/usr/src/suites/security/kmf/tests/kmfcfg/kmfcfg_create_005.ksh
Korn Shell | 253 lines | 167 code | 25 blank | 61 comment | 8 complexity | 33e2194040f32738aa20d6dd5d78ee1d MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception
- #! /usr/bin/ksh -p
- #
- # CDDL HEADER START
- #
- # The contents of this file are subject to the terms of the
- # Common Development and Distribution License (the "License").
- # You may not use this file except in compliance with the License.
- #
- # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- # or http://www.opensolaris.org/os/licensing.
- # See the License for the specific language governing permissions
- # and limitations under the License.
- #
- # When distributing Covered Code, include this CDDL HEADER in each
- # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- # If applicable, add the following below this CDDL HEADER, with the
- # fields enclosed by brackets "[]" replaced with your own identifying
- # information: Portions Copyright [yyyy] [name of copyright owner]
- #
- # CDDL HEADER END
- #
- #
- # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- # Use is subject to license terms.
- #
- # ident "%Z%%M% %I% %E% SMI"
- #
- #########################################################################
- #
- # start __stf_assertion__
- #
- # ASSERTION: kmfcfg_create_005
- #
- # DESCRIPTION:
- #
- # Verify:
- # "kmfcfg create" with appropriate options can create policies with
- # extened key usage checking.
- #
- # STRATEGY:
- #
- # 1) Backup test.xml to test.xml.bak
- # 2) Run "kmfcfg create dbfile=test.xml policy=testpolicy" with ekunames
- # option and save the output to a temp variable
- # 3) Check the return value of command
- # 4) Verify the new policy with "kmfcfg list dbfile=test.xml policy=testpolicy"
- # 5) Restore the test.xml to the original one
- # 6) Repeat 2),3),4),5) for create subcommand with different ekunames
- # values
- # 7) Run "kmfcfg create dbfile=test.xml policy=testpolicy" with ekuoids
- # option, repeat 3),4),5)
- #
- # INTERFACE: kmfcfg
- #
- # end __stf_assertion__
- #
- #########################################################################
- . ${STF_TOOLS}/include/stf.kshlib
- . ${STF_TOOLS}/contrib/include/jnl.kshlib
- description() {
- cat <<-EOF
- Verify:
- "kmfcfg create" with appropriate options can create policies with
- extended key usage checking.
- EOF
- }
- jnl_assertion "$( description )" "kmfcfg create"
- test_db="/var/tmp/test.xml"
- cmd="/usr/bin/kmfcfg"
- common_options="create dbfile=$test_db policy=testpolicy ignore-trust-anchor=true"
- ekun_opt="ekunames="
- ekuo_opt="ekuoids="
- list_options="list dbfile=$test_db policy=testpolicy"
- set -A cmd_args \
- "serverauth" \
- "clientauth" \
- "codesigning" \
- "emailprotection" \
- "ipsecendsystem" \
- "ipsectunnel" \
- "ipsecuser" \
- "timestamping" \
- "ocspsigning"
- multi_usage="serverauth,clientauth,codesigning,emailprotection,ipsecendsystem,\
- ipsectunnel,ipsecuser,timestamping,ocspsigning"
- echo $multi_usage
- ekuoid="1.2.3.4"
- # Back up test.xml
- jnl_progress "Backup the original dbfile test.xml"
- cp $test_db test.xml.bak
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "Backup test dbfile" "0" $e "STF_UNRESOLVED"
- rm -f test.xml.bak
- exit $STF_UNRESOLVED
- fi
- integer i=0 len=0 j=0
- len=${#cmd_args[*]}
- output=""
- # Test single Extended Key Usage (ekunames)
- while (( i < len )); do
- jnl_progress "$cmd $common_options $ekun_opt${cmd_args[i]}"
- output=$($cmd $common_options $ekun_opt${cmd_args[i]})
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options $ekun_opt${cmd_args[i]} $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- grep -i "${cmd_args[i]}" result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
-
- # Restore test.xml
- cp test.xml.bak $test_db
-
- (( i += 1 ))
- done
- # Test multiple Extended Key Usages (ekunames)
- jnl_progress "$cmd $common_options $ekun_opt${cmd_args[*]}"
- output=$($cmd $common_options $ekun_opt$multi_usage)
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options $ekun_opt$multi_usage $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- i=0
- len=${#cmd_args[*]}
- while (( i < len )); do
- grep -i "${cmd_args[i]}" result.$$
- if [[ $? -eq 0 ]]; then
- ((j += 1))
- fi
- ((i +=1 ))
- done
- if (( j != 9 )); then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- # Restore test.xml
- cp test.xml.bak $test_db
- # Create policy with ekuoids option
- jnl_progress "$cmd $common_options $ekuo_opt${cmd_args[*]}"
- output=$($cmd $common_options $ekuo_opt$ekuoid)
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options $ekuo_opt$ekuoid} $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- grep $ekuoid result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- # Restore test.xml
- cp test.xml.bak $test_db
- rm -f result.$$
- rm -f test.xml.bak
- jnl_result $STF_PASS
- exit $STF_PASS