static int us1060_start_server (char *cert, char *key, int no_http_auth, int enable_pop, int enable_srp)
{
int rv;
if (enable_srp) {
rv = st_start_srp(US1060_SERVER_PORT,
cert, key,
"US1060 test realm",
US1060_CACERTS,
US1060_TRUST_CERTS,
"CA/estExampleCA.cnf",
enable_pop,
US1060_VFILE);
} else {
rv = st_start(US1060_SERVER_PORT,
cert, key,
"US1060 test realm",
US1060_CACERTS,
US1060_TRUST_CERTS,
"CA/estExampleCA.cnf",
0,
enable_pop,
0);
}
if (no_http_auth) {
st_disable_http_auth();
}
return rv;
}
/*
* Start the appropriate flavor of st_server
* based what character is specified
* B - Basic auth
* D - Digest auth
* C - CRL checking
* N = No auth
*/
static int us901_start_server(char server_type) {
int rv;
switch (server_type) {
case 'B':
rv = st_start(US901_SERVER_PORT,
US901_SERVER_CERTKEY,
US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt",
"CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0);
st_enable_http_basic_auth();
break;
case 'D':
rv = st_start(US901_SERVER_PORT,
US901_SERVER_CERTKEY,
US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt",
"CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0);
st_enable_http_digest_auth();
break;
case 'C':
system(
"openssl ca -config CA/estExampleCA.cnf -gencrl -out CA/estCA/crl.pem");
SLEEP(1);
system(
"cat CA/trustedcerts.crt CA/estCA/crl.pem > US901/trustedcertsandcrl.crt");
SLEEP(1);
rv = st_start(US901_SERVER_PORT,
US901_SERVER_CERTKEY,
US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt",
"US901/trustedcertsandcrl.crt", "CA/estExampleCA.cnf", 0, 0, 0);
st_enable_crl();
st_disable_http_auth();
break;
case 'N':
rv = st_start(US901_SERVER_PORT,
US901_SERVER_CERTKEY,
US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt",
"CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0);
st_disable_http_auth();
break;
default:
rv = -1;
break;
}
return rv;
}
/*
* This is our worker for each entry in the test matrix above.
* We read the configuration from the entry, configure the
* server and client as needed, and attempt a simple enroll
* using Curl as the client.
* The argument i is the index of the entry in the table above.
*/
static void us1060_test_matrix_item (int i)
{
long rv;
LOG_FUNC_NM;
printf("\nRunning matrix test %s\n", test_matrix[i].test_name);
/*
* Stop the server and restart it to make sure
* it's in the correct mode.
*/
st_stop();
if (test_matrix[i].server_srp == SRP_ON) {
rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 1);
} else {
rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 0);
}
CU_ASSERT(rv == 0);
/*
* Set the server HTTP auth configuration
*/
switch (test_matrix[i].server_http) {
case HTTP_OFF:
st_disable_http_auth();
break;
case HTTP_OPTIONAL:
st_enable_http_auth();
st_set_http_auth_optional();
break;
case HTTP_REQUIRED:
st_enable_http_auth();
st_set_http_auth_required();
break;
}
switch (test_matrix[i].curl_srp) {
case SRP_GOOD:
rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ,
test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC,
NULL, "srp_user", "srp_pwd", NULL, NULL);
break;
case SRP_BAD:
rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ,
test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC,
NULL, "srp_user", "boguspwd", NULL, NULL);
break;
case SRP_NONE:
/*
* Some of the SRP disabled test cases use a client
* certificate.
*/
if (test_matrix[i].curl_cert) {
rv = curl_http_post_certuid(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ,
test_matrix[i].curl_http_auth,
test_matrix[i].curl_cert, test_matrix[i].curl_key,
US1060_CACERTS, NULL);
} else {
rv = curl_http_post(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ,
test_matrix[i].curl_http_auth, US1060_CACERTS, CURLAUTH_BASIC,
NULL, NULL, NULL);
}
break;
}
CU_ASSERT(rv == test_matrix[i].expected_http_result);
if (rv != test_matrix[i].expected_http_result) {
printf("\nMatrix test %s failed with rv = %d\n", test_matrix[i].test_name, (int)rv);
}
}
