/*
* This test attempts to use a client certificate to
* verify the TLS client authentiaiton is working.
* The certificate used is signed by the explicit cert
* chain. Invalid HTTP authentication credentials are
* also provided. This should fail with a 401 response.
*/
static void us901_test22(void) {
long rv;
int st_rv;
st_rv = us901_start_server('D');
if (st_rv) {
return;
}
LOG_FUNC_NM
;
SLEEP(1);
rv = curl_http_post_certuid(US901_ENROLL_URL,
US901_PKCS10_CT,
US901_PKCS10_REQ,
US901_UIDPWD_BAD,
US901_EXPLICIT_CERT,
US901_EXPLICIT_KEY,
US901_CACERTS,
NULL);
/*
* Since we passed in an invalid userID/password,
* we expect the server to respond with 401
*/
CU_ASSERT(rv == 401);
st_stop();
SLEEP(1);
}
/*
* This test attempts to use a client certificate to
* verify the TLS client authentiaiton is working.
* The certificate used is signed by the explicit cert
* chain. Invalid HTTP authentication credentials are
* also provided. This should fail with a 401 response.
*/
static void us894_test22 (void)
{
long rv;
LOG_FUNC_NM;
sleep(1);
rv = curl_http_post_certuid(US894_ENROLL_URL,
US894_PKCS10_CT,
US894_PKCS10_REQ,
US894_UIDPWD_BAD,
US894_EXPLICIT_CERT,
US894_EXPLICIT_KEY,
US894_CACERTS,
NULL);
/*
* Since we passed in an invalid userID/password,
* we expect the server to respond with 401
*/
CU_ASSERT(rv == 401);
}
/*
* This is our worker for each entry in the test matrix above.
* We read the configuration from the entry, configure the
* server and client as needed, and attempt a simple enroll
* using Curl as the client.
* The argument i is the index of the entry in the table above.
*/
static void us1060_test_matrix_item (int i)
{
long rv;
LOG_FUNC_NM;
printf("\nRunning matrix test %s\n", test_matrix[i].test_name);
/*
* Stop the server and restart it to make sure
* it's in the correct mode.
*/
st_stop();
if (test_matrix[i].server_srp == SRP_ON) {
rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 1);
} else {
rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 0);
}
CU_ASSERT(rv == 0);
/*
* Set the server HTTP auth configuration
*/
switch (test_matrix[i].server_http) {
case HTTP_OFF:
st_disable_http_auth();
break;
case HTTP_OPTIONAL:
st_enable_http_auth();
st_set_http_auth_optional();
break;
case HTTP_REQUIRED:
st_enable_http_auth();
st_set_http_auth_required();
break;
}
switch (test_matrix[i].curl_srp) {
case SRP_GOOD:
rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ,
test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC,
NULL, "srp_user", "srp_pwd", NULL, NULL);
break;
case SRP_BAD:
rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ,
test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC,
NULL, "srp_user", "boguspwd", NULL, NULL);
break;
case SRP_NONE:
/*
* Some of the SRP disabled test cases use a client
* certificate.
*/
if (test_matrix[i].curl_cert) {
rv = curl_http_post_certuid(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ,
test_matrix[i].curl_http_auth,
test_matrix[i].curl_cert, test_matrix[i].curl_key,
US1060_CACERTS, NULL);
} else {
rv = curl_http_post(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ,
test_matrix[i].curl_http_auth, US1060_CACERTS, CURLAUTH_BASIC,
NULL, NULL, NULL);
}
break;
}
CU_ASSERT(rv == test_matrix[i].expected_http_result);
if (rv != test_matrix[i].expected_http_result) {
printf("\nMatrix test %s failed with rv = %d\n", test_matrix[i].test_name, (int)rv);
}
}