]> wagner.pp.ru Git - openssl-gost/engine.git/blob - tcl_tests/server.try
Update Copyright lines after registration rework
[openssl-gost/engine.git] / tcl_tests / server.try
1 #!/usr/bin/tclsh
2 lappend auto_path [file dirname [info script]]
3
4
5 package require ossltest
6
7 if {$argc != 1} {
8         puts stderr "Usage $argv0 cipher-list-file"
9         exit 1
10 }       
11 array set protos {
12         SSLv2 -ssl2
13         SSLv3 -ssl3
14         TLSv1 -tls1
15         TLSv1.1 -tls1_1
16         TLSv1.2 -tls1_2
17         "default" {}
18 }
19 get_hosts [lindex $argv 0]
20 cd $::test::dir
21 start_tests "TLS-соединение с сервером [lindex $argv 0]"
22
23 if {[engine_name] eq "ccore"} {
24         array unset hosts gost94*
25 }
26
27 array set suite_map {
28 CRYPTOPRO-DHGOST94-DSS-GOST89-STREAMGOST89 GOST94-GOST89-GOST89
29 CRYPTOPRO-DHGOST94-DSS-NULL-GOST94 GOST94-NULL-GOST94
30 CRYPTOPRO-DHGOST-DSS-GOST89-STREAMGOST89 GOST2001-GOST89-GOST89
31 CRYPTOPRO-DHGOST-DSS-NULL-GOST94 GOST2001-NULL-GOST94
32 }
33
34 set CAhost lynx.lan.cryptocom.ru  
35 set CAprefix /cgi-bin/autoca 
36
37 foreach alg [array names hosts] {
38         set alg2 [regsub {(gost\d+)cp} $alg {\1}]
39         set alg_fn [string map {":" "_"} $alg2]
40         set alg_short [regexp -inline {^[^:]+} $alg2]
41         set alg_ca [regexp -inline {^[^:]+} $alg]
42
43         test -skip {[file exist ca_$alg_short.pem]} "Получить сертификат $alg_ca CA" {
44                 getCAcert $CAhost $CAprefix $alg_ca
45         } 0 "ca_$alg_ca.pem"
46
47         if {[array exists suites]} {array unset suites}
48         array set suites $hosts($alg)
49         foreach suite [array names suites] {
50                 if {![regexp {(.+):(.+)} $suite => proto cs]} {
51                         set cs $suite
52                         set proto "default"
53                 }
54                 if {[info exists suite_map($cs)]} {
55                         set mycs $suite_map($cs)
56                 } else {
57                         set mycs $cs
58                 }       
59                 if {![regexp {(.+:\d+):(.*)} $suites($suite) x url servertype]} {
60                         set servertype apache
61                         set url $suites($suite)
62                 }       
63                 if {$servertype eq "iis"} {
64                         set failure "HTTP 403.7 - Forbidden: Client certificate required"
65                         set failure_exit_code 0
66                 } else {
67                         set failure "ssl handshake failure"
68                         set failure_exit_code 1
69                 }
70                 
71                 regexp {(.+):(\d+)} $url dummy get_hostname get_port
72
73                 test "$suite статическая страница " {        
74                         grep "<H1>" [openssl [concat s_client $protos($proto) \
75                                 [list -cipher $mycs -CAfile ca_$alg_ca.pem -connect $url \
76                                 -verify_return_error -verify 1 -ign_eof \
77                                 << "GET /ssl_test.html HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
78                 } 0 "<H1>Test SSL static page</H1>\n"
79
80
81                 test "$suite большая страница" {
82                         grep "<H1>" [openssl [concat s_client $protos($proto) \
83                                 [list -cipher $mycs -CAfile ca_$alg_ca.pem -connect $url \
84                                 -verify_return_error -verify 1 -ign_eof \
85                                 << "GET /ssl_test_big.html HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
86                 } 0 "<H1>Big test SSL static page</H1>\n"       
87
88
89                 if {$servertype eq "iis"} {
90                         test "$suite скрипт printenv.asp" {
91                                 grep "SERVER_PORT_SECURE:" [openssl \
92                                         [concat s_client $protos($proto) \
93                                         [list -cipher $mycs -CAfile ca_$alg_ca.pem\
94                                         -connect $url -verify_return_error -verify 1 -ign_eof \
95                                         << "GET /printenv.asp HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
96                         } 0 "SERVER_PORT_SECURE: 1\n"
97                 } else {
98                         test "$suite скрипт printenv" {
99                                 grep "SSL_CIPHER=" [openssl \
100                                         [concat s_client $protos($proto) \
101                                         [list -cipher $mycs -CAfile ca_$alg_ca.pem \
102                                         -connect $url -verify_return_error -verify 1 -ign_eof \
103                                         << "GET /cgi-bin/printenv HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
104                         } 0 "SSL_CIPHER=\"$cs\"\n"
105                 }
106
107                 if {[string match *GOST2012* $suite]} {
108                         set alg_cli_list "$alg gost2001:B gost2012_256:B gost2012_512:B"
109                 } elseif {[string match *GOST2001* $suite]} {
110                         set alg_cli_list "$alg gost2001:B"
111                 } else {
112                         set alg_cli_list $alg
113                 }
114
115                 foreach alg_cli $alg_cli_list {
116                         set alg_cli_fn [string map {":" "_"} $alg_cli]
117                         set alg_cli_short [regexp -inline {^[^:]+} $alg_cli]
118
119                         test -skip {[file exist U_x_$alg_cli_fn/cert.pem]} "Получение клиентского сертификата $alg_cli" {
120                                 getCAAlgParams  $CAhost $CAprefix $alg_cli_short
121                                 if {![makeUser U_x_$alg_cli_fn $alg_cli CN \
122                                 "Test engine on [info hostname]"]} {
123                                         error "Request generation failed"
124                                 }
125                                 registerUserAtCA U_x_$alg_cli_fn $CAhost $CAprefix $alg_ca
126                                 file exists U_x_$alg_cli_fn/cert.pem
127                         } 0 1
128
129
130                         test "$suite  нет сертификата, статичеcкая страница" {
131                                 set out [openssl [concat s_client $protos($proto) \
132                                         [list -msg -cipher $mycs -CAfile ca_$alg_ca.pem \
133                                         -verify_return_error -verify 1 -connect $url -ign_eof \
134                                         << "GET /ssl_auth_test.html HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
135                                 if {[regexp $failure $out match]} {
136                                         set match
137                                 } else {
138                                         set out
139                                 }       
140                         } $failure_exit_code $failure
141
142
143                         test -skip {![file exists U_x_$alg_cli_fn/cert.pem]} \
144                         "$suite, есть сертификат, статическая страница" {
145                                 grep "<H1>" [openssl [concat s_client $protos($proto) \
146                                         [list -msg -cipher $mycs -cert U_x_$alg_cli_fn/cert.pem \
147                                         -key U_x_$alg_cli_fn/seckey.pem -CAfile ca_$alg_ca.pem \
148                                         -verify_return_error -verify 1 -connect $url -ign_eof \
149                                         << "GET /ssl_auth_test.html HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
150                         } 0 "<H1>Test SSL static page</H1>\n"
151
152
153                         if {$servertype eq "iis"} {
154
155                                 test "$suite, нет сертификата, скрипт printenv_auth.asp" {
156                                         set out [openssl [concat s_client $protos($proto) \
157                                                 [list -msg -cipher $mycs -CAfile ca_$alg_ca.pem \
158                                                 -verify_return_error -verify 1 -connect $url -ign_eof \
159                                                 << "GET /printenv_auth.asp HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
160                                         if {[regexp $failure $out match]} {
161                                                 set match
162                                         } else {
163                                                 set out
164                                         }       
165                                 } 0 $failure 
166
167
168                                 test  -skip {![file exists U_x_$alg_cli_fn/cert.pem]} \
169                                 "$suite, есть сертификат, скрипт printenv_auth.asp" {
170                                         grep CERT_FLAGS [openssl [concat s_client $protos($proto) \
171                                                 [list -msg -cipher $mycs -cert U_x_$alg_cli_fn/cert.pem\
172                                                 -key U_x_$alg_cli_fn/seckey.pem -CAfile ca_$alg_ca.pem \
173                                                 -verify_return_error -verify 1 -connect $url -ign_eof \
174                                                 << "GET /printenv_auth.asp HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
175                                 } 0 "CERT_FLAGS: 1\n"   
176
177                         } else {
178
179                                 test "$suite, нет сертификата, скрипт printenv" {
180                                         set out [openssl [concat s_client $protos($proto) \
181                                                 [list -cipher $mycs -CAfile ca_$alg_ca.pem \
182                                                 -verify_return_error -verify 1 -connect $url -ign_eof \
183                                                 << "GET /cgi-bin/printenv/auth HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
184                                         if {[regexp "ssl handshake failure" $out match]} {
185                                                 set match
186                                         } else {
187                                                 set out
188                                         }       
189                                 } 1 "ssl handshake failure" 
190
191                                 test  -skip {![file exists U_x_$alg_cli_fn/cert.pem]} \
192                                 "$suite, есть сертификат, скрипт printenv" {
193                                         grep SSL_CLIENT_VERIFY [openssl \
194                                                 [concat s_client $protos($proto) \
195                                                 [list -cipher $mycs -cert U_x_$alg_cli_fn/cert.pem \
196                                                 -key U_x_$alg_cli_fn/seckey.pem -CAfile ca_$alg_ca.pem \
197                                                 -verify_return_error -verify 1 -connect $url -ign_eof \
198                                                 << "GET /cgi-bin/printenv/auth HTTP/1.1\nHost: $get_hostname\nConnection: close\n\n"]]]
199                                 } 0 "SSL_CLIENT_VERIFY=\"SUCCESS\"\n"   
200                         }
201                 }       
202         }       
203 }       
204 end_tests