + case $flag in \#*) continue;; esac + [ -z "$flag" ] && continue; + + if ${GPGSM} -q --import certs/$name ; then + if [ "$flag" = 'p' ]; then + pass "importing certificate \`$name' succeeded" + elif [ "$flag" = 'f' ]; then + fail "importing certificate \`$name' succeeded" + elif [ "$flag" = '?' ]; then + unresolved "importing certificate \`$name' succeeded" + elif [ "$flag" = 'u' ]; then + unsupported "importing certificate \`$name' succeeded" + else + info "importing certificate \`$name' succeeded - (flag=$flag)" + fi + else + if [ "$flag" = 'p' ]; then + fail "importing certificate \`$name' failed" + elif [ "$flag" = 'f' ]; then + pass "importing certificate \`$name' failed" + elif [ "$flag" = '?' ]; then + unresolved "importing certificate \`$name' failed" + elif [ "$flag" = 'u' ]; then + unsupported "importing certificate \`$name' failed" + else + info "importing certificate \`$name' failed - (flag=$flag)" + fi + fi +done < $srcdir/import-all-certs.data + +final_result diff --git a/tests/pkits/import-all-certs.data b/tests/pkits/import-all-certs.data new file mode 100644 index 000000000..18708aa61 --- /dev/null +++ b/tests/pkits/import-all-certs.data @@ -0,0 +1,490 @@ +# The first column is for the basic import test, the second for a +# validation test. + +# Make sure that the root certificate is imported first +p p TrustAnchorRootCertificate.crt + +p p AllCertificatesNoPoliciesTest2EE.crt +p p AllCertificatesSamePoliciesTest10EE.crt +p p AllCertificatesSamePoliciesTest13EE.crt +p p AllCertificatesanyPolicyTest11EE.crt +p p AnyPolicyTest14EE.crt +p p BadCRLIssuerNameCACert.crt +p p BadCRLSignatureCACert.crt +f f BadSignedCACert.crt +p f BadnotAfterDateCACert.crt + +# UTC: "470101120100Z" i.e. not before 2047-01-01 +p f BadnotBeforeDateCACert.crt + +p p BasicSelfIssuedCRLSigningKeyCACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? BasicSelfIssuedCRLSigningKeyCRLCert.crt + +p p BasicSelfIssuedNewKeyCACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? BasicSelfIssuedNewKeyOldWithNewCACert.crt + +p p BasicSelfIssuedOldKeyCACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? BasicSelfIssuedOldKeyNewWithOldCACert.crt + +p p CPSPointerQualifierTest20EE.crt + +u u DSACACert.crt +u u DSAParametersInheritedCACert.crt + +p p DifferentPoliciesTest12EE.crt +p p DifferentPoliciesTest3EE.crt +p p DifferentPoliciesTest4EE.crt +p p DifferentPoliciesTest5EE.crt +p p DifferentPoliciesTest7EE.crt +p p DifferentPoliciesTest8EE.crt +p p DifferentPoliciesTest9EE.crt +p p GeneralizedTimeCRLnextUpdateCACert.crt +p p GoodCACert.crt +p p GoodsubCACert.crt + +# gpgsm: critical certificate extension 2.5.29.33 (policyMappings) +# is not supported +p u GoodsubCAPanyPolicyMapping1to2CACert.crt + +# fixme: gpgme does not fail for it. +p f InvalidBadCRLIssuerNameTest5EE.crt + +p f InvalidBadCRLSignatureTest4EE.crt +p f InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt + +f f InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt + +p f InvalidBasicSelfIssuedNewWithOldTest5EE.crt + +f f InvalidBasicSelfIssuedOldWithNewTest2EE.crt + +p f InvalidCASignatureTest2EE.crt + +p f InvalidCAnotAfterDateTest5EE.crt +p f InvalidCAnotBeforeDateTest1EE.crt +p f InvalidDNSnameConstraintsTest31EE.crt +p f InvalidDNSnameConstraintsTest33EE.crt +p f InvalidDNSnameConstraintsTest38EE.crt +p f InvalidDNandRFC822nameConstraintsTest28EE.crt +p f InvalidDNandRFC822nameConstraintsTest29EE.crt +p f InvalidDNnameConstraintsTest10EE.crt +p f InvalidDNnameConstraintsTest12EE.crt +p f InvalidDNnameConstraintsTest13EE.crt +p f InvalidDNnameConstraintsTest15EE.crt +p f InvalidDNnameConstraintsTest16EE.crt +p f InvalidDNnameConstraintsTest17EE.crt + +f f InvalidDNnameConstraintsTest20EE.crt + +p f InvalidDNnameConstraintsTest2EE.crt +p f InvalidDNnameConstraintsTest3EE.crt +p f InvalidDNnameConstraintsTest7EE.crt +p f InvalidDNnameConstraintsTest8EE.crt +p f InvalidDNnameConstraintsTest9EE.crt + +u u InvalidDSASignatureTest6EE.crt + +f f InvalidEESignatureTest3EE.crt + +p f InvalidEEnotAfterDateTest6EE.crt +p f InvalidEEnotBeforeDateTest2EE.crt +p f InvalidIDPwithindirectCRLTest23EE.crt +p f InvalidIDPwithindirectCRLTest26EE.crt +p f InvalidLongSerialNumberTest18EE.crt +p f InvalidMappingFromanyPolicyTest7EE.crt +p f InvalidMappingToanyPolicyTest8EE.crt +p f InvalidMissingCRLTest1EE.crt +p f InvalidMissingbasicConstraintsTest1EE.crt +p f InvalidNameChainingOrderTest2EE.crt +p f InvalidNameChainingTest1EE.crt +p f InvalidNegativeSerialNumberTest15EE.crt +p f InvalidOldCRLnextUpdateTest11EE.crt +p f InvalidPolicyMappingTest10EE.crt +p f InvalidPolicyMappingTest2EE.crt +p f InvalidPolicyMappingTest4EE.crt +p f InvalidRFC822nameConstraintsTest22EE.crt +p f InvalidRFC822nameConstraintsTest24EE.crt +p f InvalidRFC822nameConstraintsTest26EE.crt +p f InvalidRevokedCATest2EE.crt +p f InvalidRevokedEETest3EE.crt + +f f InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt + +p f InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt +p f InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt +p f InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt +p f InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt +p f InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt +p f InvalidSelfIssuedpathLenConstraintTest16EE.crt +p f InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt +p f InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt + +f f InvalidSeparateCertificateandCRLKeysTest20EE.crt +f f InvalidSeparateCertificateandCRLKeysTest21EE.crt + +p f InvalidURInameConstraintsTest35EE.crt +p f InvalidURInameConstraintsTest37EE.crt +p f InvalidUnknownCRLEntryExtensionTest8EE.crt +p f InvalidUnknownCRLExtensionTest10EE.crt +p f InvalidUnknownCRLExtensionTest9EE.crt +p f InvalidUnknownCriticalCertificateExtensionTest2EE.crt +p f InvalidWrongCRLTest6EE.crt +p f InvalidcAFalseTest2EE.crt +p f InvalidcAFalseTest3EE.crt +p f InvalidcRLIssuerTest27EE.crt +p f InvalidcRLIssuerTest31EE.crt +p f InvalidcRLIssuerTest32EE.crt +p f InvalidcRLIssuerTest34EE.crt +p f InvalidcRLIssuerTest35EE.crt +p f InvaliddeltaCRLIndicatorNoBaseTest1EE.crt +p f InvaliddeltaCRLTest10EE.crt +p f InvaliddeltaCRLTest3EE.crt +p f InvaliddeltaCRLTest4EE.crt +p f InvaliddeltaCRLTest6EE.crt +p f InvaliddeltaCRLTest9EE.crt +p f InvaliddistributionPointTest2EE.crt +p f InvaliddistributionPointTest3EE.crt +p f InvaliddistributionPointTest6EE.crt +p f InvaliddistributionPointTest8EE.crt +p f InvaliddistributionPointTest9EE.crt +p f InvalidinhibitAnyPolicyTest1EE.crt +p f InvalidinhibitAnyPolicyTest4EE.crt +p f InvalidinhibitAnyPolicyTest5EE.crt +p f InvalidinhibitAnyPolicyTest6EE.crt +p f InvalidinhibitPolicyMappingTest1EE.crt +p f InvalidinhibitPolicyMappingTest3EE.crt +p f InvalidinhibitPolicyMappingTest5EE.crt +p f InvalidinhibitPolicyMappingTest6EE.crt +p f InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt +p f InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt +p f InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt +p f InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt +p f InvalidonlyContainsAttributeCertsTest14EE.crt +p f InvalidonlyContainsCACertsTest12EE.crt +p f InvalidonlyContainsUserCertsTest11EE.crt +p f InvalidonlySomeReasonsTest15EE.crt +p f InvalidonlySomeReasonsTest16EE.crt +p f InvalidonlySomeReasonsTest17EE.crt +p f InvalidonlySomeReasonsTest20EE.crt +p f InvalidonlySomeReasonsTest21EE.crt +p f InvalidpathLenConstraintTest10EE.crt +p f InvalidpathLenConstraintTest11EE.crt +p f InvalidpathLenConstraintTest12EE.crt +p f InvalidpathLenConstraintTest5EE.crt +p f InvalidpathLenConstraintTest6EE.crt +p f InvalidpathLenConstraintTest9EE.crt +p f Invalidpre2000CRLnextUpdateTest12EE.crt +p f Invalidpre2000UTCEEnotAfterDateTest7EE.crt +p f InvalidrequireExplicitPolicyTest3EE.crt +p f InvalidrequireExplicitPolicyTest5EE.crt +p p LongSerialNumberCACert.crt +p p Mapping1to2CACert.crt +p p MappingFromanyPolicyCACert.crt +p p MappingToanyPolicyCACert.crt +p p MissingbasicConstraintsCACert.crt +p p NameOrderingCACert.crt +p p NegativeSerialNumberCACert.crt +p p NoCRLCACert.crt +p p NoPoliciesCACert.crt +p p NoissuingDistributionPointCACert.crt +p p OldCRLnextUpdateCACert.crt +p p OverlappingPoliciesTest6EE.crt +p p P12Mapping1to3CACert.crt +p p P12Mapping1to3subCACert.crt +p p P12Mapping1to3subsubCACert.crt +p p P1Mapping1to234CACert.crt +p p P1Mapping1to234subCACert.crt +p p P1anyPolicyMapping1to2CACert.crt +p p PanyPolicyMapping1to2CACert.crt +p p PoliciesP1234CACert.crt +p p PoliciesP1234subCAP123Cert.crt +p p PoliciesP1234subsubCAP123P12Cert.crt +p p PoliciesP123CACert.crt +p p PoliciesP123subCAP12Cert.crt +p p PoliciesP123subsubCAP12P1Cert.crt +p p PoliciesP123subsubCAP12P2Cert.crt +p p PoliciesP123subsubsubCAP12P2P1Cert.crt +p p PoliciesP12CACert.crt +p p PoliciesP12subCAP1Cert.crt +p p PoliciesP12subsubCAP1P2Cert.crt +p p PoliciesP2subCA2Cert.crt +p p PoliciesP2subCACert.crt +p p PoliciesP3CACert.crt +p p RFC3280MandatoryAttributeTypesCACert.crt +p p RFC3280OptionalAttributeTypesCACert.crt +p p RevokedsubCACert.crt +p p RolloverfromPrintableStringtoUTF8StringCACert.crt +p p SeparateCertificateandCRLKeysCA2CRLSigningCert.crt +p p SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt +p p SeparateCertificateandCRLKeysCRLSigningCert.crt +p p SeparateCertificateandCRLKeysCertificateSigningCACert.crt +p p TwoCRLsCACert.crt +p p UIDCACert.crt +p p UTF8StringCaseInsensitiveMatchCACert.crt +p p UTF8StringEncodedNamesCACert.crt +p p UnknownCRLEntryExtensionCACert.crt +p p UnknownCRLExtensionCACert.crt +p p UserNoticeQualifierTest15EE.crt +p p UserNoticeQualifierTest16EE.crt +p p UserNoticeQualifierTest17EE.crt +p p UserNoticeQualifierTest18EE.crt +p p UserNoticeQualifierTest19EE.crt +p p ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? ValidBasicSelfIssuedNewWithOldTest3EE.crt + +p p ValidBasicSelfIssuedNewWithOldTest4EE.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? ValidBasicSelfIssuedOldWithNewTest1EE.crt + +p p ValidCertificatePathTest1EE.crt +p p ValidDNSnameConstraintsTest30EE.crt +p p ValidDNSnameConstraintsTest32EE.crt +p p ValidDNandRFC822nameConstraintsTest27EE.crt +p p ValidDNnameConstraintsTest11EE.crt + +# This certificate has an empty subject sequence. Our parser does not +# support this yet and it is unlikely that gpgsm will be able to cope +# with it at all. +u u ValidDNnameConstraintsTest14EE.crt + +p p ValidDNnameConstraintsTest18EE.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? ValidDNnameConstraintsTest19EE.crt + +p p ValidDNnameConstraintsTest1EE.crt +p p ValidDNnameConstraintsTest4EE.crt +p p ValidDNnameConstraintsTest5EE.crt +p p ValidDNnameConstraintsTest6EE.crt + +u p ValidDSAParameterInheritanceTest5EE.crt +u p ValidDSASignaturesTest4EE.crt + +p p ValidGeneralizedTimeCRLnextUpdateTest13EE.crt +p p ValidGeneralizedTimenotAfterDateTest8EE.crt +p p ValidGeneralizedTimenotBeforeDateTest4EE.crt +p p ValidIDPwithindirectCRLTest22EE.crt +p p ValidIDPwithindirectCRLTest24EE.crt +p p ValidIDPwithindirectCRLTest25EE.crt +p p ValidLongSerialNumberTest16EE.crt +p p ValidLongSerialNumberTest17EE.crt +p p ValidNameChainingCapitalizationTest5EE.crt +p p ValidNameChainingWhitespaceTest3EE.crt +p p ValidNameChainingWhitespaceTest4EE.crt +p p ValidNameUIDsTest6EE.crt +p p ValidNegativeSerialNumberTest14EE.crt +p p ValidNoissuingDistributionPointTest10EE.crt +p p ValidPolicyMappingTest11EE.crt +p p ValidPolicyMappingTest12EE.crt +p p ValidPolicyMappingTest13EE.crt +p p ValidPolicyMappingTest14EE.crt +p p ValidPolicyMappingTest1EE.crt +p p ValidPolicyMappingTest3EE.crt +p p ValidPolicyMappingTest5EE.crt +p p ValidPolicyMappingTest6EE.crt +p p ValidPolicyMappingTest9EE.crt +p p ValidRFC3280MandatoryAttributeTypesTest7EE.crt +p p ValidRFC3280OptionalAttributeTypesTest8EE.crt +p p ValidRFC822nameConstraintsTest21EE.crt +p p ValidRFC822nameConstraintsTest23EE.crt +p p ValidRFC822nameConstraintsTest25EE.crt +p p ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt +p p ValidSelfIssuedinhibitAnyPolicyTest7EE.crt +p p ValidSelfIssuedinhibitAnyPolicyTest9EE.crt +p p ValidSelfIssuedinhibitPolicyMappingTest7EE.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? ValidSelfIssuedpathLenConstraintTest15EE.crt + +p p ValidSelfIssuedpathLenConstraintTest17EE.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? ValidSelfIssuedrequireExplicitPolicyTest6EE.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? ValidSeparateCertificateandCRLKeysTest19EE.crt + +p p ValidTwoCRLsTest7EE.crt +p p ValidURInameConstraintsTest34EE.crt +p p ValidURInameConstraintsTest36EE.crt +p p ValidUTF8StringCaseInsensitiveMatchTest11EE.crt +p p ValidUTF8StringEncodedNamesTest9EE.crt +p p ValidUnknownNotCriticalCertificateExtensionTest1EE.crt +p p ValidbasicConstraintsNotCriticalTest4EE.crt +p p ValidcRLIssuerTest28EE.crt +p p ValidcRLIssuerTest29EE.crt +p p ValidcRLIssuerTest30EE.crt +p p ValidcRLIssuerTest33EE.crt +p p ValiddeltaCRLTest2EE.crt +p p ValiddeltaCRLTest5EE.crt +p p ValiddeltaCRLTest7EE.crt +p p ValiddeltaCRLTest8EE.crt +p p ValiddistributionPointTest1EE.crt +p p ValiddistributionPointTest4EE.crt +p p ValiddistributionPointTest5EE.crt +p p ValiddistributionPointTest7EE.crt +p p ValidinhibitAnyPolicyTest2EE.crt +p p ValidinhibitPolicyMappingTest2EE.crt +p p ValidinhibitPolicyMappingTest4EE.crt +p p ValidkeyUsageNotCriticalTest3EE.crt +p p ValidonlyContainsCACertsTest13EE.crt +p p ValidonlySomeReasonsTest18EE.crt +p p ValidonlySomeReasonsTest19EE.crt +p p ValidpathLenConstraintTest13EE.crt +p p ValidpathLenConstraintTest14EE.crt +p p ValidpathLenConstraintTest7EE.crt +p p ValidpathLenConstraintTest8EE.crt +p p Validpre2000UTCnotBeforeDateTest3EE.crt +p p ValidrequireExplicitPolicyTest1EE.crt +p p ValidrequireExplicitPolicyTest2EE.crt +p p ValidrequireExplicitPolicyTest4EE.crt +p p WrongCRLCACert.crt +p p anyPolicyCACert.crt +p p basicConstraintsCriticalcAFalseCACert.crt +p p basicConstraintsNotCriticalCACert.crt +p p basicConstraintsNotCriticalcAFalseCACert.crt +p p deltaCRLCA1Cert.crt +p p deltaCRLCA2Cert.crt +p p deltaCRLCA3Cert.crt +p p deltaCRLIndicatorNoBaseCACert.crt +p p distributionPoint1CACert.crt +p p distributionPoint2CACert.crt +p p indirectCRLCA1Cert.crt +p p indirectCRLCA2Cert.crt +p p indirectCRLCA3Cert.crt +p p indirectCRLCA3cRLIssuerCert.crt +p p indirectCRLCA4Cert.crt +p p indirectCRLCA4cRLIssuerCert.crt +p p indirectCRLCA5Cert.crt +p p indirectCRLCA6Cert.crt +p p inhibitAnyPolicy0CACert.crt +p p inhibitAnyPolicy1CACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? inhibitAnyPolicy1SelfIssuedCACert.crt +? ? inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt + +p p inhibitAnyPolicy1subCA1Cert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? inhibitAnyPolicy1subCA2Cert.crt + +p p inhibitAnyPolicy1subCAIAP5Cert.crt +p p inhibitAnyPolicy1subsubCA2Cert.crt +p p inhibitAnyPolicy5CACert.crt +p p inhibitAnyPolicy5subCACert.crt +p p inhibitAnyPolicy5subsubCACert.crt +p p inhibitAnyPolicyTest3EE.crt +p p inhibitPolicyMapping0CACert.crt +p p inhibitPolicyMapping0subCACert.crt +p p inhibitPolicyMapping1P12CACert.crt +p p inhibitPolicyMapping1P12subCACert.crt +p p inhibitPolicyMapping1P12subCAIPM5Cert.crt +p p inhibitPolicyMapping1P12subsubCACert.crt +p p inhibitPolicyMapping1P12subsubCAIPM5Cert.crt +p p inhibitPolicyMapping1P1CACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? inhibitPolicyMapping1P1SelfIssuedCACert.crt +? ? inhibitPolicyMapping1P1SelfIssuedsubCACert.crt +? ? inhibitPolicyMapping1P1subCACert.crt + +p p inhibitPolicyMapping1P1subsubCACert.crt +p p inhibitPolicyMapping5CACert.crt +p p inhibitPolicyMapping5subCACert.crt +p p inhibitPolicyMapping5subsubCACert.crt +p p inhibitPolicyMapping5subsubsubCACert.crt +p p keyUsageCriticalcRLSignFalseCACert.crt +p p keyUsageCriticalkeyCertSignFalseCACert.crt +p p keyUsageNotCriticalCACert.crt +p p keyUsageNotCriticalcRLSignFalseCACert.crt +p p keyUsageNotCriticalkeyCertSignFalseCACert.crt +p p nameConstraintsDN1CACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? nameConstraintsDN1SelfIssuedCACert.crt + +p p nameConstraintsDN1subCA1Cert.crt +p p nameConstraintsDN1subCA2Cert.crt +p p nameConstraintsDN1subCA3Cert.crt +p p nameConstraintsDN2CACert.crt +p p nameConstraintsDN3CACert.crt +p p nameConstraintsDN3subCA1Cert.crt +p p nameConstraintsDN3subCA2Cert.crt +p p nameConstraintsDN4CACert.crt +p p nameConstraintsDN5CACert.crt +p p nameConstraintsDNS1CACert.crt +p p nameConstraintsDNS2CACert.crt +p p nameConstraintsRFC822CA1Cert.crt +p p nameConstraintsRFC822CA2Cert.crt +p p nameConstraintsRFC822CA3Cert.crt +p p nameConstraintsURI1CACert.crt +p p nameConstraintsURI2CACert.crt +p p onlyContainsAttributeCertsCACert.crt +p p onlyContainsCACertsCACert.crt +p p onlyContainsUserCertsCACert.crt +p p onlySomeReasonsCA1Cert.crt +p p onlySomeReasonsCA2Cert.crt +p p onlySomeReasonsCA3Cert.crt +p p onlySomeReasonsCA4Cert.crt +p p pathLenConstraint0CACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? pathLenConstraint0SelfIssuedCACert.crt +? ? pathLenConstraint0subCA2Cert.crt + +p p pathLenConstraint0subCACert.crt +p p pathLenConstraint1CACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? pathLenConstraint1SelfIssuedCACert.crt +? ? pathLenConstraint1SelfIssuedsubCACert.crt +? ? pathLenConstraint1subCACert.crt + +p p pathLenConstraint6CACert.crt +p p pathLenConstraint6subCA0Cert.crt +p p pathLenConstraint6subCA1Cert.crt +p p pathLenConstraint6subCA4Cert.crt +p p pathLenConstraint6subsubCA00Cert.crt +p p pathLenConstraint6subsubCA11Cert.crt +p p pathLenConstraint6subsubCA41Cert.crt +p p pathLenConstraint6subsubsubCA11XCert.crt +p p pathLenConstraint6subsubsubCA41XCert.crt +p p pre2000CRLnextUpdateCACert.crt +p p requireExplicitPolicy0CACert.crt +p p requireExplicitPolicy0subCACert.crt +p p requireExplicitPolicy0subsubCACert.crt +p p requireExplicitPolicy0subsubsubCACert.crt +p p requireExplicitPolicy10CACert.crt +p p requireExplicitPolicy10subCACert.crt +p p requireExplicitPolicy10subsubCACert.crt +p p requireExplicitPolicy10subsubsubCACert.crt +p p requireExplicitPolicy2CACert.crt + +# For yet unknown reasons gpgsm claims a bad signature. +? ? requireExplicitPolicy2SelfIssuedCACert.crt +? ? requireExplicitPolicy2SelfIssuedsubCACert.crt +? ? requireExplicitPolicy2subCACert.crt + +p p requireExplicitPolicy4CACert.crt +p p requireExplicitPolicy4subCACert.crt +p p requireExplicitPolicy4subsubCACert.crt +p p requireExplicitPolicy4subsubsubCACert.crt +p p requireExplicitPolicy5CACert.crt +p p requireExplicitPolicy5subCACert.crt +p p requireExplicitPolicy5subsubCACert.crt +p p requireExplicitPolicy5subsubsubCACert.crt +p p requireExplicitPolicy7CACert.crt +p p requireExplicitPolicy7subCARE2Cert.crt +p p requireExplicitPolicy7subsubCARE2RE4Cert.crt +p p requireExplicitPolicy7subsubsubCARE2RE4Cert.crt + diff --git a/tests/pkits/inittests b/tests/pkits/inittests new file mode 100755 index 000000000..e5d136fd9 --- /dev/null +++ b/tests/pkits/inittests @@ -0,0 +1,94 @@ +#!/bin/sh +# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*- +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +set -e + + +clean_files=' +ReadMe.txt pkits.ldif pkits.schema +gpgsm.conf gpg-agent.conf trustlist.txt policies.txt pubring.kbx +msg msg.sig msg.unsig +' + +[ -z "$srcdir" ] && srcdir=. +[ -z "$GPGSM" ] && GPGSM=../../sm/gpgsm + +if [ -f $srcdir/README ] \ + && grep tests/pkits/README README >/dev/null 2>&1; then + : +else + # During make distclean the Makefile has already been removed, + # so we need this extra test. + if ! grep gnupg-test-pkits-directory testdir.stamp >/dev/null 2>&1; then + echo "inittests: please cd to the tests/pkits directory first" >&2 + exit 1 + fi +fi + +if [ "$1" = "--clean" ]; then + if [ -d private-keys-v1.d ]; then + rm private-keys-v1.d/* 2>/dev/null || true + rmdir private-keys-v1.d + fi + rm ${clean_files} testdir.stamp 2>/dev/null || true + for i in certs certpairs crls pkcs12 smime; do + if [ -d $i ]; then + rm $i/* 2>/dev/null || true + rmdir $i + fi + done + exit 0 +fi + +if [ "$GNUPGHOME" != "`pwd`" ]; then + echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2 + exit 1 +fi + +if [ -n "$GPG_AGENT_INFO" ]; then + echo "inittests: please unset GPG_AGENT_INFO" >&2 + exit 1 +fi + +if ! bunzip2 -c PKITS_data.tar.bz2 | tar xf - ; then + echo "inittests: failed to untar the test data" >&2 + exit 1 +fi + + +# A stamp file used with --clean +echo gnupg-test-pkits-directory > testdir.stamp + + +# Create the configuration scripts +cat > gpgsm.conf <<EOF +no-secmem-warning +no-greeting +batch +disable-crl-checks +agent-program ../../agent/gpg-agent +EOF + +# Fixme: we need to write a dummy pinentry program +cat > gpg-agent.conf <<EOF +no-grab +EOF + +# Mark the root CA trusted +cat > trustlist.txt <<EOF +# /CN=Trust Anchor/O=Test Certificates/C=US +66:8A:47:56:A2:DC:88:FF:DA:B8:95:E1:3C:63:37:55:5F:0A:F7:BF S +EOF + +# Define the standard policies as NIST test-policy-1 +#cat >policies.txt <<EOF +#2.16.840.1.101.3.2.1.48.1 +#EOF diff --git a/tests/pkits/runtest b/tests/pkits/runtest new file mode 100755 index 000000000..f054a3498 --- /dev/null +++ b/tests/pkits/runtest @@ -0,0 +1,4 @@ +#!/bin/sh +[ -x "$1" ] && exec $1 $2 +exec sh $1 $2 + diff --git a/tests/pkits/validate-all-certs b/tests/pkits/validate-all-certs new file mode 100755 index 000000000..08f72af71 --- /dev/null +++ b/tests/pkits/validate-all-certs @@ -0,0 +1,56 @@ +#!/bin/sh +# validate-all-certs -*- sh -*- +# Copyright (C) 2004 Free Software Foundation, Inc. +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +. ${srcdir:-.}/common.sh || exit 2 + +while read dummy flag name; do + case $dummy in \#*) continue;; esac + [ -z "$dummy" ] && continue; + + if ${GPGSM} -q --import --with-validation --disable-crl-checks \ + certs/$name ; then + if [ "$flag" = 'p' ]; then + pass "validating certificate \`$name' succeeded" + elif [ "$flag" = 'f' ]; then + fail "validating certificate \`$name' succeeded" + elif [ "$flag" = '?' ]; then + unresolved "validating certificate \`$name' succeeded" + elif [ "$flag" = 'u' ]; then + unsupported "validating certificate \`$name' succeeded" + else + info "validating certificate \`$name' succeeded - (flag=$flag)" + fi + else + if [ "$flag" = 'p' ]; then + fail "validating certificate \`$name' failed" + elif [ "$flag" = 'f' ]; then + pass "validating certificate \`$name' failed" + elif [ "$flag" = '?' ]; then + unresolved "validating certificate \`$name' failed" + elif [ "$flag" = 'u' ]; then + unsupported "validating certificate \`$name' failed" + else + info "validating certificate \`$name' failed - (flag=$flag)" + fi + fi +done < $srcdir/import-all-certs.data + +final_result diff --git a/tests/runtest b/tests/runtest index 71385fb46..8d5078647 100755 --- a/tests/runtest +++ b/tests/runtest @@ -1,5 +1,4 @@ #!/bin/sh -unset GPG_AGENT_INFO [ -x "$1" ] && exec $1 $2 exec ./asschk --no-echo -DGPGSM=${GPGSM} <"$1" diff --git a/tests/samplekeys/README b/tests/samplekeys/README new file mode 100644 index 000000000..0e8877907 --- /dev/null +++ b/tests/samplekeys/README @@ -0,0 +1,17 @@ +This is a collection of keys we use with the regression tests. + +opensc-tests.p12 PKCS#12 key and certificates taken from OpenSC. + Passphrase is "password" + +ov-user.p12 Private tests keys from www.openvalidation.org. +ov-server.p12 Passphrase for both is "start" + +ossl-rentec-user.pem An OpenSSL generated user certificate using a + bunch of attributes and DC RDNs. + +webderoot.der trust.web.de Root CA certificate [2004-02-17] +webdeca.der trust.web.de CA certificate [2004-02-17] + + + + diff --git a/tests/samplekeys/cryptlib-key.p12 b/tests/samplekeys/cryptlib-key.p12 Binary files differnew file mode 100644 index 000000000..5c23e95a7 --- /dev/null +++ b/tests/samplekeys/cryptlib-key.p12 diff --git a/tests/samplekeys/opensc-test.p12 b/tests/samplekeys/opensc-test.p12 Binary files differnew file mode 100644 index 000000000..990b1279a --- /dev/null +++ b/tests/samplekeys/opensc-test.p12 diff --git a/tests/samplekeys/ossl-rentec-user.pem b/tests/samplekeys/ossl-rentec-user.pem new file mode 100644 index 000000000..290b0ef0d --- /dev/null +++ b/tests/samplekeys/ossl-rentec-user.pem @@ -0,0 +1,44 @@ +-----BEGIN CERTIFICATE----- +MIIHnTCCBYWgAwIBAgIBATANBgkqhkiG9w0BAQQFADBGMRMwEQYKCZImiZPyLGQB +GRYDY29tMRYwFAYKCZImiZPyLGQBGRYGcmVudGVjMRcwFQYDVQQDDA5SZW5haXNz +YW5jZSBDQTAeFw0wNDAxMTAwNDE1NDZaFw0wNjAxMDkwNDE1NDZaMFcxEzARBgoJ +kiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZyZW50ZWMxDzANBgNVBAsM +BlBlb3BsZTEXMBUGA1UEAwwOS2Fyc3RlbiBLw7xubmUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDBoZHGO+Ikq/Uhb9a4nUBuKayowUVga0wPQCiWhoLV +u2tDVWf7U9uzFrz/6JMIIBT3MIe5hBgQrYWq80/na3WO+H7vd4nR3gUfPBrfDPCm +HPm9nRMV1BsnFeg+2O0N+mfci2e/PLu7Ph9Arrr4+C0IVKQWxdNiqYj/gA0mSYvw +aThuBe8px3PZPAosZ9oGuhKmT+J9JtGe3qcyGPoW6yPEVpAUff0EFBGFI+wvaRV/ +vlK2omekQ2GkirzMqywTYiBPMuQ0abIjWZJn6ThR4FspIFLDAFnppwbZHMozrBYm +vS7pkoTK+DGVzk6kdbRxugWr61q0CQfL8b6VdfB6SGqxAgMBAAGjggODMIIDfzAJ +BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCBeAwHQYD +VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMFAGCWCGSAGG+EIBDQRDFkFPcGVu +U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZSwgaXNzdWVkIGJ5IFJlbmFpc3NhbmNl +IFRlY2huLiBDb3JwLjAdBgNVHQ4EFgQUh6HtcbLmbeEAQSpU73jYI7Ap0HUwbgYD +VR0jBGcwZYAUXqKKaiAqs5Gz38Yq0UGucAGbLd+hSqRIMEYxEzARBgoJkiaJk/Is +ZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZyZW50ZWMxFzAVBgNVBAMMDlJlbmFp +c3NhbmNlIENBggEAMDgGA1UdEgQxMC+BDWNhQHJlbnRlYy5jb22GHmh0dHBzOi8v +d3d3LnJlbnRlYy5jb206ODQ0NC9jYTA9BgNVHR8ENjA0MDKgMKAuhixodHRwczov +L3d3dy5yZW50ZWMuY29tOjg0NDQvY2EvcmVudGVjX2NhLmNybDA6BggrBgEFBQcB +AQQuMCwwKgYIKwYBBQUHMAGGHmh0dHA6Ly9jb3VnYXIucmVudGVjLmNvbTo4MDgy +LzAuBglghkgBhvhCAQIEIRYfaHR0cHM6Ly93d3cucmVudGVjLmNvbTo4NDQ0L2Nh +LzAcBglghkgBhvhCAQgEDxYNY2Fwb2xpY3kuaHRtbDAlBglghkgBhvhCAQMEGBYW +Y2dpLWJpbi9jaGVjay1yZXYuY2dpPzCCAQUGA1UdIASB/TCB+jCB9wYKKwYBBAHD +SAMBATCB6DA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cucmVudGVjLmNvbTo4NDQ0 +L2NhL2NhcG9saWN5Lmh0bWwwgasGCCsGAQUFBwICMIGeGoGbT3BlblNTTCBHZW5l +cmF0ZWQgQ2VydGlmaWNhdGUsIGlzc3VlZCBieSBSZW5haXNzYW5jZSBUZWNobi4g +Q29ycC4sIFRoaXMgY2VydGlmaWNhdGUgaXMgdmFsaWQgb25seSBmb3IgU1NMIENs +aWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEUtTWFpbCAoUy9NSU1FKS4w +HAYDVR0RBBUwE4ERa3Vlbm5lQHJlbnRlYy5jb20wDQYJKoZIhvcNAQEEBQADggIB +AGgYIKrR5nQKICNuXl1OwWFwk+CgnbDrVIrIoFiwRlSqaNsedXMXIDYHdyE/LYwR +VaiHFimV5WywIPeoBKiws67ZcWVfGGvxF2CZuCcnuQpAyKn+J0PDAaTi3z/uoi4n +YPUVMpfU/7TPXVo4pjFfUmm9XJ6dduC6SlAN+1/xDRR1dy2WqNLcN1dpyoUTtEWp +Xvp7I66oLfWahKs0d4fOXIrZmyLqKN3H8CLrZPz8b4Skw+wWxEUIqJEkRKez5adK +Ry1VK21nIwUUWHfLvrqw4CgZvpMQVEZRhsiOPqlHEH+epDV4hD5/OCG5oK+8RoKA +Yw1xjs3gOCCf6GDVrftBBLsYQufL7E4BOD4RKDYQCo6HD7cHXfy+RttdIcKzlq4u +6QbzFgIkc3KF0/U5FpvKxQHyfQwoD8AORWF6myjGtM13ij8yXg4Mx1sgKOY9IK1/ +muLauYAamNdCSkD5+0ecmYJ98G7022zUTBE8LR6FFHAG+3F8mzP+oI2eOwJYzMFW +Zw3MNUCarArIyxts/+izpOEIfkf0ztx1TckCTGd/F7WAkQcDHZHsf8Vb+eaLTltk +rEM6mnpov+YCO8qb/vmr2018fNS5haTJvECjLbYRy6RV2v6wRPNbYRHN3og87h/8 +2HUYfYCVebbJdzSwkQGApPty9mx2wr3EwB7KTT+IjXkp +-----END CERTIFICATE----- + diff --git a/tests/samplekeys/ov-server.p12 b/tests/samplekeys/ov-server.p12 Binary files differnew file mode 100644 index 000000000..52f2d558d --- /dev/null +++ b/tests/samplekeys/ov-server.p12 diff --git a/tests/samplekeys/ov-user.p12 b/tests/samplekeys/ov-user.p12 Binary files differnew file mode 100644 index 000000000..bb53a3d1a --- /dev/null +++ b/tests/samplekeys/ov-user.p12 diff --git a/tests/samplekeys/webdeca.der b/tests/samplekeys/webdeca.der Binary files differnew file mode 100644 index 000000000..9532e3fa5 --- /dev/null +++ b/tests/samplekeys/webdeca.der diff --git a/tests/samplekeys/webderoot.der b/tests/samplekeys/webderoot.der Binary files differnew file mode 100644 index 000000000..3fedd9cd0 --- /dev/null +++ b/tests/samplekeys/webderoot.der diff --git a/tests/samplemsgs/webde-buenemann-signed.cms b/tests/samplemsgs/webde-buenemann-signed.cms Binary files differnew file mode 100644 index 000000000..9ed2dc1c4 --- /dev/null +++ b/tests/samplemsgs/webde-buenemann-signed.cms |