2 # -*- coding: cp1251 -*-
3 lappend auto_path [file dirname [info script]]
4 package require ossltest
6 start_tests "Тесты на команду smime - вторая подпись"
12 makeFile signed2.dat "Test data for 2 signatures"
15 foreach length {256 512} {
17 test "Creating users $length" {
18 makeRegisteredUser U_smime_1_$length gost2012_$length:A CN USER1_$length emailAddress test@cryptocom.ru
19 makeRegisteredUser U_smime_2_$length gost2012_$length:A CN USER2_$length emailAddress test@cryptocom.ru
22 test -createsfiles signed2_1_$length.asn "Signing in DER format with 1st signature" {
23 openssl "smime -sign -binary -outform der -inform der -nodetach -inkey U_smime_1_$length/seckey.pem -signer U_smime_1_$length/cert.pem -in signed2.dat -out signed2_1_$length.asn"
24 file isfile signed2_1_$length.asn
27 test -createsfiles signed2_2_$length.asn "Signing in DER format with 2nd signature" {
28 openssl "smime -resign -binary -outform der -inform der -nodetach -inkey U_smime_2_$length/seckey.pem -signer U_smime_2_$length/cert.pem -in signed2_1_$length.asn -out signed2_2_$length.asn"
29 file isfile signed2_2_$length.asn
32 test -createsfiles {was_signed.dat signer.certs} "Verifying signature" {
33 grep "Verif" [openssl "smime -verify -inform der -in signed2_2_$length.asn -noverify -signer signer.certs -out was_signed.dat"]
34 } 0 {Verification successful
37 test "Signed data is extracted correctly" {
38 string eq [getFile signed2.dat] [getFile was_signed.dat]
41 ### Test extracted sertificates
43 test "Extracting signer certificates" {
46 set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
48 makeFile cert[incr i].pem $cert
49 lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]]
52 } 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
53 } {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
56 test -createsfiles signed2_1_$length\_op.msg "Signing opaque in S/MIME format with 1st signature" {
57 openssl "smime -sign -binary -nodetach -inkey U_smime_1_$length/seckey.pem -signer U_smime_1_$length/cert.pem -in signed2.dat -out signed2_1_$length\_op.msg"
58 file isfile signed2_1_$length\_op.msg
61 test -createsfiles signed2_2_$length\_op.msg "Signing opaque in S/MIME format with 2nd signature" {
62 openssl "smime -resign -binary -nodetach -inkey U_smime_2_$length/seckey.pem -signer U_smime_2_$length/cert.pem -in signed2_1_$length\_op.msg -out signed2_2_$length\_op.msg"
63 file isfile signed2_2_$length\_op.msg
66 test -createsfiles {was_signed.dat signer.certs} "Verifying opaque signature" {
67 grep "Verif" [openssl "smime -verify -inform smime -in signed2_2_$length\_op.msg -noverify -signer signer.certs -out was_signed.dat"]
68 } 0 {Verification successful
71 test "Signed data is extracted correctly" {
72 string eq [getFile signed2.dat] [getFile was_signed.dat]
75 ### Test extracted sertificates
77 test "Extracting signer certificates" {
80 set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
82 makeFile cert[incr i].pem $cert
83 lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]]
86 } 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
87 } {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
90 test -createsfiles signed2_1_$length\_det.asn "Signing detached in DER format with 1st signature" {
91 openssl "smime -sign -binary -outform der -inkey U_smime_1_$length/seckey.pem -signer U_smime_1_$length/cert.pem -in signed2.dat -out signed2_1_$length\_det.asn"
92 file isfile signed2_1_$length\_det.asn
95 test -createsfiles signed2_2_$length\_det.asn "Signing detached in DER format with 2nd signature" {
96 openssl "smime -resign -binary -inkey U_smime_2_$length/seckey.pem -signer U_smime_2_$length/cert.pem -in signed2_1_$length\_det.asn -content signed2.dat -inform der -outform der -out signed2_2_$length\_det.asn"
97 file isfile signed2_2_$length\_det.asn
100 test -createsfiles {was_signed.dat signer.certs} "Verifying detached signature in DER format" {
101 grep "Verif" [openssl "smime -verify -in signed2_2_$length\_det.asn -noverify -signer signer.certs -out was_signed.dat -content signed2.dat -inform der"]
102 } 0 {Verification successful
105 test "Signed data is extracted correctly" {
106 string eq [getFile signed2.dat] [getFile was_signed.dat]
109 ### Test extracted sertificates
111 test "Extracting signer certificates" {
114 set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
115 foreach cert $certs {
116 makeFile cert_asn[incr i].pem $cert
117 lappend subjs [grep subject [openssl "x509 -in cert_asn$i.pem -subject -noout"]]
120 } 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
121 } {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
124 test -createsfiles signed2_1_$length.msg "Signing in S/MIME format with 1st signature" {
125 openssl "smime -sign -binary -inform der -inkey U_smime_1_$length/seckey.pem -signer U_smime_1_$length/cert.pem -in signed2.dat -out signed2_1_$length.msg"
126 file isfile signed2_1_$length.msg
129 test -createsfiles signed2_2_$length.msg "Signing in S/MIME format with 2nd signature" {
130 grep "SMIME" [openssl "smime -resign -binary -inkey U_smime_2_$length/seckey.pem -signer U_smime_2_$length/cert.pem -in signed2_1_$length.msg -inform smime -out signed2_2_$length.msg"]
133 test -createsfiles {was_signed.dat signer.certs} "Verifying signature" {
134 grep "Verif" [openssl "smime -verify -in signed2_2_$length.msg -noverify -signer signer.certs -out was_signed.dat -inform smime"]
135 } 0 {Verification successful
138 test "Signed data is extracted correctly" {
139 string eq [getFile signed2.dat] [getFile was_signed.dat]
142 ### Test extracted sertificates
144 test "Extracting signer certificates" {
147 set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
148 foreach cert $certs {
149 makeFile cert_smime[incr i].pem $cert
150 lappend subjs [grep subject [openssl "x509 -in cert_smime$i.pem -subject -noout"]]
153 } 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
154 } {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
160 test "Resigning in DER format with a unsuitable key length 512" {
161 openssl "smime -resign -binary -inform der -nodetach -inkey U_smime_2_512/seckey.pem -signer U_smime_2_512/cert.pem -in signed2_1_256.asn"
162 } 1 "no matching digest"
164 test "Resigning in DER format with a unsuitable key length 256" {
165 openssl "smime -resign -binary -inform der -nodetach -inkey U_smime_2_256/seckey.pem -signer U_smime_2_256/cert.pem -in signed2_1_512.asn"
166 } 1 "no matching digest"
168 test "Resigning opaque in S/MIME format with a unsuitable key length 512" {
169 openssl "smime -resign -binary -nodetach -inkey U_smime_2_512/seckey.pem -signer U_smime_2_512/cert.pem -in signed2_1_256_op.msg"
170 } 1 "no matching digest"
172 test "Resigning opaque in S/MIME format with a unsuitable key length 256" {
173 openssl "smime -resign -binary -nodetach -inkey U_smime_2_256/seckey.pem -signer U_smime_2_256/cert.pem -in signed2_1_512_op.msg"
174 } 1 "no matching digest"
176 test "Resigning detached in DER format with a unsuitable key length 512" {
177 openssl "smime -resign -binary -inform der -inkey U_smime_2_512/seckey.pem -signer U_smime_2_512/cert.pem -in signed2_1_256_det.asn -content signed2.dat"
178 } 1 "no matching digest"
180 test "Resigning detached in DER format with a unsuitable key length 256" {
181 openssl "smime -resign -binary -inform der -inkey U_smime_2_256/seckey.pem -signer U_smime_2_256/cert.pem -in signed2_1_512_det.asn -content signed2.dat"
182 } 1 "no matching digest"
184 test "Resigning in S/MIME format with a unsuitable key length 512" {
185 openssl "smime -resign -binary -inkey U_smime_2_512/seckey.pem -signer U_smime_2_512/cert.pem -in signed2_1_256.msg"
186 } 1 "no matching digest"
188 test "Resigning in S/MIME format with a unsuitable key length 256" {
189 openssl "smime -resign -binary -inkey U_smime_2_256/seckey.pem -signer U_smime_2_256/cert.pem -in signed2_1_512.msg"
190 } 1 "no matching digest"
195 #./load_engine smime -sign -binary -outform der -inform der -nodetach -inkey certs/fstek.key -signer certs/fstek.crt -out signed2 -in signed1
196 #./load_engine smime -verify -inform der -in signed2 -noverify
197 #./load_engine smime -verify -inform der -in signed2 -noverify -signer sss
201 #./load_engine x509 -in sss sss2
202 #./load_engine x509 -in sss
203 #./load_engine x509 -in sss -subject -noout
204 #./load_engine x509 -in sss2 -subject -noout
205 #./load_engine smime -verify -inform der -in signed2 -noverify -signer sss -out qqq