tests: Move ocsp-server-cache-{revoked,unknown}.der generation into test case
There is no need to generate these OCSP responses for every single test session. Generate these more dynamically if a test case that uses these files is executed. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
662c2fa01a
commit
b6bb4cd8c5
2 changed files with 20 additions and 14 deletions
|
@ -155,18 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
|
||||||
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
|
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for i in unknown revoked; do
|
|
||||||
openssl ocsp -index $DIR/auth_serv/index-$i.txt \
|
|
||||||
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
|
||||||
-rkey $DIR/auth_serv/ocsp-responder.key \
|
|
||||||
-CA $DIR/auth_serv/ca.pem \
|
|
||||||
-issuer $DIR/auth_serv/ca.pem \
|
|
||||||
-verify_other $DIR/auth_serv/ca.pem -trust_other \
|
|
||||||
-ndays 7 \
|
|
||||||
-reqin $DIR/auth_serv/ocsp-req.der \
|
|
||||||
-respout $LOGDIR/ocsp-server-cache-$i.der >> $LOGDIR/ocsp.log 2>&1
|
|
||||||
done
|
|
||||||
|
|
||||||
openssl ocsp -reqout $LOGDIR/ocsp-req.der -issuer $DIR/auth_serv/ca.pem \
|
openssl ocsp -reqout $LOGDIR/ocsp-req.der -issuer $DIR/auth_serv/ca.pem \
|
||||||
-sha256 -serial 0xD8D3E3A6CBE3CD1F -no_nonce >> $LOGDIR/ocsp.log 2>&1
|
-sha256 -serial 0xD8D3E3A6CBE3CD1F -no_nonce >> $LOGDIR/ocsp.log 2>&1
|
||||||
for i in "" "-unknown" "-revoked"; do
|
for i in "" "-unknown" "-revoked"; do
|
||||||
|
|
|
@ -4352,10 +4352,26 @@ def test_ap_wpa2_eap_tls_ocsp_unknown_sign(dev, apdev):
|
||||||
if ev is None:
|
if ev is None:
|
||||||
raise Exception("Timeout on EAP failure report")
|
raise Exception("Timeout on EAP failure report")
|
||||||
|
|
||||||
|
def ocsp_resp_status(outfile, status):
|
||||||
|
if os.path.exists(outfile):
|
||||||
|
return
|
||||||
|
arg = ["openssl", "ocsp", "-index", "auth_serv/index-%s.txt" % status,
|
||||||
|
'-rsigner', 'auth_serv/ocsp-responder.pem',
|
||||||
|
'-rkey', 'auth_serv/ocsp-responder.key',
|
||||||
|
'-CA', 'auth_serv/ca.pem',
|
||||||
|
'-issuer', 'auth_serv/ca.pem',
|
||||||
|
'-verify_other', 'auth_serv/ca.pem',
|
||||||
|
'-trust_other',
|
||||||
|
'-ndays', '7',
|
||||||
|
'-reqin', 'auth_serv/ocsp-req.der',
|
||||||
|
'-respout', outfile]
|
||||||
|
run_openssl(arg)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_ocsp_revoked(dev, apdev, params):
|
def test_ap_wpa2_eap_ttls_ocsp_revoked(dev, apdev, params):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked"""
|
"""WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked"""
|
||||||
check_ocsp_support(dev[0])
|
check_ocsp_support(dev[0])
|
||||||
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-revoked.der")
|
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-revoked.der")
|
||||||
|
ocsp_resp_status(ocsp, "revoked")
|
||||||
if not os.path.exists(ocsp):
|
if not os.path.exists(ocsp):
|
||||||
raise HwsimSkip("No OCSP response available")
|
raise HwsimSkip("No OCSP response available")
|
||||||
params = int_eap_server_params()
|
params = int_eap_server_params()
|
||||||
|
@ -4384,9 +4400,10 @@ def test_ap_wpa2_eap_ttls_ocsp_revoked(dev, apdev, params):
|
||||||
raise Exception("Timeout on EAP failure report")
|
raise Exception("Timeout on EAP failure report")
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_ocsp_unknown(dev, apdev, params):
|
def test_ap_wpa2_eap_ttls_ocsp_unknown(dev, apdev, params):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked"""
|
"""WPA2-Enterprise connection using EAP-TTLS and OCSP status unknown"""
|
||||||
check_ocsp_support(dev[0])
|
check_ocsp_support(dev[0])
|
||||||
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der")
|
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der")
|
||||||
|
ocsp_resp_status(ocsp, "unknown")
|
||||||
if not os.path.exists(ocsp):
|
if not os.path.exists(ocsp):
|
||||||
raise HwsimSkip("No OCSP response available")
|
raise HwsimSkip("No OCSP response available")
|
||||||
params = int_eap_server_params()
|
params = int_eap_server_params()
|
||||||
|
@ -4413,9 +4430,10 @@ def test_ap_wpa2_eap_ttls_ocsp_unknown(dev, apdev, params):
|
||||||
raise Exception("Timeout on EAP failure report")
|
raise Exception("Timeout on EAP failure report")
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_optional_ocsp_unknown(dev, apdev, params):
|
def test_ap_wpa2_eap_ttls_optional_ocsp_unknown(dev, apdev, params):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked"""
|
"""WPA2-Enterprise connection using EAP-TTLS and OCSP status unknown"""
|
||||||
check_ocsp_support(dev[0])
|
check_ocsp_support(dev[0])
|
||||||
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der")
|
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der")
|
||||||
|
ocsp_resp_status(ocsp, "unknown")
|
||||||
if not os.path.exists(ocsp):
|
if not os.path.exists(ocsp):
|
||||||
raise HwsimSkip("No OCSP response available")
|
raise HwsimSkip("No OCSP response available")
|
||||||
params = int_eap_server_params()
|
params = int_eap_server_params()
|
||||||
|
|
Loading…
Reference in a new issue