/usr/src/suites/security/kmf/tests/kmfcfg/kmfcfg_create_002.ksh
Korn Shell | 404 lines | 307 code | 33 blank | 64 comment | 14 complexity | c5dc84001dbde86abae6f508ec55beb8 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception
- #! /usr/bin/ksh -p
- #
- # CDDL HEADER START
- #
- # The contents of this file are subject to the terms of the
- # Common Development and Distribution License (the "License").
- # You may not use this file except in compliance with the License.
- #
- # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- # or http://www.opensolaris.org/os/licensing.
- # See the License for the specific language governing permissions
- # and limitations under the License.
- #
- # When distributing Covered Code, include this CDDL HEADER in each
- # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- # If applicable, add the following below this CDDL HEADER, with the
- # fields enclosed by brackets "[]" replaced with your own identifying
- # information: Portions Copyright [yyyy] [name of copyright owner]
- #
- # CDDL HEADER END
- #
- #
- # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- # Use is subject to license terms.
- #
- # ident "%Z%%M% %I% %E% SMI"
- #
- #########################################################################
- #
- # start __stf_assertion__
- #
- # ASSERTION: kmfcfg_create_002
- #
- # DESCRIPTION:
- #
- # Verify:
- # "kmfcfg create" with appropriate options can create policies with
- # OCSP verification method.
- #
- # STRATEGY:
- #
- # 1) Backup test.xml to test.xml.bak
- # 2) Run "kmfcfg create dbfile=test.xml policy=testpolicy" with ocsp
- # options and save the output to a temp variable
- # 3) Check the return value of command
- # 4) Verify the new policy with "kmfcfg list dbfile=test.xml policy=testpolicy"
- # 5) Restore the test.xml to the original one
- # 6) Repeat 2),3),4),5) for create subcommand with different ocsp options
- #
- # INTERFACE: kmfcfg
- #
- # end __stf_assertion__
- #
- #########################################################################
- . ${STF_TOOLS}/include/stf.kshlib
- . ${STF_TOOLS}/contrib/include/jnl.kshlib
- description() {
- cat <<-EOF
- Verify:
- "kmfcfg create" with appropriate options can create policies with
- OCSP verification method.
- EOF
- }
- jnl_assertion "$( description )" "kmfcfg create"
- test_db="/var/tmp/test.xml"
- cmd="/usr/bin/kmfcfg"
- common_options="create dbfile=$test_db policy=testpolicy ignore-trust-anchor=true"
- list_options="list dbfile=$test_db policy=testpolicy"
- issuer_dn="O=Sun Microsytems Inc., OU=Solaris Qe Ops, L=Beijing, ST=Beijing, \
- C=PR, CN=Eddie Luo"
- set -A cmd_args \
- "ocsp-use-cert-responder=true" \
- "ocsp-responder=http://ocsp.verisign.com/ocsp/status" \
- "ocsp-responder=http://ocsp.verisign.com/ocsp/status ocsp-proxy=webcache.sfbay:8080" \
- "ocsp-use-cert-responder=true ocsp-ignore-response-sign=true" \
- "ocsp-use-cert-responder=true ocsp-response-lifetime=12-hour" \
- "ocsp-use-cert-responder=true ocsp-responder-cert-name=\"$issuer_dn\" ocsp-responder-cert-serial=0303"
- # Back up test.xml
- jnl_progress "Backup the original dbfile test.xml"
- cp $test_db test.xml.bak
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "Backup test dbfile" "0" $e "STF_UNRESOLVED"
- rm -f test.xml.bak
- exit $STF_UNRESOLVED
- fi
- output=""
- ##########################Create cmd_args[0] BEGIN#########################################
- jnl_progress "$cmd $common_options ${cmd_args[0]}"
- output=$(ksh -c "$cmd $common_options ${cmd_args[0]}")
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options ${cmd_args[0]} $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cat result.$$
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- grep 'Use ResponderURI from Certificate: true' result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- # Restore test dbfile
- cp test.xml.bak $test_db
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "Restore test dbfile" "0" $e "STF_UNRESOLVED"
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- ##########################Create cmd_args[0] END###########################################
- ##########################Create cmd_args[1] BEGIN#########################################
- jnl_progress "$cmd $common_options ${cmd_args[1]}"
- output=$(ksh -c "$cmd $common_options ${cmd_args[1]}")
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options ${cmd_args[1]} $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- grep 'Responder URI: http://ocsp.verisign.com/ocsp/status' result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- # Restore test dbfile
- cp test.xml.bak $test_db
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "Restore test dbfile" "0" $e "STF_UNRESOLVED"
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- ##########################Create cmd_args[1] END###########################################
- ##########################Create cmd_args[2] BEGIN#########################################
- jnl_progress "$cmd $common_options ${cmd_args[2]}"
- output=$(ksh -c "$cmd $common_options ${cmd_args[2]}")
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options ${cmd_args[2]} $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- grep 'Responder URI: http://ocsp.verisign.com/ocsp/status' result.$$ && \
- grep 'Proxy: webcache.sfbay:8080' result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- # Restore test dbfile
- cp test.xml.bak $test_db
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "Restore test dbfile" "0" $e "STF_UNRESOLVED"
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- ##########################Create cmd_args[2] END###########################################
- ##########################Create cmd_args[3] BEGIN#########################################
- jnl_progress "$cmd $common_options ${cmd_args[3]}"
- output=$(ksh -c "$cmd $common_options ${cmd_args[3]}")
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options ${cmd_args[3]} $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- grep 'Ignore Response signature: true' result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- # Restore test dbfile
- cp test.xml.bak $test_db
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "Restore test dbfile" "0" $e "STF_UNRESOLVED"
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- ##########################Create cmd_args[3] END###########################################
- ##########################Create cmd_args[4] BEGIN#########################################
- jnl_progress "$cmd $common_options ${cmd_args[4]}"
- output=$(ksh -c "$cmd $common_options ${cmd_args[4]}")
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options ${cmd_args[4]} $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- grep 'Response lifetime: 12-hour' result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- # Restore test dbfile
- cp test.xml.bak $test_db
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "Restore test dbfile" "0" $e "STF_UNRESOLVED"
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- ##########################Create cmd_args[4] END###########################################
- ##########################Create cmd_args[5] BEGIN#########################################
- jnl_progress "$cmd $common_options ${cmd_args[5]}"
- output=$(ksh -c "$cmd $common_options ${cmd_args[5]}")
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $common_options ${cmd_args[5]} $output" 0 $e "STF_FAIL"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- jnl_progress "$cmd $list_options"
- $cmd $list_options > result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "$cmd $list_options" 0 $e "STF_UNRESOLVED"
- jnl_result $STF_UNRESOLVED
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- grep "$issuer_dn" result.$$ && grep 'Serial: 0303' result.$$
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_error "Can't find policy from test.xml"
- jnl_result $STF_FAIL
- cp test.xml.bak $test_db
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_FAIL
- fi
- # Restore test dbfile
- cp test.xml.bak $test_db
- e=$?
- if [[ $e -ne 0 ]]; then
- jnl_diagnostic "Restore test dbfile" "0" $e "STF_UNRESOLVED"
- rm -f test.xml.bak
- rm -f result.$$
- exit $STF_UNRESOLVED
- fi
- ##########################Create cmd_args[5] END###########################################
- rm -f result.$$
- rm -f test.xml.bak
- jnl_result $STF_PASS
- exit $STF_PASS