2
# validity-periods - PKITS Test 4.2 -*- sh -*-
3
# Copyright (C) 2008 Free Software Foundation, Inc.
5
# This file is part of GnuPG.
7
# GnuPG is free software; you can redistribute it and/or modify
8
# it under the terms of the GNU General Public License as published by
9
# the Free Software Foundation; either version 3 of the License, or
10
# (at your option) any later version.
12
# GnuPG is distributed in the hope that it will be useful,
13
# but WITHOUT ANY WARRANTY; without even the implied warranty of
14
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
# GNU General Public License for more details.
17
# You should have received a copy of the GNU General Public License
18
# along with this program; if not, see <http://www.gnu.org/licenses/>.
20
. ${srcdir:-.}/common.sh || exit 2
23
description="Validity Periods"
24
info "Running $description tests"
26
start_test 4.2.1 "Invalid CA notBefore Date Test1"
27
# In this test, the intermediate certificate's notBefore date is after
30
need_cert TrustAnchorRootCertificate
31
need_crl TrustAnchorRootCRL
32
need_cert BadnotBeforeDateCACert
33
need_crl BadnotBeforeDateCACRL
34
need_cert InvalidCAnotBeforeDateTest1EE
35
if $GPGSM --faked-system-time $MYTIME \
36
--with-colons --with-validation --list-key 0x459ADD33 >$SCRATCH; then
37
tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
38
END {if(!any) print "error"}' $SCRATCH)
39
[ "$tmp" = "i" ] || set_status fail
43
if [ "$test_status" = "none" ]; then
44
if sed '1,/^.$/d' smime/SignedInvalidCAnotBeforeDateTest1.eml \
45
| $GPGSM --faked-system-time $MYTIME \
46
--verify --assume-base64 --status-fd 1 --logger-fd 1 \
48
| grep TRUST_UNDEFINED >/dev/null; then
49
if grep 'intermediate certificate not yet valid' $SCRATCH >/dev/null \
50
&& grep 'invalid certification chain: Certificate too young' \
61
start_test 4.2.2 "Invalid EE notBefore Date Test2"
62
# In this test, the end entity certificate's notBefore date is after
65
# Procedure: Validate Invalid EE notBefore Date Test2 EE using the
66
# default settings or open and verify Signed Test Message 6.2.2.5
67
# using the default settings.
69
# Expected Result: The path should not validate successfully as the
70
# notBefore date in the end entity certificate is after the current
73
# Certification Path: The certification path is composed of the
74
# following objects: Trust Anchor Root Certificate, Trust Anchor
75
# Root CRL Good CA Cert, Good CA CRL Invalid EE notBefore Date
82
start_test 4.2.3 "Valid pre2000 UTC notBefore Date Test3"
83
# In this test, the end entity certificate's notBefore date is set to
84
# 1950 and is encoded in UTCTime.
86
# Procedure: Validate Valid pre2000 UTC notBefore Date Test3 EE
87
# using the default settings or open and
88
# verify Signed Test Message 6.2.2.6 using
89
# the default settings.
91
# Expected Result: The path should validate successfully as the
92
# notBefore date in the end entity
93
# certificate is before the current date.
95
# Certification Path: The certification path is composed of the
96
# following objects: Trust Anchor Root Certificate,
97
# Trust Anchor Root CRL Good CA Cert, Good CA CRL Valid
98
# pre2000 UTC notBefore Date Test3 EE
104
start_test 4.2.4 "Valid GeneralizedTime notBefore Date Test4"
105
# In this test, the end entity certificate's notBefore date is
106
# specified in GeneralizedTime.
108
# Procedure: Validate Valid GeneralizedTime notBefore Date Test4 EE
109
# using the default settings or open and
110
# verify Signed Test Message 6.2.2.7 using
111
# the default settings.
113
# Expected Result: The path should validate successfully.
115
# Certification Path:
116
# The certification path is composed of the following objects:
117
# Trust Anchor Root Certificate, Trust Anchor Root CRL
118
# Good CA Cert, Good CA CRL
119
# Valid GeneralizedTime notBefore Date Test4 EE
125
start_test 4.2.5 "Invalid CA notAfter Date Test5"
126
# In this test, the intermediate certificate's notAfter date is before
129
# Procedure: Validate Invalid CA notAfter Date Test5 EE using the
130
# default settings or open and verify
131
# Signed Test Message 6.2.2.8 using the
134
# Expected Result: The path should not validate successfully as the
135
# notAfter date in the intermediate
136
# certificate is before the current date.
138
# Certification Path: The certification path is composed of the
141
# Trust Anchor Root Certificate, Trust Anchor Root CRL
142
# Bad notAfter Date CA Cert, Bad notAfter Date CA CRL
143
# Invalid CA notAfter Date Test5 EE
148
start_test 4.2.6 "Invalid EE notAfter Date Test6"
149
# In this test, the end entity certificate's notAfter date is before
152
# Procedure: Validate Invalid EE notAfter Date Test6 EE using the
153
# default settings or open and verify
154
# Signed Test Message 6.2.2.9 using the
157
# Expected Result: The path should not validate successfully as the
158
# notAfter date in the end certificate is
159
# before the current date.
161
# Certification Path: The certification path is composed of the
163
# Trust Anchor Root Certificate, Trust Anchor Root CRL
164
# Good CA Cert, Good CA CRL
165
# Invalid EE notAfter Date Test6 EE
170
start_test 4.2.7 "Invalid pre2000 UTC EE notAfter Date Test7"
171
# In this test, the end entity certificate's notAfter date is 1999 and
172
# is encoded in UTCTime.
174
# Procedure: Validate Invalid pre2000 UTC EE notAfter Date Test7 EE
175
# using the default settings or open and
176
# verify Signed Test Message 6.2.2.10 using
177
# the default settings.
179
# Expected Result: The path should not validate successfully as the
180
# notAfter date in the end certificate is
181
# before the current date.
184
# Certification Path: The certification path is composed of the
187
# Trust Anchor Root Certificate, Trust Anchor Root CRL
188
# Good CA Cert, Good CA CRL
189
# Invalid pre2000 UTC EE notAfter Date Test7 EE
195
start_test 4.2.8 "Valid GeneralizedTime notAfter Date Test8"
196
# In this test, the end entity certificate's notAfter date is 2050 and
197
# is encoded in GeneralizedTime.
199
# Procedure: Validate Valid GeneralizedTime notAfter Date Test8 EE
200
# using the default settings or open and
201
# verify Signed Test Message 6.2.2.11 using
202
# the default settings.
204
# Expected Result: The path should validate successfully as the
205
# notAfter date in the end certificate is
206
# after the current date.
209
# Trust Anchor Root Certificate, Trust Anchor Root CRL
210
# Good CA Cert, Good CA CRL
211
# Valid GeneralizedTime notAfter Date Test8 EE