tests: Move ocsp-server-cache-key-id.der generation into test case
There is no need to generate this OCSP response for every single test session. Generate this more dynamically if the test case that uses the particular file is executed. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
b5c28af431
commit
47ccb9ce24
2 changed files with 29 additions and 11 deletions
|
@ -155,17 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
|
||||||
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
|
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
|
||||||
fi
|
fi
|
||||||
|
|
||||||
openssl ocsp -index $DIR/auth_serv/index.txt \
|
|
||||||
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
|
||||||
-rkey $DIR/auth_serv/ocsp-responder.key \
|
|
||||||
-resp_key_id \
|
|
||||||
-CA $DIR/auth_serv/ca.pem \
|
|
||||||
-issuer $DIR/auth_serv/ca.pem \
|
|
||||||
-verify_other $DIR/auth_serv/ca.pem -trust_other \
|
|
||||||
-ndays 7 \
|
|
||||||
-reqin $DIR/auth_serv/ocsp-req.der \
|
|
||||||
-respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1
|
|
||||||
|
|
||||||
for i in unknown revoked; do
|
for i in unknown revoked; do
|
||||||
openssl ocsp -index $DIR/auth_serv/index-$i.txt \
|
openssl ocsp -index $DIR/auth_serv/index-$i.txt \
|
||||||
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
||||||
|
|
|
@ -4118,11 +4118,40 @@ def int_eap_server_params():
|
||||||
"dh_file": "auth_serv/dh.conf"}
|
"dh_file": "auth_serv/dh.conf"}
|
||||||
return params
|
return params
|
||||||
|
|
||||||
|
def run_openssl(arg):
|
||||||
|
logger.info(' '.join(arg))
|
||||||
|
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE)
|
||||||
|
res = cmd.stdout.read().decode() + "\n" + cmd.stderr.read().decode()
|
||||||
|
cmd.stdout.close()
|
||||||
|
cmd.stderr.close()
|
||||||
|
cmd.wait()
|
||||||
|
if cmd.returncode != 0:
|
||||||
|
raise Exception("bad return code from openssl\n\n" + res)
|
||||||
|
logger.info("openssl result:\n" + res)
|
||||||
|
|
||||||
|
def ocsp_cache_key_id(outfile):
|
||||||
|
if os.path.exists(outfile):
|
||||||
|
return
|
||||||
|
arg = ["openssl", "ocsp", "-index", "auth_serv/index.txt",
|
||||||
|
'-rsigner', 'auth_serv/ocsp-responder.pem',
|
||||||
|
'-rkey', 'auth_serv/ocsp-responder.key',
|
||||||
|
'-resp_key_id',
|
||||||
|
'-CA', 'auth_serv/ca.pem',
|
||||||
|
'-issuer', 'auth_serv/ca.pem',
|
||||||
|
'-verify_other', 'auth_serv/ca.pem',
|
||||||
|
'-trust_other',
|
||||||
|
'-ndays', '7',
|
||||||
|
'-reqin', 'auth_serv/ocsp-req.der',
|
||||||
|
'-respout', outfile]
|
||||||
|
run_openssl(arg)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params):
|
def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params):
|
||||||
"""EAP-TLS and OCSP certificate signed OCSP response using key ID"""
|
"""EAP-TLS and OCSP certificate signed OCSP response using key ID"""
|
||||||
check_ocsp_support(dev[0])
|
check_ocsp_support(dev[0])
|
||||||
check_pkcs12_support(dev[0])
|
check_pkcs12_support(dev[0])
|
||||||
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der")
|
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der")
|
||||||
|
ocsp_cache_key_id(ocsp)
|
||||||
if not os.path.exists(ocsp):
|
if not os.path.exists(ocsp):
|
||||||
raise HwsimSkip("No OCSP response available")
|
raise HwsimSkip("No OCSP response available")
|
||||||
params = int_eap_server_params()
|
params = int_eap_server_params()
|
||||||
|
|
Loading…
Reference in a new issue