Exemplo n.º 1
0
static int us1060_start_server (char *cert, char *key, int no_http_auth, int enable_pop, int enable_srp)
{
    int rv;

    if (enable_srp) {
	rv = st_start_srp(US1060_SERVER_PORT, 
			  cert, key,
			  "US1060 test realm",
			  US1060_CACERTS,
			  US1060_TRUST_CERTS,
	                  "CA/estExampleCA.cnf",
		          enable_pop,
		          US1060_VFILE);
    } else {
	rv = st_start(US1060_SERVER_PORT, 
		      cert, key,
		      "US1060 test realm",
		      US1060_CACERTS,
		      US1060_TRUST_CERTS,
	              "CA/estExampleCA.cnf",
		      0,
		      enable_pop,
		      0);
    }

    if (no_http_auth) {
        st_disable_http_auth();
    }

    return rv;
}
Exemplo n.º 2
0
/*
 * Start the appropriate flavor of st_server
 * based what character is specified
 * B - Basic auth
 * D - Digest auth
 * C - CRL checking
 * N = No auth
 */
static int us901_start_server(char server_type) {
    int rv;

    switch (server_type) {
    case 'B':
        rv = st_start(US901_SERVER_PORT,
        US901_SERVER_CERTKEY,
        US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt",
                "CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0);
        st_enable_http_basic_auth();
        break;
    case 'D':
        rv = st_start(US901_SERVER_PORT,
        US901_SERVER_CERTKEY,
        US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt",
                "CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0);
        st_enable_http_digest_auth();
        break;
    case 'C':
        system(
                "openssl ca -config CA/estExampleCA.cnf -gencrl -out CA/estCA/crl.pem");
        SLEEP(1);
        system(
                "cat CA/trustedcerts.crt CA/estCA/crl.pem > US901/trustedcertsandcrl.crt");
        SLEEP(1);
        rv = st_start(US901_SERVER_PORT,
        US901_SERVER_CERTKEY,
        US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt",
                "US901/trustedcertsandcrl.crt", "CA/estExampleCA.cnf", 0, 0, 0);
        st_enable_crl();
        st_disable_http_auth();
        break;
    case 'N':
        rv = st_start(US901_SERVER_PORT,
        US901_SERVER_CERTKEY,
        US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt",
                "CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0);
        st_disable_http_auth();
        break;
    default:
        rv = -1;
        break;
    }

    return rv;
}
Exemplo n.º 3
0
/*
 * This is our worker for each entry in the test matrix above.
 * We read the configuration from the entry, configure the
 * server and client as needed, and attempt a simple enroll
 * using Curl as the client.
 * The argument i is the index of the entry in the table above.
 */
static void us1060_test_matrix_item (int i) 
{
    long rv;

    LOG_FUNC_NM;

    printf("\nRunning matrix test %s\n", test_matrix[i].test_name);

    /*
     * Stop the server and restart it to make sure 
     * it's in the correct mode.
     */
    st_stop();
    if (test_matrix[i].server_srp == SRP_ON) {
	rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 1);
    } else {
	rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 0);
    }
    CU_ASSERT(rv == 0);


    /*
     * Set the server HTTP auth configuration
     */
    switch (test_matrix[i].server_http) {
    case HTTP_OFF:
	st_disable_http_auth();
        break;
    case HTTP_OPTIONAL:
	st_enable_http_auth();
	st_set_http_auth_optional();
        break;
    case HTTP_REQUIRED:
	st_enable_http_auth();
	st_set_http_auth_required();
        break;
    }


    switch (test_matrix[i].curl_srp) {
    case SRP_GOOD:
	rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
				test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC, 
				NULL, "srp_user", "srp_pwd", NULL, NULL);
	break;
    case SRP_BAD:
	rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
				test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC, 
				NULL, "srp_user", "boguspwd", NULL, NULL);
	break;
    case SRP_NONE:
	/*
	 * Some of the SRP disabled test cases use a client
	 * certificate.
	 */
	if (test_matrix[i].curl_cert) {
	    rv = curl_http_post_certuid(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
					test_matrix[i].curl_http_auth, 
					test_matrix[i].curl_cert, test_matrix[i].curl_key,  
					US1060_CACERTS, NULL);
	} else {
	    rv = curl_http_post(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
				test_matrix[i].curl_http_auth, US1060_CACERTS, CURLAUTH_BASIC, 
				NULL, NULL, NULL);
	}
	break;
    }    
    CU_ASSERT(rv == test_matrix[i].expected_http_result);
    if (rv != test_matrix[i].expected_http_result) {
	printf("\nMatrix test %s failed with rv = %d\n", test_matrix[i].test_name, (int)rv);
    }
}