summaryrefslogtreecommitdiff
path: root/tests/testDSig.sh
diff options
context:
space:
mode:
Diffstat (limited to 'tests/testDSig.sh')
-rwxr-xr-xtests/testDSig.sh875
1 files changed, 875 insertions, 0 deletions
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
new file mode 100755
index 00000000..2ef9bc73
--- /dev/null
+++ b/tests/testDSig.sh
@@ -0,0 +1,875 @@
+#!/bin/sh
+#
+# This script needs to be called from testrun.sh script
+#
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testDSig started for xmlsec-$crypto library ($timestamp)"
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
+echo "--- log file is $logfile"
+echo "--- testDSig started for xmlsec-$crypto library ($timestamp)" >> $logfile
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Positive Testing ----------"
+
+##########################################################################
+#
+# xmldsig2ed-tests
+#
+# http://www.w3.org/TR/xmldsig2ed-tests/
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "defCan-1" \
+ "c14n11 sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "defCan-2" \
+ "c14n11 xslt xpath sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+#
+# differences in XSLT transform output, tbd
+#
+# execDSigTest $res_success \
+# "xmldsig2ed-tests" \
+# "defCan-3" \
+# "c14n11 xslt xpath sha1 hmac-sha1" \
+# "hmac" \
+# "--hmackey $topfolder/keys/hmackey.bin" \
+# "--hmackey $topfolder/keys/hmackey.bin" \
+# "--hmackey $topfolder/keys/hmackey.bin"
+#
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-1-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-2-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-3-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-4-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-5-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-6-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+##########################################################################
+#
+# aleksey-xmldsig-01
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-dsa-x509chain" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-rsa-x509chain" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-md5-hmac-md5" \
+ "md5 hmac-md5" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-md5-hmac-md5-64" \
+ "md5 hmac-md5" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160" \
+ "ripemd160 hmac-ripemd160" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64" \
+ "ripemd160 hmac-ripemd160" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/xpointer-hmac" \
+ "xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224" \
+ "sha224 hmac-sha224" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64" \
+ "sha224 hmac-sha224" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256" \
+ "sha256 hmac-sha256" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64" \
+ "sha256 hmac-sha256" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384" \
+ "sha384 hmac-sha384" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64" \
+ "sha384 hmac-sha384" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512" \
+ "sha512 hmac-sha512" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64" \
+ "sha512 hmac-sha512" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-md5-rsa-md5" \
+ "md5 rsa-md5" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160" \
+ "ripemd160 rsa-ripemd160" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha1-rsa-sha1" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha224-rsa-sha224" \
+ "sha224 rsa-sha224" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-rsa-sha256" \
+ "sha256 rsa-sha256" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha384-rsa-sha384" \
+ "sha384 rsa-sha384" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha512-rsa-sha512" \
+ "sha512 rsa-sha512" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+#
+# To generate expired cert run the following command
+# > xmlsec1 sign --pkcs12 tests/keys/expiredkey.p12 --pwd secret --output out.xml ./tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl
+#
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-expired-cert" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509 --verification-time 2005-07-10+10:00:00"
+
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/dtd-hmac-91" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \
+ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \
+ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/x509data-test" \
+ "xpath2 sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/x509data-sn-test" \
+ "xpath2 sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509"
+
+##########################################################################
+#
+# merlin-xmldsig-twenty-three
+#
+##########################################################################
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloped-dsa" \
+ "enveloped-signature sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-dsa" \
+ "sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa" \
+ "base64 sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-rsa" \
+ "sha1 rsa-sha1" \
+ "rsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-external-b64-dsa" \
+ "base64 sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-external-dsa" \
+ "sha1 dsa-sha1" \
+ "dsa" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-keyname" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-crt" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-sn" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-is" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-ski" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature" \
+ "base64 xpath enveloped-signature c14n-with-comments sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
+
+
+##########################################################################
+#
+# merlin-xmlenc-five
+#
+# While the main operation is signature (and this is why we have these
+# tests here instead of testEnc.sh), these tests check the encryption
+# key transport/wrapper algorightms
+#
+##########################################################################
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \
+ "ripemd160 hmac-ripemd160 kw-tripledes" \
+ "hmac des" \
+ "" \
+ "--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \
+ "sha256 hmac-sha256 kw-aes128" \
+ "hmac aes" \
+ ""
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \
+ "sha384 hmac-sha384 kw-aes192" \
+ "hmac aes" \
+ ""
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \
+ "sha512 hmac-sha512 kw-aes256" \
+ "hmac aes" \
+ ""
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \
+ "sha1 hmac-sha256 rsa-1_5" \
+ "hmac rsa" \
+ ""
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \
+ "sha1 hmac-sha256 rsa-oaep-mgf1p" \
+ "hmac rsa" \
+ ""
+
+
+
+##########################################################################
+#
+# merlin-exc-c14n-one
+#
+##########################################################################
+execDSigTest $res_success \
+ "" \
+ "merlin-exc-c14n-one/exc-signature" \
+ "exc-c14n sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-exc-c14n-one/exc-signature" \
+ "exc-c14n sha1 dsa-sha1" \
+ "dsa" \
+ " "
+
+##########################################################################
+#
+# merlin-c14n-three
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "" \
+ "merlin-c14n-three/signature" \
+ "c14n c14n-with-comments exc-c14n exc-c14n-with-comments xpath sha1 dsa-sha1" \
+ "dsa" \
+ " "
+
+##########################################################################
+#
+# merlin-xpath-filter2-three
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xpath-filter2-three/sign-xfdl" \
+ "enveloped-signature xpath2 sha1 dsa-sha1" \
+ "dsa" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xpath-filter2-three/sign-spec" \
+ "enveloped-signature xpath2 sha1 dsa-sha1" \
+ "dsa" \
+ " "
+##########################################################################
+#
+# phaos-xmldsig-three
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-big" \
+ "base64 xslt xpath sha1 rsa-sha1" \
+ "rsa x509" \
+ "--pubkey-cert-$cert_format certs/rsa-cert.$cert_format"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-detached" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-enveloped" \
+ "enveloped-signature sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-enveloping" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-manifest" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-md5-c14n-enveloping" \
+ "md5 hmac-md5" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-40-c14n-comments-detached" \
+ "c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-40-exclusive-c14n-comments-detached" \
+ "exc-c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-exclusive-c14n-comments-detached" \
+ "exc-c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-exclusive-c14n-enveloped" \
+ "enveloped-signature exc-c14n sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-b64-transform" \
+ "base64 sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xpath-transform" \
+ "xpath sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xslt-transform-retrieval-method" \
+ "xslt sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xslt-transform" \
+ "xslt sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped" \
+ "enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloping" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-cert-chain" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-cert" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-issuer-serial" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-ski" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-subject-name" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-xpath-transform-enveloped" \
+ "enveloped-signature xpath sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+
+##########################################################################
+#
+# test dynamic signature
+#
+##########################################################################
+echo "Dynamic signature template"
+printf " Create new signature "
+echo "$xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
+$VALGRIND $xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile >> $logfile 2>> $logfile
+printRes $res_success $?
+printf " Verify new signature "
+echo "$xmlsec_app verify --keys-file $keysfile $tmpfile" >> $logfile
+$VALGRIND $xmlsec_app verify $xmlsec_params --keys-file $keysfile $tmpfile >> $logfile 2>> $logfile
+printRes $res_success $?
+
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- These tests CAN FAIL (extra OS config required) ----------"
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloped-gost" \
+ "enveloped-signature gostr34102001-gostr3411 gostr3411" \
+ "gost" \
+ "--trusted-$cert_format $topfolder/keys/gost2001ca.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --enabled-key-data x509" \
+ "" \
+ ""
+
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Negative Testing ----------"
+execDSigTest $res_fail \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format"
+
+execDSigTest $res_fail \
+ "" \
+ "aleksey-xmldsig-01/enveloping-expired-cert" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_fail \
+ "" \
+ "aleksey-xmldsig-01/dtd-hmac-91" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--enabled-reference-uris empty --hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd"
+
+execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xslt-transform-bad-retrieval-method" \
+ "xslt sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+
+execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped-bad-digest-val" \
+ "enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+
+execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped-bad-sig" \
+ "enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+
+execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-crl" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testDSig finished" >> $logfile
+echo "--- testDSig finished"
+echo "--- detailed log is written to $logfile"
+