static int us1060_start_server (char *cert, char *key, int no_http_auth, int enable_pop, int enable_srp) { int rv; if (enable_srp) { rv = st_start_srp(US1060_SERVER_PORT, cert, key, "US1060 test realm", US1060_CACERTS, US1060_TRUST_CERTS, "CA/estExampleCA.cnf", enable_pop, US1060_VFILE); } else { rv = st_start(US1060_SERVER_PORT, cert, key, "US1060 test realm", US1060_CACERTS, US1060_TRUST_CERTS, "CA/estExampleCA.cnf", 0, enable_pop, 0); } if (no_http_auth) { st_disable_http_auth(); } return rv; }
/* * Start the appropriate flavor of st_server * based what character is specified * B - Basic auth * D - Digest auth * C - CRL checking * N = No auth */ static int us901_start_server(char server_type) { int rv; switch (server_type) { case 'B': rv = st_start(US901_SERVER_PORT, US901_SERVER_CERTKEY, US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt", "CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0); st_enable_http_basic_auth(); break; case 'D': rv = st_start(US901_SERVER_PORT, US901_SERVER_CERTKEY, US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt", "CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0); st_enable_http_digest_auth(); break; case 'C': system( "openssl ca -config CA/estExampleCA.cnf -gencrl -out CA/estCA/crl.pem"); SLEEP(1); system( "cat CA/trustedcerts.crt CA/estCA/crl.pem > US901/trustedcertsandcrl.crt"); SLEEP(1); rv = st_start(US901_SERVER_PORT, US901_SERVER_CERTKEY, US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt", "US901/trustedcertsandcrl.crt", "CA/estExampleCA.cnf", 0, 0, 0); st_enable_crl(); st_disable_http_auth(); break; case 'N': rv = st_start(US901_SERVER_PORT, US901_SERVER_CERTKEY, US901_SERVER_CERTKEY, "estrealm", "CA/estCA/cacert.crt", "CA/trustedcerts.crt", "CA/estExampleCA.cnf", 0, 0, 0); st_disable_http_auth(); break; default: rv = -1; break; } return rv; }
/* * This is our worker for each entry in the test matrix above. * We read the configuration from the entry, configure the * server and client as needed, and attempt a simple enroll * using Curl as the client. * The argument i is the index of the entry in the table above. */ static void us1060_test_matrix_item (int i) { long rv; LOG_FUNC_NM; printf("\nRunning matrix test %s\n", test_matrix[i].test_name); /* * Stop the server and restart it to make sure * it's in the correct mode. */ st_stop(); if (test_matrix[i].server_srp == SRP_ON) { rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 1); } else { rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 0); } CU_ASSERT(rv == 0); /* * Set the server HTTP auth configuration */ switch (test_matrix[i].server_http) { case HTTP_OFF: st_disable_http_auth(); break; case HTTP_OPTIONAL: st_enable_http_auth(); st_set_http_auth_optional(); break; case HTTP_REQUIRED: st_enable_http_auth(); st_set_http_auth_required(); break; } switch (test_matrix[i].curl_srp) { case SRP_GOOD: rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC, NULL, "srp_user", "srp_pwd", NULL, NULL); break; case SRP_BAD: rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC, NULL, "srp_user", "boguspwd", NULL, NULL); break; case SRP_NONE: /* * Some of the SRP disabled test cases use a client * certificate. */ if (test_matrix[i].curl_cert) { rv = curl_http_post_certuid(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, test_matrix[i].curl_http_auth, test_matrix[i].curl_cert, test_matrix[i].curl_key, US1060_CACERTS, NULL); } else { rv = curl_http_post(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, test_matrix[i].curl_http_auth, US1060_CACERTS, CURLAUTH_BASIC, NULL, NULL, NULL); } break; } CU_ASSERT(rv == test_matrix[i].expected_http_result); if (rv != test_matrix[i].expected_http_result) { printf("\nMatrix test %s failed with rv = %d\n", test_matrix[i].test_name, (int)rv); } }