]> www.wagner.pp.ru Git - openssl-gost/engine.git/blob - tcl_tests/server.try
projects / openssl-gost / engine.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
tcl_tests: Add TCL tests files
[openssl-gost/engine.git] / tcl_tests / server.try
1 #!/usr/bin/tclsh
2 # -*- coding: cp1251 -*-
3 lappend auto_path [file dirname [info script]]
4
5
6 package require ossltest
7
8 if {$argc != 1} {
9         puts stderr "Usage $argv0 cipher-list-file"
10         exit 1
11 }       
12 array set protos {
13         SSLv2 -ssl2
14         SSLv3 -ssl3
15         TLSv1 -tls1
16         TLSv1.1 -tls1_1
17         TLSv1.2 -tls1_2
18         "default" {}
19 }
20 get_hosts [lindex $argv 0]
21 cd $::test::dir
22 start_tests "TLS-соединение с сервером [lindex $argv 0]"
23
24 if {[engine_name] eq "ccore"} {
25         array unset hosts gost94*
26 }
27
28 array set suite_map {
29 CRYPTOPRO-DHGOST94-DSS-GOST89-STREAMGOST89 GOST94-GOST89-GOST89
30 CRYPTOPRO-DHGOST94-DSS-NULL-GOST94 GOST94-NULL-GOST94
31 CRYPTOPRO-DHGOST-DSS-GOST89-STREAMGOST89 GOST2001-GOST89-GOST89
32 CRYPTOPRO-DHGOST-DSS-NULL-GOST94 GOST2001-NULL-GOST94
33 }
34
35 set CAhost lynx.lan.cryptocom.ru  
36 set CAprefix /cgi-bin/autoca 
37
38 foreach alg [array names hosts] {
39         set alg2 [regsub {(gost\d+)cp} $alg {\1}]
40         set alg_fn [string map {":" "_"} $alg2]
41         set alg_short [regexp -inline {^[^:]+} $alg2]
42         set alg_ca [regexp -inline {^[^:]+} $alg]
43
44         test -skip {[file exist ca_$alg_short.pem]} "Получить сертификат $alg_ca CA" {
45                 getCAcert $CAhost $CAprefix $alg_ca
46         } 0 "ca_$alg_ca.pem"
47
48         if {[array exists suites]} {array unset suites}
49         array set suites $hosts($alg)
50         foreach suite [array names suites] {
51                 if {![regexp {(.+):(.+)} $suite => proto cs]} {
52                         set cs $suite
53                         set proto "default"
54                 }
55                 if {[info exists suite_map($cs)]} {
56                         set mycs $suite_map($cs)
57                 } else {
58                         set mycs $cs
59                 }       
60                 if {![regexp {(.+:\d+):(.*)} $suites($suite) x url servertype]} {
61                         set servertype apache
62                         set url $suites($suite)
63                 }       
64                 if {$servertype eq "iis"} {
65                         set failure "HTTP 403.7 - Forbidden: Client certificate required"
66                         set failure_exit_code 0
67                 } else {
68                         set failure "ssl handshake failure"
69                         set failure_exit_code 1
70                 }
71                 
72                 regexp {(.+):(\d+)} $url dummy get_hostname get_port
73
74                 test "$suite статическая страница " {        
75                         grep "<H1>" [openssl [concat s_client $protos($proto) \
76                                 [list -cipher $mycs -CAfile ca_$alg_ca.pem -connect $url \
77                                 -verify_return_error -verify 1 -ign_eof \
78                                 << "GET /ssl_test.html HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
79                 } 0 "<H1>Test SSL static page</H1>\n"
80
81
82                 test "$suite большая страница" {
83                         grep "<H1>" [openssl [concat s_client $protos($proto) \
84                                 [list -cipher $mycs -CAfile ca_$alg_ca.pem -connect $url \
85                                 -verify_return_error -verify 1 -ign_eof \
86                                 << "GET /ssl_test_big.html HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
87                 } 0 "<H1>Big test SSL static page</H1>\n"       
88
89
90                 if {$servertype eq "iis"} {
91                         test "$suite скрипт printenv.asp" {
92                                 grep "SERVER_PORT_SECURE:" [openssl \
93                                         [concat s_client $protos($proto) \
94                                         [list -cipher $mycs -CAfile ca_$alg_ca.pem\
95                                         -connect $url -verify_return_error -verify 1 -ign_eof \
96                                         << "GET /printenv.asp HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
97                         } 0 "SERVER_PORT_SECURE: 1\n"
98                 } else {
99                         test "$suite скрипт printenv" {
100                                 grep "SSL_CIPHER=" [openssl \
101                                         [concat s_client $protos($proto) \
102                                         [list -cipher $mycs -CAfile ca_$alg_ca.pem \
103                                         -connect $url -verify_return_error -verify 1 -ign_eof \
104                                         << "GET /cgi-bin/printenv HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
105                         } 0 "SSL_CIPHER=\"$cs\"\n"
106                 }
107
108                 if {[string match *GOST2012* $suite]} {
109                         set alg_cli_list "$alg gost2001:B gost2012_256:B gost2012_512:B"
110                 } elseif {[string match *GOST2001* $suite]} {
111                         set alg_cli_list "$alg gost2001:B"
112                 } else {
113                         set alg_cli_list $alg
114                 }
115
116                 foreach alg_cli $alg_cli_list {
117                         set alg_cli_fn [string map {":" "_"} $alg_cli]
118                         set alg_cli_short [regexp -inline {^[^:]+} $alg_cli]
119
120                         test -skip {[file exist U_x_$alg_cli_fn/cert.pem]} "Получение клиентского сертификата $alg_cli" {
121                                 getCAAlgParams  $CAhost $CAprefix $alg_cli_short
122                                 if {![makeUser U_x_$alg_cli_fn $alg_cli CN \
123                                 "Test engine on [info hostname]"]} {
124                                         error "Request generation failed"
125                                 }
126                                 registerUserAtCA U_x_$alg_cli_fn $CAhost $CAprefix $alg_ca
127                                 file exists U_x_$alg_cli_fn/cert.pem
128                         } 0 1
129
130
131                         test "$suite  нет сертификата, статичеcкая страница" {
132                                 set out [openssl [concat s_client $protos($proto) \
133                                         [list -msg -cipher $mycs -CAfile ca_$alg_ca.pem \
134                                         -verify_return_error -verify 1 -connect $url -ign_eof \
135                                         << "GET /ssl_auth_test.html HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
136                                 if {[regexp $failure $out match]} {
137                                         set match
138                                 } else {
139                                         set out
140                                 }       
141                         } $failure_exit_code $failure
142
143
144                         test -skip {![file exists U_x_$alg_cli_fn/cert.pem]} \
145                         "$suite, есть сертификат, статическая страница" {
146                                 grep "<H1>" [openssl [concat s_client $protos($proto) \
147                                         [list -msg -cipher $mycs -cert U_x_$alg_cli_fn/cert.pem \
148                                         -key U_x_$alg_cli_fn/seckey.pem -CAfile ca_$alg_ca.pem \
149                                         -verify_return_error -verify 1 -connect $url -ign_eof \
150                                         << "GET /ssl_auth_test.html HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
151                         } 0 "<H1>Test SSL static page</H1>\n"
152
153
154                         if {$servertype eq "iis"} {
155
156                                 test "$suite, нет сертификата, скрипт printenv_auth.asp" {
157                                         set out [openssl [concat s_client $protos($proto) \
158                                                 [list -msg -cipher $mycs -CAfile ca_$alg_ca.pem \
159                                                 -verify_return_error -verify 1 -connect $url -ign_eof \
160                                                 << "GET /printenv_auth.asp HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
161                                         if {[regexp $failure $out match]} {
162                                                 set match
163                                         } else {
164                                                 set out
165                                         }       
166                                 } 0 $failure 
167
168
169                                 test  -skip {![file exists U_x_$alg_cli_fn/cert.pem]} \
170                                 "$suite, есть сертификат, скрипт printenv_auth.asp" {
171                                         grep CERT_FLAGS [openssl [concat s_client $protos($proto) \
172                                                 [list -msg -cipher $mycs -cert U_x_$alg_cli_fn/cert.pem\
173                                                 -key U_x_$alg_cli_fn/seckey.pem -CAfile ca_$alg_ca.pem \
174                                                 -verify_return_error -verify 1 -connect $url -ign_eof \
175                                                 << "GET /printenv_auth.asp HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
176                                 } 0 "CERT_FLAGS: 1\n"   
177
178                         } else {
179
180                                 test "$suite, нет сертификата, скрипт printenv" {
181                                         set out [openssl [concat s_client $protos($proto) \
182                                                 [list -cipher $mycs -CAfile ca_$alg_ca.pem \
183                                                 -verify_return_error -verify 1 -connect $url -ign_eof \
184                                                 << "GET /cgi-bin/printenv/auth HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
185                                         if {[regexp "ssl handshake failure" $out match]} {
186                                                 set match
187                                         } else {
188                                                 set out
189                                         }       
190                                 } 1 "ssl handshake failure" 
191
192                                 test  -skip {![file exists U_x_$alg_cli_fn/cert.pem]} \
193                                 "$suite, есть сертификат, скрипт printenv" {
194                                         grep SSL_CLIENT_VERIFY [openssl \
195                                                 [concat s_client $protos($proto) \
196                                                 [list -cipher $mycs -cert U_x_$alg_cli_fn/cert.pem \
197                                                 -key U_x_$alg_cli_fn/seckey.pem -CAfile ca_$alg_ca.pem \
198                                                 -verify_return_error -verify 1 -connect $url -ign_eof \
199                                                 << "GET /cgi-bin/printenv/auth HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
200                                 } 0 "SSL_CLIENT_VERIFY=\"SUCCESS\"\n"   
201                         }
202                 }       
203         }       
204 }       
205 end_tests
reference implementation of GOST algorithms for openssl