tests: Move ocsp-server-cache-key-id.der generation into test case

There is no need to generate this OCSP response for every single test session. Generate this more dynamically if the test case that uses the particular file is executed. Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 19:37:06 +02:00 · 2019-12-27 19:37:06 +02:00 · 47ccb9ce24
commit 47ccb9ce24
parent b5c28af431
2 changed files with 29 additions and 11 deletions
--- a/tests/hwsim/start.sh
+++ b/tests/hwsim/start.sh
@ -155,17 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
    cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
 fi

-openssl ocsp -index $DIR/auth_serv/index.txt \
-    -rsigner $DIR/auth_serv/ocsp-responder.pem \
-    -rkey $DIR/auth_serv/ocsp-responder.key \
-    -resp_key_id \
-    -CA $DIR/auth_serv/ca.pem \
-    -issuer $DIR/auth_serv/ca.pem \
-    -verify_other $DIR/auth_serv/ca.pem -trust_other \
-    -ndays 7 \
-    -reqin $DIR/auth_serv/ocsp-req.der \
-    -respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1
-
 for i in unknown revoked; do
    openssl ocsp -index $DIR/auth_serv/index-$i.txt \
 	-rsigner $DIR/auth_serv/ocsp-responder.pem \
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@ -4118,11 +4118,40 @@ def int_eap_server_params():
              "dh_file": "auth_serv/dh.conf"}
    return params

+def run_openssl(arg):
+    logger.info(' '.join(arg))
+    cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
+                           stderr=subprocess.PIPE)
+    res = cmd.stdout.read().decode() + "\n" + cmd.stderr.read().decode()
+    cmd.stdout.close()
+    cmd.stderr.close()
+    cmd.wait()
+    if cmd.returncode != 0:
+        raise Exception("bad return code from openssl\n\n" + res)
+    logger.info("openssl result:\n" + res)
+
+def ocsp_cache_key_id(outfile):
+    if os.path.exists(outfile):
+        return
+    arg = ["openssl", "ocsp", "-index", "auth_serv/index.txt",
+           '-rsigner', 'auth_serv/ocsp-responder.pem',
+           '-rkey', 'auth_serv/ocsp-responder.key',
+           '-resp_key_id',
+           '-CA', 'auth_serv/ca.pem',
+           '-issuer', 'auth_serv/ca.pem',
+           '-verify_other', 'auth_serv/ca.pem',
+           '-trust_other',
+           '-ndays', '7',
+           '-reqin', 'auth_serv/ocsp-req.der',
+           '-respout', outfile]
+    run_openssl(arg)
+
 def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params):
    """EAP-TLS and OCSP certificate signed OCSP response using key ID"""
    check_ocsp_support(dev[0])
    check_pkcs12_support(dev[0])
    ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der")
+    ocsp_cache_key_id(ocsp)
    if not os.path.exists(ocsp):
        raise HwsimSkip("No OCSP response available")
    params = int_eap_server_params()