Skip to content

Commit

Permalink
fix CLI-based test cases for Mock server by adding dependency on Open…
Browse files Browse the repository at this point in the history
…SSL server version
  • Loading branch information
DDvO committed Dec 16, 2024
1 parent c24ff97 commit 737e430
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 18 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ jobs:
# would need access to azure.archive.ubuntu.com:
# sudo apt-get update
# sudo apt-get install -y >/dev/null libssl-dev build-essential # not needed
USE_LIBCMP=1 make -f Makefile_v1 build test_all
# USE_LIBCMP=1 make -f Makefile_v1 test_Mock OPENSSL_CMP_ASPECTS=credentials V=1 # can be helpful for debugging
USE_LIBCMP=1 make -f Makefile_v1 test_all
doc_deb:
runs-on: ubuntu-latest
Expand Down
14 changes: 10 additions & 4 deletions test/recipes/80-test_cmp_http.t
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@ my @server_configurations = ("Mock");
# ("Mock", "EJBCA", "Insta", "Simple");
@server_configurations = split /\s+/, $ENV{OPENSSL_CMP_SERVER} if $ENV{OPENSSL_CMP_SERVER};
# set env variable, e.g., OPENSSL_CMP_SERVER="Mock Insta" to include further CMP servers
my $mock_openssl_version = `$ENV{OPENSSL} version | perl -pe 's/OpenSSL (\\d\\.\\d).*/\$1/es;'` if grep(/^Mock$/, @server_configurations);

my @all_aspects = ("connection", "verification", "credentials", "commands", "enrollment");
push (@all_aspects, "certstatus");
Expand All @@ -162,7 +163,6 @@ sub test_cmp_http {
if ($server_name eq "Mock" && !(grep { $_ eq '-server' } @$params));
my $cmd = app([@app, @$params]);

$expected_result = 1 if $server_name eq "Mock" && $title =~ m/- ok for Mock/;
sleep($sleep) if $server_name eq "Insta";
sleep($sleep) if $server_name eq "Insta"
&& $title eq "path with additional '/'s fine according to RFC 3986"
Expand Down Expand Up @@ -247,7 +247,7 @@ sub test_cmp_http_aspect {
indir data_dir() => sub {
plan tests => 1 + @server_configurations * @all_aspects
+ 2
- (grep(/^Mock$/, @server_configurations)
- (grep(/^Mock$/, @server_configurations) # && $mock_openssl_version < 3.x
&& grep(/^certstatus$/, @all_aspects));

indir "Mock" => sub {
Expand All @@ -270,8 +270,9 @@ indir data_dir() => sub {
}
foreach my $aspect (@all_aspects) {
$aspect = chop_dblquot($aspect);
if ($server_name eq "Mock" && $aspect eq "certstatus") {
print "Skipping certstatus check as not supported by $server_name server\n";
if (# $mock_openssl_version < 3.x &&
$server_name eq "Mock" && $aspect eq "certstatus") {
print "Skipping certstatus check as not supported by $server_name server with OpenSSL version $mock_openssl_version\n";
next;
}
if (not($server_name =~ m/Insta/)) { # do not update aspect-specific settings for Insta
Expand Down Expand Up @@ -342,6 +343,11 @@ sub load_tests {
my $description = 1;
$description += 3;
my $title = $fields[$description];
if ($server_name eq "Mock" && defined $expected_result && $expected_result =~ m/^\s*(3(\.\d+)+)\s*([01]?)\s*$/) {
my ($min_openssl_version, $val) = ($1, $3);
$expected_result = ($val eq "0" ? 0 : 1) if $mock_openssl_version >= $min_openssl_version;
}
# $expected_result = 1 if $server_name eq "Mock" && $title =~ m/- ok for Mock/;
next LOOP if (!defined($expected_result)
|| ($expected_result ne 0 && $expected_result ne 1));
@fields = grep {$_ ne 'BLANK'} @fields[$description + 1 .. @fields - 1];
Expand Down
24 changes: 12 additions & 12 deletions test/recipes/80-test_cmp_http_data/test_commands.csv
Original file line number Diff line number Diff line change
Expand Up @@ -67,36 +67,36 @@ TBD,TBD,TBD,TBD,config default all options set, -section,, -cmd,ir,, -cacertsout
1,0,-,1,genm with infotype signKeyPairTypes, -section,, -cmd,genm,,BLANK,,, -infotype,signKeyPairTypes,,BLANK,,BLANK,
0,*,*,*,genm with missing infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,,,BLANK,,BLANK,
0,*,*,*,genm with invalid infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,asdf,,BLANK,,BLANK,
Mock server must use OpenSSL 3.3 ,1,-,-,genm certReqTemplate, -section,, -cmd,genm,, -template,test.template.pem,, -infotype,certReqTemplate,,BLANK,,BLANK,,BLANK,,, -expect_sender, """"
3.4,1,-,-,genm certReqTemplate, -section,, -cmd,genm,, -template,test.template.pem,, -infotype,certReqTemplate,,BLANK,,BLANK,,BLANK,,, -expect_sender, """"
0,*,*,*,genm certReqTemplate missing template option, -section,, -cmd,genm,, -template,"""",, -infotype,certReqTemplate,,BLANK,,BLANK,
0,*,*,*,genm certReqTemplate missing template arg , -section,, -cmd,genm,, -template,BLANK,, -infotype,certReqTemplate,,BLANK,,BLANK,
0,*,*,*,genm certReqTemplate template extra arg , -section,, -cmd,genm,, -template,test.template.pem,test.template.pem, -infotype,certReqTemplate,,BLANK,,BLANK,
0,*,*,*,genm certReqTemplate template arg non-ex dir, -section,, -cmd,genm,, -template,idontexist/idontexist,, -infotype,certReqTemplate,,BLANK,,BLANK,
Mock server must use OpenSSL 3.2 ,1,-,-,genm caCerts, -section,, -cmd,genm,, -cacertsout,test.cacertsout.pem,, -infotype,caCerts,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN
3.4 0,*,*,*,genm certReqTemplate template arg non-ex dir, -section,, -cmd,genm,, -template,idontexist/idontexist,, -infotype,certReqTemplate,,BLANK,,BLANK,
3.2,1,-,-,genm caCerts , -section,, -cmd,genm,, -cacertsout,test.cacertsout.pem,, -infotype,caCerts,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN
0,*,*,*,genm caCerts missing cacertsout option, -section,, -cmd,genm,, -cacertsout,"""",, -infotype,caCerts,,BLANK,,BLANK,
0,*,*,*,genm caCerts missing cacertsout arg , -section,, -cmd,genm,, -cacertsout,BLANK,, -infotype,caCerts,,BLANK,,BLANK,
0,*,*,*,genm caCerts cacertsout extra arg , -section,, -cmd,genm,, -cacertsout,test.cacertsout.pem,test.cacertsout.pem, -infotype,caCerts,,BLANK,,BLANK,
0,*,*,*,genm caCerts cacertsout arg non-ex dir, -section,, -cmd,genm,, -cacertsout,idontexist/idontexist,, -infotype,caCerts,,BLANK,,BLANK,
Mock server must use OpenSSL 3.2 ,1,-,-,genm rootCaCert , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem
0,*,*,*,genm rootCaCert no oldwithold given , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, BLANK , , -newwithnew, test.newwithnew.pem
3.2,1,-,-,genm rootCaCert , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem
3.2,*,*,*,genm rootCaCert no oldwithold given , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, BLANK , , -newwithnew, test.newwithnew.pem
0,*,*,*,genm rootCaCert oldwithold missing arg, -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, , -newwithnew, test.newwithnew.pem
0,*,*,*,genm rootCaCert oldwithold empty file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, empty.txt , -newwithnew, test.newwithnew.pem
0,*,*,*,genm rootCaCert oldwithold random file, -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, random.bin , -newwithnew, test.newwithnew.pem
0,*,*,*,genm rootCaCert oldwithold nonexistent, -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, idontexist , -newwithnew, test.newwithnew.pem
0,*,*,*,genm rootCaCert oldwithold no match , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, signer.crt , -newwithnew, test.newwithnew.pem
3.2,*,*,*,genm rootCaCert oldwithold different , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, signer.crt , -newwithnew, test.newwithnew.pem
0,*,*,*,genm rootCaCert missing newwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, BLANK,,
0,*,*,*,genm rootCaCert newwithnew missing arg, -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew,,
0,*,*,*,genm rootCaCert newwithnew directory , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew,directory/,
Mock server must use OpenSSL 3.2 ,1,-,-,genm rootCaCert with oldwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -oldwithnew, test.oldwithnew.pem
3.2,1,-,-,genm rootCaCert with oldwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -oldwithnew, test.oldwithnew.pem
0,*,*,*,genm rootCaCert oldwithnew missing arg, -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -oldwithnew,,
0,*,*,*,genm rootCaCert oldwithnew directory , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -oldwithnew,/directory,
Mock server must use OpenSSL 3.2 ,1,-,-,genm rootCaCert with newwithold , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -oldwithnew, test.oldwithnew.pem, -newwithold, test.newwithold.pem
3.2,1,-,-,genm rootCaCert with newwithold , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -oldwithnew, test.oldwithnew.pem, -newwithold, test.newwithold.pem
0,*,*,*,genm rootCaCert newwithold missig arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -oldwithnew, test.oldwithnew.pem, -newwithold,,
0,*,*,*,genm rootCaCert newwithold directory , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -oldwithnew, test.oldwithnew.pem, -newwithold,/directory,
Mock server must use OpenSSL 3.2 ,1,-,-,genm rootCaCert oldwithnew newwithold , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -newwithold, test.newwithold.pem
Mock server must use OpenSSL 3.4 ,1,-,-,genm crlStatusList , -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldcrl, crl.der , -crlout, test.crl.der
Mock server must use OpenSSL 3.4 ,1,-,-,genm crlStatusList with crlcert , -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -crlcert, root.crt , -crlout, test.crl.der
Mock server must use OpenSSL 3.4 ,1,-,-,genm crlStatusList with oldcert , -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldcert, root.crt , -crlout, test.crl.der
3.2,1,-,-,genm rootCaCert oldwithnew newwithold,-section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldwithold, oldwithold.pem, -newwithnew, test.newwithnew.pem, -newwithold, test.newwithold.pem
3.4,1,-,-,genm crlStatusList , -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldcrl, crl.der , -crlout, test.crl.der
3.4,1,-,-,genm crlStatusList with crlcert , -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -crlcert, root.crt , -crlout, test.crl.der
3.4,1,-,-,genm crlStatusList with oldcert , -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldcert, root.crt , -crlout, test.crl.der
0,*,*,*,genm crlStatusList missing oldcrl crlcert oldcert , -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, BLANK, , -crlout, test.crl.der
0,*,*,*,genm crlStatusList oldcrl missing arg, -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldcrl, , -crlout, test.crl.der
0,*,*,*,genm crlStatusList oldcrl empty file , -section,,-cmd,genm,, BLANK,,,-infotype,crlStatusList,,BLANK,,BLANK,,BLANK,,, -expect_sender,_SERVER_DN, -oldcrl, empty.txt , -crlout, test.crl.der
Expand Down
2 changes: 1 addition & 1 deletion test/recipes/80-test_cmp_http_data/test_enrollment.csv
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ TBD,TBD,TBD,TBD,days 36525, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pa
0,*,*,*,out_trusted is non-existing file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,idontexist,,BLANK,,BLANK,,,
0,*,*,*,out_trusted too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,abc,def,BLANK,,BLANK,,,
0,*,*,*,out_trusted empty certificate file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,empty.txt,,BLANK,,BLANK,,,
1,1,1,1,out_trusted accept issuing ca cert even with CRL check enabled by default - not with OpenSSL 1.1, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted5.pem,, -out_trusted,issuing.crt,,BLANK,,BLANK,,,-partial_chain,-check_all,-crls,wrong.crl,-srvcert,server.crt
1,1,1,1,out_trusted accept issuing ca cert even with CRL check enabled by default, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted5.pem,, -out_trusted,issuing.crt,,BLANK,,BLANK,,,-partial_chain,-check_all,-crls,wrong.crl,-srvcert,server.crt
0,0,0,0,out_trusted expired issuing ca cert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted5.pem,, -out_trusted,issuing_expired.crt,,BLANK,,BLANK,,,-partial_chain
0,0,0,0,out_trusted expired root ca cert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.certout_out_trusted5.pem,, -out_trusted,root_expired.crt,,BLANK,,BLANK,,,
0,0,0,0,out_trusted wrong cert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,signer.crt,,BLANK,,BLANK,,,
Expand Down

0 comments on commit 737e430

Please sign in to comment.