/usr/src/suites/security/kmf/tests/kmfcfg/kmfcfg_create_005.ksh

#! /usr/bin/ksh -p
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# ident	"%Z%%M%	%I%	%E% SMI"
#

#########################################################################
#
# start __stf_assertion__
#
# ASSERTION: kmfcfg_create_005
#
# DESCRIPTION:
#	
#	Verify:
#	"kmfcfg create" with appropriate options can create policies with
#	extened key usage checking.  
#
# STRATEGY:
#
#	1) Backup test.xml to test.xml.bak
#	2) Run "kmfcfg create dbfile=test.xml policy=testpolicy" with ekunames 
#	   option and save the output to a temp variable
#	3) Check the return value of command
#	4) Verify the new policy with "kmfcfg list dbfile=test.xml policy=testpolicy"
#	5) Restore the test.xml to the original one
#	6) Repeat 2),3),4),5) for create subcommand with different ekunames
#	   values 
#	7) Run "kmfcfg create dbfile=test.xml policy=testpolicy" with ekuoids 
#	   option, repeat 3),4),5)
#
# INTERFACE: kmfcfg
#
# end __stf_assertion__
#
#########################################################################

. ${STF_TOOLS}/include/stf.kshlib

. ${STF_TOOLS}/contrib/include/jnl.kshlib

description() {
	cat <<-EOF
	Verify: 
	"kmfcfg create" with appropriate options can create policies with
	extended key usage checking.
	EOF
}

jnl_assertion "$( description )" "kmfcfg create"

test_db="/var/tmp/test.xml"
cmd="/usr/bin/kmfcfg"
common_options="create dbfile=$test_db policy=testpolicy ignore-trust-anchor=true"
ekun_opt="ekunames="
ekuo_opt="ekuoids="
list_options="list dbfile=$test_db policy=testpolicy"
set -A cmd_args \
	"serverauth" \
	"clientauth" \
	"codesigning" \
	"emailprotection" \
	"ipsecendsystem" \
	"ipsectunnel" \
	"ipsecuser" \
	"timestamping" \
	"ocspsigning"

multi_usage="serverauth,clientauth,codesigning,emailprotection,ipsecendsystem,\
ipsectunnel,ipsecuser,timestamping,ocspsigning"

echo $multi_usage

ekuoid="1.2.3.4"

# Back up test.xml
jnl_progress "Backup the original dbfile test.xml"
cp $test_db test.xml.bak
e=$?

if [[ $e -ne 0 ]]; then
	jnl_diagnostic "Backup test dbfile" "0" $e "STF_UNRESOLVED"
	rm -f test.xml.bak
	exit $STF_UNRESOLVED
fi

integer i=0 len=0 j=0
len=${#cmd_args[*]}
output=""

# Test single Extended Key Usage (ekunames)
while (( i < len )); do

	jnl_progress "$cmd $common_options $ekun_opt${cmd_args[i]}"

	output=$($cmd $common_options $ekun_opt${cmd_args[i]})
	e=$?
	if [[ $e -ne 0 ]]; then
		jnl_diagnostic "$cmd $common_options $ekun_opt${cmd_args[i]} $output" 0 $e "STF_FAIL"
		jnl_result $STF_FAIL
		cp test.xml.bak $test_db
		rm -f test.xml.bak
		rm -f result.$$
		exit $STF_FAIL
	fi

	jnl_progress "$cmd $list_options"

	$cmd $list_options > result.$$
	e=$?
	if [[ $e -ne 0 ]]; then
		jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
		jnl_result $STF_UNRESOLVED
		cp test.xml.bak $test_db
		rm -f test.xml.bak
		rm -f result.$$
		exit $STF_UNRESOLVED
	fi

	grep -i "${cmd_args[i]}" result.$$
	e=$?
	if [[ $e -ne 0 ]]; then
		jnl_error "Can't find policy from test.xml"
		jnl_result $STF_FAIL
		cp test.xml.bak $test_db
		rm -f test.xml.bak
		rm -f result.$$
		exit $STF_FAIL
	fi
	
	# Restore test.xml
	cp test.xml.bak $test_db
	
	(( i += 1 ))
done

# Test multiple Extended Key Usages (ekunames)

jnl_progress "$cmd $common_options $ekun_opt${cmd_args[*]}"
output=$($cmd $common_options $ekun_opt$multi_usage)
e=$?
if [[ $e -ne 0 ]]; then
	jnl_diagnostic "$cmd $common_options $ekun_opt$multi_usage $output" 0 $e "STF_FAIL"
	jnl_result $STF_FAIL
	cp test.xml.bak $test_db
	rm -f test.xml.bak
	rm -f result.$$
	exit $STF_FAIL
fi

jnl_progress "$cmd $list_options"

$cmd $list_options > result.$$
e=$?
if [[ $e -ne 0 ]]; then
	jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
	jnl_result $STF_UNRESOLVED
	cp test.xml.bak $test_db
	rm -f test.xml.bak
	rm -f result.$$
	exit $STF_UNRESOLVED
fi

i=0
len=${#cmd_args[*]}
while (( i < len )); do
	grep -i "${cmd_args[i]}" result.$$
	if [[ $? -eq 0 ]]; then
		((j += 1))
	fi
	((i +=1 ))
done

if (( j != 9 )); then
	jnl_error "Can't find policy from test.xml"
	jnl_result $STF_FAIL
	cp test.xml.bak $test_db
	rm -f test.xml.bak
	rm -f result.$$
	exit $STF_FAIL
fi

# Restore test.xml
cp test.xml.bak $test_db

# Create policy with ekuoids option

jnl_progress "$cmd $common_options $ekuo_opt${cmd_args[*]}"
output=$($cmd $common_options $ekuo_opt$ekuoid)
e=$?
if [[ $e -ne 0 ]]; then
	jnl_diagnostic "$cmd $common_options $ekuo_opt$ekuoid} $output" 0 $e "STF_FAIL"
	jnl_result $STF_FAIL
	cp test.xml.bak $test_db
	rm -f test.xml.bak
	rm -f result.$$
	exit $STF_FAIL
fi

jnl_progress "$cmd $list_options"

$cmd $list_options > result.$$
e=$?
if [[ $e -ne 0 ]]; then
	jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
	jnl_result $STF_UNRESOLVED
	cp test.xml.bak $test_db
	rm -f test.xml.bak
	rm -f result.$$
	exit $STF_UNRESOLVED
fi

grep $ekuoid result.$$
e=$?
if [[ $e -ne 0 ]]; then
	jnl_error "Can't find policy from test.xml"
	jnl_result $STF_FAIL
	cp test.xml.bak $test_db
	rm -f test.xml.bak
	rm -f result.$$
	exit $STF_FAIL
fi

# Restore test.xml
cp test.xml.bak $test_db

rm -f result.$$
rm -f test.xml.bak
jnl_result $STF_PASS
exit $STF_PASS