diff --git a/scripts/ocsp-stapling-with-ca-as-responder.test b/scripts/ocsp-stapling-with-ca-as-responder.test index e2edee07c..a043ba809 100755 --- a/scripts/ocsp-stapling-with-ca-as-responder.test +++ b/scripts/ocsp-stapling-with-ca-as-responder.test @@ -5,6 +5,7 @@ WORKSPACE=`pwd` CERT_DIR="./certs/ocsp" resume_port=0 ready_file=`pwd`/wolf_ocsp_s1_readyF$$ +ready_file2=`pwd`/wolf_ocsp_s1_readyF2$$ printf '%s\n' "ready file: $ready_file" test_cnf="ocsp_s_w_ca_a_r.cnf" @@ -38,6 +39,32 @@ restore_originals() { mv bak-server5-cert.pem server5-cert.pem } +wait_for_readyFile(){ + + counter=0 + + while [ ! -s $1 -a "$counter" -lt 20 ]; do + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + if test -e $1; then + echo -e "found ready file, starting client..." + else + echo -e "NO ready file ending test..." + exit 1 + fi + +} + +remove_single_rF(){ + if test -e $1; then + printf '%s\n' "removing ready file: $1" + rm $1 + fi +} + #create a configure file for cert generation with the port 0 solution create_new_cnf() { copy_originals @@ -100,6 +127,10 @@ remove_ready_file() { printf '%s\n' "removing ready file" rm $ready_file fi + if test -e $ready_file2; then + printf '%s\n' "removing ready file: $ready_file2" + rm $ready_file2 + fi } @@ -122,7 +153,7 @@ ca=certs/external/baltimore-cybertrust-root.pem # create a port 0 port to use with openssl ocsp responder ./examples/server/server -R $ready_file -p $resume_port & -sleep 1 +wait_for_readyFile $ready_file if [ ! -f $ready_file ]; then printf '%s\n' "Failed to create ready file: \"$ready_file\"" exit 1 @@ -163,18 +194,27 @@ sleep 1 printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERT -./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem & -sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 +./examples/server/server -c certs/ocsp/server1-cert.pem \ + -k certs/ocsp/server1-key.pem -R $ready_file2 \ + -p $resume_port & +wait_for_readyFile $ready_file2 +CLI_PORT=`cat $ready_file2` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED CERT -./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem & -sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 +remove_single_rF $ready_file2 +./examples/server/server -c certs/ocsp/server2-cert.pem \ + -k certs/ocsp/server2-key.pem -R $ready_file2 \ + -p $resume_port & +wait_for_readyFile $ready_file2 +CLI_PORT=`cat $ready_file2` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection suceeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 68b9e67bd..031fdfe40 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -8,6 +8,7 @@ WORKSPACE=`pwd` CERT_DIR="./certs/ocsp" resume_port=0 ready_file=`pwd`/wolf_ocsp_s1_readyF$$ +ready_file2=`pwd`/wolf_ocsp_s1_readyF2$$ printf '%s\n' "ready file: $ready_file" test_cnf="ocsp_s1.cnf" @@ -41,6 +42,32 @@ restore_originals() { mv bak-server5-cert.pem server5-cert.pem } +wait_for_readyFile(){ + + counter=0 + + while [ ! -s $1 -a "$counter" -lt 20 ]; do + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + if test -e $1; then + echo -e "found ready file, starting client..." + else + echo -e "NO ready file ending test..." + exit 1 + fi + +} + +remove_single_rF(){ + if test -e $1; then + printf '%s\n' "removing ready file: $1" + rm $1 + fi +} + #create a configure file for cert generation with the port 0 solution create_new_cnf() { copy_originals @@ -103,6 +130,10 @@ remove_ready_file() { printf '%s\n' "removing ready file" rm $ready_file fi + if test -e $ready_file2; then + printf '%s\n' "removing ready file: $ready_file2" + rm $ready_file2 + fi } cleanup() @@ -128,7 +159,7 @@ fi # create a port 0 port to use with openssl ocsp responder ./examples/server/server -R $ready_file -p $resume_port & -sleep 1 +wait_for_readyFile $ready_file if [ ! -f $ready_file ]; then printf '%s\n' "Failed to create ready file: \"$ready_file\"" exit 1 @@ -175,20 +206,24 @@ sleep 1 printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERT -./examples/server/server -c certs/ocsp/server1-cert.pem \ - -k certs/ocsp/server1-key.pem & -sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 +./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ + -k certs/ocsp/server1-key.pem -p $resume_port & +wait_for_readyFile $ready_file2 +CLI_PORT=`cat $ready_file2` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED CERT -./examples/server/server -c certs/ocsp/server2-cert.pem \ - -k certs/ocsp/server2-key.pem & +remove_single_rF $ready_file2 +./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ + -k certs/ocsp/server2-key.pem -p $resume_port & +wait_for_readyFile $ready_file2 sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 +CLI_PORT=`cat $ready_file2` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection suceeded $RESULT" \ && exit 1 @@ -199,20 +234,28 @@ printf '%s\n\n' "Test successfully REVOKED!" if [ $? -ne 0 ]; then printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------" # client test against our own server - GOOD CERT - ./examples/server/server -c certs/ocsp/server1-cert.pem \ - -k certs/ocsp/server1-key.pem -v 4 & - sleep 1 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 + remove_single_rF $ready_file2 + ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ + -k certs/ocsp/server1-key.pem -v 4 \ + -p $resume_port & + wait_for_readyFile $ready_file2 + CLI_PORT=`cat $ready_file2` + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------" # client test against our own server - REVOKED CERT - ./examples/server/server -c certs/ocsp/server2-cert.pem \ - -k certs/ocsp/server2-key.pem -v 4 & - sleep 1 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 + remove_single_rF $ready_file2 + ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ + -k certs/ocsp/server2-key.pem -v 4 \ + -p $resume_port & + wait_for_readyFile $ready_file2 + CLI_PORT=`cat $ready_file2` + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 1 ] && \ printf '\n\n%s\n' "Client connection suceeded $RESULT" \ diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index dfc14e900..2076af40a 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -9,10 +9,12 @@ ready_file1=`pwd`/wolf_ocsp_s2_readyF1$$ ready_file2=`pwd`/wolf_ocsp_s2_readyF2$$ ready_file3=`pwd`/wolf_ocsp_s2_readyF3$$ ready_file4=`pwd`/wolf_ocsp_s2_readyF4$$ +ready_file5=`pwd`/wolf_ocsp_s2_readyF5$$ printf '%s\n' "ready file 1: $ready_file1" printf '%s\n' "ready file 2: $ready_file2" printf '%s\n' "ready file 3: $ready_file3" printf '%s\n' "ready file 4: $ready_file4" +printf '%s\n' "ready file 5: $ready_file5" test_cnf="ocsp_s2.cnf" @@ -45,6 +47,32 @@ restore_originals() { mv bak-server5-cert.pem server5-cert.pem } +wait_for_readyFile(){ + + counter=0 + + while [ ! -s $1 -a "$counter" -lt 20 ]; do + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + if test -e $1; then + echo -e "found ready file, starting client..." + else + echo -e "NO ready file ending test..." + exit 1 + fi + +} + +remove_single_rF(){ + if test -e $1; then + printf '%s\n' "removing ready file: $1" + rm $1 + fi +} + #create a configure file for cert generation with the port 0 solution create_new_cnf() { copy_originals @@ -119,6 +147,10 @@ remove_ready_file(){ printf '%s\n' "removing ready file: $ready_file4" rm $ready_file4 fi + if test -e $ready_file5; then + printf '%s\n' "removing ready file: $ready_file5" + rm $ready_file5 + fi } cleanup() @@ -138,28 +170,28 @@ trap cleanup EXIT INT TERM HUP #get four unique ports # 1: ./examples/server/server -R $ready_file1 -p $resume_port & -sleep 1 +wait_for_readyFile $ready_file1 if [ ! -f $ready_file1 ]; then printf '%s\n' "Failed to create ready file1: \"$ready_file1\"" exit 1 fi # 2: ./examples/server/server -R $ready_file2 -p $resume_port & -sleep 1 +wait_for_readyFile $ready_file2 if [ ! -f $ready_file2 ]; then printf '%s\n' "Failed to create ready file2: \"$ready_file2\"" exit 1 fi # 3: ./examples/server/server -R $ready_file3 -p $resume_port & -sleep 1 +wait_for_readyFile $ready_file3 if [ ! -f $ready_file3 ]; then printf '%s\n' "Failed to create ready file3: \"$ready_file3\"" exit 1 fi # 4: ./examples/server/server -R $ready_file4 -p $resume_port & -sleep 1 +wait_for_readyFile $ready_file4 if [ ! -f $ready_file4 ]; then printf '%s\n' "Failed to create ready file4: \"$ready_file4\"" exit 1 @@ -223,53 +255,81 @@ sleep 1 printf '\n\n%s\n\n' "All OCSP responders started successfully!" printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERTS -./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & -sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 +./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $resume_port & +wait_for_readyFile $ready_file5 +CLI_PORT=`cat $ready_file5` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW" #printf '%s\n\n' "------------- TEST CASE 2 SHOULD PASS ------------------------" -# -#./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & -#sleep 1 -#./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 +#remove_single_rF $ready_file5 +#./examples/server/server -c certs/ocsp/server3-cert.pem \ +# -k certs/ocsp/server3-key.pem -R $ready_file5 \ +# -p $resume_port & +#wait_for_readyFile $ready_file5 +#CLI_PORT=`cat $ready_file5` +#./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ +# -p $CLI_PORT #RESULT=$? #[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1 #printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED SERVER CERT -./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem & -sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 +remove_single_rF $ready_file5 +./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $resume_port & +wait_for_readyFile $ready_file5 +CLI_PORT=`cat $ready_file5` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection suceeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ----------------------" -./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem & +remove_single_rF $ready_file5 +./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $resume_port & sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 +CLI_PORT=`cat $ready_file5` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection suceeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 5 SHOULD PASS ------------------------" # client test against our own server - REVOKED INTERMEDIATE CERT -./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem & -sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 +remove_single_rF $ready_file5 +./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $resume_port & +wait_for_readyFile $ready_file5 +CLI_PORT=`cat $ready_file5` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed $RESULT" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 6 SHOULD REVOKE ----------------------" -./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem & -sleep 1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 +remove_single_rF $ready_file5 +./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $resume_port & +wait_for_readyFile $ready_file5 +CLI_PORT=`cat $ready_file5` +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + -p $CLI_PORT RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection suceeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!"