[svn] GnuPG - r4699 - in trunk: . jnlib tests/pkits
svn author wk
cvs at cvs.gnupg.org
Fri Feb 22 16:47:19 CET 2008
Author: wk
Date: 2008-02-22 16:47:18 +0100 (Fri, 22 Feb 2008)
New Revision: 4699
Modified:
trunk/TODO
trunk/jnlib/ChangeLog
trunk/jnlib/argparse.c
trunk/tests/pkits/Makefile.am
trunk/tests/pkits/common.sh
trunk/tests/pkits/import-all-certs
trunk/tests/pkits/import-all-certs.data
trunk/tests/pkits/inittests
trunk/tests/pkits/key-usage
trunk/tests/pkits/signature-verification
trunk/tests/pkits/validate-all-certs
trunk/tests/pkits/validity-periods
Log:
Add some tests.
[The diff below has been truncated]
Modified: trunk/jnlib/ChangeLog
===================================================================
--- trunk/jnlib/ChangeLog 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/jnlib/ChangeLog 2008-02-22 15:47:18 UTC (rev 4699)
@@ -1,3 +1,7 @@
+2008-02-22 Werner Koch <wk at g10code.com>
+
+ * argparse.c (strusage): Set copyright year to 2008.
+
2007-11-19 Werner Koch <wk at g10code.com>
* stringhelp.c (percent_escape): Factor code out to
Modified: trunk/TODO
===================================================================
--- trunk/TODO 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/TODO 2008-02-22 15:47:18 UTC (rev 4699)
@@ -23,7 +23,6 @@
** mark all unimplemented commands and options.
** Implement --default-key
** support the anyPolicy semantic
-** Check that we are really following the verification procedures in rfc3280.
* sm/keydb.c
@@ -75,7 +74,7 @@
** No card status notifications.
** Regex support is disabled
We need to adjust the test to find the regex we have anyway in
- gpg4in. Is that regex compatible to the OpenPGP requirement?
+ gpg4win. Is that regex compatible to the OpenPGP requirement?
* sm/
@@ -137,4 +136,3 @@
gpg-agent's default locale (e.g. by the command updatestartuptty).
-
Modified: trunk/jnlib/argparse.c
===================================================================
--- trunk/jnlib/argparse.c 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/jnlib/argparse.c 2008-02-22 15:47:18 UTC (rev 4699)
@@ -1,6 +1,6 @@
/* [argparse.c wk 17.06.97] Argument Parser for option handling
* Copyright (C) 1998, 1999, 2000, 2001, 2006
- * 2007 Free Software Foundation, Inc.
+ * 2007, 2008 Free Software Foundation, Inc.
*
* This file is part of JNLIB.
*
@@ -946,7 +946,7 @@
break;
case 11: p = "foo"; break;
case 13: p = "0.0"; break;
- case 14: p = "Copyright (C) 2007 Free Software Foundation, Inc."; break;
+ case 14: p = "Copyright (C) 2008 Free Software Foundation, Inc."; break;
case 15: p =
"This is free software: you are free to change and redistribute it.\n"
"There is NO WARRANTY, to the extent permitted by law.\n";
Modified: trunk/tests/pkits/Makefile.am
===================================================================
--- trunk/tests/pkits/Makefile.am 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/tests/pkits/Makefile.am 2008-02-22 15:47:18 UTC (rev 4699)
@@ -48,7 +48,7 @@
TESTS = $(testscripts)
-CLEANFILES = inittests.stamp x y y z out err *.lock .\#lk* *.log
+CLEANFILES = inittests.stamp scratch.*.tmp x y z out err *.lock .\#lk* *.log
DISTCLEANFILES = pubring.kbx~ random_seed
@@ -62,11 +62,14 @@
echo timestamp >./inittests.stamp
-run-all-tests:
+run-all-tests: inittests.stamp
@set -e; \
GNUPGHOME=`pwd`; export GNUPGHOME;\
unset GPG_AGENT_INFO; \
- for test in $(testscripts); do \
- ./$${test} && true; \
+ for tst in $(testscripts); do \
+ if ./$${tst}; then : ; \
+ elif test $$? -eq 77; then echo "- SKIP $$tst"; \
+ fi; \
done
+
Modified: trunk/tests/pkits/common.sh
===================================================================
--- trunk/tests/pkits/common.sh 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/tests/pkits/common.sh 2008-02-22 15:47:18 UTC (rev 4699)
@@ -17,17 +17,31 @@
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# reset some environment variables because we do not want to test locals
-export LANG=C
-export LANGUAGE=C
-export LC_ALL=C
+LANG=C
+LANGUAGE=C
+LC_ALL=C
+export LANG LANGUAGE LC_ALL
+pgmname=`basename $0`
-[ "$VERBOSE" = yes ] && set -x
+if [ "$1" = "--debug" ]; then
+ debug=yes
+ set -x
+else
+ debug=
+fi
[ -z "$srcdir" ] && srcdir="."
[ -z "$top_srcdir" ] && top_srcdir=".."
[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm"
[ -z "$silent" ] && silent=no
+AWK=awk
+SCRATCH="scratch.$$.tmp"
+
+# We use this as the faked system time for certain tests.
+MYTIME="20080508T120000"
+
+
if [ "$GNUPGHOME" != "`pwd`" ]; then
echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
exit 1
@@ -41,7 +55,14 @@
if [ -f PKITS_data.tar.bz2 ]; then
:
else
- # Exit code 77 is used by the makefile for skipping a tests.
+ if [ "$pgmname" = "import-all-certs" ]; then
+ if [ "$silent" = "yes" ]; then tmp1="Note: "; tmp2=' '
+ else tmp1="- ____ "; tmp2="$tmp1"
+ fi
+ echo "${tmp1}PKITS_data.tar.bz2 is not installed"
+ echo "${tmp2}All tests will be skipped (this is not an error)"
+ fi
+ # Exit code 77 is used by the Makefile for skipping a tests.
exit 77
fi
@@ -115,7 +136,9 @@
pass_count=`expr ${pass_count} + 1`
if [ "$silent" != "yes" ]; then
echo_n "$section_out PASS"
- [ -n "$description" ] && echo_n " ($description)"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
echo
fi
}
@@ -126,29 +149,35 @@
fail_count=`expr ${fail_count} + 1`
if [ "$silent" != "yes" ]; then
echo_n "$section_out FAIL"
- [ -n "$description" ] && echo_n " ($description)"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
echo
fi
}
-unresolved () {
+skip () {
setup_output
- echo "UNRESOLVED: " $* >&2
- unresolved_count=`expr ${unresolved_count} + 1`
+ echo "SKIP: " $* >&2
+ skip_count=`expr ${skip_count} + 1`
if [ "$silent" != "yes" ]; then
- echo_n "$section_out UNRESOLVED"
- [ -n "$description" ] && echo_n " ($description)"
+ echo_n "$section_out SKIP"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
echo
fi
}
-unsupported () {
+unresolved () {
setup_output
- echo "UNSUPPORTED: " $* >&2
- unsupported_count=`expr ${unsupported_count} + 1`
+ echo "UNRESOLVED: " $* >&2
+ unresolved_count=`expr ${unresolved_count} + 1`
if [ "$silent" != "yes" ]; then
- echo_n "$section_out UNSUPPORTED"
- [ -n "$description" ] && echo_n " ($description)"
+ echo_n "$section_out UNRESOLVED"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
echo
fi
}
@@ -158,8 +187,9 @@
section=$first_section_set
[ $pass_count = 0 ] || info "$pass_count tests passed"
[ $fail_count = 0 ] || info "$fail_count tests failed"
+ [ $skip_count = 0 ] || info "$unsupported_count tests skipped"
[ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved"
- [ $unsupported_count = 0 ] || info "$unsupported_count tests unsupported"
+ [ -z "$debug" -a -f "$SCRATCH" ] && rm "$SCRATCH"
if [ $fail_count = 0 ]; then
info "all tests passed"
else
@@ -167,21 +197,79 @@
fi
}
+
+clean_homedir () {
+ [ -f pubring.kbx ] && rm pubring.kbx
+ if [ -d private-keys-v1.d ]; then
+ rm private-keys-v1.d/* 2>/dev/null || true
+ rmdir private-keys-v1.d
+ fi
+}
+
+start_test () {
+ section="$1"
+ description="$2"
+ test_status=none
+ echo "BEGIN TEST $section ($description)" >&2
+}
+
+end_test () {
+ case "$test_status" in
+ none) skip "($description) - test not implemented";;
+ pass) pass "($description)";;
+ fail) fail "($description)";;
+ setup) fail "($description) - setup failed";;
+ ns) skip "($description) - not supported";;
+ nys) skip "($description) - not yet supported";;
+ *) unresolved "$(description)";;
+ esac
+ echo "END TEST $section" >&2
+}
+
+set_status () {
+ if [ "$test_status" = "none" ]; then
+ test_status=$1
+ fi
+}
+
+need_cert () {
+ if [ "$2" = "--import-anyway" ]; then
+ if ! ${GPGSM} -q --debug-no-chain-validation --import certs/$1.crt
+ then
+ set_status setup
+ fi
+ else
+ if ! ${GPGSM} -q --import certs/$1.crt; then
+ set_status setup
+ fi
+ fi
+}
+
+need_crl () {
+ # CRL are not yet implemented
+ #set_status setup
+ :
+}
+
+
+
set -e
-pgmname=`basename $0`
-
pass_count=0
fail_count=0
+skip_count=0
unresolved_count=0
-unsupported_count=0
first_section_set=""
section_out=""
+test_status=none
+
+# User settable variables
section=""
description=""
+
#trap cleanup SIGHUP SIGINT SIGQUIT
-exec 2> ${pgmname}.log
+[ -z "$debug" ] && exec 2> ${pgmname}.log
:
# end
Modified: trunk/tests/pkits/import-all-certs
===================================================================
--- trunk/tests/pkits/import-all-certs 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/tests/pkits/import-all-certs 2008-02-22 15:47:18 UTC (rev 4699)
@@ -36,7 +36,7 @@
elif [ "$flag" = '?' ]; then
unresolved "importing certificate \`$name' succeeded"
elif [ "$flag" = 'u' ]; then
- unsupported "importing certificate \`$name' succeeded"
+ skip "importing certificate \`$name' succeeded"
else
info "importing certificate \`$name' succeeded - (flag=$flag)"
fi
@@ -48,7 +48,7 @@
elif [ "$flag" = '?' ]; then
unresolved "importing certificate \`$name' failed"
elif [ "$flag" = 'u' ]; then
- unsupported "importing certificate \`$name' failed"
+ skip "importing certificate \`$name' failed"
else
info "importing certificate \`$name' failed - (flag=$flag)"
fi
Modified: trunk/tests/pkits/import-all-certs.data
===================================================================
--- trunk/tests/pkits/import-all-certs.data 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/tests/pkits/import-all-certs.data 2008-02-22 15:47:18 UTC (rev 4699)
@@ -28,7 +28,7 @@
p p 6.1.5.218 CPSPointerQualifierTest20EE.crt
-u u 6.1.5.572 DSACACert.crt
+p u 6.1.5.572 DSACACert.crt
u u 6.1.5.575 DSAParametersInheritedCACert.crt
p p 6.1.5.210 DifferentPoliciesTest12EE.crt
@@ -81,9 +81,9 @@
p f 6.1.5.395 InvalidDNnameConstraintsTest8EE.crt
p f 6.1.5.396 InvalidDNnameConstraintsTest9EE.crt
-u u 6.1.5.578 InvalidDSASignatureTest6EE.crt
+p u 6.1.5.578 InvalidDSASignatureTest6EE.crt
-f f 6.1.5.9 InvalidEESignatureTest3EE.crt
+p f 6.1.5.9 InvalidEESignatureTest3EE.crt
p f 6.1.5.19 InvalidEEnotAfterDateTest6EE.crt
p f 6.1.5.13 InvalidEEnotBeforeDateTest2EE.crt
Modified: trunk/tests/pkits/inittests
===================================================================
--- trunk/tests/pkits/inittests 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/tests/pkits/inittests 2008-02-22 15:47:18 UTC (rev 4699)
@@ -80,6 +80,17 @@
no-common-certs-import
EOF
+# The set of NIST test policies which should be used if anyPolicy is
+# not supported.
+cat > policies.txt <<EOF
+2.16.840.1.101.3.2.1.48.1
+2.16.840.1.101.3.2.1.48.2
+2.16.840.1.101.3.2.1.48.3
+2.16.840.1.101.3.2.1.48.4
+2.16.840.1.101.3.2.1.48.5
+2.16.840.1.101.3.2.1.48.6
+EOF
+
# Fixme: we need to write a dummy pinentry program
cat > gpg-agent.conf <<EOF
no-grab
Modified: trunk/tests/pkits/key-usage
===================================================================
--- trunk/tests/pkits/key-usage 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/tests/pkits/key-usage 2008-02-22 15:47:18 UTC (rev 4699)
@@ -25,7 +25,4 @@
-
-
-
final_result
Modified: trunk/tests/pkits/signature-verification
===================================================================
--- trunk/tests/pkits/signature-verification 2008-02-19 12:58:34 UTC (rev 4698)
+++ trunk/tests/pkits/signature-verification 2008-02-22 15:47:18 UTC (rev 4699)
@@ -24,8 +24,144 @@
info "Running $description tests"
+start_test 4.1.1 "Valid Signatures Test1"
+# The purpose of this test is to verify an application's ability to
+# name chain, signature chain, and check validity dates, on
+# certificates in a certification path. It also tests processing of
+# the basic constraints and key usage extensions in intermediate
+# certificates.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert GoodCACert
+need_crl GoodCACRL
+need_cert ValidCertificatePathTest1EE
+if $GPGSM --with-colons --with-validation --list-key 0x126B7002 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ -n "$tmp" ] && set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedValidSignaturesTest1.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_FULLY >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+start_test 4.1.2 "Invalid CA Signatures Test2"
+# The purpose of this test is to verify an application's ability to
+# recognize an invalid signature on an intermediate certificate in a
+# certification path.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert BadSignedCACert --import-anyway
+need_crl BadSignedCACRL
+need_cert InvalidCASignatureTest2EE --import-anyway
+if $GPGSM --with-colons --with-validation --list-key 0xD667FE3C >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidCASignatureTest2.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_NEVER >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+start_test 4.1.3 "Invalid EE Signature Test3"
+# The purpose of this test is to verify an application's ability to
+# recognize an invalid signature on an end entity certificate in a
+# certification path.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert GoodCACert
+need_crl GoodCACRL
+need_cert InvalidEESignatureTest3EE --import-anyway
+if $GPGSM --with-colons --with-validation --list-key 0x42E1AEE3 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidEESignatureTest3.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_NEVER >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+start_test 4.1.4 "Valid DSA Signatures Test4"
+# The purpose of this test is to verify an application's ability to
+# validate certificate in which DSA signatures are used. The
+# intermediate CA and the end entity have DSA key pairs.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert DSACACert
+need_crl DSACACRL
+need_cert ValidDSASignaturesTest4EE
+if $GPGSM --with-colons --with-validation --list-key 0x820A72B8 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ -n "$tmp" ] && set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ # Note: This S/MIME file uses LF and not CR,LF. */
+ if sed '1,/^$/d' smime/SignedValidDSASignaturesTest4.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_FULLY >/dev/null; then
+ set_status pass
+ else
+ set_status fail
More information about the Gnupg-commits
mailing list