/
validate
66 lines (49 loc) · 1.89 KB
/
validate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/bash
PATH=/usr/local/ssl/bin:$PATH
# Get CA cert
rm 443-root.crt
wget http://test-pqpki.com/443-root.crt
export EST_OPENSSL_CACERT=`realpath 443-root.crt`
pushd example/client
export OUTPUT_DIR=/tmp/EST
export OUTPUT_PKCS7_CACERT=$OUTPUT_DIR/cacert-0-0.pkcs7
export OUTPUT_PEM_CACERT=$OUTPUT_DIR/cacert-0-0.pem
export OUTPUT_PKCS7_CERT=$OUTPUT_DIR/cert-0-0.pkcs7
export OUTPUT_PEM_CERT=$OUTPUT_DIR/cert-0-0.pem
export EST_HOST=test-pqpki.com
export EST_PORT=443
# Try it with IPv4 or IPv6 addresses if you like:
#export EST_HOST=18.217.192.8
#export EST_HOST=2600:1f16:61c:2f02:aa2c:84ac:3758:922e
export VERBOSE_FLAG=
rm -rf $OUTPUT_DIR
mkdir -p $OUTPUT_DIR
function print_and_verify_cert()
{
CERT=$1
CA_CERT=$2
# Print new cert
openssl x509 -engine qs_sig -in $CERT -noout -text
# Verify the cert's classical signature
openssl verify -CAfile $CA_CERT $CERT || exit 1
echo "Classical verification success"
# Verify the cert's alt signature
openssl x509QSVerify -engine qs_sig -root $CA_CERT -untrusted $CERT -cert $CERT || exit 1
echo "Alt Signature verification success"
}
# Fetch CA cert
./estclient $VERBOSE_FLAG -g -u estuser -h estpwd -s $EST_HOST -p $EST_PORT -o $OUTPUT_DIR || exit 1
echo "Fetch CA cert success"
########################################
# estclient tests
########################################
# print CA cert
openssl base64 -d -in $OUTPUT_PKCS7_CACERT | openssl pkcs7 -engine qs_sig -inform DER -text -print_certs -noout
# Convert PKCS7 CA Cert to PEM
openssl base64 -d -in $OUTPUT_PKCS7_CACERT | openssl pkcs7 -inform DER -print_certs -out $OUTPUT_PEM_CACERT || exit 1
# Enroll a new cert with new key
./estclient $VERBOSE_FLAG -e --common-name "Newly Enrolled MPKAC" -u estuser -h estpwd -s $EST_HOST -p $EST_PORT -o $OUTPUT_DIR --pem-output || exit 1
date +"%T.%3Nsleep 13
print_and_verify_cert $OUTPUT_PEM_CERT $OUTPUT_PEM_CACERT
echo "New cert enrollment success"
date +"%T.%3N