summaryrefslogtreecommitdiff
path: root/tests/testDSig.sh
diff options
context:
space:
mode:
Diffstat (limited to 'tests/testDSig.sh')
-rwxr-xr-xtests/testDSig.sh118
1 files changed, 87 insertions, 31 deletions
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
index b8d85aa8..fa4836b8 100755
--- a/tests/testDSig.sh
+++ b/tests/testDSig.sh
@@ -110,7 +110,7 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_success \
@@ -119,7 +119,7 @@ execDSigTest $res_success \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_success \
@@ -263,7 +263,7 @@ execDSigTest $res_success \
"md5 rsa-md5" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_success \
@@ -272,7 +272,7 @@ execDSigTest $res_success \
"ripemd160 rsa-ripemd160" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_success \
@@ -281,7 +281,7 @@ execDSigTest $res_success \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_success \
@@ -290,7 +290,7 @@ execDSigTest $res_success \
"sha224 rsa-sha224" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_success \
@@ -299,7 +299,16 @@ execDSigTest $res_success \
"sha256 rsa-sha256" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret123" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "aleksey-xmldsig-01" \
+ "enveloping-sha256-rsa-sha256-relationship" \
+ "sha256 rsa-sha256 relationship" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_success \
@@ -308,7 +317,7 @@ execDSigTest $res_success \
"sha384 rsa-sha384" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_success \
@@ -317,19 +326,64 @@ execDSigTest $res_success \
"sha512 rsa-sha512" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret123" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256" \
+ "sha256 dsa-sha256" \
+ "dsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/dsa2048key$priv_key_suffix.$priv_key_format --pwd secret123" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256" \
+ "sha256 dsa-sha256" \
+ "dsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/dsa3072key$priv_key_suffix.$priv_key_format --pwd secret123" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha1-ecdsa-sha1" \
+ "sha1 ecdsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/ecdsa-secp256k1-key.$priv_key_format --pwd secret123" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-ecdsa-sha256" \
+ "sha256 ecdsa-sha256" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/ecdsa-secp256k1-key.$priv_key_format --pwd secret123" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha512-ecdsa-sha512" \
+ "sha512 ecdsa-sha512" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/ecdsa-secp256k1-key.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
#
# To generate expired cert run the following command
-# > xmlsec1 sign --pkcs12 tests/keys/expiredkey.p12 --pwd secret --output out.xml ./tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl
+# > xmlsec1 sign --pkcs12 tests/keys/expiredkey.p12 --pwd secret123 --output out.xml ./tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl
#
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-expired-cert" \
"sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509 --verification-time 2005-07-10+10:00:00"
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509 --verification-time 2014-05-24+00:00:00"
execDSigTest $res_success \
@@ -347,7 +401,7 @@ execDSigTest $res_success \
"xpath2 sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format" \
- "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
execDSigTest $res_success \
@@ -356,7 +410,7 @@ execDSigTest $res_success \
"xpath2 sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509" \
- "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509"
##########################################################################
@@ -370,7 +424,7 @@ execDSigTest $res_success \
"enveloped-signature sha1 dsa-sha1" \
"dsa" \
" " \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
" "
execDSigTest $res_success \
@@ -379,7 +433,7 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa" \
" " \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
" "
execDSigTest $res_success \
@@ -388,7 +442,7 @@ execDSigTest $res_success \
"base64 sha1 dsa-sha1" \
"dsa" \
" " \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
" "
execDSigTest $res_success \
@@ -415,7 +469,7 @@ execDSigTest $res_success \
"sha1 rsa-sha1" \
"rsa" \
" " \
- "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
" "
execDSigTest $res_success \
@@ -424,7 +478,7 @@ execDSigTest $res_success \
"base64 sha1 dsa-sha1" \
"dsa" \
" " \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
" "
execDSigTest $res_success \
@@ -433,7 +487,7 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa" \
"" \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
" "
execDSigTest $res_success \
@@ -442,8 +496,8 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa x509" \
"" \
- "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
- "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret"
+ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
+ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret123"
execDSigTest $res_success \
"" \
@@ -451,7 +505,7 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa x509" \
"" \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
execDSigTest $res_success \
@@ -460,7 +514,7 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa x509" \
"" \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
execDSigTest $res_success \
@@ -469,7 +523,7 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa x509" \
"" \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
execDSigTest $res_success \
@@ -478,7 +532,7 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa x509" \
"" \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
execDSigTest $res_success \
@@ -487,7 +541,7 @@ execDSigTest $res_success \
"sha1 dsa-sha1" \
"dsa x509" \
"" \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
execDSigTest $res_success \
@@ -496,7 +550,7 @@ execDSigTest $res_success \
"base64 xpath enveloped-signature c14n-with-comments sha1 dsa-sha1" \
"dsa x509" \
"" \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
@@ -566,7 +620,7 @@ execDSigTest $res_success \
"exc-c14n sha1 dsa-sha1" \
"dsa" \
" " \
- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123" \
" "
execDSigTest $res_success \
@@ -788,15 +842,17 @@ execDSigTest $res_success \
# test dynamic signature
#
##########################################################################
+if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "dsig-dynamic" ]; then
echo "Dynamic signature template"
printf " Create new signature "
-echo "$xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
+echo "$VALGRIND $xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
$VALGRIND $xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile >> $logfile 2>> $logfile
printRes $res_success $?
printf " Verify new signature "
-echo "$xmlsec_app verify --keys-file $keysfile $tmpfile" >> $logfile
+echo "$VALGRIND $xmlsec_app verify --keys-file $keysfile $tmpfile" >> $logfile
$VALGRIND $xmlsec_app verify $xmlsec_params --keys-file $keysfile $tmpfile >> $logfile 2>> $logfile
printRes $res_success $?
+fi
##########################################################################
@@ -829,7 +885,7 @@ execDSigTest $res_fail \
"aleksey-xmldsig-01/enveloping-expired-cert" \
"sha1 dsa-sha1" \
"dsa x509" \
- "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509 --verification-time 2014-05-25+00:00:00"
execDSigTest $res_fail \
"" \