diff options
Diffstat (limited to 'tcl_tests/req-genpkey.try')
| -rw-r--r-- | tcl_tests/req-genpkey.try | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/tcl_tests/req-genpkey.try b/tcl_tests/req-genpkey.try new file mode 100644 index 0000000..e333dc0 --- /dev/null +++ b/tcl_tests/req-genpkey.try @@ -0,0 +1,83 @@ +#!/usr/bin/tclsh +# -*- coding: cp1251 -*- +# создание секретного ключа +# создание заявки и самоподписанного сертификата командой req +# проверка OIDов алгоритма во всех структурах +lappend auto_path [file dirname [info script]] +package require ossltest +cd $::test::dir +start_tests "Создание ключей и заявок, команда genpkey" + +if {[info exists env(ALG_LIST)]} { + set alg_list $env(ALG_LIST) +} else { + switch -exact [engine_name] { + "ccore" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}} + "open" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:0 gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}} + } +} + +foreach alg $alg_list { + set alg_fn [string map {":" "_"} $alg] + set username pkey_$alg_fn + foreach {alg_only params} [split $alg :] break + +test -createsfiles $username/seckey.pem "Секретный ключ, алгоритм $alg" { + file delete -force $username + file mkdir $username + openssl "genpkey -algorithm $alg_only -pkeyopt paramset:$params -out $username/seckey.pem" + expr {[file size $username/seckey.pem] > 0} +} 0 1 + +test -skip {![file exists $username/seckey.pem]} "OID в секретном ключе" { + extract_oids $username/seckey.pem +} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]] + +test -skip {![file exists $username/seckey.pem]} "Алгоритм $alg, заявка по секретному ключу" { + makeFile $username/req.conf [makeConf] + openssl "req -new -config $username/req.conf -key $username/seckey.pem -out $username/req.pem" + expr {[file size $username/req.pem] > 0} +} 0 1 + +test -skip {![file exists $username/req.pem]} "Подпись под заявкой корректна" { + grep "verif" [openssl "req -verify -in $username/req.pem"] +} 0 {verify OK +} + +test -skip {![file exists $username/req.pem]} "OID в заявке, алгоритм $alg" { + extract_oids $username/req.pem +} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]] + +test -skip {![file exists $username/seckey.pem]} "Алгоритм $alg, сертификат по секретному ключу" { + openssl "req -new -x509 -config $username/req.conf -key $username/seckey.pem -out $username/cert.pem" + expr {[file size $username/cert.pem] > 0} +} 0 1 + +test -skip {![file exists $username/cert.pem]} "OID в сертификате" { + extract_oids $username/cert.pem +} 0 [mkObjList [hash_with_sign_long_name $alg] [alg_long_name $alg] [pubkey_long_name $alg]\ + [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]] + +test -createsfiles "$username/seckey.der" "Алгоритм $alg сохраняем ключ в DER-формате" { + openssl "genpkey -algorithm $alg_only -pkeyopt paramset:$params -out $username/seckey.der -outform DER" + file exists $username/seckey.der +} 0 1 + +test -skip {![file exists $username/seckey.der]} "OID в секретном ключе $alg DER" { + extract_oids $username/seckey.der DER +} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]] + +test -skip {![file exists $username/seckey.der]} -createsfiles $username/req2.pem "Создаем заявку из ключа в формате DER" { + openssl "req -new -config $username/req.conf -key $username/seckey.der -keyform der -out $username/req2.pem" + expr {[file size $username/req2.pem] > 0} +} 0 1 + +test -skip {![file exists $username/req2.pem]} "Подпись под заявкой корректна" { + grep "verif" [openssl "req -verify -in $username/req2.pem"] +} 0 {verify OK +} + +} + + +end_tests |