From 47ccb9ce247885bec0899cccdb0f2684f1ea91d1 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 27 Dec 2019 19:37:06 +0200 Subject: [PATCH] tests: Move ocsp-server-cache-key-id.der generation into test case There is no need to generate this OCSP response for every single test session. Generate this more dynamically if the test case that uses the particular file is executed. Signed-off-by: Jouni Malinen --- tests/hwsim/start.sh | 11 ----------- tests/hwsim/test_ap_eap.py | 29 +++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/tests/hwsim/start.sh b/tests/hwsim/start.sh index f09f407c4..3cb80cf4e 100755 --- a/tests/hwsim/start.sh +++ b/tests/hwsim/start.sh @@ -155,17 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der fi -openssl ocsp -index $DIR/auth_serv/index.txt \ - -rsigner $DIR/auth_serv/ocsp-responder.pem \ - -rkey $DIR/auth_serv/ocsp-responder.key \ - -resp_key_id \ - -CA $DIR/auth_serv/ca.pem \ - -issuer $DIR/auth_serv/ca.pem \ - -verify_other $DIR/auth_serv/ca.pem -trust_other \ - -ndays 7 \ - -reqin $DIR/auth_serv/ocsp-req.der \ - -respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1 - for i in unknown revoked; do openssl ocsp -index $DIR/auth_serv/index-$i.txt \ -rsigner $DIR/auth_serv/ocsp-responder.pem \ diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index c6e724ad3..0c0288a79 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -4118,11 +4118,40 @@ def int_eap_server_params(): "dh_file": "auth_serv/dh.conf"} return params +def run_openssl(arg): + logger.info(' '.join(arg)) + cmd = subprocess.Popen(arg, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + res = cmd.stdout.read().decode() + "\n" + cmd.stderr.read().decode() + cmd.stdout.close() + cmd.stderr.close() + cmd.wait() + if cmd.returncode != 0: + raise Exception("bad return code from openssl\n\n" + res) + logger.info("openssl result:\n" + res) + +def ocsp_cache_key_id(outfile): + if os.path.exists(outfile): + return + arg = ["openssl", "ocsp", "-index", "auth_serv/index.txt", + '-rsigner', 'auth_serv/ocsp-responder.pem', + '-rkey', 'auth_serv/ocsp-responder.key', + '-resp_key_id', + '-CA', 'auth_serv/ca.pem', + '-issuer', 'auth_serv/ca.pem', + '-verify_other', 'auth_serv/ca.pem', + '-trust_other', + '-ndays', '7', + '-reqin', 'auth_serv/ocsp-req.der', + '-respout', outfile] + run_openssl(arg) + def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params): """EAP-TLS and OCSP certificate signed OCSP response using key ID""" check_ocsp_support(dev[0]) check_pkcs12_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der") + ocsp_cache_key_id(ocsp) if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") params = int_eap_server_params()