diff options
author | Anas Nashif <anas.nashif@intel.com> | 2012-11-22 10:31:06 -0800 |
---|---|---|
committer | Anas Nashif <anas.nashif@intel.com> | 2012-11-22 10:31:06 -0800 |
commit | 07bb297329b9e9754d09dcb6d70417272a626619 (patch) | |
tree | c1bdcad5f080f8cfe2e876604177670061cdc101 /tests | |
parent | f251dedaa31b48f7c05a4b53c112b40ebca890ef (diff) | |
download | xmlsec1-07bb297329b9e9754d09dcb6d70417272a626619.tar.gz xmlsec1-07bb297329b9e9754d09dcb6d70417272a626619.tar.bz2 xmlsec1-07bb297329b9e9754d09dcb6d70417272a626619.zip |
Imported Upstream version 1.2.14upstream/1.2.14
Diffstat (limited to 'tests')
-rw-r--r-- | tests/keys/README | 20 | ||||
-rw-r--r-- | tests/keys/largersakey-win.p12 | bin | 6656 -> 0 bytes | |||
-rw-r--r-- | tests/keys/largersakey-winxp.p12 | bin | 6683 -> 0 bytes | |||
-rw-r--r-- | tests/keys/rsakey-win.p12 | bin | 4166 -> 0 bytes | |||
-rw-r--r-- | tests/keys/rsakey-winxp.p12 | bin | 4193 -> 0 bytes | |||
-rwxr-xr-x | tests/testDSig.sh | 841 | ||||
-rwxr-xr-x | tests/testEnc.sh | 350 | ||||
-rwxr-xr-x | tests/testKeys.sh | 170 | ||||
-rwxr-xr-x | tests/testXKMS.sh | 197 | ||||
-rwxr-xr-x | tests/testrun.sh | 443 |
10 files changed, 729 insertions, 1292 deletions
diff --git a/tests/keys/README b/tests/keys/README index 14515024..555fe512 100644 --- a/tests/keys/README +++ b/tests/keys/README @@ -181,23 +181,3 @@ README # (used in above step) > pk12util -d <nss_config_dir> -i keycert.p12 -6. On Windows, one needs to specify Crypto Service Provider (CSP) in the -pkcs12 file to ensure it is loaded correctly to be used with SHA2 algorithms. -Worse, the CSP is different for XP and older versions - - - Input: DSA/RSA private key in PEM or DER format - Output: A PKCS12 file containing the private key, and a self-signed - certificate with the corresponding public key. Plus the CSP - name to be used for this key/cert. - - - > cat rsakey.pem rsacert.pem ca2cert.pem cacert.pem > allrsa.pem - > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" - > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" - - - > cat largersakey.pem largersacert.pem ca2cert.pem cacert.pem > alllargersa.pem - > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" - > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" - diff --git a/tests/keys/largersakey-win.p12 b/tests/keys/largersakey-win.p12 Binary files differdeleted file mode 100644 index af04b9e4..00000000 --- a/tests/keys/largersakey-win.p12 +++ /dev/null diff --git a/tests/keys/largersakey-winxp.p12 b/tests/keys/largersakey-winxp.p12 Binary files differdeleted file mode 100644 index 75746297..00000000 --- a/tests/keys/largersakey-winxp.p12 +++ /dev/null diff --git a/tests/keys/rsakey-win.p12 b/tests/keys/rsakey-win.p12 Binary files differdeleted file mode 100644 index e0281f7d..00000000 --- a/tests/keys/rsakey-win.p12 +++ /dev/null diff --git a/tests/keys/rsakey-winxp.p12 b/tests/keys/rsakey-winxp.p12 Binary files differdeleted file mode 100644 index 3817a7e1..00000000 --- a/tests/keys/rsakey-winxp.p12 +++ /dev/null diff --git a/tests/testDSig.sh b/tests/testDSig.sh index 2ef9bc73..1f86f8e1 100755 --- a/tests/testDSig.sh +++ b/tests/testDSig.sh @@ -1,23 +1,136 @@ -#!/bin/sh -# -# This script needs to be called from testrun.sh script -# - -########################################################################## -########################################################################## -########################################################################## -echo "--- testDSig started for xmlsec-$crypto library ($timestamp)" +#!/bin/sh + +OS_ARCH=`uname -o` + +if [ "z$OS_ARCH" = "zCygwin" ] ; then + topfolder=`cygpath -wa $2` + xmlsec_app=`cygpath -a $3` +else + topfolder=$2 + xmlsec_app=$3 +fi +crypto=$1 +file_format=$4 + +pub_key_format=$file_format +cert_format=$file_format +priv_key_option="--pkcs12" +priv_key_format="p12" + +if [ "z$TMPFOLDER" = "z" ] ; then + TMPFOLDER=/tmp +fi +timestamp=`date +%Y%m%d_%H%M%S` +if [ "z$OS_ARCH" = "zCygwin" ] ; then + tmpfile=`cygpath -wa $TMPFOLDER/testDSig.$timestamp-$$.tmp` + logfile=`cygpath -wa $TMPFOLDER/testDSig.$timestamp-$$.log` +else + tmpfile=$TMPFOLDER/testDSig.$timestamp-$$.tmp + logfile=$TMPFOLDER/testDSig.$timestamp-$$.log +fi + +script="$0" + +# prepate crypto config folder +crypto_config=$TMPFOLDER/xmlsec-crypto-config +keysfile=$crypto_config/keys.xml + +valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp" +valgrind_options="--leak-check=yes --show-reachable=yes --num-callers=32 -v" + +if [ "z$crypto" != "z" -a "z$crypto" != "zdefault" ] ; then + xmlsec_params="$xmlsec_params --crypto $crypto" +fi +xmlsec_params="$xmlsec_params --crypto-config $crypto_config" + +if [ -n "$DEBUG_MEMORY" ] ; then + export VALGRIND="valgrind $valgrind_options" + export REPEAT=3 + xmlsec_params="$xmlsec_params --repeat $REPEAT" +fi + +if [ -n "$PERF_TEST" ] ; then + xmlsec_params="$xmlsec_params --repeat $PERF_TEST" +fi + +printRes() { + if [ $1 = 0 ]; then + echo " OK" + else + echo " Fail" + fi + if [ -f .memdump ] ; then + cat .memdump >> $logfile + fi +} + +execDSigTest() { + folder=$1 + file=$2 + req_transforms=$3 + params1=$4 + params2=$5 + params3=$6 + old_pwd=`pwd` + rm -f $tmpfile + + if [ -n "$folder" ] ; then + cd $topfolder/$folder + full_file=$file + echo $folder/$file + echo "Test: $folder/$file in folder " `pwd` >> $logfile + else + full_file=$topfolder/$file + echo $file + echo "Test: $folder/$file" >> $logfile + fi + + if [ -n "$req_transforms" ] ; then + printf " Checking required transforms " + echo "$xmlsec_app check-transforms $req_transforms" >> $logfile + $xmlsec_app check-transforms $req_transforms >> $logfile 2>> $logfile + res=$? + if [ $res = 0 ]; then + echo " OK" + else + echo " Skip" + cd $old_pwd + return + fi + fi + + + printf " Verify existing signature " + echo "$xmlsec_app verify $xmlsec_params $params1 $full_file.xml" >> $logfile + $VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml >> $logfile 2>> $logfile + printRes $? + + if [ -n "$params2" -a -z "$PERF_TEST" ] ; then + printf " Create new signature " + echo "$xmlsec_app sign $xmlsec_params $params2 --output $tmpfile $full_file.tmpl" >> $logfile + $VALGRIND $xmlsec_app sign $xmlsec_params $params2 --output $tmpfile $full_file.tmpl >> $logfile 2>> $logfile + printRes $? + + if [ -n "$params3" ] ; then + if [ -z "$VALGRIND" ] ; then + printf " Verify new signature " + echo "$xmlsec_app verify $xmlsec_params $params3 $tmpfile" >> $logfile + $VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile >> $logfile 2>> $logfile + printRes $? + fi + fi + fi + + cd $old_pwd +} + +echo "--- testDSig started for xmlsec-$crypto library ($timestamp)" echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" echo "--- log file is $logfile" echo "--- testDSig started for xmlsec-$crypto library ($timestamp)" >> $logfile echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile ########################################################################## -########################################################################## -########################################################################## -echo "--------- Positive Testing ----------" - -########################################################################## # # xmldsig2ed-tests # @@ -25,77 +138,50 @@ echo "--------- Positive Testing ----------" # ########################################################################## -execDSigTest $res_success \ - "xmldsig2ed-tests" \ - "defCan-1" \ +execDSigTest "xmldsig2ed-tests" "defCan-1" \ "c14n11 sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "xmldsig2ed-tests" \ - "defCan-2" \ +execDSigTest "xmldsig2ed-tests" "defCan-2" \ "c14n11 xslt xpath sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" # # differences in XSLT transform output, tbd -# -# execDSigTest $res_success \ -# "xmldsig2ed-tests" \ -# "defCan-3" \ -# "c14n11 xslt xpath sha1 hmac-sha1" \ -# "hmac" \ -# "--hmackey $topfolder/keys/hmackey.bin" \ -# "--hmackey $topfolder/keys/hmackey.bin" \ -# "--hmackey $topfolder/keys/hmackey.bin" -# +# +# execDSigTest "xmldsig2ed-tests" "defCan-3" \ +# "c14n11 xslt xpath sha1 hmac-sha1" \ +# "--hmackey $topfolder/keys/hmackey.bin" \ +# "--hmackey $topfolder/keys/hmackey.bin" \ +# "--hmackey $topfolder/keys/hmackey.bin" +# + +execDSigTest "xmldsig2ed-tests" "xpointer-1-SUN" \ + "c14n11 xpointer sha1 hmac-sha1" \ + "--hmackey $topfolder/keys/hmackey.bin" + +execDSigTest "xmldsig2ed-tests" "xpointer-2-SUN" \ + "c14n11 xpointer sha1 hmac-sha1" \ + "--hmackey $topfolder/keys/hmackey.bin" + +execDSigTest "xmldsig2ed-tests" "xpointer-3-SUN" \ + "c14n11 xpointer sha1 hmac-sha1" \ + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "xmldsig2ed-tests" \ - "xpointer-1-SUN" \ - "c14n11 xpointer sha1 hmac-sha1" \ - "hmac" \ - "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest $res_success \ - "xmldsig2ed-tests" \ - "xpointer-2-SUN" \ - "c14n11 xpointer sha1 hmac-sha1" \ - "hmac" \ - "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest $res_success \ - "xmldsig2ed-tests" \ - "xpointer-3-SUN" \ - "c14n11 xpointer sha1 hmac-sha1" \ - "hmac" \ - "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest $res_success \ - "xmldsig2ed-tests" \ - "xpointer-4-SUN" \ - "c14n11 xpointer sha1 hmac-sha1" \ - "hmac" \ - "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest $res_success \ - "xmldsig2ed-tests" \ - "xpointer-5-SUN" \ +execDSigTest "xmldsig2ed-tests" "xpointer-4-SUN" \ "c14n11 xpointer sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "xmldsig2ed-tests" \ - "xpointer-6-SUN" \ +execDSigTest "xmldsig2ed-tests" "xpointer-5-SUN" \ + "c14n11 xpointer sha1 hmac-sha1" \ + "--hmackey $topfolder/keys/hmackey.bin" + +execDSigTest "xmldsig2ed-tests" "xpointer-6-SUN" \ "c14n11 xpointer sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" ########################################################################## @@ -104,259 +190,175 @@ execDSigTest $res_success \ # ########################################################################## -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-dsa-x509chain" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-dsa-x509chain" \ "sha1 dsa-sha1" \ - "dsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-rsa-x509chain" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-rsa-x509chain" \ "sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-md5-hmac-md5" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-md5-hmac-md5" \ "md5 hmac-md5" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-md5-hmac-md5-64" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-md5-hmac-md5-64" \ "md5 hmac-md5" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160" \ "ripemd160 hmac-ripemd160" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64" \ "ripemd160 hmac-ripemd160" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/xpointer-hmac" \ +execDSigTest "" "aleksey-xmldsig-01/xpointer-hmac" \ "xpointer sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1" \ "sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64" \ "sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224" \ "sha224 hmac-sha224" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64" \ "sha224 hmac-sha224" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256" \ "sha256 hmac-sha256" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64" \ "sha256 hmac-sha256" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384" \ "sha384 hmac-sha384" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64" \ "sha384 hmac-sha384" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512" \ "sha512 hmac-sha512" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64" \ "sha512 hmac-sha512" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-md5-rsa-md5" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-md5-rsa-md5" \ "md5 rsa-md5" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160" \ "ripemd160 rsa-ripemd160" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha1-rsa-sha1" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha1-rsa-sha1" \ "sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha224-rsa-sha224" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha224-rsa-sha224" \ "sha224 rsa-sha224" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha256-rsa-sha256" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha256-rsa-sha256" \ "sha256 rsa-sha256" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha384-rsa-sha384" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha384-rsa-sha384" \ "sha384 rsa-sha384" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/largersakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-sha512-rsa-sha512" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-sha512-rsa-sha512" \ "sha512 rsa-sha512" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/largersakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" # # To generate expired cert run the following command # > xmlsec1 sign --pkcs12 tests/keys/expiredkey.p12 --pwd secret --output out.xml ./tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl # -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloping-expired-cert" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-expired-cert" \ "sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509 --verification-time 2005-07-10+10:00:00" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/dtd-hmac-91" \ +execDSigTest "" "aleksey-xmldsig-01/dtd-hmac-91" \ "sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/x509data-test" \ +execDSigTest "" "aleksey-xmldsig-01/x509data-test" \ "xpath2 sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" \ - "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ + "$priv_key_option tests/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/x509data-sn-test" \ +execDSigTest "" "aleksey-xmldsig-01/x509data-sn-test" \ "xpath2 sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ + "$priv_key_option tests/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509" ########################################################################## @@ -364,216 +366,138 @@ execDSigTest $res_success \ # merlin-xmldsig-twenty-three # ########################################################################## -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-enveloped-dsa" \ + +execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloped-dsa" \ "enveloped-signature sha1 dsa-sha1" \ - "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-enveloping-dsa" \ + " " + +execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-dsa" \ "sha1 dsa-sha1" \ - "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa" \ + " " + +execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa" \ "base64 sha1 dsa-sha1" \ - "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40" \ + " " + +execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40" \ "sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1" \ + +execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1" \ "sha1 hmac-sha1" \ - "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-enveloping-rsa" \ +execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-rsa" \ "sha1 rsa-sha1" \ - "rsa" \ " " \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-external-b64-dsa" \ + " " + +execDSigTest "" "merlin-xmldsig-twenty-three/signature-external-b64-dsa" \ "base64 sha1 dsa-sha1" \ - "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-external-dsa" \ + " " + +execDSigTest "" "merlin-xmldsig-twenty-three/signature-external-dsa" \ "sha1 dsa-sha1" \ - "dsa" \ - "" \ + " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " + " " -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-keyname" \ +execDSigTest "" "merlin-xmldsig-twenty-three/signature-keyname" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "" \ + "--pubkey-cert-$cert_format:Lugh $topfolder/merlin-xmldsig-twenty-three/certs/lugh-cert.$cert_format" \ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret" -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-x509-crt" \ +execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-crt" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "" \ + "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-x509-sn" \ +execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-sn" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "" \ + "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/badb.$cert_format" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-x509-is" \ +execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-is" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "" \ + "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/macha.$cert_format" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-x509-ski" \ +execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-ski" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "" \ + "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \ +execDSigTest "" "merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "" \ + "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format" - -execDSigTest $res_success \ - "" \ - "merlin-xmldsig-twenty-three/signature" \ + +execDSigTest "" "merlin-xmldsig-twenty-three/signature" \ "base64 xpath enveloped-signature c14n-with-comments sha1 dsa-sha1" \ - "dsa x509" \ - "" \ + "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/merlin.$cert_format" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format" - ########################################################################## # # merlin-xmlenc-five # -# While the main operation is signature (and this is why we have these -# tests here instead of testEnc.sh), these tests check the encryption -# key transport/wrapper algorightms -# ########################################################################## -execDSigTest $res_success \ - "" \ - "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \ + +execDSigTest "" "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \ "ripemd160 hmac-ripemd160 kw-tripledes" \ - "hmac des" \ - "" \ + "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execDSigTest $res_success \ - "" \ - "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \ +execDSigTest "" "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \ "sha256 hmac-sha256 kw-aes128" \ - "hmac aes" \ - "" + "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execDSigTest $res_success \ - "" \ - "merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \ +execDSigTest "" "merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \ "sha384 hmac-sha384 kw-aes192" \ - "hmac aes" \ - "" + "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execDSigTest $res_success \ - "" \ - "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \ +execDSigTest "" "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \ "sha512 hmac-sha512 kw-aes256" \ - "hmac aes" \ - "" - -execDSigTest $res_success \ - "" \ - "merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \ - "sha1 hmac-sha256 rsa-1_5" \ - "hmac rsa" \ - "" - -execDSigTest $res_success \ - "" \ - "merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \ - "sha1 hmac-sha256 rsa-oaep-mgf1p" \ - "hmac rsa" \ - "" - + "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" +#merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5.xml +#merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p.xml ########################################################################## # # merlin-exc-c14n-one # ########################################################################## -execDSigTest $res_success \ - "" \ - "merlin-exc-c14n-one/exc-signature" \ + +execDSigTest "" "merlin-exc-c14n-one/exc-signature" \ "exc-c14n sha1 dsa-sha1" \ - "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest $res_success \ - "" \ - "merlin-exc-c14n-one/exc-signature" \ + " " + +execDSigTest "" "merlin-exc-c14n-one/exc-signature" \ "exc-c14n sha1 dsa-sha1" \ - "dsa" \ " " ########################################################################## @@ -581,206 +505,125 @@ execDSigTest $res_success \ # merlin-c14n-three # ########################################################################## - -execDSigTest $res_success \ - "" \ - "merlin-c14n-three/signature" \ + +execDSigTest "" "merlin-c14n-three/signature" \ "c14n c14n-with-comments exc-c14n exc-c14n-with-comments xpath sha1 dsa-sha1" \ - "dsa" \ " " - + ########################################################################## # # merlin-xpath-filter2-three # ########################################################################## -execDSigTest $res_success \ - "" \ - "merlin-xpath-filter2-three/sign-xfdl" \ +execDSigTest "" "merlin-xpath-filter2-three/sign-xfdl" \ "enveloped-signature xpath2 sha1 dsa-sha1" \ - "dsa" \ - " " + "" -execDSigTest $res_success \ - "" \ - "merlin-xpath-filter2-three/sign-spec" \ +execDSigTest "" "merlin-xpath-filter2-three/sign-spec" \ "enveloped-signature xpath2 sha1 dsa-sha1" \ - "dsa" \ - " " + "" ########################################################################## # # phaos-xmldsig-three # ########################################################################## -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-big" \ +execDSigTest "phaos-xmldsig-three" "signature-big" \ "base64 xslt xpath sha1 rsa-sha1" \ - "rsa x509" \ "--pubkey-cert-$cert_format certs/rsa-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-dsa-detached" \ +execDSigTest "phaos-xmldsig-three" "signature-dsa-detached" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/dsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-dsa-enveloped" \ +execDSigTest "phaos-xmldsig-three" "signature-dsa-enveloped" \ "enveloped-signature sha1 dsa-sha1" \ - "dsa x509" \ - "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" - -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-dsa-enveloping" \ + "--trusted-$cert_format certs/dsa-ca-cert.$cert_format" + +execDSigTest "phaos-xmldsig-three" "signature-dsa-enveloping" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/dsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-dsa-manifest" \ +execDSigTest "phaos-xmldsig-three" "signature-dsa-manifest" \ "sha1 dsa-sha1" \ - "dsa x509" \ - "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/dsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-hmac-md5-c14n-enveloping" \ +execDSigTest "phaos-xmldsig-three" "signature-hmac-md5-c14n-enveloping" \ "md5 hmac-md5" \ - "hmac" \ "--hmackey certs/hmackey.bin" - -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-hmac-sha1-40-c14n-comments-detached" \ + +execDSigTest "phaos-xmldsig-three" "signature-hmac-sha1-40-c14n-comments-detached" \ "c14n-with-comments sha1 hmac-sha1" \ - "hmac" \ "--hmackey certs/hmackey.bin" - -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-hmac-sha1-40-exclusive-c14n-comments-detached" \ + +execDSigTest "phaos-xmldsig-three" "signature-hmac-sha1-40-exclusive-c14n-comments-detached" \ "exc-c14n-with-comments sha1 hmac-sha1" \ - "hmac" \ "--hmackey certs/hmackey.bin" - -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-hmac-sha1-exclusive-c14n-comments-detached" \ + +execDSigTest "phaos-xmldsig-three" "signature-hmac-sha1-exclusive-c14n-comments-detached" \ "exc-c14n-with-comments sha1 hmac-sha1" \ - "hmac" \ "--hmackey certs/hmackey.bin" - -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-hmac-sha1-exclusive-c14n-enveloped" \ + +execDSigTest "phaos-xmldsig-three" "signature-hmac-sha1-exclusive-c14n-enveloped" \ "enveloped-signature exc-c14n sha1 hmac-sha1" \ - "hmac" \ "--hmackey certs/hmackey.bin" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-detached-b64-transform" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-b64-transform" \ "base64 sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-detached" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-detached" \ "sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-detached-xpath-transform" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-xpath-transform" \ "xpath sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-detached-xslt-transform-retrieval-method" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-xslt-transform-retrieval-method" \ "xslt sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-detached-xslt-transform" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-xslt-transform" \ "xslt sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-enveloped" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-enveloped" \ "enveloped-signature sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-enveloping" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-enveloping" \ "sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-manifest-x509-data-cert-chain" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-cert-chain" \ "sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-manifest-x509-data-cert" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-cert" \ "sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-manifest-x509-data-issuer-serial" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-issuer-serial" \ "sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-manifest-x509-data-ski" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-ski" \ "sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-manifest-x509-data-subject-name" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-subject-name" \ "sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-manifest" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest" \ "sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_success \ - "phaos-xmldsig-three" \ - "signature-rsa-xpath-transform-enveloped" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-xpath-transform-enveloped" \ "enveloped-signature xpath sha1 rsa-sha1" \ - "rsa x509" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" ########################################################################## @@ -788,88 +631,58 @@ execDSigTest $res_success \ # test dynamic signature # ########################################################################## + echo "Dynamic signature template" printf " Create new signature " echo "$xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile $VALGRIND $xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile >> $logfile 2>> $logfile -printRes $res_success $? +printRes $? printf " Verify new signature " echo "$xmlsec_app verify --keys-file $keysfile $tmpfile" >> $logfile $VALGRIND $xmlsec_app verify $xmlsec_params --keys-file $keysfile $tmpfile >> $logfile 2>> $logfile -printRes $res_success $? +printRes $? -########################################################################## -########################################################################## -########################################################################## echo "--------- These tests CAN FAIL (extra OS config required) ----------" -execDSigTest $res_success \ - "" \ - "aleksey-xmldsig-01/enveloped-gost" \ +execDSigTest "" "aleksey-xmldsig-01/enveloped-gost" \ "enveloped-signature gostr34102001-gostr3411 gostr3411" \ - "gost" \ "--trusted-$cert_format $topfolder/keys/gost2001ca.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --enabled-key-data x509" \ "" \ "" -########################################################################## -########################################################################## -########################################################################## -echo "--------- Negative Testing ----------" -execDSigTest $res_fail \ - "" \ - "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \ +echo "--------- Negative Testing: next test MUST FAIL ----------" +execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \ "sha1 rsa-sha1" \ - "rsa x509" \ "--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format" -execDSigTest $res_fail \ - "" \ - "aleksey-xmldsig-01/enveloping-expired-cert" \ +execDSigTest "" "aleksey-xmldsig-01/enveloping-expired-cert" \ "sha1 dsa-sha1" \ - "dsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest $res_fail \ - "" \ - "aleksey-xmldsig-01/dtd-hmac-91" \ +execDSigTest "" "aleksey-xmldsig-01/dtd-hmac-91" \ "sha1 hmac-sha1" \ - "hmac" \ "--enabled-reference-uris empty --hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" -execDSigTest $res_fail \ - "phaos-xmldsig-three" \ - "signature-rsa-detached-xslt-transform-bad-retrieval-method" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-xslt-transform-bad-retrieval-method" \ "xslt sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_fail \ - "phaos-xmldsig-three" \ - "signature-rsa-enveloped-bad-digest-val" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-enveloped-bad-digest-val" \ "enveloped-signature sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_fail \ - "phaos-xmldsig-three" \ - "signature-rsa-enveloped-bad-sig" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-enveloped-bad-sig" \ "enveloped-signature sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest $res_fail \ - "phaos-xmldsig-three" \ - "signature-rsa-manifest-x509-data-crl" \ +execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-crl" \ "sha1 rsa-sha1" \ - "rsa x509" \ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -########################################################################## -########################################################################## -########################################################################## +rm -rf $tmpfile + echo "--- testDSig finished" >> $logfile echo "--- testDSig finished" -echo "--- detailed log is written to $logfile" +echo "--- detailed log is written to $logfile" diff --git a/tests/testEnc.sh b/tests/testEnc.sh index 54d1ca81..bf2de36a 100755 --- a/tests/testEnc.sh +++ b/tests/testEnc.sh @@ -1,353 +1,368 @@ -#!/bin/sh -# -# This script needs to be called from testrun.sh script -# - -########################################################################## -########################################################################## -########################################################################## +#!/bin/sh + +OS_ARCH=`uname -o` + +crypto=$1 +topfolder=$2 +xmlsec_app=$3 +file_format=$4 + +pub_key_format=$file_format +cert_format=$file_format +priv_key_option="--pkcs12" +priv_key_format="p12" + +if [ "z$TMPFOLDER" = "z" ] ; then + TMPFOLDER=/tmp +fi + +timestamp=`date +%Y%m%d_%H%M%S` +tmpfile=$TMPFOLDER/testEnc.$timestamp-$$.tmp +logfile=$TMPFOLDER/testEnc.$timestamp-$$.log +script="$0" + +# prepate crypto config folder +crypto_config=$TMPFOLDER/xmlsec-crypto-config +keysfile=$crypto_config/keys.xml + +valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp" +valgrind_options="--leak-check=yes --show-reachable=yes --num-callers=32 -v" + + +if [ "z$crypto" != "z" -a "z$crypto" != "zdefault" ] ; then + xmlsec_params="$xmlsec_params --crypto $crypto" +fi +xmlsec_params="$xmlsec_params --crypto-config $crypto_config" + +if [ -n "$DEBUG_MEMORY" ] ; then + export VALGRIND="valgrind $valgrind_options" + export REPEAT=3 + xmlsec_params="$xmlsec_params --repeat $REPEAT" +fi + +if [ -n "$PERF_TEST" ] ; then + export xmlsec_params="$xmlsec_params --repeat $PERF_TEST" +fi + +printRes() { + if [ $1 = 0 ]; then + echo " OK" + else + echo " Fail" + fi + if [ -f .memdump ] ; then + cat .memdump >> $logfile + fi +} + +execEncTest() { + filename=$1 + req_transforms=$2 + params1=$3 + params2=$4 + params3=$5 + + echo $filename + echo $filename >> $logfile + file=$topfolder/$filename + + if [ -n "$req_transforms" ] ; then + printf " Checking required transforms " + echo "$xmlsec_app check-transforms $req_transforms" >> $logfile + $xmlsec_app check-transforms $req_transforms >> $logfile 2>> $logfile + res=$? + if [ $res = 0 ]; then + echo " OK" + else + echo " Skip" + return + fi + fi + + printf " Decrypt existing document " + rm -f $tmpfile + + if [ "z$OS_ARCH" = "zCygwin" ] ; then + diff_param=-uw + else + diff_param=-u + fi + + echo "$xmlsec_app decrypt $xmlsec_params $params1 $file.xml" >> $logfile + $VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $file.xml > $tmpfile 2>> $logfile + if [ $? = 0 ]; then + diff $diff_param $file.data $tmpfile >> $logfile 2>> $logfile + printRes $? + else + echo " Error" + fi + + if [ -n "$params2" -a -z "$PERF_TEST" ] ; then + printf " Encrypt document " + rm -f $tmpfile + echo "$xmlsec_app encrypt $xmlsec_params $params2 --output $tmpfile $file.tmpl" >> $logfile + $VALGRIND $xmlsec_app encrypt $xmlsec_params $params2 --output $tmpfile $file.tmpl >> $logfile 2>> $logfile + printRes $? + + if [ -n "$params4" ] ; then + if [ -z "$VALGRIND" ] ; then + printf " Decrypt new document " + echo "$xmlsec_app decrypt $xmlsec_params $params4 --output $tmpfile.2 $tmpfile" >> $logfile + $VALGRIND $xmlsec_app decrypt $xmlsec_params $params4 --output $tmpfile.2 $tmpfile >> $logfile 2>> $logfile + if [ $? = 0 ]; then + diff $diff_param $file.data $tmpfile.2 >> $logfile 2>> $logfile + printRes $? + else + echo " Error" + fi + fi + fi + fi + rm -f $tmpfile $tmpfile.2 +} + echo "--- testEnc started for xmlsec-$crypto library ($timestamp)" echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" echo "--- log file is $logfile" echo "--- testEnc started for xmlsec-$crypto library ($timestamp)" >> $logfile echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile -########################################################################## -########################################################################## -########################################################################## -echo "--------- Positive Testing ----------" - -########################################################################## -# -# aleksey-xmlenc-01 -# -########################################################################## -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-des3cbc-keyname" \ +execEncTest "aleksey-xmlenc-01/enc-des3cbc-keyname" \ "tripledes-cbc" \ "--keys-file $topfolder/keys/keys.xml" \ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname.data" \ "--keys-file $keysfile" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-des3cbc-keyname2" \ +execEncTest "aleksey-xmlenc-01/enc-des3cbc-keyname2" \ "tripledes-cbc" \ "--keys-file $topfolder/keys/keys.xml" \ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname2.data" \ "--keys-file $keysfile" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-aes128cbc-keyname" \ +execEncTest "aleksey-xmlenc-01/enc-aes128cbc-keyname" \ "aes128-cbc" \ "--keys-file $topfolder/keys/keys.xml" \ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes128cbc-keyname.data" \ "--keys-file $keysfile" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-aes192cbc-keyname" \ +execEncTest "aleksey-xmlenc-01/enc-aes192cbc-keyname" \ "aes192-cbc" \ "--keys-file $topfolder/keys/keys.xml" \ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes192cbc-keyname.data" \ "--keys-file $keysfile" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-aes192cbc-keyname-ref" \ +execEncTest "aleksey-xmlenc-01/enc-aes192cbc-keyname-ref" \ "aes192-cbc" \ "--keys-file $topfolder/keys/keys.xml" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-aes256cbc-keyname" \ +execEncTest "aleksey-xmlenc-01/enc-aes256cbc-keyname" \ "aes256-cbc" \ "--keys-file $topfolder/keys/keys.xml" \ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes256cbc-keyname.data" \ "--keys-file $keysfile" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-des3cbc-keyname-content" \ +execEncTest "aleksey-xmlenc-01/enc-des3cbc-keyname-content" \ "tripledes-cbc" \ "--keys-file $topfolder/keys/keys.xml" \ "--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-content.data --node-id Test" \ "--keys-file $keysfile" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-des3cbc-keyname-element" \ +execEncTest "aleksey-xmlenc-01/enc-des3cbc-keyname-element" \ "tripledes-cbc" \ "--keys-file $topfolder/keys/keys.xml" \ "--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-element.data --node-id Test" \ "--keys-file $keysfile" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-des3cbc-keyname-element-root" \ +execEncTest "aleksey-xmlenc-01/enc-des3cbc-keyname-element-root" \ "tripledes-cbc" \ "--keys-file $topfolder/keys/keys.xml" \ "--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.data --node-id Test" \ "--keys-file $keysfile" -execEncTest $res_success \ - "" \ - "aleksey-xmlenc-01/enc-des3cbc-aes192-keyname" \ +execEncTest "aleksey-xmlenc-01/enc-des3cbc-aes192-keyname" \ "tripledes-cbc kw-aes192" \ "--keys-file $topfolder/keys/keys.xml --enabled-key-data key-name,enc-key" \ "--keys-file $keysfile --session-key des-192 --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.data" \ "--keys-file $keysfile" -########################################################################## -# -# merlin-xmlenc-five -# -########################################################################## - -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-data-aes128-cbc" \ +# Merlin's tests +execEncTest "merlin-xmlenc-five/encrypt-data-aes128-cbc" \ "aes128-cbc" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes128-cbc.data" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-content-tripledes-cbc" \ +execEncTest "merlin-xmlenc-five/encrypt-content-tripledes-cbc" \ "tripledes-cbc" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --enabled-key-data key-name --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-tripledes-cbc.data --node-id Payment" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-content-aes256-cbc-prop" \ +execEncTest "merlin-xmlenc-five/encrypt-content-aes256-cbc-prop" \ "aes256-cbc" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --enabled-key-data key-name --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.data --node-id Payment" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-element-aes192-cbc-ref" \ +execEncTest "merlin-xmlenc-five/encrypt-element-aes192-cbc-ref" \ "aes192-cbc" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5" \ +execEncTest "merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5" \ "aes128-cbc rsa-1_5" \ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-128 $priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --xml-data $topfolder/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.data --node-id Purchase --pwd secret" \ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p" \ +execEncTest "merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p" \ "tripledes-cbc rsa-oaep-mgf1p" \ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key des-192 $priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.data --pwd secret" \ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes" \ +execEncTest "merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes" \ "aes256-cbc kw-tripledes" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-256 --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.data" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192" \ +execEncTest "merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192" \ "aes128-cbc kw-aes192" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-128 --node-name urn:example:po:PaymentInfo --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.data" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256" \ +execEncTest "merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256" \ "aes192-cbc kw-aes256" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-192 --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.data" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128" \ +execEncTest "merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128" \ "tripledes-cbc kw-aes128" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key des-192 --node-name urn:example:po:PaymentInfo --xml-data $topfolder/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.data" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" - -execEncTest $res_success \ - "" \ - "merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256" \ + +execEncTest "merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256" \ "aes256-cbc kw-aes256" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -#merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml - #merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml #merlin-xmlenc-five/decryption-transform-except.xml #merlin-xmlenc-five/decryption-transform.xml #merlin-xmlenc-five/encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml #merlin-xmlenc-five/encrypt-content-aes192-cbc-dh-sha512.xml +#merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml #merlin-xmlenc-five/encsig-hmac-sha256-dh.xml #merlin-xmlenc-five/encsig-hmac-sha256-kw-tripledes-dh.xml -########################################################################## -# -# 01-phaos-xmlenc-3 -# -########################################################################## - -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5" \ +execEncTest "01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5" \ "tripledes-cbc rsa-1_5" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1" \ +execEncTest "01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1" \ "tripledes-cbc rsa-oaep-mgf1p" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5" \ +execEncTest "01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5" \ "aes128-cbc rsa-1_5" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1" \ +execEncTest "01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1" \ "aes128-cbc rsa-oaep-mgf1p" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1" \ +execEncTest "01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1" \ "aes192-cbc rsa-oaep-mgf1p" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \ "--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5" \ +execEncTest "01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5" \ "aes192-cbc rsa-1_5" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \ "--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5" \ +execEncTest "01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5" \ "aes256-cbc rsa-1_5" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \ "--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1" \ +execEncTest "01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1" \ "aes256-cbc rsa-oaep-mgf1p" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \ "--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-3des-kw-3des" \ +execEncTest "01-phaos-xmlenc-3/enc-element-3des-kw-3des" \ "tripledes-cbc kw-tripledes" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kw-3des.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-content-aes128-kw-3des" \ +execEncTest "01-phaos-xmlenc-3/enc-content-aes128-kw-3des" \ "aes128-cbc kw-tripledes" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-aes128-kw-aes128" \ +execEncTest "01-phaos-xmlenc-3/enc-element-aes128-kw-aes128" \ "aes128-cbc kw-aes128" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-aes128-kw-aes256" \ +execEncTest "01-phaos-xmlenc-3/enc-element-aes128-kw-aes256" \ "aes128-cbc kw-aes256" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-content-3des-kw-aes192" \ +execEncTest "01-phaos-xmlenc-3/enc-content-3des-kw-aes192" \ "tripledes-cbc kw-aes192" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-content-aes192-kw-aes256" \ +execEncTest "01-phaos-xmlenc-3/enc-content-aes192-kw-aes256" \ "aes192-cbc kw-aes256" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-aes192-kw-aes192" \ +execEncTest "01-phaos-xmlenc-3/enc-element-aes192-kw-aes192" \ "aes192-cbc kw-aes192" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-element-aes256-kw-aes256" \ +execEncTest "01-phaos-xmlenc-3/enc-element-aes256-kw-aes256" \ "aes256-cbc kw-aes256" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-text-3des-kw-aes256" \ +execEncTest "01-phaos-xmlenc-3/enc-text-3des-kw-aes256" \ "tripledes-cbc kw-aes256" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_success \ - "" \ - "01-phaos-xmlenc-3/enc-text-aes128-kw-aes192" \ +execEncTest "01-phaos-xmlenc-3/enc-text-aes128-kw-aes192" \ "aes128-cbc kw-aes192" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \ @@ -361,51 +376,38 @@ execEncTest $res_success \ #01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha256.xml #01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha512.xml -########################################################################## -# -# test dynamicencryption -# -########################################################################## +# test dynamic encryption echo "Dynamic encryption template" printf " Encrypt template " echo "$xmlsec_app encrypt-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile $VALGRIND $xmlsec_app encrypt-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile >> $logfile 2>> $logfile -printRes $res_success $? +printRes $? printf " Decrypt document " echo "$xmlsec_app decrypt $xmlsec_params $keysfile $tmpfile" >> $logfile $VALGRIND $xmlsec_app decrypt $xmlsec_params --keys-file $keysfile $tmpfile >> $logfile 2>> $logfile -printRes $res_success $? +printRes $? + -########################################################################## -########################################################################## -########################################################################## echo "--------- Negative Testing: Following tests MUST FAIL ----------" echo "--- detailed log is written to $logfile" -execEncTest $res_fail \ - "" \ - "01-phaos-xmlenc-3/bad-alg-enc-element-aes128-kw-3des" \ +execEncTest "01-phaos-xmlenc-3/bad-alg-enc-element-aes128-kw-3des" \ "" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" -execEncTest $res_fail \ - "" \ - "aleksey-xmlenc-01/enc-aes192cbc-keyname-ref" \ +execEncTest "aleksey-xmlenc-01/enc-aes192cbc-keyname-ref" \ "" \ "--keys-file $topfolder/keys/keys.xml --enabled-cipher-reference-uris empty" -execEncTest $res_fail \ - "" \ - "01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5" \ +execEncTest "01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5" \ "" \ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-retrieval-method-uris empty" - + rm -rf $tmpfile -########################################################################## -########################################################################## -########################################################################## echo "--- testEnc finished" >> $logfile echo "--- testEnc finished" -echo "--- detailed log is written to $logfile" +echo "--- detailed log is written to $logfile" + +#more $logfile diff --git a/tests/testKeys.sh b/tests/testKeys.sh index 1bf7dc23..385caf37 100755 --- a/tests/testKeys.sh +++ b/tests/testKeys.sh @@ -1,69 +1,133 @@ #!/bin/sh -# -# This script needs to be called from testrun.sh script -# -########################################################################## -########################################################################## -########################################################################## +crypto=$1 +topfolder=$2 +xmlsec_app=$3 +file_format=$4 + +pub_key_format=$file_format +cert_format=$file_format +priv_key_option="--pkcs12" +priv_key_format="p12" + +if [ "z$TMPFOLDER" = "z" ] ; then + TMPFOLDER=/tmp +fi + +timestamp=`date +%Y%m%d_%H%M%S` +tmpfile=$TMPFOLDER/testKeys.$timestamp-$$.tmp +logfile=$TMPFOLDER/testKeys.$timestamp-$$.log +script="$0" +nssdbfolder=$topfolder/nssdb + +# prepate crypto config folder +crypto_config=$TMPFOLDER/xmlsec-crypto-config +keysfile=$crypto_config/keys.xml +mkdir -p $crypto_config +rm -rf $crypto_config/* + +valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp" +valgrind_options="--leak-check=yes --show-reachable=yes --num-callers=32 -v" + + +if [ "z$crypto" != "z" -a "z$crypto" != "zdefault" ] ; then + xmlsec_params="$xmlsec_params --crypto $crypto" +fi +xmlsec_params="$xmlsec_params --crypto-config $crypto_config" + +if [ -n "$DEBUG_MEMORY" ] ; then + export VALGRIND="valgrind $valgrind_options" + export REPEAT=3 + xmlsec_params="$xmlsec_params --repeat $REPEAT" +fi + +if [ -n "$PERF_TEST" ] ; then + export xmlsec_params="$xmlsec_params --repeat $PERF_TEST" +fi + +printRes() { + if [ $1 = 0 ]; then + echo " OK" + else + echo " Fail" + fi + if [ -f .memdump ] ; then + cat .memdump >> $logfile + fi +} + +execKeysTest() { + req_key_data=$1 + key_name=$2 + alg_name=$3 + + if [ -n "$req_key_data" ] ; then + printf " Checking $req_key_data key data presense " + echo "$xmlsec_app check-key-data $req_key_data" >> $logfile + $xmlsec_app check-key-data $req_key_data >> $logfile 2>> $logfile + res=$? + if [ $res = 0 ]; then + echo " OK" + else + echo " Skip" + return + fi + fi + + printf " Creating new key: $alg_name " + + params="--gen-key:$key_name $alg_name" + if [ -f $keysfile ] ; then + params="$params --keys-file $keysfile" + fi + + echo "$xmlsec_app keys $params $xmlsec_params $keysfile" >> $logfile + $VALGRIND $xmlsec_app keys $params $xmlsec_params $keysfile >> $logfile 2>> $logfile + printRes $? +} + echo "--- testKeys started for xmlsec-$crypto library ($timestamp) ---" echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" echo "--- log file is $logfile" echo "--- testKeys started for xmlsec-$crypto library ($timestamp) ---" >> $logfile echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile -# cleanup crypto config folder -mkdir -p $crypto_config -rm -rf $crypto_config/* - # remove old keys file and copy NSS DB files if needed rm -rf $keysfile if [ "z$crypto" = "znss" ] ; then cp -f $nssdbfolder/*.db $crypto_config fi -########################################################################## -########################################################################## -########################################################################## -echo "--------- Positive Testing ----------" -execKeysTest $res_success \ - "hmac" \ - "test-hmac-sha1" \ - "hmac-192" - -execKeysTest $res_success \ - "rsa " \ - "test-rsa " \ - "rsa-1024" - -execKeysTest $res_success \ - "dsa " \ - "test-dsa " \ - "dsa-1024" - -execKeysTest $res_success \ - "des " \ - "test-des " \ - "des-192 " - -execKeysTest $res_success \ - "aes " \ - "test-aes128 " \ - "aes-128 " - -execKeysTest $res_success \ - "aes " \ - "test-aes192 " \ - "aes-192 " - -execKeysTest $res_success \ - "aes " \ - "test-aes256 " \ - "aes-256 " - -########################################################################## -########################################################################## -########################################################################## +execKeysTest \ + "hmac" \ + "test-hmac-sha1" \ + "hmac-192" +execKeysTest \ + "rsa " \ + "test-rsa " \ + "rsa-1024" +execKeysTest \ + "dsa " \ + "test-dsa " \ + "dsa-1024" +execKeysTest \ + "des " \ + "test-des " \ + "des-192 " +execKeysTest \ + "aes " \ + "test-aes128 " \ + "aes-128 " +execKeysTest \ + "aes " \ + "test-aes192 " \ + "aes-192 " +execKeysTest \ + "aes " \ + "test-aes256 " \ + "aes-256 " + echo "--- testKeys finished ---" >> $logfile echo "--- testKeys finished ---" -echo "--- detailed log is written to $logfile ---" +echo "--- detailed log is written to $logfile ---" + diff --git a/tests/testXKMS.sh b/tests/testXKMS.sh index be972dd1..6c46c814 100755 --- a/tests/testXKMS.sh +++ b/tests/testXKMS.sh @@ -1,128 +1,149 @@ #!/bin/sh -# -# This script needs to be called from testrun.sh script -# -########################################################################## -########################################################################## -########################################################################## +crypto=$1 +topfolder=$2 +xmlsec_app=$3 +file_format=$4 + +pub_key_format=$file_format +cert_format=$file_format +priv_key_option="--pkcs12" +priv_key_format="p12" + +if [ "z$TMPFOLDER" = "z" ] ; then + TMPFOLDER=/tmp +fi + +timestamp=`date +%Y%m%d_%H%M%S` +tmpfile=$TMPFOLDER/testXKMS.$timestamp-$$.tmp +tmpfile2=$TMPFOLDER/testXKMS.$timestamp-$$-2.tmp +tmpfile3=$TMPFOLDER/testXKMS.$timestamp-$$-3.tmp +logfile=$TMPFOLDER/testXKMS.$timestamp-$$.log +script="$0" + +# prepate crypto config folder +crypto_config=$TMPFOLDER/xmlsec-crypto-config +keysfile=$crypto_config/keys.xml + +valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp" +valgrind_options="--leak-check=yes --show-reachable=yes --num-callers=32 -v" + +if [ "z$crypto" != "z" -a "z$crypto" != "zdefault" ] ; then + xmlsec_params="$xmlsec_params --crypto $crypto" +fi +xmlsec_params="$xmlsec_params --crypto-config $crypto_config" + +if [ -n "$DEBUG_MEMORY" ] ; then + export VALGRIND="valgrind $valgrind_options" + export REPEAT=3 + xmlsec_params="$xmlsec_params --repeat $REPEAT" +fi + +if [ -n "$PERF_TEST" ] ; then + xmlsec_params="$xmlsec_params --repeat $PERF_TEST" +fi + +# debug +# xmlsec_params="$xmlsec_params --xkms-stop-on-unknown-response-mechanism --xkms-stop-on-unknown-respond-with --xkms-stop-on-unknown-key-usage" + + +printRes() { + if [ $1 = 0 ]; then + echo " OK" + else + echo " Fail" + fi + if [ -f .memdump ] ; then + cat .memdump >> $logfile + fi +} + +execXkmsServerRequestTest() { + src_file=$topfolder/$1.xml + res_file=$topfolder/$1-$2.xml + echo "$1 ($2)" + + rm -f $tmpfile $tmpfile2 $tmpfile3 + + printf " Processing xkms request " + echo "$xmlsec_app --xkms-server-request --output $tmpfile $xmlsec_params $3 $src_file" >> $logfile + $VALGRIND $xmlsec_app --xkms-server-request --output $tmpfile $xmlsec_params $3 $src_file >> $logfile 2>> $logfile + if [ $? = 0 ]; then + # cleanup Id attribute because it is generated every time + sed 's/ Id="[^\"]*"/ Id=""/g' $res_file > $tmpfile2 + sed 's/ Id="[^\"]*"/ Id=""/g' $tmpfile > $tmpfile3 + diff $tmpfile2 $tmpfile3 >> $logfile 2>> $logfile + printRes $? + else + echo " Error" + fi +} + echo "--- testXKMS started for xmlsec-$crypto library ($timestamp)" echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" echo "--- log file is $logfile" echo "--- testXKMS started for xmlsec-$crypto library ($timestamp)" >> $logfile echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile -########################################################################## -########################################################################## -########################################################################## -echo "--------- Positive Testing ----------" - -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/locate-example-1" \ - "" \ - "no-match" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/locate-example-1" "no-match" \ "--xkms-service http://www.example.com/xkms" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/locate-example-1" \ - "" \ - "bad-service" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/locate-example-1" "bad-service" \ "--xkms-service http://www.example.com/xkms-bad-service" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/locate-example-2" \ - "" \ - "no-match" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/locate-example-2" "no-match" \ "--xkms-service http://www.example.com/xkms" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/validate-example-1" \ - "" \ - "no-match" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/validate-example-1" "no-match" \ "--xkms-service http://www.example.com/xkms" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/locate-opaque-client-data" \ - "" \ - "no-match" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/locate-opaque-client-data" "no-match" \ "--xkms-service http://www.example.com/xkms" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/compound-example-1" \ - "" \ - "no-match" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/compound-example-1" "no-match" \ "--xkms-service http://www.example.com/xkms" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/status-request" \ - "" \ - "success" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/status-request" "success" \ "--xkms-service http://www.example.com/xkms" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/bad-request-name" \ - "" \ - "not-supported" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/bad-request-name" "not-supported" \ "--xkms-service http://www.example.com/xkms" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/soap12-locate-example-1" \ - "" \ - "no-match" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/soap12-locate-example-1" "no-match" \ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.2" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/soap11-locate-example-1" \ - "" \ - "unsupported" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/soap11-locate-example-1" "unsupported" \ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.2" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/soap12-bad-request-name" \ - "" \ - "msg-invalid" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/soap12-bad-request-name" "msg-invalid" \ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.2" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/soap11-locate-example-1" \ - "" \ - "no-match" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/soap11-locate-example-1" "no-match" \ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.1" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/soap12-locate-example-1" \ - "" \ - "unsupported" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/soap12-locate-example-1" "unsupported" \ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.1" -execXkmsServerRequestTest $res_success \ - "" \ - "aleksey-xkms-01/soap11-bad-request-name" \ - "" \ - "msg-invalid" \ +execXkmsServerRequestTest \ + "aleksey-xkms-01/soap11-bad-request-name" "msg-invalid" \ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.1" -########################################################################## -########################################################################## -########################################################################## -echo "--------- Negative Testing ----------" -########################################################################## -########################################################################## -########################################################################## +rm -f $tmpfile $tmpfile2 $tmpfile3 + echo "--- testXKMS finished" >> $logfile echo "--- testXKMS finished" echo "--- detailed log is written to $logfile" diff --git a/tests/testrun.sh b/tests/testrun.sh deleted file mode 100755 index c1f629b8..00000000 --- a/tests/testrun.sh +++ /dev/null @@ -1,443 +0,0 @@ -#!/bin/sh - -OS_ARCH=`uname -o` -OS_KERNEL=`uname -s` - -# -# Get command line params -# -testfile="$1" -crypto="$2" -topfolder="$3" -xmlsec_app="$4" -file_format="$5" -timestamp=`date +%Y%m%d_%H%M%S` - -if [ "z$OS_ARCH" = "zCygwin" ] ; then - topfolder=`cygpath -wa "$topfolder"` - xmlsec_app=`cygpath -a "$xmlsec_app"` -fi - -# -# Prepare folders -# -if [ "z$TMPFOLDER" = "z" ] ; then - TMPFOLDER=/tmp -fi -testname=`basename $testfile` -if [ "z$OS_ARCH" = "zCygwin" ] ; then - tmpfile=`cygpath -wa $TMPFOLDER/$testname.$timestamp-$$.tmp` - logfile=`cygpath -wa $TMPFOLDER/$testname.$timestamp-$$.log` -else - tmpfile=$TMPFOLDER/$testname.$timestamp-$$.tmp - logfile=$TMPFOLDER/$testname.$timestamp-$$.log -fi -nssdbfolder=$topfolder/nssdb - -# -# Valgrind -# -valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp" -valgrind_options="--leak-check=yes --show-reachable=yes --num-callers=32 -v" -if [ -n "$DEBUG_MEMORY" ] ; then - export VALGRIND="valgrind $valgrind_options" - export REPEAT=3 - xmlsec_params="$xmlsec_params --repeat $REPEAT" -fi - -# -# Setup crypto engine -# -crypto_config=$TMPFOLDER/xmlsec-crypto-config -keysfile=$crypto_config/keys.xml -if [ "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then - xmlsec_params="$xmlsec_params --crypto $XMLSEC_DEFAULT_CRYPTO" -elif [ "z$crypto" != "z" ] ; then - xmlsec_params="$xmlsec_params --crypto $crypto" -fi -xmlsec_params="$xmlsec_params --crypto-config $crypto_config" - -# -# Setup keys config -# -pub_key_format=$file_format -cert_format=$file_format - -# -# GCrypt/GnuTLS only supports DER format for now, others are good to go with PKCS12 -# -if [ "z$crypto" != "zgcrypt" ] ; then - priv_key_option="--pkcs12" - priv_key_format="p12" -else - priv_key_option="--privkey-der" - priv_key_format="der" - pub_key_format="der" -fi - -# On Windows, one needs to specify Crypto Service Provider (CSP) -# in the pkcs12 file to ensure it is loaded correctly to be used -# with SHA2 algorithms. Worse, the CSP is different for XP and older -# versions -if test "z$OS_ARCH" = "zCygwin" || test "z$OS_ARCH" = "zMsys" ; then - # Samples: - # Cygwin : CYGWIN_NT-5.1 - # Msys : MINGW32_NT-5.1 - if expr "$OS_KERNEL" : '.*_NT-5\.1' > /dev/null; then - priv_key_suffix="-winxp" - else - priv_key_suffix="-win" - fi -else - priv_key_suffix="" -fi - - -# -# Misc -# -if [ -n "$PERF_TEST" ] ; then - xmlsec_params="$xmlsec_params --repeat $PERF_TEST" -fi - -if test "z$OS_ARCH" = "zCygwin" || test "z$OS_ARCH" = "zMsys" ; then - diff_param=-uw -else - diff_param=-u -fi - -# -# Check the command result and print it to stdout -# -res_success="success" -res_fail="fail" -printRes() { - expected_res="$1" - actual_res="$2" - - # convert status to string - if [ $actual_res = 0 ]; then - actual_res=$res_success - else - actual_res=$res_fail - fi - - # check - if [ "z$expected_res" = "z$actual_res" ] ; then - echo " OK" - else - echo " Fail" - fi - - # memlog - if [ -f .memdump ] ; then - cat .memdump >> $logfile - fi -} - -# -# Keys Manager test function -# -execKeysTest() { - expected_res="$1" - req_key_data="$2" - key_name="$3" - alg_name="$4" - - # prepare - rm -f $tmpfile - old_pwd=`pwd` - - # check params - if [ "z$expected_res" != "z$res_success" -a "z$expected_res" != "z$res_fail" ] ; then - echo " Bad parameter: expected_res=$expected_res" - cd $old_pwd - return - fi - echo "Test: $alg_name ($expected_res)" - - # check key data - if [ -n "$req_key_data" ] ; then - printf " Checking required key data " - echo "$xmlsec_app check-key-data $xmlsec_params $req_key_data" >> $logfile - $xmlsec_app check-key-data $xmlsec_params $req_key_data >> $logfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - echo " OK" - else - echo " Skip" - return - fi - fi - - # run tests - printf " Creating new key " - params="--gen-key:$key_name $alg_name" - if [ -f $keysfile ] ; then - params="$params --keys-file $keysfile" - fi - echo "$xmlsec_app keys $params $xmlsec_params $keysfile" >> $logfile - $VALGRIND $xmlsec_app keys $params $xmlsec_params $keysfile >> $logfile 2>> $logfile - printRes $expected_res $? - - # cleanup - cd $old_pwd - rm -f $tmpfile -} - -# -# DSig test function -# -execDSigTest() { - expected_res="$1" - folder="$2" - filename="$3" - req_transforms="$4" - req_key_data="$5" - params1="$6" - params2="$7" - params3="$8" - - # prepare - rm -f $tmpfile - old_pwd=`pwd` - - # check params - if [ "z$expected_res" != "z$res_success" -a "z$expected_res" != "z$res_fail" ] ; then - echo " Bad parameter: expected_res=$expected_res" - cd $old_pwd - return - fi - if [ -n "$folder" ] ; then - cd $topfolder/$folder - full_file=$filename - echo $folder/$filename - echo "Test: $folder/$filename in folder " `pwd` " ($expected_res)" >> $logfile - else - full_file=$topfolder/$filename - echo $filename - echo "Test: $folder/$filename ($expected_res)" >> $logfile - fi - - # check transforms - if [ -n "$req_transforms" ] ; then - printf " Checking required transforms " - echo "$xmlsec_app check-transforms $xmlsec_params $req_transforms" >> $logfile - $xmlsec_app check-transforms $xmlsec_params $req_transforms >> $logfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - echo " OK" - else - echo " Skip" - cd $old_pwd - return - fi - fi - - # check key data - if [ -n "$req_key_data" ] ; then - printf " Checking required key data " - echo "$xmlsec_app check-key-data $xmlsec_params $req_key_data" >> $logfile - $xmlsec_app check-key-data $xmlsec_params $req_key_data >> $logfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - echo " OK" - else - echo "Skip" - return - fi - fi - - # run tests - if [ -n "$params1" ] ; then - printf " Verify existing signature " - echo "$xmlsec_app verify $xmlsec_params $params1 $full_file.xml" >> $logfile - $VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml >> $logfile 2>> $logfile - printRes $expected_res $? - fi - - if [ -n "$params2" -a -z "$PERF_TEST" ] ; then - printf " Create new signature " - echo "$xmlsec_app sign $xmlsec_params $params2 --output $tmpfile $full_file.tmpl" >> $logfile - $VALGRIND $xmlsec_app sign $xmlsec_params $params2 --output $tmpfile $full_file.tmpl >> $logfile 2>> $logfile - printRes $expected_res $? - fi - - if [ -n "$params3" -a -z "$PERF_TEST" ] ; then - printf " Verify new signature " - echo "$xmlsec_app verify $xmlsec_params $params3 $tmpfile" >> $logfile - $VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile >> $logfile 2>> $logfile - printRes $expected_res $? - fi - - # cleanup - cd $old_pwd - rm -f $tmpfile -} - -# -# Enc test function -# -execEncTest() { - expected_res="$1" - folder="$2" - filename="$3" - req_transforms="$4" - params1="$5" - params2="$6" - params3="$7" - - # prepare - rm -f $tmpfile $tmpfile.2 - old_pwd=`pwd` - - # check params - if [ "z$expected_res" != "z$res_success" -a "z$expected_res" != "z$res_fail" ] ; then - echo " Bad parameter: expected_res=$expected_res" - cd $old_pwd - return - fi - if [ -n "$folder" ] ; then - cd $topfolder/$folder - full_file=$filename - echo $folder/$filename - echo "Test: $folder/$filename in folder " `pwd` " ($expected_res)" >> $logfile - else - full_file=$topfolder/$filename - echo $filename - echo "Test: $folder/$filename ($expected_res)" >> $logfile - fi - - # check transforms - if [ -n "$req_transforms" ] ; then - printf " Checking required transforms " - echo "$xmlsec_app check-transforms $xmlsec_params $req_transforms" >> $logfile - $xmlsec_app check-transforms $xmlsec_params $req_transforms >> $logfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - echo " OK" - else - echo " Skip" - return - fi - fi - - # run tests - if [ -n "$params1" ] ; then - rm -f $tmpfile - printf " Decrypt existing document " - echo "$xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >> $logfile - $VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml > $tmpfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - diff $diff_param $full_file.data $tmpfile >> $logfile 2>> $logfile - printRes $expected_res $? - else - printRes $expected_res $res - fi - fi - - if [ -n "$params2" -a -z "$PERF_TEST" ] ; then - rm -f $tmpfile - printf " Encrypt document " - echo "$xmlsec_app encrypt $xmlsec_params $params2 --output $tmpfile $full_file.tmpl" >> $logfile - $VALGRIND $xmlsec_app encrypt $xmlsec_params $params2 --output $tmpfile $full_file.tmpl >> $logfile 2>> $logfile - printRes $expected_res $? - fi - - if [ -n "$params3" -a -z "$PERF_TEST" ] ; then - rm -f $tmpfile.2 - printf " Decrypt new document " - echo "$xmlsec_app decrypt $xmlsec_params $params3 --output $tmpfile.2 $tmpfile" >> $logfile - $VALGRIND $xmlsec_app decrypt $xmlsec_params $params3 --output $tmpfile.2 $tmpfile >> $logfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - diff $diff_param $full_file.data $tmpfile.2 >> $logfile 2>> $logfile - printRes $expected_res $? - else - printRes $expected_res $res - fi - fi - - # cleanup - cd $old_pwd - rm -f $tmpfile $tmpfile.2 -} - -execXkmsServerRequestTest() { - expected_res="$1" - folder="$2" - filename="$3" - req_transforms="$4" - response="$5" - params1="$6" - - # prepare - rm -f $tmpfile $tmpfile.2 tmpfile.3 - old_pwd=`pwd` - - # check params - if [ "z$expected_res" != "z$res_success" -a "z$expected_res" != "z$res_fail" ] ; then - echo " Bad parameter: expected_res=$expected_res" - cd $old_pwd - return - fi - if [ -n "$folder" ] ; then - cd $topfolder/$folder - full_file=$filename - full_resfile=$filename-$response - echo "$folder/$filename ($response)" - echo "Test: $folder/$filename in folder " `pwd` " $response ($expected_res)" >> $logfile - else - full_file=$topfolder/$filename - full_resfile=$topfolder/$filename-$response - echo "$filename ($response)" - echo "Test: $folder/$filename $response ($expected_res)" >> $logfile - fi - - # check transforms - if [ -n "$req_transforms" ] ; then - printf " Checking required transforms " - echo "$xmlsec_app check-transforms $xmlsec_params $req_transforms" >> $logfile - $xmlsec_app check-transforms $xmlsec_params $req_transforms >> $logfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - echo " OK" - else - echo " Skip" - return - fi - fi - - # run tests - if [ -n "$params1" ] ; then - printf " Processing xkms request " - echo "$xmlsec_app --xkms-server-request --output $tmpfile $xmlsec_params $params1 $full_file.xml" >> $logfile - $VALGRIND $xmlsec_app --xkms-server-request --output $tmpfile $xmlsec_params $params1 $full_file.xml >> $logfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - # cleanup Id attribute because it is generated every time - sed 's/ Id="[^\"]*"/ Id=""/g' $full_resfile > $tmpfile.2 - sed 's/ Id="[^\"]*"/ Id=""/g' $tmpfile > $tmpfile.3 - diff $tmpfile.2 $tmpfile.3 >> $logfile 2>> $logfile - printRes $expected_res $? - else - printRes $expected_res $res - fi - fi - - # cleanup - cd $old_pwd - rm -f $tmpfile $tmpfile.2 tmpfile.3 -} - - -# prepare -rm -rf $tmpfile $tmpfile.2 tmpfile.3 - -# run tests -source "$testfile" - -# cleanup -rm -rf $tmpfile $tmpfile.2 tmpfile.3 - |