1178825Sdfr#!/bin/sh 2178825Sdfr# 3233294Sstas# Copyright (c) 2005 Kungliga Tekniska H��gskolan 4178825Sdfr# (Royal Institute of Technology, Stockholm, Sweden). 5178825Sdfr# All rights reserved. 6178825Sdfr# 7178825Sdfr# Redistribution and use in source and binary forms, with or without 8178825Sdfr# modification, are permitted provided that the following conditions 9178825Sdfr# are met: 10178825Sdfr# 11178825Sdfr# 1. Redistributions of source code must retain the above copyright 12178825Sdfr# notice, this list of conditions and the following disclaimer. 13178825Sdfr# 14178825Sdfr# 2. Redistributions in binary form must reproduce the above copyright 15178825Sdfr# notice, this list of conditions and the following disclaimer in the 16178825Sdfr# documentation and/or other materials provided with the distribution. 17178825Sdfr# 18178825Sdfr# 3. Neither the name of the Institute nor the names of its contributors 19178825Sdfr# may be used to endorse or promote products derived from this software 20178825Sdfr# without specific prior written permission. 21178825Sdfr# 22178825Sdfr# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23178825Sdfr# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24178825Sdfr# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25178825Sdfr# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26178825Sdfr# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27178825Sdfr# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28178825Sdfr# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29178825Sdfr# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30178825Sdfr# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31178825Sdfr# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32178825Sdfr# SUCH DAMAGE. 33178825Sdfr# 34233294Sstas# $Id$ 35178825Sdfr# 36178825Sdfr 37178825Sdfrsrcdir="@srcdir@" 38178825Sdfrobjdir="@objdir@" 39178825Sdfr 40178825Sdfrstat="--statistic-file=${objdir}/statfile" 41178825Sdfr 42178825Sdfrhxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" 43178825Sdfr 44178825Sdfrif ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then 45178825Sdfr exit 77 46178825Sdfrfi 47178825Sdfrif ${hxtool} info | grep 'rand: not available' > /dev/null ; then 48178825Sdfr exit 77 49178825Sdfrfi 50178825Sdfr 51233294Sstasif ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then 52233294Sstas echo "not testing ECDSA since hcrypto doesnt support ECDSA" 53233294Sstaselse 54233294Sstas echo "create signed data (ec)" 55233294Sstas ${hxtool} cms-create-sd \ 56233294Sstas --certificate=FILE:$srcdir/data/secp160r2TestClient.pem \ 57233294Sstas "$srcdir/test_chain.in" \ 58233294Sstas sd.data > /dev/null || exit 1 59233294Sstas 60233294Sstas echo "verify signed data (ec)" 61233294Sstas ${hxtool} cms-verify-sd \ 62233294Sstas --missing-revoke \ 63233294Sstas --anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \ 64233294Sstas sd.data sd.data.out > /dev/null || exit 1 65233294Sstas cmp "$srcdir/test_chain.in" sd.data.out || exit 1 66233294Sstasfi 67233294Sstas 68178825Sdfrecho "create signed data" 69178825Sdfr${hxtool} cms-create-sd \ 70178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 71178825Sdfr "$srcdir/test_chain.in" \ 72178825Sdfr sd.data > /dev/null || exit 1 73178825Sdfr 74178825Sdfrecho "verify signed data" 75178825Sdfr${hxtool} cms-verify-sd \ 76178825Sdfr --missing-revoke \ 77178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 78178825Sdfr sd.data sd.data.out > /dev/null || exit 1 79178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 80178825Sdfr 81233294Sstasecho "create signed data (no signer)" 82233294Sstas${hxtool} cms-create-sd \ 83233294Sstas --no-signer \ 84233294Sstas --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 85233294Sstas "$srcdir/test_chain.in" \ 86233294Sstas sd.data > /dev/null || exit 1 87233294Sstas 88233294Sstasecho "verify signed data (no signer)" 89233294Sstas${hxtool} cms-verify-sd \ 90233294Sstas --missing-revoke \ 91233294Sstas --no-signer-allowed \ 92233294Sstas --anchors=FILE:$srcdir/data/ca.crt \ 93233294Sstas sd.data sd.data.out > signer.tmp || exit 1 94233294Sstascmp "$srcdir/test_chain.in" sd.data.out || exit 1 95233294Sstasgrep "unsigned" signer.tmp > /dev/null || exit 1 96233294Sstas 97233294Sstasecho "verify signed data (no signer) (test failure)" 98233294Sstas${hxtool} cms-verify-sd \ 99233294Sstas --missing-revoke \ 100233294Sstas --anchors=FILE:$srcdir/data/ca.crt \ 101233294Sstas sd.data sd.data.out 2> signer.tmp && exit 1 102233294Sstasgrep "No signers where found" signer.tmp > /dev/null || exit 1 103233294Sstas 104178825Sdfrecho "create signed data (id-by-name)" 105178825Sdfr${hxtool} cms-create-sd \ 106178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 107178825Sdfr --id-by-name \ 108178825Sdfr "$srcdir/test_chain.in" \ 109178825Sdfr sd.data > /dev/null || exit 1 110178825Sdfr 111178825Sdfrecho "verify signed data" 112178825Sdfr${hxtool} cms-verify-sd \ 113178825Sdfr --missing-revoke \ 114178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 115178825Sdfr sd.data sd.data.out > /dev/null || exit 1 116178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 117178825Sdfr 118178825Sdfrecho "verify signed data (EE cert as anchor)" 119178825Sdfr${hxtool} cms-verify-sd \ 120178825Sdfr --missing-revoke \ 121178825Sdfr --anchors=FILE:$srcdir/data/test.crt \ 122178825Sdfr sd.data sd.data.out > /dev/null || exit 1 123178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 124178825Sdfr 125178825Sdfrecho "create signed data (password)" 126178825Sdfr${hxtool} cms-create-sd \ 127178825Sdfr --pass=PASS:foobar \ 128178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \ 129178825Sdfr "$srcdir/test_chain.in" \ 130178825Sdfr sd.data > /dev/null || exit 1 131178825Sdfr 132178825Sdfrecho "verify signed data" 133178825Sdfr${hxtool} cms-verify-sd \ 134178825Sdfr --missing-revoke \ 135178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 136178825Sdfr sd.data sd.data.out > /dev/null || exit 1 137178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 138178825Sdfr 139178825Sdfrecho "create signed data (combined)" 140178825Sdfr${hxtool} cms-create-sd \ 141178825Sdfr --certificate=FILE:$srcdir/data/test.combined.crt \ 142178825Sdfr "$srcdir/test_chain.in" \ 143178825Sdfr sd.data > /dev/null || exit 1 144178825Sdfr 145178825Sdfrecho "verify signed data" 146178825Sdfr${hxtool} cms-verify-sd \ 147178825Sdfr --missing-revoke \ 148178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 149178825Sdfr sd.data sd.data.out > /dev/null || exit 1 150178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 151178825Sdfr 152178825Sdfrecho "create signed data (content info)" 153178825Sdfr${hxtool} cms-create-sd \ 154178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 155178825Sdfr --content-info \ 156178825Sdfr "$srcdir/test_chain.in" \ 157178825Sdfr sd.data > /dev/null || exit 1 158178825Sdfr 159178825Sdfrecho "verify signed data (content info)" 160178825Sdfr${hxtool} cms-verify-sd \ 161178825Sdfr --missing-revoke \ 162178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 163178825Sdfr --content-info \ 164178825Sdfr sd.data sd.data.out > /dev/null || exit 1 165178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 166178825Sdfr 167178825Sdfrecho "create signed data (content type)" 168178825Sdfr${hxtool} cms-create-sd \ 169178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 170178825Sdfr --content-type=1.1.1.1 \ 171178825Sdfr "$srcdir/test_chain.in" \ 172178825Sdfr sd.data > /dev/null || exit 1 173178825Sdfr 174178825Sdfrecho "verify signed data (content type)" 175178825Sdfr${hxtool} cms-verify-sd \ 176178825Sdfr --missing-revoke \ 177178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 178178825Sdfr sd.data sd.data.out > /dev/null || exit 1 179178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 180178825Sdfr 181178825Sdfrecho "create signed data (pem)" 182178825Sdfr${hxtool} cms-create-sd \ 183178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 184178825Sdfr --pem \ 185178825Sdfr "$srcdir/test_chain.in" \ 186178825Sdfr sd.data > /dev/null || exit 1 187178825Sdfr 188233294Sstasecho "verify signed data (pem)" 189233294Sstas${hxtool} cms-verify-sd \ 190233294Sstas --missing-revoke \ 191233294Sstas --anchors=FILE:$srcdir/data/ca.crt \ 192233294Sstas --pem \ 193233294Sstas sd.data sd.data.out > /dev/null 194233294Sstascmp "$srcdir/test_chain.in" sd.data.out || exit 1 195233294Sstas 196178825Sdfrecho "create signed data (pem, detached)" 197178825Sdfr${hxtool} cms-create-sd \ 198178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 199178825Sdfr --detached-signature \ 200178825Sdfr --pem \ 201178825Sdfr "$srcdir/test_chain.in" \ 202178825Sdfr sd.data > /dev/null || exit 1 203178825Sdfr 204233294Sstasecho "verify signed data (pem, detached)" 205233294Sstas${hxtool} cms-verify-sd \ 206233294Sstas --missing-revoke \ 207233294Sstas --anchors=FILE:$srcdir/data/ca.crt \ 208233294Sstas --pem \ 209233294Sstas --signed-content="$srcdir/test_chain.in" \ 210233294Sstas sd.data sd.data.out > /dev/null 211233294Sstascmp "$srcdir/test_chain.in" sd.data.out || exit 1 212233294Sstas 213178825Sdfrecho "create signed data (p12)" 214178825Sdfr${hxtool} cms-create-sd \ 215178825Sdfr --pass=PASS:foobar \ 216178825Sdfr --certificate=PKCS12:$srcdir/data/test.p12 \ 217178825Sdfr --signer=friendlyname-test \ 218178825Sdfr "$srcdir/test_chain.in" \ 219178825Sdfr sd.data > /dev/null || exit 1 220178825Sdfr 221178825Sdfrecho "verify signed data" 222178825Sdfr${hxtool} cms-verify-sd \ 223178825Sdfr --missing-revoke \ 224178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 225178825Sdfr --content-info \ 226178825Sdfr "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1 227178825Sdfrcmp "$srcdir/data/static-file" sd.data.out || exit 1 228178825Sdfr 229178825Sdfrecho "verify signed data (no attr)" 230178825Sdfr${hxtool} cms-verify-sd \ 231178825Sdfr --missing-revoke \ 232178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 233178825Sdfr --content-info \ 234178825Sdfr "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1 235178825Sdfrcmp "$srcdir/data/static-file" sd.data.out || exit 1 236178825Sdfr 237178825Sdfrecho "verify failure signed data (no attr, no certs)" 238178825Sdfr${hxtool} cms-verify-sd \ 239178825Sdfr --missing-revoke \ 240178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 241178825Sdfr --content-info \ 242178825Sdfr "$srcdir/data/test-signed-data-noattr-nocerts" \ 243178825Sdfr sd.data.out > /dev/null 2>/dev/null && exit 1 244178825Sdfr 245178825Sdfrecho "verify signed data (no attr, no certs)" 246178825Sdfr${hxtool} cms-verify-sd \ 247178825Sdfr --missing-revoke \ 248178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 249178825Sdfr --certificate=FILE:$srcdir/data/test.crt \ 250178825Sdfr --content-info \ 251178825Sdfr "$srcdir/data/test-signed-data-noattr-nocerts" \ 252178825Sdfr sd.data.out > /dev/null || exit 1 253178825Sdfrcmp "$srcdir/data/static-file" sd.data.out || exit 1 254178825Sdfr 255233294Sstasecho "verify signed data - sha1" 256233294Sstas${hxtool} cms-verify-sd \ 257233294Sstas --missing-revoke \ 258233294Sstas --anchors=FILE:$srcdir/data/ca.crt \ 259233294Sstas --content-info \ 260233294Sstas "$srcdir/data/test-signed-sha-1" sd.data.out > /dev/null || exit 1 261233294Sstascmp "$srcdir/data/static-file" sd.data.out || exit 1 262233294Sstas 263233294Sstasecho "verify signed data - sha256" 264233294Sstas${hxtool} cms-verify-sd \ 265233294Sstas --missing-revoke \ 266233294Sstas --anchors=FILE:$srcdir/data/ca.crt \ 267233294Sstas --content-info \ 268233294Sstas "$srcdir/data/test-signed-sha-256" sd.data.out > /dev/null || exit 1 269233294Sstascmp "$srcdir/data/static-file" sd.data.out || exit 1 270233294Sstas 271233294Sstas#echo "verify signed data - sha512" 272233294Sstas#${hxtool} cms-verify-sd \ 273233294Sstas# --missing-revoke \ 274233294Sstas# --anchors=FILE:$srcdir/data/ca.crt \ 275233294Sstas# --content-info \ 276233294Sstas# "$srcdir/data/test-signed-sha-512" sd.data.out > /dev/null || exit 1 277233294Sstas#cmp "$srcdir/data/static-file" sd.data.out || exit 1 278233294Sstas 279233294Sstas 280178825Sdfrecho "create signed data (subcert, no certs)" 281178825Sdfr${hxtool} cms-create-sd \ 282178825Sdfr --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 283178825Sdfr "$srcdir/test_chain.in" \ 284178825Sdfr sd.data > /dev/null || exit 1 285178825Sdfr 286178825Sdfrecho "verify failure signed data" 287178825Sdfr${hxtool} cms-verify-sd \ 288178825Sdfr --missing-revoke \ 289178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 290178825Sdfr sd.data sd.data.out > /dev/null 2> /dev/null && exit 1 291178825Sdfr 292178825Sdfrecho "verify success signed data" 293178825Sdfr${hxtool} cms-verify-sd \ 294178825Sdfr --missing-revoke \ 295178825Sdfr --certificate=FILE:$srcdir/data/sub-ca.crt \ 296178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 297178825Sdfr sd.data sd.data.out > /dev/null || exit 1 298178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 299178825Sdfr 300178825Sdfrecho "create signed data (subcert, certs)" 301178825Sdfr${hxtool} cms-create-sd \ 302178825Sdfr --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 303178825Sdfr --pool=FILE:$srcdir/data/sub-ca.crt \ 304178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 305178825Sdfr "$srcdir/test_chain.in" \ 306178825Sdfr sd.data > /dev/null || exit 1 307178825Sdfr 308178825Sdfrecho "verify success signed data" 309178825Sdfr${hxtool} cms-verify-sd \ 310178825Sdfr --missing-revoke \ 311178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 312178825Sdfr sd.data sd.data.out > /dev/null || exit 1 313178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 314178825Sdfr 315178825Sdfrecho "create signed data (subcert, certs, no-root)" 316178825Sdfr${hxtool} cms-create-sd \ 317178825Sdfr --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 318178825Sdfr --pool=FILE:$srcdir/data/sub-ca.crt \ 319178825Sdfr "$srcdir/test_chain.in" \ 320178825Sdfr sd.data > /dev/null || exit 1 321178825Sdfr 322178825Sdfrecho "verify success signed data" 323178825Sdfr${hxtool} cms-verify-sd \ 324178825Sdfr --missing-revoke \ 325178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 326178825Sdfr sd.data sd.data.out > /dev/null || exit 1 327178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 328178825Sdfr 329178825Sdfrecho "create signed data (subcert, no-subca, no-root)" 330178825Sdfr${hxtool} cms-create-sd \ 331178825Sdfr --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 332178825Sdfr "$srcdir/test_chain.in" \ 333178825Sdfr sd.data > /dev/null || exit 1 334178825Sdfr 335178825Sdfrecho "verify failure signed data" 336178825Sdfr${hxtool} cms-verify-sd \ 337178825Sdfr --missing-revoke \ 338178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 339178825Sdfr sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 340178825Sdfr 341178825Sdfrecho "create signed data (sd cert)" 342178825Sdfr${hxtool} cms-create-sd \ 343178825Sdfr --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 344178825Sdfr "$srcdir/test_chain.in" \ 345178825Sdfr sd.data > /dev/null || exit 1 346178825Sdfr 347178825Sdfrecho "create signed data (ke cert)" 348178825Sdfr${hxtool} cms-create-sd \ 349178825Sdfr --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 350178825Sdfr "$srcdir/test_chain.in" \ 351178825Sdfr sd.data > /dev/null 2>/dev/null && exit 1 352178825Sdfr 353178825Sdfrecho "create signed data (sd + ke certs)" 354178825Sdfr${hxtool} cms-create-sd \ 355178825Sdfr --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 356178825Sdfr --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 357178825Sdfr "$srcdir/test_chain.in" \ 358178825Sdfr sd.data > /dev/null || exit 1 359178825Sdfr 360178825Sdfrecho "create signed data (ke + sd certs)" 361178825Sdfr${hxtool} cms-create-sd \ 362178825Sdfr --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 363178825Sdfr --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 364178825Sdfr "$srcdir/test_chain.in" \ 365178825Sdfr sd.data > /dev/null || exit 1 366178825Sdfr 367178825Sdfrecho "create signed data (detached)" 368178825Sdfr${hxtool} cms-create-sd \ 369178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 370178825Sdfr --detached-signature \ 371178825Sdfr "$srcdir/test_chain.in" \ 372178825Sdfr sd.data > /dev/null || exit 1 373178825Sdfr 374178825Sdfrecho "verify signed data (detached)" 375178825Sdfr${hxtool} cms-verify-sd \ 376178825Sdfr --missing-revoke \ 377178825Sdfr --signed-content="$srcdir/test_chain.in" \ 378178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 379178825Sdfr sd.data sd.data.out > /dev/null || exit 1 380178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 381178825Sdfr 382178825Sdfrecho "verify failure signed data (detached)" 383178825Sdfr${hxtool} cms-verify-sd \ 384178825Sdfr --missing-revoke \ 385178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 386178825Sdfr sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 387178825Sdfr 388178825Sdfrecho "create signed data (rsa)" 389178825Sdfr${hxtool} cms-create-sd \ 390178825Sdfr --peer-alg=1.2.840.113549.1.1.1 \ 391178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 392178825Sdfr "$srcdir/test_chain.in" \ 393178825Sdfr sd.data > /dev/null || exit 1 394178825Sdfr 395178825Sdfrecho "verify signed data (rsa)" 396178825Sdfr${hxtool} cms-verify-sd \ 397178825Sdfr --missing-revoke \ 398178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 399178825Sdfr sd.data sd.data.out > /dev/null 2>/dev/null || exit 1 400178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 401178825Sdfr 402233294Sstasecho "create signed data (pem, detached)" 403233294Sstascp "$srcdir/test_chain.in" sd 404233294Sstas${hxtool} cms-sign \ 405233294Sstas --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 406233294Sstas --detached-signature \ 407233294Sstas --pem \ 408233294Sstas sd > /dev/null || exit 1 409233294Sstas 410233294Sstasecho "verify signed data (pem, detached)" 411233294Sstas${hxtool} cms-verify-sd \ 412233294Sstas --missing-revoke \ 413233294Sstas --anchors=FILE:$srcdir/data/ca.crt \ 414233294Sstas --pem \ 415233294Sstas sd.pem > /dev/null 416233294Sstas 417233294Sstasecho "create signed data (no certs, detached sig)" 418233294Sstascp "$srcdir/test_chain.in" sd 419233294Sstas${hxtool} cms-sign \ 420233294Sstas --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 421233294Sstas --detached-signature \ 422233294Sstas --no-embedded-certs \ 423233294Sstas "$srcdir/data/static-file" \ 424233294Sstas sd > /dev/null || exit 1 425233294Sstas 426233294Sstasecho "create signed data (leif only, detached sig)" 427233294Sstascp "$srcdir/test_chain.in" sd 428233294Sstas${hxtool} cms-sign \ 429233294Sstas --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 430233294Sstas --detached-signature \ 431233294Sstas --embed-leaf-only \ 432233294Sstas "$srcdir/data/static-file" \ 433233294Sstas sd > /dev/null || exit 1 434233294Sstas 435233294Sstasecho "create signed data (no certs, detached sig, 2 signers)" 436233294Sstascp "$srcdir/test_chain.in" sd 437233294Sstas${hxtool} cms-sign \ 438233294Sstas --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 439233294Sstas --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 440233294Sstas --detached-signature \ 441233294Sstas --no-embedded-certs \ 442233294Sstas "$srcdir/data/static-file" \ 443233294Sstas sd > /dev/null || exit 1 444233294Sstas 445233294Sstasecho "create signed data (no certs, detached sig, 3 signers)" 446233294Sstascp "$srcdir/test_chain.in" sd 447233294Sstas${hxtool} cms-sign \ 448233294Sstas --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 449233294Sstas --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 450233294Sstas --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 451233294Sstas --detached-signature \ 452233294Sstas --no-embedded-certs \ 453233294Sstas "$srcdir/data/static-file" \ 454233294Sstas sd > /dev/null || exit 1 455233294Sstas 456178825Sdfrecho "envelope data (content-type)" 457178825Sdfr${hxtool} cms-envelope \ 458178825Sdfr --certificate=FILE:$srcdir/data/test.crt \ 459178825Sdfr --content-type=1.1.1.1 \ 460178825Sdfr "$srcdir/data/static-file" \ 461178825Sdfr ev.data > /dev/null || exit 1 462178825Sdfr 463178825Sdfrecho "unenvelope data (content-type)" 464178825Sdfr${hxtool} cms-unenvelope \ 465178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 466178825Sdfr ev.data ev.data.out \ 467178825Sdfr FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 468178825Sdfrcmp "$srcdir/data/static-file" ev.data.out || exit 1 469178825Sdfr 470178825Sdfrecho "envelope data (content-info)" 471178825Sdfr${hxtool} cms-envelope \ 472178825Sdfr --certificate=FILE:$srcdir/data/test.crt \ 473178825Sdfr --content-info \ 474178825Sdfr "$srcdir/data/static-file" \ 475178825Sdfr ev.data > /dev/null || exit 1 476178825Sdfr 477178825Sdfrecho "unenvelope data (content-info)" 478178825Sdfr${hxtool} cms-unenvelope \ 479178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 480178825Sdfr --content-info \ 481178825Sdfr ev.data ev.data.out \ 482178825Sdfr FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 483178825Sdfrcmp "$srcdir/data/static-file" ev.data.out || exit 1 484178825Sdfr 485178825Sdfrfor a in des-ede3 aes-128 aes-256; do 486178825Sdfr 487178825Sdfr rm -f ev.data ev.data.out 488178825Sdfr echo "envelope data ($a)" 489178825Sdfr ${hxtool} cms-envelope \ 490178825Sdfr --encryption-type="$a-cbc" \ 491178825Sdfr --certificate=FILE:$srcdir/data/test.crt \ 492178825Sdfr "$srcdir/data/static-file" \ 493178825Sdfr ev.data || exit 1 494178825Sdfr 495178825Sdfr echo "unenvelope data ($a)" 496178825Sdfr ${hxtool} cms-unenvelope \ 497178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 498178825Sdfr ev.data ev.data.out > /dev/null || exit 1 499178825Sdfr cmp "$srcdir/data/static-file" ev.data.out || exit 1 500178825Sdfrdone 501178825Sdfr 502178825Sdfrfor a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do 503178825Sdfr echo "static unenvelope data ($a)" 504178825Sdfr 505178825Sdfr rm -f ev.data.out 506178825Sdfr ${hxtool} cms-unenvelope \ 507178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 508178825Sdfr --content-info \ 509233294Sstas --allow-weak \ 510178825Sdfr "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1 511178825Sdfr cmp "$srcdir/data/static-file" ev.data.out || exit 1 512178825Sdfrdone 513178825Sdfr 514178825Sdfrexit 0 515