diff options
Diffstat (limited to 'tests/testDSig.sh')
-rwxr-xr-x | tests/testDSig.sh | 845 |
1 files changed, 516 insertions, 329 deletions
diff --git a/tests/testDSig.sh b/tests/testDSig.sh index 1f86f8e1..b8d85aa8 100755 --- a/tests/testDSig.sh +++ b/tests/testDSig.sh @@ -1,136 +1,23 @@ -#!/bin/sh - -OS_ARCH=`uname -o` - -if [ "z$OS_ARCH" = "zCygwin" ] ; then - topfolder=`cygpath -wa $2` - xmlsec_app=`cygpath -a $3` -else - topfolder=$2 - xmlsec_app=$3 -fi -crypto=$1 -file_format=$4 - -pub_key_format=$file_format -cert_format=$file_format -priv_key_option="--pkcs12" -priv_key_format="p12" - -if [ "z$TMPFOLDER" = "z" ] ; then - TMPFOLDER=/tmp -fi -timestamp=`date +%Y%m%d_%H%M%S` -if [ "z$OS_ARCH" = "zCygwin" ] ; then - tmpfile=`cygpath -wa $TMPFOLDER/testDSig.$timestamp-$$.tmp` - logfile=`cygpath -wa $TMPFOLDER/testDSig.$timestamp-$$.log` -else - tmpfile=$TMPFOLDER/testDSig.$timestamp-$$.tmp - logfile=$TMPFOLDER/testDSig.$timestamp-$$.log -fi - -script="$0" - -# prepate crypto config folder -crypto_config=$TMPFOLDER/xmlsec-crypto-config -keysfile=$crypto_config/keys.xml - -valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp" -valgrind_options="--leak-check=yes --show-reachable=yes --num-callers=32 -v" - -if [ "z$crypto" != "z" -a "z$crypto" != "zdefault" ] ; then - xmlsec_params="$xmlsec_params --crypto $crypto" -fi -xmlsec_params="$xmlsec_params --crypto-config $crypto_config" - -if [ -n "$DEBUG_MEMORY" ] ; then - export VALGRIND="valgrind $valgrind_options" - export REPEAT=3 - xmlsec_params="$xmlsec_params --repeat $REPEAT" -fi - -if [ -n "$PERF_TEST" ] ; then - xmlsec_params="$xmlsec_params --repeat $PERF_TEST" -fi - -printRes() { - if [ $1 = 0 ]; then - echo " OK" - else - echo " Fail" - fi - if [ -f .memdump ] ; then - cat .memdump >> $logfile - fi -} - -execDSigTest() { - folder=$1 - file=$2 - req_transforms=$3 - params1=$4 - params2=$5 - params3=$6 - old_pwd=`pwd` - rm -f $tmpfile - - if [ -n "$folder" ] ; then - cd $topfolder/$folder - full_file=$file - echo $folder/$file - echo "Test: $folder/$file in folder " `pwd` >> $logfile - else - full_file=$topfolder/$file - echo $file - echo "Test: $folder/$file" >> $logfile - fi - - if [ -n "$req_transforms" ] ; then - printf " Checking required transforms " - echo "$xmlsec_app check-transforms $req_transforms" >> $logfile - $xmlsec_app check-transforms $req_transforms >> $logfile 2>> $logfile - res=$? - if [ $res = 0 ]; then - echo " OK" - else - echo " Skip" - cd $old_pwd - return - fi - fi - - - printf " Verify existing signature " - echo "$xmlsec_app verify $xmlsec_params $params1 $full_file.xml" >> $logfile - $VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml >> $logfile 2>> $logfile - printRes $? - - if [ -n "$params2" -a -z "$PERF_TEST" ] ; then - printf " Create new signature " - echo "$xmlsec_app sign $xmlsec_params $params2 --output $tmpfile $full_file.tmpl" >> $logfile - $VALGRIND $xmlsec_app sign $xmlsec_params $params2 --output $tmpfile $full_file.tmpl >> $logfile 2>> $logfile - printRes $? - - if [ -n "$params3" ] ; then - if [ -z "$VALGRIND" ] ; then - printf " Verify new signature " - echo "$xmlsec_app verify $xmlsec_params $params3 $tmpfile" >> $logfile - $VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile >> $logfile 2>> $logfile - printRes $? - fi - fi - fi - - cd $old_pwd -} - -echo "--- testDSig started for xmlsec-$crypto library ($timestamp)" +#!/bin/sh +# +# This script needs to be called from testrun.sh script +# + +########################################################################## +########################################################################## +########################################################################## +echo "--- testDSig started for xmlsec-$crypto library ($timestamp)" echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" echo "--- log file is $logfile" echo "--- testDSig started for xmlsec-$crypto library ($timestamp)" >> $logfile echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile ########################################################################## +########################################################################## +########################################################################## +echo "--------- Positive Testing ----------" + +########################################################################## # # xmldsig2ed-tests # @@ -138,50 +25,77 @@ echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile # ########################################################################## -execDSigTest "xmldsig2ed-tests" "defCan-1" \ +execDSigTest $res_success \ + "xmldsig2ed-tests" \ + "defCan-1" \ "c14n11 sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "xmldsig2ed-tests" "defCan-2" \ +execDSigTest $res_success \ + "xmldsig2ed-tests" \ + "defCan-2" \ "c14n11 xslt xpath sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" # # differences in XSLT transform output, tbd -# -# execDSigTest "xmldsig2ed-tests" "defCan-3" \ -# "c14n11 xslt xpath sha1 hmac-sha1" \ -# "--hmackey $topfolder/keys/hmackey.bin" \ -# "--hmackey $topfolder/keys/hmackey.bin" \ -# "--hmackey $topfolder/keys/hmackey.bin" -# - -execDSigTest "xmldsig2ed-tests" "xpointer-1-SUN" \ - "c14n11 xpointer sha1 hmac-sha1" \ - "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest "xmldsig2ed-tests" "xpointer-2-SUN" \ - "c14n11 xpointer sha1 hmac-sha1" \ - "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest "xmldsig2ed-tests" "xpointer-3-SUN" \ - "c14n11 xpointer sha1 hmac-sha1" \ - "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest "xmldsig2ed-tests" "xpointer-4-SUN" \ - "c14n11 xpointer sha1 hmac-sha1" \ - "--hmackey $topfolder/keys/hmackey.bin" +# +# execDSigTest $res_success \ +# "xmldsig2ed-tests" \ +# "defCan-3" \ +# "c14n11 xslt xpath sha1 hmac-sha1" \ +# "hmac" \ +# "--hmackey $topfolder/keys/hmackey.bin" \ +# "--hmackey $topfolder/keys/hmackey.bin" \ +# "--hmackey $topfolder/keys/hmackey.bin" +# -execDSigTest "xmldsig2ed-tests" "xpointer-5-SUN" \ +execDSigTest $res_success \ + "xmldsig2ed-tests" \ + "xpointer-1-SUN" \ + "c14n11 xpointer sha1 hmac-sha1" \ + "hmac" \ + "--hmackey $topfolder/keys/hmackey.bin" + +execDSigTest $res_success \ + "xmldsig2ed-tests" \ + "xpointer-2-SUN" \ + "c14n11 xpointer sha1 hmac-sha1" \ + "hmac" \ + "--hmackey $topfolder/keys/hmackey.bin" + +execDSigTest $res_success \ + "xmldsig2ed-tests" \ + "xpointer-3-SUN" \ + "c14n11 xpointer sha1 hmac-sha1" \ + "hmac" \ + "--hmackey $topfolder/keys/hmackey.bin" + +execDSigTest $res_success \ + "xmldsig2ed-tests" \ + "xpointer-4-SUN" \ + "c14n11 xpointer sha1 hmac-sha1" \ + "hmac" \ + "--hmackey $topfolder/keys/hmackey.bin" + +execDSigTest $res_success \ + "xmldsig2ed-tests" \ + "xpointer-5-SUN" \ "c14n11 xpointer sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "xmldsig2ed-tests" "xpointer-6-SUN" \ +execDSigTest $res_success \ + "xmldsig2ed-tests" \ + "xpointer-6-SUN" \ "c14n11 xpointer sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" ########################################################################## @@ -190,175 +104,259 @@ execDSigTest "xmldsig2ed-tests" "xpointer-6-SUN" \ # ########################################################################## -execDSigTest "" "aleksey-xmldsig-01/enveloping-dsa-x509chain" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-dsa-x509chain" \ "sha1 dsa-sha1" \ + "dsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/enveloping-rsa-x509chain" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-rsa-x509chain" \ "sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/enveloping-md5-hmac-md5" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-md5-hmac-md5" \ "md5 hmac-md5" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-md5-hmac-md5-64" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-md5-hmac-md5-64" \ "md5 hmac-md5" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160" \ "ripemd160 hmac-ripemd160" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64" \ "ripemd160 hmac-ripemd160" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/xpointer-hmac" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/xpointer-hmac" \ "xpointer sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1" \ "sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64" \ "sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224" \ "sha224 hmac-sha224" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64" \ "sha224 hmac-sha224" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256" \ "sha256 hmac-sha256" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64" \ "sha256 hmac-sha256" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384" \ "sha384 hmac-sha384" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64" \ "sha384 hmac-sha384" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512" \ "sha512 hmac-sha512" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64" \ "sha512 hmac-sha512" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ - "--hmackey $topfolder/keys/hmackey.bin" + "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "aleksey-xmldsig-01/enveloping-md5-rsa-md5" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-md5-rsa-md5" \ "md5 rsa-md5" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160" \ "ripemd160 rsa-ripemd160" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha1-rsa-sha1" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha1-rsa-sha1" \ "sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha224-rsa-sha224" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha224-rsa-sha224" \ "sha224 rsa-sha224" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha256-rsa-sha256" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha256-rsa-sha256" \ "sha256 rsa-sha256" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha384-rsa-sha384" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha384-rsa-sha384" \ "sha384 rsa-sha384" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/largersakey.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/enveloping-sha512-rsa-sha512" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-sha512-rsa-sha512" \ "sha512 rsa-sha512" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option $topfolder/keys/largersakey.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" # # To generate expired cert run the following command # > xmlsec1 sign --pkcs12 tests/keys/expiredkey.p12 --pwd secret --output out.xml ./tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl # -execDSigTest "" "aleksey-xmldsig-01/enveloping-expired-cert" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloping-expired-cert" \ "sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509 --verification-time 2005-07-10+10:00:00" -execDSigTest "" "aleksey-xmldsig-01/dtd-hmac-91" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/dtd-hmac-91" \ "sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" -execDSigTest "" "aleksey-xmldsig-01/x509data-test" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/x509data-test" \ "xpath2 sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" \ - "$priv_key_option tests/keys/rsakey.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest "" "aleksey-xmldsig-01/x509data-sn-test" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/x509data-sn-test" \ "xpath2 sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509" \ - "$priv_key_option tests/keys/rsakey.$priv_key_format --pwd secret" \ + "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509" ########################################################################## @@ -366,138 +364,216 @@ execDSigTest "" "aleksey-xmldsig-01/x509data-sn-test" \ # merlin-xmldsig-twenty-three # ########################################################################## - -execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloped-dsa" \ +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-enveloped-dsa" \ "enveloped-signature sha1 dsa-sha1" \ + "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-dsa" \ + " " + +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-enveloping-dsa" \ "sha1 dsa-sha1" \ + "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa" \ + " " + +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa" \ "base64 sha1 dsa-sha1" \ + "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40" \ + " " + +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40" \ "sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" - -execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1" \ + +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1" \ "sha1 hmac-sha1" \ + "hmac" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" \ "--hmackey $topfolder/keys/hmackey.bin" -execDSigTest "" "merlin-xmldsig-twenty-three/signature-enveloping-rsa" \ +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-enveloping-rsa" \ "sha1 rsa-sha1" \ + "rsa" \ " " \ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest "" "merlin-xmldsig-twenty-three/signature-external-b64-dsa" \ + " " + +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-external-b64-dsa" \ "base64 sha1 dsa-sha1" \ + "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest "" "merlin-xmldsig-twenty-three/signature-external-dsa" \ + " " + +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-external-dsa" \ "sha1 dsa-sha1" \ - " " \ + "dsa" \ + "" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " + " " -execDSigTest "" "merlin-xmldsig-twenty-three/signature-keyname" \ +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-keyname" \ "sha1 dsa-sha1" \ - "--pubkey-cert-$cert_format:Lugh $topfolder/merlin-xmldsig-twenty-three/certs/lugh-cert.$cert_format" \ + "dsa x509" \ + "" \ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret" -execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-crt" \ +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-x509-crt" \ "sha1 dsa-sha1" \ - "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format" \ + "dsa x509" \ + "" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-sn" \ +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-x509-sn" \ "sha1 dsa-sha1" \ - "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/badb.$cert_format" \ + "dsa x509" \ + "" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-is" \ +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-x509-is" \ "sha1 dsa-sha1" \ - "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/macha.$cert_format" \ + "dsa x509" \ + "" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-ski" \ +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-x509-ski" \ "sha1 dsa-sha1" \ - "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format" \ + "dsa x509" \ + "" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" -execDSigTest "" "merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \ +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \ "sha1 dsa-sha1" \ - "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format" \ + "dsa x509" \ + "" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format" - -execDSigTest "" "merlin-xmldsig-twenty-three/signature" \ + +execDSigTest $res_success \ + "" \ + "merlin-xmldsig-twenty-three/signature" \ "base64 xpath enveloped-signature c14n-with-comments sha1 dsa-sha1" \ - "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/merlin.$cert_format" \ + "dsa x509" \ + "" \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format" + ########################################################################## # # merlin-xmlenc-five # +# While the main operation is signature (and this is why we have these +# tests here instead of testEnc.sh), these tests check the encryption +# key transport/wrapper algorightms +# ########################################################################## - -execDSigTest "" "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \ +execDSigTest $res_success \ + "" \ + "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \ "ripemd160 hmac-ripemd160 kw-tripledes" \ - "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ + "hmac des" \ + "" \ "--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml" \ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" -execDSigTest "" "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \ +execDSigTest $res_success \ + "" \ + "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \ "sha256 hmac-sha256 kw-aes128" \ - "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" + "hmac aes" \ + "" -execDSigTest "" "merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \ +execDSigTest $res_success \ + "" \ + "merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \ "sha384 hmac-sha384 kw-aes192" \ - "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" + "hmac aes" \ + "" -execDSigTest "" "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \ +execDSigTest $res_success \ + "" \ + "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \ "sha512 hmac-sha512 kw-aes256" \ - "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" + "hmac aes" \ + "" + +execDSigTest $res_success \ + "" \ + "merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \ + "sha1 hmac-sha256 rsa-1_5" \ + "hmac rsa" \ + "" + +execDSigTest $res_success \ + "" \ + "merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \ + "sha1 hmac-sha256 rsa-oaep-mgf1p" \ + "hmac rsa" \ + "" + -#merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5.xml -#merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p.xml ########################################################################## # # merlin-exc-c14n-one # ########################################################################## - -execDSigTest "" "merlin-exc-c14n-one/exc-signature" \ +execDSigTest $res_success \ + "" \ + "merlin-exc-c14n-one/exc-signature" \ "exc-c14n sha1 dsa-sha1" \ + "dsa" \ " " \ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \ - " " - -execDSigTest "" "merlin-exc-c14n-one/exc-signature" \ + " " + +execDSigTest $res_success \ + "" \ + "merlin-exc-c14n-one/exc-signature" \ "exc-c14n sha1 dsa-sha1" \ + "dsa" \ " " ########################################################################## @@ -505,125 +581,206 @@ execDSigTest "" "merlin-exc-c14n-one/exc-signature" \ # merlin-c14n-three # ########################################################################## - -execDSigTest "" "merlin-c14n-three/signature" \ + +execDSigTest $res_success \ + "" \ + "merlin-c14n-three/signature" \ "c14n c14n-with-comments exc-c14n exc-c14n-with-comments xpath sha1 dsa-sha1" \ + "dsa" \ " " - + ########################################################################## # # merlin-xpath-filter2-three # ########################################################################## -execDSigTest "" "merlin-xpath-filter2-three/sign-xfdl" \ +execDSigTest $res_success \ + "" \ + "merlin-xpath-filter2-three/sign-xfdl" \ "enveloped-signature xpath2 sha1 dsa-sha1" \ - "" + "dsa" \ + " " -execDSigTest "" "merlin-xpath-filter2-three/sign-spec" \ +execDSigTest $res_success \ + "" \ + "merlin-xpath-filter2-three/sign-spec" \ "enveloped-signature xpath2 sha1 dsa-sha1" \ - "" + "dsa" \ + " " ########################################################################## # # phaos-xmldsig-three # ########################################################################## -execDSigTest "phaos-xmldsig-three" "signature-big" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-big" \ "base64 xslt xpath sha1 rsa-sha1" \ + "rsa x509" \ "--pubkey-cert-$cert_format certs/rsa-cert.$cert_format" -execDSigTest "phaos-xmldsig-three" "signature-dsa-detached" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-dsa-detached" \ "sha1 dsa-sha1" \ - "--trusted-$cert_format certs/dsa-ca-cert.$cert_format" + "dsa x509" \ + "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-dsa-enveloped" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-dsa-enveloped" \ "enveloped-signature sha1 dsa-sha1" \ - "--trusted-$cert_format certs/dsa-ca-cert.$cert_format" - -execDSigTest "phaos-xmldsig-three" "signature-dsa-enveloping" \ + "dsa x509" \ + "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" + +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-dsa-enveloping" \ "sha1 dsa-sha1" \ - "--trusted-$cert_format certs/dsa-ca-cert.$cert_format" + "dsa x509" \ + "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-dsa-manifest" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-dsa-manifest" \ "sha1 dsa-sha1" \ - "--trusted-$cert_format certs/dsa-ca-cert.$cert_format" + "dsa x509" \ + "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-hmac-md5-c14n-enveloping" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-hmac-md5-c14n-enveloping" \ "md5 hmac-md5" \ + "hmac" \ "--hmackey certs/hmackey.bin" - -execDSigTest "phaos-xmldsig-three" "signature-hmac-sha1-40-c14n-comments-detached" \ + +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-hmac-sha1-40-c14n-comments-detached" \ "c14n-with-comments sha1 hmac-sha1" \ + "hmac" \ "--hmackey certs/hmackey.bin" - -execDSigTest "phaos-xmldsig-three" "signature-hmac-sha1-40-exclusive-c14n-comments-detached" \ + +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-hmac-sha1-40-exclusive-c14n-comments-detached" \ "exc-c14n-with-comments sha1 hmac-sha1" \ + "hmac" \ "--hmackey certs/hmackey.bin" - -execDSigTest "phaos-xmldsig-three" "signature-hmac-sha1-exclusive-c14n-comments-detached" \ + +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-hmac-sha1-exclusive-c14n-comments-detached" \ "exc-c14n-with-comments sha1 hmac-sha1" \ + "hmac" \ "--hmackey certs/hmackey.bin" - -execDSigTest "phaos-xmldsig-three" "signature-hmac-sha1-exclusive-c14n-enveloped" \ + +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-hmac-sha1-exclusive-c14n-enveloped" \ "enveloped-signature exc-c14n sha1 hmac-sha1" \ + "hmac" \ "--hmackey certs/hmackey.bin" -execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-b64-transform" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached-b64-transform" \ "base64 sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-detached" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached" \ "sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-xpath-transform" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached-xpath-transform" \ "xpath sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-xslt-transform-retrieval-method" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached-xslt-transform-retrieval-method" \ "xslt sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-xslt-transform" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached-xslt-transform" \ "xslt sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-enveloped" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-enveloped" \ "enveloped-signature sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-enveloping" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-enveloping" \ "sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-cert-chain" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-cert-chain" \ "sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-cert" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-cert" \ "sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-issuer-serial" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-issuer-serial" \ "sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-ski" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-ski" \ "sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-subject-name" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-subject-name" \ "sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest" \ "sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" -execDSigTest "phaos-xmldsig-three" "signature-rsa-xpath-transform-enveloped" \ +execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-xpath-transform-enveloped" \ "enveloped-signature xpath sha1 rsa-sha1" \ - "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" + "rsa x509" \ + "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" ########################################################################## @@ -631,58 +788,88 @@ execDSigTest "phaos-xmldsig-three" "signature-rsa-xpath-transform-enveloped" \ # test dynamic signature # ########################################################################## - echo "Dynamic signature template" printf " Create new signature " echo "$xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile $VALGRIND $xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile >> $logfile 2>> $logfile -printRes $? +printRes $res_success $? printf " Verify new signature " echo "$xmlsec_app verify --keys-file $keysfile $tmpfile" >> $logfile $VALGRIND $xmlsec_app verify $xmlsec_params --keys-file $keysfile $tmpfile >> $logfile 2>> $logfile -printRes $? +printRes $res_success $? +########################################################################## +########################################################################## +########################################################################## echo "--------- These tests CAN FAIL (extra OS config required) ----------" -execDSigTest "" "aleksey-xmldsig-01/enveloped-gost" \ - "enveloped-signature gostr34102001-gostr3411 gostr3411" \ - "--trusted-$cert_format $topfolder/keys/gost2001ca.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --enabled-key-data x509" \ +execDSigTest $res_success \ + "" \ + "aleksey-xmldsig-01/enveloped-gost" \ + "enveloped-signature gostr3411" \ + "gost2001" \ + "--trusted-$cert_format $topfolder/keys/gost2001ca.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --enabled-key-data x509 --verification-time 2007-01-01+10:00:00" \ "" \ "" -echo "--------- Negative Testing: next test MUST FAIL ----------" -execDSigTest "" "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \ +########################################################################## +########################################################################## +########################################################################## +echo "--------- Negative Testing ----------" +execDSigTest $res_fail \ + "" \ + "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \ "sha1 rsa-sha1" \ + "rsa x509" \ "--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format" -execDSigTest "" "aleksey-xmldsig-01/enveloping-expired-cert" \ +execDSigTest $res_fail \ + "" \ + "aleksey-xmldsig-01/enveloping-expired-cert" \ "sha1 dsa-sha1" \ + "dsa x509" \ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" -execDSigTest "" "aleksey-xmldsig-01/dtd-hmac-91" \ +execDSigTest $res_fail \ + "" \ + "aleksey-xmldsig-01/dtd-hmac-91" \ "sha1 hmac-sha1" \ + "hmac" \ "--enabled-reference-uris empty --hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" -execDSigTest "phaos-xmldsig-three" "signature-rsa-detached-xslt-transform-bad-retrieval-method" \ +execDSigTest $res_fail \ + "phaos-xmldsig-three" \ + "signature-rsa-detached-xslt-transform-bad-retrieval-method" \ "xslt sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest "phaos-xmldsig-three" "signature-rsa-enveloped-bad-digest-val" \ +execDSigTest $res_fail \ + "phaos-xmldsig-three" \ + "signature-rsa-enveloped-bad-digest-val" \ "enveloped-signature sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest "phaos-xmldsig-three" "signature-rsa-enveloped-bad-sig" \ +execDSigTest $res_fail \ + "phaos-xmldsig-three" \ + "signature-rsa-enveloped-bad-sig" \ "enveloped-signature sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -execDSigTest "phaos-xmldsig-three" "signature-rsa-manifest-x509-data-crl" \ +execDSigTest $res_fail \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-crl" \ "sha1 rsa-sha1" \ + "rsa x509" \ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format" -rm -rf $tmpfile - +########################################################################## +########################################################################## +########################################################################## echo "--- testDSig finished" >> $logfile echo "--- testDSig finished" -echo "--- detailed log is written to $logfile" +echo "--- detailed log is written to $logfile" |