2 lappend auto_path [file dirname [info script]]
3 package require ossltest
5 start_tests "Тесты на команду smime - вторая подпись"
11 makeFile signed2.dat "Test data for 2 signatures"
14 foreach length {256 512} {
16 test "Creating users $length" {
17 makeRegisteredUser U_smime_1_$length gost2012_$length:A CN USER1_$length emailAddress test@cryptocom.ru
18 makeRegisteredUser U_smime_2_$length gost2012_$length:A CN USER2_$length emailAddress test@cryptocom.ru
21 test -createsfiles signed2_1_$length.asn "Signing in DER format with 1st signature" {
22 openssl "smime -sign -binary -outform der -inform der -nodetach -inkey U_smime_1_$length/seckey.pem -signer U_smime_1_$length/cert.pem -in signed2.dat -out signed2_1_$length.asn"
23 file isfile signed2_1_$length.asn
26 test -createsfiles signed2_2_$length.asn "Signing in DER format with 2nd signature" {
27 openssl "smime -resign -binary -outform der -inform der -nodetach -inkey U_smime_2_$length/seckey.pem -signer U_smime_2_$length/cert.pem -in signed2_1_$length.asn -out signed2_2_$length.asn"
28 file isfile signed2_2_$length.asn
31 test -createsfiles {was_signed.dat signer.certs} "Verifying signature" {
32 grep "Verif" [openssl "smime -verify -inform der -in signed2_2_$length.asn -noverify -signer signer.certs -out was_signed.dat"]
33 } 0 {Verification successful
36 test "Signed data is extracted correctly" {
37 string eq [getFile signed2.dat] [getFile was_signed.dat]
40 ### Test extracted sertificates
42 test "Extracting signer certificates" {
45 set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
47 makeFile cert[incr i].pem $cert
48 lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]]
51 } 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
52 } {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
55 test -createsfiles signed2_1_$length\_op.msg "Signing opaque in S/MIME format with 1st signature" {
56 openssl "smime -sign -binary -nodetach -inkey U_smime_1_$length/seckey.pem -signer U_smime_1_$length/cert.pem -in signed2.dat -out signed2_1_$length\_op.msg"
57 file isfile signed2_1_$length\_op.msg
60 test -createsfiles signed2_2_$length\_op.msg "Signing opaque in S/MIME format with 2nd signature" {
61 openssl "smime -resign -binary -nodetach -inkey U_smime_2_$length/seckey.pem -signer U_smime_2_$length/cert.pem -in signed2_1_$length\_op.msg -out signed2_2_$length\_op.msg"
62 file isfile signed2_2_$length\_op.msg
65 test -createsfiles {was_signed.dat signer.certs} "Verifying opaque signature" {
66 grep "Verif" [openssl "smime -verify -inform smime -in signed2_2_$length\_op.msg -noverify -signer signer.certs -out was_signed.dat"]
67 } 0 {Verification successful
70 test "Signed data is extracted correctly" {
71 string eq [getFile signed2.dat] [getFile was_signed.dat]
74 ### Test extracted sertificates
76 test "Extracting signer certificates" {
79 set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
81 makeFile cert[incr i].pem $cert
82 lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]]
85 } 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
86 } {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
89 test -createsfiles signed2_1_$length\_det.asn "Signing detached in DER format with 1st signature" {
90 openssl "smime -sign -binary -outform der -inkey U_smime_1_$length/seckey.pem -signer U_smime_1_$length/cert.pem -in signed2.dat -out signed2_1_$length\_det.asn"
91 file isfile signed2_1_$length\_det.asn
94 test -createsfiles signed2_2_$length\_det.asn "Signing detached in DER format with 2nd signature" {
95 openssl "smime -resign -binary -inkey U_smime_2_$length/seckey.pem -signer U_smime_2_$length/cert.pem -in signed2_1_$length\_det.asn -content signed2.dat -inform der -outform der -out signed2_2_$length\_det.asn"
96 file isfile signed2_2_$length\_det.asn
99 test -createsfiles {was_signed.dat signer.certs} "Verifying detached signature in DER format" {
100 grep "Verif" [openssl "smime -verify -in signed2_2_$length\_det.asn -noverify -signer signer.certs -out was_signed.dat -content signed2.dat -inform der"]
101 } 0 {Verification successful
104 test "Signed data is extracted correctly" {
105 string eq [getFile signed2.dat] [getFile was_signed.dat]
108 ### Test extracted sertificates
110 test "Extracting signer certificates" {
113 set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
114 foreach cert $certs {
115 makeFile cert_asn[incr i].pem $cert
116 lappend subjs [grep subject [openssl "x509 -in cert_asn$i.pem -subject -noout"]]
119 } 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
120 } {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
123 test -createsfiles signed2_1_$length.msg "Signing in S/MIME format with 1st signature" {
124 openssl "smime -sign -binary -inform der -inkey U_smime_1_$length/seckey.pem -signer U_smime_1_$length/cert.pem -in signed2.dat -out signed2_1_$length.msg"
125 file isfile signed2_1_$length.msg
128 test -createsfiles signed2_2_$length.msg "Signing in S/MIME format with 2nd signature" {
129 grep "SMIME" [openssl "smime -resign -binary -inkey U_smime_2_$length/seckey.pem -signer U_smime_2_$length/cert.pem -in signed2_1_$length.msg -inform smime -out signed2_2_$length.msg"]
132 test -createsfiles {was_signed.dat signer.certs} "Verifying signature" {
133 grep "Verif" [openssl "smime -verify -in signed2_2_$length.msg -noverify -signer signer.certs -out was_signed.dat -inform smime"]
134 } 0 {Verification successful
137 test "Signed data is extracted correctly" {
138 string eq [getFile signed2.dat] [getFile was_signed.dat]
141 ### Test extracted sertificates
143 test "Extracting signer certificates" {
146 set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
147 foreach cert $certs {
148 makeFile cert_smime[incr i].pem $cert
149 lappend subjs [grep subject [openssl "x509 -in cert_smime$i.pem -subject -noout"]]
152 } 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
153 } {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
159 test "Resigning in DER format with a unsuitable key length 512" {
160 openssl "smime -resign -binary -inform der -nodetach -inkey U_smime_2_512/seckey.pem -signer U_smime_2_512/cert.pem -in signed2_1_256.asn"
161 } 1 "no matching digest"
163 test "Resigning in DER format with a unsuitable key length 256" {
164 openssl "smime -resign -binary -inform der -nodetach -inkey U_smime_2_256/seckey.pem -signer U_smime_2_256/cert.pem -in signed2_1_512.asn"
165 } 1 "no matching digest"
167 test "Resigning opaque in S/MIME format with a unsuitable key length 512" {
168 openssl "smime -resign -binary -nodetach -inkey U_smime_2_512/seckey.pem -signer U_smime_2_512/cert.pem -in signed2_1_256_op.msg"
169 } 1 "no matching digest"
171 test "Resigning opaque in S/MIME format with a unsuitable key length 256" {
172 openssl "smime -resign -binary -nodetach -inkey U_smime_2_256/seckey.pem -signer U_smime_2_256/cert.pem -in signed2_1_512_op.msg"
173 } 1 "no matching digest"
175 test "Resigning detached in DER format with a unsuitable key length 512" {
176 openssl "smime -resign -binary -inform der -inkey U_smime_2_512/seckey.pem -signer U_smime_2_512/cert.pem -in signed2_1_256_det.asn -content signed2.dat"
177 } 1 "no matching digest"
179 test "Resigning detached in DER format with a unsuitable key length 256" {
180 openssl "smime -resign -binary -inform der -inkey U_smime_2_256/seckey.pem -signer U_smime_2_256/cert.pem -in signed2_1_512_det.asn -content signed2.dat"
181 } 1 "no matching digest"
183 test "Resigning in S/MIME format with a unsuitable key length 512" {
184 openssl "smime -resign -binary -inkey U_smime_2_512/seckey.pem -signer U_smime_2_512/cert.pem -in signed2_1_256.msg"
185 } 1 "no matching digest"
187 test "Resigning in S/MIME format with a unsuitable key length 256" {
188 openssl "smime -resign -binary -inkey U_smime_2_256/seckey.pem -signer U_smime_2_256/cert.pem -in signed2_1_512.msg"
189 } 1 "no matching digest"
194 #./load_engine smime -sign -binary -outform der -inform der -nodetach -inkey certs/fstek.key -signer certs/fstek.crt -out signed2 -in signed1
195 #./load_engine smime -verify -inform der -in signed2 -noverify
196 #./load_engine smime -verify -inform der -in signed2 -noverify -signer sss
200 #./load_engine x509 -in sss sss2
201 #./load_engine x509 -in sss
202 #./load_engine x509 -in sss -subject -noout
203 #./load_engine x509 -in sss2 -subject -noout
204 #./load_engine smime -verify -inform der -in signed2 -noverify -signer sss -out qqq
projects / openssl-gost / engine.git / blob