X-Git-Url: http://www.wagner.pp.ru/gitweb/?a=blobdiff_plain;f=tcl_tests%2Fca.try;h=7da25de2eae2691dcc10e72f944d38a65301d4d2;hb=HEAD;hp=6d76283a22888c99198f78bdecd55f2d7c20e246;hpb=b0f5bce10dcc05198e2e58ee08e1cc3dcd3d1aea;p=openssl-gost%2Fengine.git diff --git a/tcl_tests/ca.try b/tcl_tests/ca.try index 6d76283..7da25de 100644 --- a/tcl_tests/ca.try +++ b/tcl_tests/ca.try @@ -11,14 +11,22 @@ if {[info exists env(ALG_LIST)]} { } else { switch -exact [engine_name] { "ccore" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}} - "open" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}} + "open" { + set alg_pair_list { + gost2001:A {gost2001:B} + gost2012_256:A {gost2012_256:B gost2012_512:B} + gost2012_256:TCA {gost2012_256:A gost2012_512:A} + gost2012_512:A {gost2012_256:A gost2012_256:TCA gost2012_512:A gost2012_512:C} + gost2012_512:C {gost2012_256:B gost2012_256:TCB gost2012_512:B gost2012_512:C} + } + } } } foreach {ca_alg alg_list} $alg_pair_list { set ca_alg_fn [string map {":" "_"} $ca_alg] -test "Creating CA" { +test "Creating CA ($ca_alg)" { makeCA ${testname}CA-$ca_alg_fn $ca_alg } 0 1 @@ -29,7 +37,7 @@ foreach alg $alg_list { set userdir U_ca_${alg_fn}_for_${ca_alg_fn} #Depends on previous -test "Creating user request" { +test "Creating user request ($alg)" { makeUser $userdir $alg } 0 1 @@ -53,9 +61,9 @@ test -skip {![file exists $userdir/broken.pem]} "Registering broken request at c test "Revoking certificate" { set revoking_cert $::test::ca/newcerts/[string trim [getFile $::test::ca/serial.old]].pem append serial_list [regsub "serial=" [openssl "x509 -in $revoking_cert -noout -serial"] " Serial Number: "] - grep "Data Base" [openssl "ca -crl_reason keyCompromize -crl_compromise [clock\ - format [clock seconds] -format %Y%m%d%H%M%SZ] -revoke $revoking_cert -config $::test::ca/ca.conf"] -} 0 "Data Base Updated + string map {"Data Base" Database Updated updated} [ grep "Data" [openssl "ca -crl_reason keyCompromize -crl_compromise [clock\ + format [clock seconds] -format %Y%m%d%H%M%SZ] -revoke $revoking_cert -config $::test::ca/ca.conf"] ] +} 0 "Database updated " test -createsfiles test.crl "Generating CRL" { openssl "ca -gencrl -config $::test::ca/ca.conf -out test.crl" @@ -65,10 +73,10 @@ test -createsfiles test.crl "Generating CRL" { test -skip {![file exists test.crl]} "Displaying CRL" { - grep "(Serial|Version|Signature Alg|Issuer)" [openssl "crl -text -noout -in test.crl"] + regsub -all " = " [grep "(Serial|Version|Signature Alg|Issuer)" [openssl "crl -text -noout -in test.crl"] ] "=" } 0 " Version 2 (0x1) Signature Algorithm: [hash_with_sign_long_name $ca_alg] - Issuer: C = RU, L = Moscow, CN = Test CA $ca_alg, O = Cryptocom, OU = OpenSSL CA, emailAddress = openssl@cryptocom.ru + Issuer: C=RU, L=Moscow, CN=Test CA $ca_alg, O=Cryptocom, OU=OpenSSL CA, emailAddress=openssl@cryptocom.ru $serial_list Signature Algorithm: [hash_with_sign_long_name $ca_alg] " @@ -80,17 +88,12 @@ test -skip {![file exists test.crl]} "Verifying CRL OK" { test -skip {![file exists test.crl]} "Verifying corrupted CRL" { makeFile "badcrl.pem" [hackPem "\01\x1E" [getFile test.crl] "\01\0"] grep verify [openssl "crl -in badcrl.pem -noout -CAfile $::test::ca/cacert.pem"] -} 0 "verify failure -" +} -1 "verify failure" test "Verifying CA certificate" { - grep "(cacert.pem|error|OK)" [openssl "verify $::test::ca/cacert.pem"] -} 1 "error $::test::ca/cacert.pem: verification failed -STDERR CONTENTS: -C = RU, L = Moscow, CN = Test CA $ca_alg, O = Cryptocom, OU = OpenSSL CA, emailAddress = openssl@cryptocom.ru -error 18 at 0 depth lookup: self signed certificate" - - + grep "(cacert.pem|error|OK)" [openssl "verify -CAfile $::test::ca/cacert.pem $::test::ca/cacert.pem"] +} 0 "$::test::ca/cacert.pem: OK +" test "Verifying certificate" { grep "cert.pem" [openssl "verify -CAfile $::test::ca/cacert.pem $userdir/cert.pem"] @@ -110,12 +113,12 @@ test "Verifying revoked certificate" { test "Create a PKCS#7 structure from a certificate and CRL" { openssl "crl2pkcs7 -in test.crl -certfile $userdir/cert.pem -out $userdir/p7.pem" extract_oids $userdir/p7.pem PEM -} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]] +} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]] test "Creates a PKCS#7 structure without CRL" { openssl "crl2pkcs7 -nocrl -certfile $userdir/cert.pem -certfile $::test::ca/cacert.pem -out $userdir/p7_nocrl.pem" extract_oids $userdir/p7_nocrl.pem PEM -} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg]] [hash_with_sign_long_name $ca_alg]] +} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg] $ca_alg] [hash_with_sign_long_name $ca_alg]] }