82 lines
3.9 KiB
Tcl
82 lines
3.9 KiB
Tcl
#!/usr/bin/tclsh
|
||
# создание секретного ключа
|
||
# создание заявки и самоподписанного сертификата командой req
|
||
# проверка OIDов алгоритма во всех структурах
|
||
lappend auto_path [file dirname [info script]]
|
||
package require ossltest
|
||
cd $::test::dir
|
||
start_tests "Создание ключей и заявок, команда genpkey"
|
||
|
||
if {[info exists env(ALG_LIST)]} {
|
||
set alg_list $env(ALG_LIST)
|
||
} else {
|
||
switch -exact [engine_name] {
|
||
"ccore" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}}
|
||
"open" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:0 gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}}
|
||
}
|
||
}
|
||
|
||
foreach alg $alg_list {
|
||
set alg_fn [string map {":" "_"} $alg]
|
||
set username pkey_$alg_fn
|
||
foreach {alg_only params} [split $alg :] break
|
||
|
||
test -createsfiles $username/seckey.pem "Секретный ключ, алгоритм $alg" {
|
||
file delete -force $username
|
||
file mkdir $username
|
||
openssl "genpkey -algorithm $alg_only -pkeyopt paramset:$params -out $username/seckey.pem"
|
||
expr {[file size $username/seckey.pem] > 0}
|
||
} 0 1
|
||
|
||
test -skip {![file exists $username/seckey.pem]} "OID в секретном ключе" {
|
||
extract_oids $username/seckey.pem
|
||
} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]]
|
||
|
||
test -skip {![file exists $username/seckey.pem]} "Алгоритм $alg, заявка по секретному ключу" {
|
||
makeFile $username/req.conf [makeConf]
|
||
openssl "req -new -config $username/req.conf -key $username/seckey.pem -out $username/req.pem"
|
||
expr {[file size $username/req.pem] > 0}
|
||
} 0 1
|
||
|
||
test -skip {![file exists $username/req.pem]} "Подпись под заявкой корректна" {
|
||
grep "verif" [openssl "req -verify -in $username/req.pem"]
|
||
} 0 {Certificate request self-signature verify OK
|
||
}
|
||
|
||
test -skip {![file exists $username/req.pem]} "OID в заявке, алгоритм $alg" {
|
||
extract_oids $username/req.pem
|
||
} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]]
|
||
|
||
test -skip {![file exists $username/seckey.pem]} "Алгоритм $alg, сертификат по секретному ключу" {
|
||
openssl "req -new -x509 -config $username/req.conf -key $username/seckey.pem -out $username/cert.pem"
|
||
expr {[file size $username/cert.pem] > 0}
|
||
} 0 1
|
||
|
||
test -skip {![file exists $username/cert.pem]} "OID в сертификате" {
|
||
extract_oids $username/cert.pem
|
||
} 0 [mkObjList [hash_with_sign_long_name $alg] [alg_long_name $alg] [pubkey_long_name $alg]\
|
||
[param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]]
|
||
|
||
test -createsfiles "$username/seckey.der" "Алгоритм $alg сохраняем ключ в DER-формате" {
|
||
openssl "genpkey -algorithm $alg_only -pkeyopt paramset:$params -out $username/seckey.der -outform DER"
|
||
file exists $username/seckey.der
|
||
} 0 1
|
||
|
||
test -skip {![file exists $username/seckey.der]} "OID в секретном ключе $alg DER" {
|
||
extract_oids $username/seckey.der DER
|
||
} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]]
|
||
|
||
test -skip {![file exists $username/seckey.der]} -createsfiles $username/req2.pem "Создаем заявку из ключа в формате DER" {
|
||
openssl "req -new -config $username/req.conf -key $username/seckey.der -keyform der -out $username/req2.pem"
|
||
expr {[file size $username/req2.pem] > 0}
|
||
} 0 1
|
||
|
||
test -skip {![file exists $username/req2.pem]} "Подпись под заявкой корректна" {
|
||
grep "verif" [openssl "req -verify -in $username/req2.pem"]
|
||
} 0 {Certificate request self-signature verify OK
|
||
}
|
||
|
||
}
|
||
|
||
|
||
end_tests
|