[xmlsec] check key data for dsig tests
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] check key data for dsig tests
- Date: Tue, 11 May 2010 04:53:25 +0000 (UTC)
commit ea46f7005fa95d8af4aab62b2765b9dbff444e0c
Author: Aleksey Sanin <aleksey aleksey com>
Date: Mon May 10 14:43:28 2010 -0700
check key data for dsig tests
tests/testDSig.sh | 170 +++++++++++++++++++++++++++++++++++++++++------------
tests/testrun.sh | 21 ++++++-
2 files changed, 150 insertions(+), 41 deletions(-)
---
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
index 53e6f97..0e8707b 100755
--- a/tests/testDSig.sh
+++ b/tests/testDSig.sh
@@ -29,17 +29,19 @@ execDSigTest $res_success \
"xmldsig2ed-tests" \
"defCan-1" \
"c14n11 sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"xmldsig2ed-tests" \
"defCan-2" \
"c14n11 xslt xpath sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
#
# differences in XSLT transform output, tbd
@@ -47,46 +49,53 @@ execDSigTest $res_success \
# execDSigTest $res_success \
# "xmldsig2ed-tests" \
# "defCan-3" \
-# "c14n11 xslt xpath sha1 hmac-sha1" \
-# "--hmackey $topfolder/keys/hmackey.bin" \
-# "--hmackey $topfolder/keys/hmackey.bin" \
-# "--hmackey $topfolder/keys/hmackey.bin"
-#
+# "c14n11 xslt xpath sha1 hmac-sha1" \
+# "hmac" \
+# "--hmackey $topfolder/keys/hmackey.bin" \
+# "--hmackey $topfolder/keys/hmackey.bin" \
+# "--hmackey $topfolder/keys/hmackey.bin"
+#
execDSigTest $res_success \
"xmldsig2ed-tests" \
"xpointer-1-SUN" \
- "c14n11 xpointer sha1 hmac-sha1" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"xmldsig2ed-tests" \
"xpointer-2-SUN" \
- "c14n11 xpointer sha1 hmac-sha1" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"xmldsig2ed-tests" \
"xpointer-3-SUN" \
- "c14n11 xpointer sha1 hmac-sha1" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"xmldsig2ed-tests" \
"xpointer-4-SUN" \
- "c14n11 xpointer sha1 hmac-sha1" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"xmldsig2ed-tests" \
"xpointer-5-SUN" \
"c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"xmldsig2ed-tests" \
"xpointer-6-SUN" \
"c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin"
##########################################################################
@@ -99,6 +108,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-dsa-x509chain" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -107,6 +117,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-rsa-x509chain" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -115,126 +126,142 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-md5-hmac-md5" \
"md5 hmac-md5" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-md5-hmac-md5-64" \
"md5 hmac-md5" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160" \
"ripemd160 hmac-ripemd160" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64" \
"ripemd160 hmac-ripemd160" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/xpointer-hmac" \
"xpointer sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha1-hmac-sha1" \
"sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64" \
"sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha224-hmac-sha224" \
"sha224 hmac-sha224" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64" \
"sha224 hmac-sha224" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha256-hmac-sha256" \
"sha256 hmac-sha256" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64" \
"sha256 hmac-sha256" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha384-hmac-sha384" \
"sha384 hmac-sha384" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64" \
"sha384 hmac-sha384" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha512-hmac-sha512" \
"sha512 hmac-sha512" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64" \
"sha512 hmac-sha512" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
- "--hmackey $topfolder/keys/hmackey.bin"
+ "--hmackey $topfolder/keys/hmackey.bin"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-md5-rsa-md5" \
"md5 rsa-md5" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -243,6 +270,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160" \
"ripemd160 rsa-ripemd160" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -251,6 +279,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha1-rsa-sha1" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -259,6 +288,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha224-rsa-sha224" \
"sha224 rsa-sha224" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -267,6 +297,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha256-rsa-sha256" \
"sha256 rsa-sha256" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -275,6 +306,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha384-rsa-sha384" \
"sha384 rsa-sha384" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -283,6 +315,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-sha512-rsa-sha512" \
"sha512 rsa-sha512" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
@@ -295,6 +328,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-expired-cert" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509 --verification-time 2005-07-10+10:00:00"
@@ -302,6 +336,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/dtd-hmac-91" \
"sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \
"--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \
"--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd"
@@ -310,6 +345,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/x509data-test" \
"xpath2 sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format" \
"$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
@@ -318,6 +354,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/x509data-sn-test" \
"xpath2 sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509" \
"$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509"
@@ -327,11 +364,11 @@ execDSigTest $res_success \
# merlin-xmldsig-twenty-three
#
##########################################################################
-
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-enveloped-dsa" \
"enveloped-signature sha1 dsa-sha1" \
+ "dsa" \
" " \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
" "
@@ -340,6 +377,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-enveloping-dsa" \
"sha1 dsa-sha1" \
+ "dsa" \
" " \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
" "
@@ -348,6 +386,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa" \
"base64 sha1 dsa-sha1" \
+ "dsa" \
" " \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
" "
@@ -356,6 +395,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40" \
"sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin"
@@ -364,6 +404,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1" \
"sha1 hmac-sha1" \
+ "hmac" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin" \
"--hmackey $topfolder/keys/hmackey.bin"
@@ -372,6 +413,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-enveloping-rsa" \
"sha1 rsa-sha1" \
+ "rsa" \
" " \
"$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
" "
@@ -380,6 +422,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-external-b64-dsa" \
"base64 sha1 dsa-sha1" \
+ "dsa" \
" " \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
" "
@@ -388,14 +431,16 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-external-dsa" \
"sha1 dsa-sha1" \
+ "dsa" \
" " \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
- " "
+ " "
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-keyname" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--pubkey-cert-$cert_format:Lugh $topfolder/merlin-xmldsig-twenty-three/certs/lugh-cert.$cert_format" \
"$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
"$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret"
@@ -404,6 +449,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-x509-crt" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
@@ -412,6 +458,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-x509-sn" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/badb.$cert_format" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
@@ -420,6 +467,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-x509-is" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/macha.$cert_format" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
@@ -428,6 +476,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-x509-ski" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
@@ -436,6 +485,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
@@ -444,6 +494,7 @@ execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature" \
"base64 xpath enveloped-signature c14n-with-comments sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/merlin.$cert_format" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
@@ -451,7 +502,7 @@ execDSigTest $res_success \
##########################################################################
#
-# merlin-xmlenc-five
+# merlin-xmlenc-five
#
# While the main operation is signature (and this is why we have these
# tests here instead of testEnc.sh), these tests check the encryption
@@ -462,6 +513,7 @@ execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \
"ripemd160 hmac-ripemd160 kw-tripledes" \
+ "hmac des" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
@@ -470,31 +522,36 @@ execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \
"sha256 hmac-sha256 kw-aes128" \
+ "hmac aes" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \
"sha384 hmac-sha384 kw-aes192" \
+ "hmac aes" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \
"sha512 hmac-sha512 kw-aes256" \
+ "hmac aes" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \
"sha1 hmac-sha256 rsa-1_5" \
- "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
+ "hmac rsa" \
+ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \
"sha1 hmac-sha256 rsa-oaep-mgf1p" \
- "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
+ "hmac rsa" \
+ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
@@ -507,14 +564,16 @@ execDSigTest $res_success \
"" \
"merlin-exc-c14n-one/exc-signature" \
"exc-c14n sha1 dsa-sha1" \
+ "dsa" \
" " \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
- " "
+ " "
execDSigTest $res_success \
"" \
"merlin-exc-c14n-one/exc-signature" \
"exc-c14n sha1 dsa-sha1" \
+ "dsa" \
" "
##########################################################################
@@ -527,6 +586,7 @@ execDSigTest $res_success \
"" \
"merlin-c14n-three/signature" \
"c14n c14n-with-comments exc-c14n exc-c14n-with-comments xpath sha1 dsa-sha1" \
+ "dsa" \
" "
##########################################################################
@@ -539,13 +599,15 @@ execDSigTest $res_success \
"" \
"merlin-xpath-filter2-three/sign-xfdl" \
"enveloped-signature xpath2 sha1 dsa-sha1" \
- ""
+ "dsa" \
+ " "
execDSigTest $res_success \
"" \
"merlin-xpath-filter2-three/sign-spec" \
"enveloped-signature xpath2 sha1 dsa-sha1" \
- ""
+ "dsa" \
+ " "
##########################################################################
#
# phaos-xmldsig-three
@@ -556,144 +618,168 @@ execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-big" \
"base64 xslt xpath sha1 rsa-sha1" \
+ "rsa x509" \
"--pubkey-cert-$cert_format certs/rsa-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-dsa-detached" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format certs/dsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-dsa-enveloped" \
"enveloped-signature sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format certs/dsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-dsa-enveloping" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format certs/dsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-dsa-manifest" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format certs/dsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-md5-c14n-enveloping" \
"md5 hmac-md5" \
+ "hmac" \
"--hmackey certs/hmackey.bin"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-sha1-40-c14n-comments-detached" \
"c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
"--hmackey certs/hmackey.bin"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-sha1-40-exclusive-c14n-comments-detached" \
"exc-c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
"--hmackey certs/hmackey.bin"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-sha1-exclusive-c14n-comments-detached" \
"exc-c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
"--hmackey certs/hmackey.bin"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-sha1-exclusive-c14n-enveloped" \
"enveloped-signature exc-c14n sha1 hmac-sha1" \
+ "hmac" \
"--hmackey certs/hmackey.bin"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-b64-transform" \
"base64 sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xpath-transform" \
"xpath sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xslt-transform-retrieval-method" \
"xslt sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xslt-transform" \
"xslt sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-enveloped" \
"enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-enveloping" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-cert-chain" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-cert" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-issuer-serial" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-ski" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-subject-name" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-xpath-transform-enveloped" \
"enveloped-signature xpath sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
@@ -721,6 +807,7 @@ execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloped-gost" \
"enveloped-signature gostr34102001-gostr3411 gostr3411" \
+ "gost" \
"--trusted-$cert_format $topfolder/keys/gost2001ca.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --enabled-key-data x509" \
"" \
""
@@ -734,42 +821,49 @@ execDSigTest $res_fail \
"" \
"merlin-xmldsig-twenty-three/signature-x509-crt-crl" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format"
execDSigTest $res_fail \
"" \
"aleksey-xmldsig-01/enveloping-expired-cert" \
"sha1 dsa-sha1" \
+ "dsa x509" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
execDSigTest $res_fail \
"" \
"aleksey-xmldsig-01/dtd-hmac-91" \
"sha1 hmac-sha1" \
+ "hmac" \
"--enabled-reference-uris empty --hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd"
execDSigTest $res_fail \
"phaos-xmldsig-three" \
"signature-rsa-detached-xslt-transform-bad-retrieval-method" \
"xslt sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_fail \
"phaos-xmldsig-three" \
"signature-rsa-enveloped-bad-digest-val" \
"enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_fail \
"phaos-xmldsig-three" \
"signature-rsa-enveloped-bad-sig" \
"enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
execDSigTest $res_fail \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-crl" \
"sha1 rsa-sha1" \
+ "rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
##########################################################################
diff --git a/tests/testrun.sh b/tests/testrun.sh
index 70345e4..1e4e7ea 100755
--- a/tests/testrun.sh
+++ b/tests/testrun.sh
@@ -180,9 +180,10 @@ execDSigTest() {
folder="$2"
filename="$3"
req_transforms="$4"
- params1="$5"
- params2="$6"
- params3="$7"
+ req_key_data="$5"
+ params1="$6"
+ params2="$7"
+ params3="$8"
# prepare
rm -f $tmpfile
@@ -220,6 +221,20 @@ execDSigTest() {
fi
fi
+ # check key data
+ if [ -n "$req_key_data" ] ; then
+ printf " Checking required key data "
+ echo "$xmlsec_app check-key-data $xmlsec_params $req_key_data" >> $logfile
+ $xmlsec_app check-key-data $xmlsec_params $req_key_data >> $logfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ echo " OK"
+ else
+ echo "Skip"
+ return
+ fi
+ fi
+
# run tests
if [ -n "$params1" ] ; then
printf " Verify existing signature "
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
