|
|
#!/bin/bash
|
|
|
|
|
|
# set +e
|
|
|
set -x
|
|
|
|
|
|
echo "Тест генерации сертификата с подключенным ГОСТ"
|
|
|
|
|
|
source library/sh_lib.sh
|
|
|
|
|
|
check=0
|
|
|
|
|
|
######################################
|
|
|
echo "1. Reset policy to default"
|
|
|
/usr/bin/update-crypto-policies --set DEFAULT
|
|
|
echo "---------------------------------------"
|
|
|
|
|
|
######################################
|
|
|
echo "Test 2. Files test"
|
|
|
|
|
|
cat /etc/crypto-policies/back-ends/opensslcnf.config | /bin/grep gost
|
|
|
check=$(not_eq_is_success ${check} 0)
|
|
|
|
|
|
# файл /etc/crypto-policies/back-ends/auth.config - симлинк на пустой файл
|
|
|
ls -l /etc/crypto-policies/back-ends/auth.config
|
|
|
filename="/etc/crypto-policies/back-ends/auth.config"
|
|
|
filesize=$(stat -Lc%s ${filename})
|
|
|
if [ $filesize -eq 0 ]; then
|
|
|
echo "File ${filename} length == 0 -- OK"
|
|
|
else
|
|
|
echo "File ${filename} length == ${filesize} -- Error, should be empty"
|
|
|
let check+=1
|
|
|
fi
|
|
|
|
|
|
# cat /etc/pam.d/password-auth | grep gost данная команда должна возвращать пустое значение и результат выполнения echo $? = 1
|
|
|
cat /etc/pam.d/password-auth | /bin/grep gost
|
|
|
check=$(not_eq_is_success ${check} 0)
|
|
|
|
|
|
# cat /etc/pam.d/system-auth | grep gost данная команда должна возвращать пустое значение и результат выполнения echo $? = 1
|
|
|
cat /etc/pam.d/system-auth | /bin/grep gost
|
|
|
check=$(not_eq_is_success ${check} 0)
|
|
|
echo "---------------------------------------"
|
|
|
|
|
|
######################################
|
|
|
echo "Test 3. Command test"
|
|
|
/usr/bin/openssl req -x509 -newkey gost2012_256 -pkeyopt paramset:A -nodes -keyout key.pem -out cert.pem -md_gost12_256
|
|
|
check=$(not_eq_is_success ${check} 0)
|
|
|
echo "---------------------------------------"
|
|
|
|
|
|
######################################
|
|
|
echo "Test 4. Set GOST policy"
|
|
|
/usr/bin/update-crypto-policies --set DEFAULT:GOST
|
|
|
check=$(eq_is_success ${check} 0)
|
|
|
echo "---------------------------------------"
|
|
|
|
|
|
######################################
|
|
|
echo "Test 5. Rerun command from test 3"
|
|
|
# /usr/bin/openssl req -x509 -newkey gost2012_256 -pkeyopt paramset:A -nodes -keyout key.pem -out cert.pem -md_gost12_256
|
|
|
config_path=$(pwd)/tests/p_crypto-policies/files/req.conf
|
|
|
openssl req -x509 -newkey gost2012_256 -pkeyopt paramset:A -nodes -keyout gost_key.pem -out gost_cert.pem -md_gost12_256 -config "${config_path}"
|
|
|
check=$(eq_is_success ${check} 0)
|
|
|
ls -l gost_key.pem
|
|
|
ls -l gost_cert.pem
|
|
|
check=$(eq_is_success ${check} 0)
|
|
|
echo "---------------------------------------"
|
|
|
|
|
|
######################################
|
|
|
echo "Test 6. Check new GOST certificate"
|
|
|
# $ openssl x509 -in cert.pem -text -noout | grep GOST
|
|
|
# Signature Algorithm: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
|
|
|
# Public Key Algorithm: GOST R 34.10-2012 with 256 bit modulus
|
|
|
# Signature Algorithm: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
|
|
|
# файл cert.pem должен существовать и вывод от grep не должен быть пустым
|
|
|
/usr/bin/openssl x509 -in gost_cert.pem -text -noout | grep GOST
|
|
|
check=$(eq_is_success ${check} 0)
|
|
|
echo "---------------------------------------"
|
|
|
|
|
|
check_test_status ${check} "$0"
|
|
|
exit ${check}
|
