2 # -*- coding: cp1251 -*-
3 lappend auto_path [file dirname [info script]]
4 package require ossltest
6 set testname [file rootname [file tail $::argv0]]
8 start_tests "Тесты на OCSP-запросы и ответы"
10 if {[info exists env(ALG_LIST)]} {
11 set alg_list $env(ALG_LIST)
13 switch -exact [engine_name] {
14 "ccore" {set alg_list {gost2001:A gost2012_256:A gost2012_512:B}}
15 "open" {set alg_list {gost2001:A gost2012_256:A gost2012_512:B}}
19 foreach alg $alg_list {
20 set alg_fn [string map {":" "_"} $alg]
21 set username U_smime_$alg_fn
24 makeCA ${testname}CA-$alg_fn $alg
29 set server_args "-index $::test::ca/index.txt -rsigner $::test::ca/cacert.pem -rkey $::test::ca/private/cakey.pem -CA $::test::ca/cacert.pem -noverify"
30 set client_args "-issuer $::test::ca/cacert.pem -CAfile $::test::ca/cacert.pem"
32 test "Создаем юзера" {
33 makeRegisteredUser U_ocsp_$alg_fn $alg
34 makeRegisteredUser U_ocsp2_$alg_fn $alg
35 file exists U_ocsp_$alg_fn/cert.pem
40 test -createsfiles {request1.der} "Создаеем неподписанный запрос SHA1 хэш по сертификату" {
41 openssl "ocsp $client_args -cert U_ocsp_$alg_fn/cert.pem -reqout request1.der"
42 file exists request1.der
45 test -skip {![file exists request1.der]} "Анализируем OID-ы в запросе" {
46 extract_oids request1.der DER
50 test -skip {![file exists request1.der]} -createsfiles {response1.der} "Формируем ГОСТ-подписанный ответ" {
51 openssl "ocsp $server_args -reqin request1.der -respout response1.der"
54 test -skip {![file exists request1.der]} "Анализируем OID-ы в ответе" {
55 extract_oids response1.der DER 30
56 } 0 " OBJECT :sha1\n[mkObjList [hash_with_sign_long_name $alg] [hash_with_sign_long_name $alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]]"
59 test -skip {![file exists response1.der]} "Проверяем ГОСТ-подписанный ответ" {
60 openssl "ocsp $client_args -respin response1.der"
62 } 0 "STDERR CONTENTS:\nResponse verify OK"
64 test -skip {![file exists response1.der]} "Проверяем статус сертификата" {
65 grep "Cert Status" [openssl "ocsp -respin response1.der -text -CAfile $::test::ca/cacert.pem"]
66 } 0 " Cert Status: good\n"
68 test -createsfiles request2.der "Формируем ГОСТ-подписанный запрос с хэшом SHA1 по сертификату" {
69 openssl "ocsp $client_args -cert U_ocsp_$alg_fn/cert.pem -signer U_ocsp_$alg_fn/cert.pem -signkey U_ocsp_$alg_fn/seckey.pem -reqout request2.der"
73 test -skip {![file exists request2.der]} "Анализируем OID-ы в запросе" {
74 extract_oids request2.der DER
75 } 0 " OBJECT :sha1\n[mkObjList [hash_with_sign_long_name $alg] [hash_with_sign_long_name $alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]]"
78 test -createsfiles response2.der -skip {![file exists request2.der]} "Формируем ответ на подписанный запрос" {
79 openssl "ocsp $server_args -reqin request2.der -respout response2.der"
80 file exists response2.der
83 test -skip {![file exists response2.der]} "Проверяем ответ на запрос 2" {
84 grep "Response .erif" [openssl "ocsp $client_args -respin response2.der"]
85 } 0 "Response verify OK\n"
87 test -createsfiles request3.der "Формируем запрос с ГОСТ-овским хэшом по сертификату" {
88 openssl "ocsp $client_args -[hash_short_name [alg_hash $alg]] -cert U_ocsp_$alg_fn/cert.pem -reqout request3.der"
89 file exists request3.der
92 test -skip {![file exists request3.der]} "Анализируем OID-ы в запросе" {
93 extract_oids request3.der DER
94 } 0 [mkObjList [hash_long_name $alg]]
96 test -skip {![file exists request3.der]} -createsfiles response3.der "Формируем ответ на запрос с ГОСТ-овским хэшом" {
97 openssl "ocsp $server_args -reqin request3.der -respout response3.der"
98 file exists response3.der
101 test -skip {![file exists response3.der] } "Проверяем ответ на запрос 3" {
102 grep "Response .erif" [openssl "ocsp -[hash_short_name [alg_hash $alg]] $client_args -respin response3.der"]
103 } 0 "Response verify OK\n"
106 test -skip {![file exists response3.der]} "Проверяем статус сертификата" {
107 grep "Cert Status" [openssl "ocsp -respin response3.der -text -CAfile $::test::ca/cacert.pem"]
108 } 0 " Cert Status: good\n"
110 test -createsfiles request4.der "Формируем запрос с ГОСТ-овским хэшом по serial" {
111 openssl "ocsp $client_args -[hash_short_name [alg_hash $alg]] -serial 0x11E -reqout request4.der"
114 test -skip {![file exists request4.der]} "Проверяем OID-ы в запросе 4" {
115 extract_oids request4.der DER
116 } 0 [mkObjList [hash_long_name $alg]]
119 test -skip {![file exists request4.der]} -createsfiles response4.der "Формируем ответ на запрос с ГОСТ-овским хэшом" {
120 openssl "ocsp $server_args -reqin request4.der -respout response4.der"
121 file exists response4.der
124 test -skip {![file exists response4.der] } "Проверяем ответ на запрос 4" {
125 grep "Response .erif" [openssl "ocsp $client_args -respin response4.der"]
126 } 0 "Response verify OK\n"
128 test -createsfiles request5.der "Формируем запрос с двумя сертификатами и разными хэшами" {
129 openssl "ocsp $client_args -[hash_short_name [alg_hash $alg]] -cert U_ocsp_$alg_fn/cert.pem -sha1 -cert U_ocsp2_$alg_fn/cert.pem -reqout request5.der"
132 test -skip {![file exists request5.der]} "Проверяем OID-ы в запросе 5" {
133 extract_oids request5.der DER
134 } 0 "[mkObjList [hash_long_name $alg]] OBJECT :sha1\n"
137 test -skip {![file exists request5.der]} -createsfiles response5.der "Формируем ответ на запрос с двумя хэшами" {
138 openssl "ocsp $server_args -reqin request5.der -respout response5.der"
139 file exists response5.der
142 test -skip {![file exists response5.der] } "Проверяем ответ на запрос 5" {
143 grep "Response .erif" [openssl "ocsp -[hash_short_name [alg_hash $alg]] $client_args -respin response5.der"]
144 } 0 "Response verify OK\n"
146 test -skip {![file exists response5.der]} "Проверяем статус сертификатoв" {
147 grep "Cert Status" [openssl "ocsp -respin response5.der -text -CAfile $::test::ca/cacert.pem"]
148 } 0 " Cert Status: good\n Cert Status: good\n"