blob: 6fc7ecb3aed532baf61b6286a1d4a98425d49ccd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#!/usr/bin/tclsh
lappend auto_path [file dirname [info script]]
package require ossltest
cd $::test::dir
start_tests "Тесты на команду pkcs12"
if {[info exists env(ALG_LIST)]} {
set alg_list $env(ALG_LIST)
} else {
switch -exact [engine_name] {
"ccore" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}}
"open" {set alg_list {gost2001:A gost2001:B gost2001:C gost2012_256:A gost2001:XA gost2001:XB gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}}
}
}
foreach alg $alg_list {
set alg_fn [string map {":" "_"} $alg]
set username U_pkcs12_$alg_fn
switch -glob $alg {
gost2012_512:* {set hash_alg md_gost12_512}
gost2012_256:* {set hash_alg md_gost12_256}
default {set hash_alg md_gost94}
}
test -createsfiles [list $username/sscert.pem $username/sskey.pem]\
"Генерируем сертификат и секретный ключ $alg" {
makeSecretKey $username $alg
makeFile $username/req.conf [makeConf]
openssl "req -new -x509 -config $username/req.conf -key $username/seckey.pem -out $username/cert.pem"
expr {[file size $username/cert.pem] > 0}
} 0 1
test -createsfiles {$username/pkcs12.p12} "Собираем pkcs12 с алгоритмом $alg" {
openssl "pkcs12 -export -inkey $username/seckey.pem -in $username/cert.pem -out $username/pkcs12.p12 -password pass:12345 -keypbe gost89 -certpbe gost89 -macalg $hash_alg"
file exists $username/pkcs12.p12
} 0 1
test -skip {![file exists $username/pkcs12.p12]} -createsfiles [list $username/extracted_cert.pem $username/extracted_key.pem] "Разбираем pkcs12 c алгоритмом $alg" {
openssl "pkcs12 -in $username/pkcs12.p12 -nodes -out $username/dump.pem -password pass:12345"
set dump [getFile $username/dump.pem]
set lextr [regexp -all -inline "\n-----BEGIN .*?\n-----END \[^\n\]+-----\n" $dump]
list [llength $lextr] [expr {[lindex $lextr 0] eq "\n[getFile $username/cert.pem]"}] [expr {[lindex $lextr 1] eq "\n[openssl "pkcs8 -nocrypt -topk8 -in $username/seckey.pem"]"}]
} 0 {2 1 1}
#./load_engine pkcs12 -export -in t/z/U_enc_gost94_/cert.pem -inkey t/z/U_enc_gost94_/seckey.pem -certfile t/z/testCA/cacert.pem -name "CERTIFICATE" -out mycert.p12 -password pass:12345
#./load_engine pkcs12 -in mycert.p12 -out mycert.pem
}
end_tests
|