From b6bb4cd8c5807e5dac3cf85e83629e06c87b7c8c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 27 Dec 2019 19:44:35 +0200 Subject: [PATCH] tests: Move ocsp-server-cache-{revoked,unknown}.der generation into test case There is no need to generate these OCSP responses for every single test session. Generate these more dynamically if a test case that uses these files is executed. Signed-off-by: Jouni Malinen --- tests/hwsim/start.sh | 12 ------------ tests/hwsim/test_ap_eap.py | 22 ++++++++++++++++++++-- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/tests/hwsim/start.sh b/tests/hwsim/start.sh index 3cb80cf4e..b5b311b81 100755 --- a/tests/hwsim/start.sh +++ b/tests/hwsim/start.sh @@ -155,18 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der fi -for i in unknown revoked; do - openssl ocsp -index $DIR/auth_serv/index-$i.txt \ - -rsigner $DIR/auth_serv/ocsp-responder.pem \ - -rkey $DIR/auth_serv/ocsp-responder.key \ - -CA $DIR/auth_serv/ca.pem \ - -issuer $DIR/auth_serv/ca.pem \ - -verify_other $DIR/auth_serv/ca.pem -trust_other \ - -ndays 7 \ - -reqin $DIR/auth_serv/ocsp-req.der \ - -respout $LOGDIR/ocsp-server-cache-$i.der >> $LOGDIR/ocsp.log 2>&1 -done - openssl ocsp -reqout $LOGDIR/ocsp-req.der -issuer $DIR/auth_serv/ca.pem \ -sha256 -serial 0xD8D3E3A6CBE3CD1F -no_nonce >> $LOGDIR/ocsp.log 2>&1 for i in "" "-unknown" "-revoked"; do diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 094f724b9..3faf46a05 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -4352,10 +4352,26 @@ def test_ap_wpa2_eap_tls_ocsp_unknown_sign(dev, apdev): if ev is None: raise Exception("Timeout on EAP failure report") +def ocsp_resp_status(outfile, status): + if os.path.exists(outfile): + return + arg = ["openssl", "ocsp", "-index", "auth_serv/index-%s.txt" % status, + '-rsigner', 'auth_serv/ocsp-responder.pem', + '-rkey', 'auth_serv/ocsp-responder.key', + '-CA', 'auth_serv/ca.pem', + '-issuer', 'auth_serv/ca.pem', + '-verify_other', 'auth_serv/ca.pem', + '-trust_other', + '-ndays', '7', + '-reqin', 'auth_serv/ocsp-req.der', + '-respout', outfile] + run_openssl(arg) + def test_ap_wpa2_eap_ttls_ocsp_revoked(dev, apdev, params): """WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked""" check_ocsp_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-server-cache-revoked.der") + ocsp_resp_status(ocsp, "revoked") if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") params = int_eap_server_params() @@ -4384,9 +4400,10 @@ def test_ap_wpa2_eap_ttls_ocsp_revoked(dev, apdev, params): raise Exception("Timeout on EAP failure report") def test_ap_wpa2_eap_ttls_ocsp_unknown(dev, apdev, params): - """WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked""" + """WPA2-Enterprise connection using EAP-TTLS and OCSP status unknown""" check_ocsp_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der") + ocsp_resp_status(ocsp, "unknown") if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") params = int_eap_server_params() @@ -4413,9 +4430,10 @@ def test_ap_wpa2_eap_ttls_ocsp_unknown(dev, apdev, params): raise Exception("Timeout on EAP failure report") def test_ap_wpa2_eap_ttls_optional_ocsp_unknown(dev, apdev, params): - """WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked""" + """WPA2-Enterprise connection using EAP-TTLS and OCSP status unknown""" check_ocsp_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der") + ocsp_resp_status(ocsp, "unknown") if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") params = int_eap_server_params()