tests: Move ocsp-server-cache-key-id.der generation into test case

There is no need to generate this OCSP response for every single test
session. Generate this more dynamically if the test case that uses the
particular file is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-12-27 19:37:06 +02:00
parent b5c28af431
commit 47ccb9ce24
2 changed files with 29 additions and 11 deletions

View file

@ -155,17 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
fi fi
openssl ocsp -index $DIR/auth_serv/index.txt \
-rsigner $DIR/auth_serv/ocsp-responder.pem \
-rkey $DIR/auth_serv/ocsp-responder.key \
-resp_key_id \
-CA $DIR/auth_serv/ca.pem \
-issuer $DIR/auth_serv/ca.pem \
-verify_other $DIR/auth_serv/ca.pem -trust_other \
-ndays 7 \
-reqin $DIR/auth_serv/ocsp-req.der \
-respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1
for i in unknown revoked; do for i in unknown revoked; do
openssl ocsp -index $DIR/auth_serv/index-$i.txt \ openssl ocsp -index $DIR/auth_serv/index-$i.txt \
-rsigner $DIR/auth_serv/ocsp-responder.pem \ -rsigner $DIR/auth_serv/ocsp-responder.pem \

View file

@ -4118,11 +4118,40 @@ def int_eap_server_params():
"dh_file": "auth_serv/dh.conf"} "dh_file": "auth_serv/dh.conf"}
return params return params
def run_openssl(arg):
logger.info(' '.join(arg))
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
res = cmd.stdout.read().decode() + "\n" + cmd.stderr.read().decode()
cmd.stdout.close()
cmd.stderr.close()
cmd.wait()
if cmd.returncode != 0:
raise Exception("bad return code from openssl\n\n" + res)
logger.info("openssl result:\n" + res)
def ocsp_cache_key_id(outfile):
if os.path.exists(outfile):
return
arg = ["openssl", "ocsp", "-index", "auth_serv/index.txt",
'-rsigner', 'auth_serv/ocsp-responder.pem',
'-rkey', 'auth_serv/ocsp-responder.key',
'-resp_key_id',
'-CA', 'auth_serv/ca.pem',
'-issuer', 'auth_serv/ca.pem',
'-verify_other', 'auth_serv/ca.pem',
'-trust_other',
'-ndays', '7',
'-reqin', 'auth_serv/ocsp-req.der',
'-respout', outfile]
run_openssl(arg)
def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params): def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params):
"""EAP-TLS and OCSP certificate signed OCSP response using key ID""" """EAP-TLS and OCSP certificate signed OCSP response using key ID"""
check_ocsp_support(dev[0]) check_ocsp_support(dev[0])
check_pkcs12_support(dev[0]) check_pkcs12_support(dev[0])
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der") ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der")
ocsp_cache_key_id(ocsp)
if not os.path.exists(ocsp): if not os.path.exists(ocsp):
raise HwsimSkip("No OCSP response available") raise HwsimSkip("No OCSP response available")
params = int_eap_server_params() params = int_eap_server_params()