Issuer Sign Tool extention support

Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE) This extention is required to obtain the status of a qualified certificate at Russian Federation. RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11216)
author: Nikolay Morozov <nmorozoff77@yandex.ru> 2020-03-02 10:17:30 +0300
committer: Dmitry Belyavskiy <beldmit@gmail.com> 2020-03-25 15:33:53 +0300
commit: 71f852802f453db9be24bb83385288c7d7b83ae1 (patch)
tree: 6e25b386a15a51df5e8a8d9e87b9c69dd3fda159 /test
parent: 129c22840ee73c0c6cb1e5ed629fa361b688e537 (diff)
4 files changed, 197 insertions, 0 deletions
diff --git a/test/certs/grfc.pem b/test/certs/grfc.pem
new file mode 100644
index 0000000000..952818275b
--- /dev/null
+++ b/test/certs/grfc.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw
+FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4
+MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ
+tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1
+MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG
+A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi
+MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz
+ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3
+OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx
+0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq
+hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI
+DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa
+BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj
+0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA
+BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W
+eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/
+0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB
+KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu
+NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa
+0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR
+gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv
+MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR
+gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw
+MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE
+HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
+Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
+KW64bgG0AywHjyc3
+-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_rusext.t b/test/recipes/25-test_rusext.t
new file mode 100644
index 0000000000..05727f9d04
--- /dev/null
+++ b/test/recipes/25-test_rusext.t
@@ -0,0 +1,33 @@
+#! /usr/bin/env perl
+# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_rusext");
+
+plan tests => 5;
+
+require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
+my $pem = srctop_file("test/certs", "grfc.pem");
+my $out_msb = "grfc.msb";
+my $out_utf8 = "grfc.utf8";
+
+ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_msb,
+            "-nameopt", "esc_msb", "-certopt", "no_pubkey"])));
+is(cmp_text($out_msb, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.msb')),
+   0, 'Comparing esc_msb output');
+ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8,
+            "-nameopt", "utf8", "-certopt", "no_pubkey"])));
+is(cmp_text($out_utf8, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.utf8')),
+   0, 'Comparing utf8 output');
diff --git a/test/recipes/25-test_rusext_data/grfc.msb b/test/recipes/25-test_rusext_data/grfc.msb
new file mode 100644
index 0000000000..68ebff6274
--- /dev/null
+++ b/test/recipes/25-test_rusext_data/grfc.msb
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            0c:8c:40:93:bb:e6:93:bd:43:0b:f5:18:26:03:1d:05
+        Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001
+        Issuer: OGRN=1027739334479, INN=007706228218, street=\U0414\U0435\U0440\U0431\U0435\U043D\U0435\U0432\U0441\U043A\U0430\U044F \U043D\U0430\U0431. \U0434. 7 \U0441\U0442\U0440. 15, emailAddress=pki-grfc@grfc.ru, C=RU, ST=77 \U0433. \U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0424\U0413\U0423\U041F "\U0413\U0420\U0427\U0426", CN=\U0423\U0426 \U0424\U0413\U0423\U041F "\U0413\U0420\U0427\U0426"
+        Validity
+            Not Before: Mar 12 07:38:26 2013 GMT
+            Not After : Mar 12 07:46:00 2028 GMT
+        Subject: OGRN=1027739334479, INN=007706228218, street=\U0414\U0435\U0440\U0431\U0435\U043D\U0435\U0432\U0441\U043A\U0430\U044F \U043D\U0430\U0431. \U0434. 7 \U0441\U0442\U0440. 15, emailAddress=pki-grfc@grfc.ru, C=RU, ST=77 \U0433. \U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0424\U0413\U0423\U041F "\U0413\U0420\U0427\U0426", CN=\U0423\U0426 \U0424\U0413\U0423\U041F "\U0413\U0420\U0427\U0426"
+        X509v3 extensions:
+            Signing Tool of Subject: 
+                "КриптоПро CSP" (версия 3.6)
+            Signing Tool of Issuer: 
+                signTool    : "КриптоПро CSP" (версия 3.6)
+                cATool      : "Удостоверяющий центр "КриптоПро УЦ" версии 1.5
+                signToolCert: Сертификат соответствия № СФ/121-1859 от 17.06.2012
+                cAToolCert  : Сертификат соответствия № СФ/128-1822 от 01.06.2012
+            X509v3 Key Usage: 
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                6B:00:86:83:89:D2:00:CF:56:B8:6B:E4:E3:36:10:1E:1F:72:AE:C3
+            1.3.6.1.4.1.311.21.1: 
+                ...
+            X509v3 Certificate Policies: 
+                Policy: 1.2.643.100.113.1
+                Policy: 1.2.643.100.113.2
+                Policy: X509v3 Any Policy
+    Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001
+    Signature Value:
+        bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0:13:1a:
+        21:f5:4a:d6:2e:b1:3f:f5:50:e9:96:a0:a2:c9:79:09:15:a2:
+        41:c0:60:e1:1d:3f:25:8d:88:f4:4c:60:f3:0f:4e:e3:29:6e:
+        b8:6e:01:b4:03:2c:07:8f:27:37
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw
+FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4
+MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ
+tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1
+MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG
+A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi
+MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz
+ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3
+OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx
+0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq
+hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI
+DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa
+BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj
+0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA
+BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W
+eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/
+0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB
+KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu
+NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa
+0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR
+gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv
+MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR
+gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw
+MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE
+HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
+Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
+KW64bgG0AywHjyc3
+-----END CERTIFICATE-----
diff --git a/test/recipes/25-test_rusext_data/grfc.utf8 b/test/recipes/25-test_rusext_data/grfc.utf8
new file mode 100644
index 0000000000..ebca5d6b59
--- /dev/null
+++ b/test/recipes/25-test_rusext_data/grfc.utf8
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            0c:8c:40:93:bb:e6:93:bd:43:0b:f5:18:26:03:1d:05
+        Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001
+        Issuer: OGRN=1027739334479, INN=007706228218, street=Дербеневская наб. д. 7 стр. 15, emailAddress=pki-grfc@grfc.ru, C=RU, ST=77 г. Москва, L=Москва, O=ФГУП "ГРЧЦ", CN=УЦ ФГУП "ГРЧЦ"
+        Validity
+            Not Before: Mar 12 07:38:26 2013 GMT
+            Not After : Mar 12 07:46:00 2028 GMT
+        Subject: OGRN=1027739334479, INN=007706228218, street=Дербеневская наб. д. 7 стр. 15, emailAddress=pki-grfc@grfc.ru, C=RU, ST=77 г. Москва, L=Москва, O=ФГУП "ГРЧЦ", CN=УЦ ФГУП "ГРЧЦ"
+        X509v3 extensions:
+            Signing Tool of Subject: 
+                "КриптоПро CSP" (версия 3.6)
+            Signing Tool of Issuer: 
+                signTool    : "КриптоПро CSP" (версия 3.6)
+                cATool      : "Удостоверяющий центр "КриптоПро УЦ" версии 1.5
+                signToolCert: Сертификат соответствия № СФ/121-1859 от 17.06.2012
+                cAToolCert  : Сертификат соответствия № СФ/128-1822 от 01.06.2012
+            X509v3 Key Usage: 
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                6B:00:86:83:89:D2:00:CF:56:B8:6B:E4:E3:36:10:1E:1F:72:AE:C3
+            1.3.6.1.4.1.311.21.1: 
+                ...
+            X509v3 Certificate Policies: 
+                Policy: 1.2.643.100.113.1
+                Policy: 1.2.643.100.113.2
+                Policy: X509v3 Any Policy
+    Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001
+    Signature Value:
+        bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0:13:1a:
+        21:f5:4a:d6:2e:b1:3f:f5:50:e9:96:a0:a2:c9:79:09:15:a2:
+        41:c0:60:e1:1d:3f:25:8d:88:f4:4c:60:f3:0f:4e:e3:29:6e:
+        b8:6e:01:b4:03:2c:07:8f:27:37
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw
+FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4
+MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ
+tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1
+MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG
+A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi
+MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz
+ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3
+OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx
+0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq
+hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI
+DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa
+BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj
+0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA
+BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W
+eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/
+0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB
+KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu
+NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa
+0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR
+gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv
+MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR
+gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw
+MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE
+HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
+Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
+KW64bgG0AywHjyc3
+-----END CERTIFICATE-----
author	Nikolay Morozov <nmorozoff77@yandex.ru>	2020-03-02 10:17:30 +0300
committer	Dmitry Belyavskiy <beldmit@gmail.com>	2020-03-25 15:33:53 +0300
commit	71f852802f453db9be24bb83385288c7d7b83ae1 (patch)
tree	6e25b386a15a51df5e8a8d9e87b9c69dd3fda159 /test
parent	129c22840ee73c0c6cb1e5ed629fa361b688e537 (diff)