Blame - tests/test_x509v3_nist2.sh - vendor/opensource/hostap

blob: ec34a8b37a2af86d7b7bc9e0f1b1b3575423b77b [file] [log] [blame]

Jouni Malinen	655702f	2009-12-06 18:10:52 +0200	[diff] [blame]	1	#!/bin/bash
Jouni Malinen	6fc6879	2008-02-27 17:34:43 -0800	[diff] [blame]	2
				3	# Public Key Interoperability Test Suite (PKITS)
				4	# http://csrc.nist.gov/pki/testing/x509paths.html
Jouni Malinen	655702f	2009-12-06 18:10:52 +0200	[diff] [blame]	5	# http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/PKITS_data.zip
Jouni Malinen	6fc6879	2008-02-27 17:34:43 -0800	[diff] [blame]	6
				7	if [ -z "$1" ]; then
				8	echo "usage: $0 <path to root test directory>"
				9	exit 1
				10	fi
				11
				12	TESTS=$1
				13
				14	if [ ! -d $TESTS ]; then
				15	echo "Not a directory: $TESTS"
				16	exit 1
				17	fi
				18
Jouni Malinen	655702f	2009-12-06 18:10:52 +0200	[diff] [blame]	19	X509TEST="$PWD/test-x509v3 -v"
Jouni Malinen	6fc6879	2008-02-27 17:34:43 -0800	[diff] [blame]	20	TMPOUT="$PWD/test_x509v3_nist2.out"
				21
				22	# TODO: add support for validating CRLs
				23
				24	SUCCESS=""
				25	FAILURE=""
				26
				27	function run_test
				28	{
				29	NUM=$1
				30	RES=$2
				31	shift 2
				32	$X509TEST "$@" TrustAnchorRootCertificate.crt > $TMPOUT.$NUM
				33	VALRES=$?
				34	OK=0
				35	if [ $RES -eq 0 ]; then
				36	# expecting success
				37	if [ $VALRES -eq 0 ]; then
				38	OK=1
				39	else
				40	echo "$NUM failed - expected validation success"
				41	OK=0
				42	fi
				43	else
				44	# expecting failure
				45	if [ $VALRES -eq 0 ]; then
				46	echo "$NUM failed - expected validation failure"
				47	OK=0
				48	else
				49	REASON=`grep "Certificate chain validation failed: " $TMPOUT.$NUM`
				50	if [ $? -eq 0 ]; then
				51	REASONNUM=`echo "$REASON" \| colrm 1 37`
				52	if [ $REASONNUM -eq $RES ]; then
				53	OK=1
				54	else
				55	echo "$NUM failed - expected validation result $RES; result was $REASONNUM"
				56	OK=0
				57	fi
				58	else
Jouni Malinen	f1aac5c	2014-05-09 22:49:49 +0300	[diff] [blame]	59	if [ $RES -eq -1 ]; then
				60	if grep -q "Failed to parse X.509 certificate" $TMPOUT.$NUM; then
				61	OK=1
				62	else
				63	echo "$NUM failed - expected parsing failure; other type of error detected"
				64	OK=0
				65	fi
				66	else
				67	echo "$NUM failed - expected validation failure; other type of error detected"
				68	OK=0
				69	fi
Jouni Malinen	6fc6879	2008-02-27 17:34:43 -0800	[diff] [blame]	70	fi
				71	fi
				72	fi
				73	if [ $OK -eq 1 ]; then
				74	rm $TMPOUT.$NUM
				75	SUCCESS="$SUCCESS $NUM"
				76	else
				77	FAILURE="$FAILURE $NUM"
				78	fi
				79	}
				80
				81	pushd $TESTS/certs
				82
				83	run_test 4.1.1 0 ValidCertificatePathTest1EE.crt GoodCACert.crt
				84	run_test 4.1.2 1 InvalidCASignatureTest2EE.crt BadSignedCACert.crt
				85	run_test 4.1.3 1 InvalidEESignatureTest3EE.crt GoodCACert.crt
				86
				87	run_test 4.2.1 4 InvalidCAnotBeforeDateTest1EE.crt BadnotBeforeDateCACert.crt
				88	run_test 4.2.2 4 InvalidEEnotBeforeDateTest2EE.crt GoodCACert.crt
				89	run_test 4.2.3 0 Validpre2000UTCnotBeforeDateTest3EE.crt GoodCACert.crt
				90	run_test 4.2.4 0 ValidGeneralizedTimenotBeforeDateTest4EE.crt GoodCACert.crt
				91	run_test 4.2.5 4 InvalidCAnotAfterDateTest5EE.crt BadnotAfterDateCACert.crt
				92	run_test 4.2.6 4 InvalidEEnotAfterDateTest6EE.crt GoodCACert.crt
				93	run_test 4.2.7 4 Invalidpre2000UTCEEnotAfterDateTest7EE.crt GoodCACert.crt
				94	run_test 4.2.8 0 ValidGeneralizedTimenotAfterDateTest8EE.crt GoodCACert.crt
				95
				96	run_test 4.3.1 5 InvalidNameChainingTest1EE.crt GoodCACert.crt
				97	run_test 4.3.2 5 InvalidNameChainingOrderTest2EE.crt NameOrderingCACert.crt
				98	run_test 4.3.3 0 ValidNameChainingWhitespaceTest3EE.crt GoodCACert.crt
				99	run_test 4.3.4 0 ValidNameChainingWhitespaceTest4EE.crt GoodCACert.crt
				100	run_test 4.3.5 0 ValidNameChainingCapitalizationTest5EE.crt GoodCACert.crt
				101	run_test 4.3.6 0 ValidNameUIDsTest6EE.crt UIDCACert.crt
				102	run_test 4.3.7 0 ValidRFC3280MandatoryAttributeTypesTest7EE.crt RFC3280MandatoryAttributeTypesCACert.crt
				103	run_test 4.3.8 0 ValidRFC3280OptionalAttributeTypesTest8EE.crt RFC3280OptionalAttributeTypesCACert.crt
				104	run_test 4.3.9 0 ValidUTF8StringEncodedNamesTest9EE.crt UTF8StringEncodedNamesCACert.crt
				105	run_test 4.3.10 0 ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt RolloverfromPrintableStringtoUTF8StringCACert.crt
				106	run_test 4.3.11 0 ValidUTF8StringCaseInsensitiveMatchTest11EE.crt UTF8StringCaseInsensitiveMatchCACert.crt
				107
				108	run_test 4.4.1 1 InvalidMissingCRLTest1EE.crt NoCRLCACert.crt
				109	# skip rest of 4.4.x tests since CRLs are not yet supported
				110
				111	run_test 4.5.1 0 ValidBasicSelfIssuedOldWithNewTest1EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt
				112	run_test 4.5.2 3 InvalidBasicSelfIssuedOldWithNewTest2EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt
				113	run_test 4.5.3 0 ValidBasicSelfIssuedNewWithOldTest3EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt
				114	run_test 4.5.4 0 ValidBasicSelfIssuedNewWithOldTest4EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt
				115	run_test 4.5.5 3 InvalidBasicSelfIssuedNewWithOldTest5EE.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt BasicSelfIssuedOldKeyCACert.crt
				116	run_test 4.5.6 0 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt
				117	run_test 4.5.7 3 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt
				118	run_test 4.5.8 1 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt
				119
				120	run_test 4.6.1 1 InvalidMissingbasicConstraintsTest1EE.crt MissingbasicConstraintsCACert.crt
				121	run_test 4.6.2 1 InvalidcAFalseTest2EE.crt basicConstraintsCriticalcAFalseCACert.crt
				122	run_test 4.6.3 1 InvalidcAFalseTest3EE.crt basicConstraintsNotCriticalcAFalseCACert.crt
				123	run_test 4.6.4 0 ValidbasicConstraintsNotCriticalTest4EE.crt basicConstraintsNotCriticalCACert.crt
				124	run_test 4.6.5 1 InvalidpathLenConstraintTest5EE.crt pathLenConstraint0subCACert.crt pathLenConstraint0CACert.crt
				125	run_test 4.6.6 1 InvalidpathLenConstraintTest6EE.crt pathLenConstraint0subCACert.crt pathLenConstraint0CACert.crt
				126	run_test 4.6.7 0 ValidpathLenConstraintTest7EE.crt pathLenConstraint0CACert.crt
				127	run_test 4.6.8 0 ValidpathLenConstraintTest8EE.crt pathLenConstraint0CACert.crt
				128	run_test 4.6.9 1 InvalidpathLenConstraintTest9EE.crt pathLenConstraint6subsubCA00Cert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6CACert.crt
				129	run_test 4.6.10 1 InvalidpathLenConstraintTest10EE.crt pathLenConstraint6subsubCA00Cert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6CACert.crt
				130	run_test 4.6.11 1 InvalidpathLenConstraintTest11EE.crt pathLenConstraint6subsubsubCA11XCert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6CACert.crt
				131	run_test 4.6.12 1 InvalidpathLenConstraintTest12EE.crt pathLenConstraint6subsubsubCA11XCert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6CACert.crt
				132	run_test 4.6.13 0 ValidpathLenConstraintTest13EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt
				133	run_test 4.6.14 0 ValidpathLenConstraintTest14EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt
				134	run_test 4.6.15 0 ValidSelfIssuedpathLenConstraintTest15EE.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0CACert.crt
				135	run_test 4.6.16 1 InvalidSelfIssuedpathLenConstraintTest16EE.crt pathLenConstraint0subCA2Cert.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0CACert.crt
				136	run_test 4.6.17 0 ValidSelfIssuedpathLenConstraintTest17EE.crt pathLenConstraint1SelfIssuedsubCACert.crt pathLenConstraint1subCACert.crt pathLenConstraint1SelfIssuedCACert.crt pathLenConstraint1CACert.crt
				137
				138	run_test 4.7.1 1 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt keyUsageCriticalkeyCertSignFalseCACert.crt
				139	run_test 4.7.2 1 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt keyUsageNotCriticalkeyCertSignFalseCACert.crt
				140	run_test 4.7.3 0 ValidkeyUsageNotCriticalTest3EE.crt keyUsageNotCriticalCACert.crt
				141	run_test 4.7.4 1 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt keyUsageCriticalcRLSignFalseCACert.crt
				142	run_test 4.7.5 1 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt keyUsageNotCriticalcRLSignFalseCACert.crt
				143
				144	run_test 4.8.1 0 ValidCertificatePathTest1EE.crt GoodCACert.crt
				145	run_test 4.8.2 0 AllCertificatesNoPoliciesTest2EE.crt NoPoliciesCACert.crt
				146	run_test 4.8.3 0 DifferentPoliciesTest3EE.crt PoliciesP2subCACert.crt GoodCACert.crt
				147	run_test 4.8.4 0 DifferentPoliciesTest4EE.crt GoodsubCACert.crt GoodCACert.crt
				148	run_test 4.8.5 0 DifferentPoliciesTest5EE.crt PoliciesP2subCA2Cert.crt GoodCACert.crt
				149	run_test 4.8.6 0 OverlappingPoliciesTest6EE.crt PoliciesP1234subsubCAP123P12Cert.crt PoliciesP1234subCAP123Cert.crt PoliciesP1234CACert.crt
				150	run_test 4.8.7 0 DifferentPoliciesTest7EE.crt PoliciesP123subsubCAP12P1Cert.crt PoliciesP123subCAP12Cert.crt PoliciesP123CACert.crt
				151	run_test 4.8.8 0 DifferentPoliciesTest8EE.crt PoliciesP12subsubCAP1P2Cert.crt PoliciesP12subCAP1Cert.crt PoliciesP12CACert.crt
				152	run_test 4.8.9 0 DifferentPoliciesTest9EE.crt PoliciesP123subsubsubCAP12P2P1Cert.crt PoliciesP123subsubCAP12P2Cert.crt PoliciesP123subCAP12Cert.crt PoliciesP123CACert.crt
				153	run_test 4.8.10 0 AllCertificatesSamePoliciesTest10EE.crt PoliciesP12CACert.crt
				154	run_test 4.8.11 0 AllCertificatesanyPolicyTest11EE.crt anyPolicyCACert.crt
				155	run_test 4.8.12 0 DifferentPoliciesTest12EE.crt PoliciesP3CACert.crt
				156	run_test 4.8.13 0 AllCertificatesSamePoliciesTest13EE.crt PoliciesP123CACert.crt
				157	run_test 4.8.14 0 AnyPolicyTest14EE.crt anyPolicyCACert.crt
				158	run_test 4.8.15 0 UserNoticeQualifierTest15EE.crt
				159	run_test 4.8.16 0 UserNoticeQualifierTest16EE.crt GoodCACert.crt
				160	run_test 4.8.17 0 UserNoticeQualifierTest17EE.crt GoodCACert.crt
				161	run_test 4.8.18 0 UserNoticeQualifierTest18EE.crt PoliciesP12CACert.crt
				162	run_test 4.8.19 0 UserNoticeQualifierTest19EE.crt TrustAnchorRootCertificate.crt
				163	run_test 4.8.20 0 CPSPointerQualifierTest20EE.crt GoodCACert.crt
				164
Jouni Malinen	f1aac5c	2014-05-09 22:49:49 +0300	[diff] [blame]	165	run_test 4.16.1 0 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
				166	run_test 4.16.2 -1 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
				167
Jouni Malinen	6fc6879	2008-02-27 17:34:43 -0800	[diff] [blame]	168	if false; then
				169	# DSA tests
				170	run_test 4.1.4 0 ValidDSASignaturesTest4EE.crt DSACACert.crt
				171	fi
				172
				173	popd
				174
				175
				176	echo "Successful tests:$SUCCESS"
				177	echo "Failed tests:$FAILURE"