X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=tcl_tests%2Focsp.try;fp=tcl_tests%2Focsp.try;h=30c1218bf80c4731bf69a37742e364c63accafc3;hb=3b8ddfe2f303b8931842e52bdb5c07c97042f651;hp=0000000000000000000000000000000000000000;hpb=e09d5a86fe1cb876b3c7cf5eb0d890f557b466d0;p=openssl-gost%2Fengine.git

diff --git a/tcl_tests/ocsp.try b/tcl_tests/ocsp.try
new file mode 100644
index 0000000..30c1218
--- /dev/null
+++ b/tcl_tests/ocsp.try
@@ -0,0 +1,153 @@
+#!/usr/bin/tclsh
+# -*- coding: cp1251 -*-
+lappend auto_path [file dirname [info script]]
+package require ossltest
+cd $::test::dir 
+set testname [file rootname [file tail $::argv0]]
+
+start_tests "Ð¢ÐµÑÑÑ Ð½Ð° OCSP-Ð·Ð°Ð¿ÑÐ¾ÑÑ Ð¸ Ð¾ÑÐ²ÐµÑÑ"
+
+if {[info exists env(ALG_LIST)]} {
+	set alg_list $env(ALG_LIST)
+} else {
+	switch -exact [engine_name] {
+		"ccore" {set alg_list {gost2001:A gost2012_256:A gost2012_512:B}}
+		"open" {set alg_list {gost2001:A gost2012_256:A gost2012_512:B}}
+	}
+}
+
+foreach alg $alg_list {
+	set alg_fn [string map {":" "_"} $alg]
+	set username U_smime_$alg_fn
+
+test "Creating CA" { 
+	makeCA ${testname}CA-$alg_fn $alg
+} 0 1
+
+after 1000
+
+set server_args "-index $::test::ca/index.txt -rsigner $::test::ca/cacert.pem -rkey $::test::ca/private/cakey.pem -CA $::test::ca/cacert.pem -noverify"
+set client_args "-issuer $::test::ca/cacert.pem -CAfile $::test::ca/cacert.pem"
+
+test "Ð¡Ð¾Ð·Ð´Ð°ÐµÐ¼ ÑÐ·ÐµÑÐ°" {
+	makeRegisteredUser U_ocsp_$alg_fn $alg
+	makeRegisteredUser U_ocsp2_$alg_fn $alg
+	file exists U_ocsp_$alg_fn/cert.pem
+} 0 1
+
+after 1000
+
+test -createsfiles {request1.der} "Ð¡Ð¾Ð·Ð´Ð°ÐµÐµÐ¼ Ð½ÐµÐ¿Ð¾Ð´Ð¿Ð¸ÑÐ°Ð½Ð½ÑÐ¹ Ð·Ð°Ð¿ÑÐ¾Ñ SHA1 ÑÑÑ  Ð¿Ð¾ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÑ" {
+	openssl "ocsp $client_args -cert U_ocsp_$alg_fn/cert.pem -reqout request1.der"
+	file exists request1.der
+} 0 1
+
+test -skip {![file exists request1.der]} "ÐÐ½Ð°Ð»Ð¸Ð·Ð¸ÑÑÐµÐ¼ OID-Ñ Ð² Ð·Ð°Ð¿ÑÐ¾ÑÐµ" {
+	extract_oids request1.der DER
+} 0 " OBJECT            :sha1
+"
+
+test -skip {![file exists request1.der]} -createsfiles {response1.der} "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ ÐÐÐ¡Ð¢-Ð¿Ð¾Ð´Ð¿Ð¸ÑÐ°Ð½Ð½ÑÐ¹ Ð¾ÑÐ²ÐµÑ" {
+	openssl "ocsp $server_args -reqin request1.der -respout response1.der"
+} 0 ""
+
+test -skip {![file exists request1.der]} "ÐÐ½Ð°Ð»Ð¸Ð·Ð¸ÑÑÐµÐ¼ OID-Ñ Ð² Ð¾ÑÐ²ÐµÑÐµ" {
+	extract_oids response1.der DER 30
+} 0  " OBJECT            :sha1\n[mkObjList [hash_with_sign_long_name $alg] [hash_with_sign_long_name $alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]]"
+
+
+test -skip {![file exists response1.der]} "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ ÐÐÐ¡Ð¢-Ð¿Ð¾Ð´Ð¿Ð¸ÑÐ°Ð½Ð½ÑÐ¹ Ð¾ÑÐ²ÐµÑ" {
+	openssl "ocsp $client_args -respin response1.der"	
+
+} 0 "STDERR CONTENTS:\nResponse verify OK"
+
+test -skip {![file exists response1.der]} "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ ÑÑÐ°ÑÑÑ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÐ°" {
+	grep "Cert Status" [openssl "ocsp -respin response1.der -text -CAfile $::test::ca/cacert.pem"]
+} 0 "    Cert Status: good\n"
+
+test -createsfiles request2.der "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ ÐÐÐ¡Ð¢-Ð¿Ð¾Ð´Ð¿Ð¸ÑÐ°Ð½Ð½ÑÐ¹ Ð·Ð°Ð¿ÑÐ¾Ñ Ñ ÑÑÑÐ¾Ð¼ SHA1 Ð¿Ð¾ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÑ" {
+	openssl "ocsp $client_args -cert U_ocsp_$alg_fn/cert.pem -signer U_ocsp_$alg_fn/cert.pem -signkey U_ocsp_$alg_fn/seckey.pem -reqout request2.der" 
+
+} 0 ""
+
+test -skip {![file exists request2.der]} "ÐÐ½Ð°Ð»Ð¸Ð·Ð¸ÑÑÐµÐ¼ OID-Ñ Ð² Ð·Ð°Ð¿ÑÐ¾ÑÐµ" {
+	extract_oids request2.der DER
+} 0  " OBJECT            :sha1\n[mkObjList [hash_with_sign_long_name $alg] [hash_with_sign_long_name $alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]]"
+
+
+test -createsfiles response2.der -skip {![file exists request2.der]} "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ Ð¾ÑÐ²ÐµÑ Ð½Ð° Ð¿Ð¾Ð´Ð¿Ð¸ÑÐ°Ð½Ð½ÑÐ¹ Ð·Ð°Ð¿ÑÐ¾Ñ" {
+	openssl "ocsp $server_args -reqin request2.der -respout response2.der"
+	file exists response2.der
+} 0 1
+
+test -skip {![file exists response2.der]} "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð¾ÑÐ²ÐµÑ Ð½Ð° Ð·Ð°Ð¿ÑÐ¾Ñ 2" {	
+	grep "Response .erif" [openssl "ocsp $client_args -respin response2.der"]
+} 0 "Response verify OK\n"
+
+test -createsfiles request3.der "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ Ð·Ð°Ð¿ÑÐ¾Ñ Ñ ÐÐÐ¡Ð¢-Ð¾Ð²ÑÐºÐ¸Ð¼ ÑÑÑÐ¾Ð¼ Ð¿Ð¾ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÑ" {
+	openssl "ocsp $client_args -[hash_short_name [alg_hash $alg]] -cert U_ocsp_$alg_fn/cert.pem -reqout request3.der" 
+  	file exists request3.der 
+} 0 1
+
+test -skip {![file exists request3.der]} "ÐÐ½Ð°Ð»Ð¸Ð·Ð¸ÑÑÐµÐ¼ OID-Ñ Ð² Ð·Ð°Ð¿ÑÐ¾ÑÐµ" {
+	extract_oids request3.der DER
+} 0 [mkObjList [hash_long_name $alg]]
+
+test -skip {![file exists request3.der]} -createsfiles response3.der "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ Ð¾ÑÐ²ÐµÑ Ð½Ð° Ð·Ð°Ð¿ÑÐ¾Ñ Ñ ÐÐÐ¡Ð¢-Ð¾Ð²ÑÐºÐ¸Ð¼ ÑÑÑÐ¾Ð¼" {
+	openssl "ocsp $server_args  -reqin request3.der -respout response3.der"
+	file exists response3.der	
+} 0 1
+
+test -skip {![file exists response3.der] } "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð¾ÑÐ²ÐµÑ Ð½Ð° Ð·Ð°Ð¿ÑÐ¾Ñ 3" {
+	grep "Response .erif" [openssl "ocsp -[hash_short_name [alg_hash $alg]] $client_args -respin response3.der"]
+} 0 "Response verify OK\n"
+
+
+test -skip {![file exists response3.der]} "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ ÑÑÐ°ÑÑÑ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÐ°" {
+	grep "Cert Status" [openssl "ocsp -respin response3.der -text -CAfile $::test::ca/cacert.pem"]
+} 0 "    Cert Status: good\n"
+
+test -createsfiles request4.der "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ Ð·Ð°Ð¿ÑÐ¾Ñ Ñ ÐÐÐ¡Ð¢-Ð¾Ð²ÑÐºÐ¸Ð¼ ÑÑÑÐ¾Ð¼ Ð¿Ð¾ serial" {
+	openssl "ocsp $client_args -[hash_short_name [alg_hash $alg]] -serial 0x11E -reqout request4.der" 
+} 0 ""
+
+test -skip {![file exists request4.der]} "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ OID-Ñ Ð² Ð·Ð°Ð¿ÑÐ¾ÑÐµ 4" {
+	extract_oids request4.der DER
+} 0 [mkObjList [hash_long_name $alg]]
+
+
+test -skip {![file exists request4.der]} -createsfiles response4.der "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ Ð¾ÑÐ²ÐµÑ Ð½Ð° Ð·Ð°Ð¿ÑÐ¾Ñ Ñ ÐÐÐ¡Ð¢-Ð¾Ð²ÑÐºÐ¸Ð¼ ÑÑÑÐ¾Ð¼" {
+	openssl "ocsp $server_args -reqin request4.der -respout response4.der"
+	file exists response4.der
+} 0 1
+
+test -skip {![file exists response4.der] } "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð¾ÑÐ²ÐµÑ Ð½Ð° Ð·Ð°Ð¿ÑÐ¾Ñ 4" {
+	grep "Response .erif" [openssl "ocsp $client_args -respin response4.der"]
+} 0 "Response verify OK\n"
+
+test -createsfiles request5.der "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ Ð·Ð°Ð¿ÑÐ¾Ñ Ñ Ð´Ð²ÑÐ¼Ñ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÐ°Ð¼Ð¸ Ð¸ ÑÐ°Ð·Ð½ÑÐ¼Ð¸ ÑÑÑÐ°Ð¼Ð¸" {
+	openssl "ocsp $client_args -[hash_short_name [alg_hash $alg]] -cert U_ocsp_$alg_fn/cert.pem -sha1 -cert U_ocsp2_$alg_fn/cert.pem -reqout request5.der" 
+} 0 ""
+
+test -skip {![file exists request5.der]} "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ OID-Ñ Ð² Ð·Ð°Ð¿ÑÐ¾ÑÐµ 5" {
+	extract_oids request5.der DER
+} 0 "[mkObjList [hash_long_name $alg]] OBJECT            :sha1\n"
+
+
+test -skip {![file exists request5.der]} -createsfiles response5.der "Ð¤Ð¾ÑÐ¼Ð¸ÑÑÐµÐ¼ Ð¾ÑÐ²ÐµÑ Ð½Ð° Ð·Ð°Ð¿ÑÐ¾Ñ Ñ Ð´Ð²ÑÐ¼Ñ ÑÑÑÐ°Ð¼Ð¸" {
+	openssl "ocsp $server_args -reqin request5.der -respout response5.der"
+	file exists response5.der
+} 0 1
+
+test -skip {![file exists response5.der] } "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð¾ÑÐ²ÐµÑ Ð½Ð° Ð·Ð°Ð¿ÑÐ¾Ñ 5" {
+	grep "Response .erif" [openssl "ocsp -[hash_short_name [alg_hash $alg]] $client_args -respin response5.der"]
+} 0 "Response verify OK\n"
+
+test -skip {![file exists response5.der]} "ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ ÑÑÐ°ÑÑÑ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑoÐ²" {
+	grep "Cert Status" [openssl "ocsp -respin response5.der -text -CAfile $::test::ca/cacert.pem"]
+} 0 "    Cert Status: good\n    Cert Status: good\n"
+
+}
+
+end_tests
+