Changeset e5546be in mod_gnutls for test

Timestamp:

Jul 1, 2019, 4:16:01 PM (4 years ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

asyncio, main, master, proxy-ticket

Children:

c825c3a

Parents:

f205c5f

Message:

Test suite: Move directory for client identity into authority directory

Eventually I want all identity directories be subdirectories of their
CAs, so we can build longer certificate chains from a directory
hierarchy. The client/ directory just happens to be the first to move.

Thanks to Krista Karppinen for discussing glob patterns with me!

Location:

test

Files:

• Makefile.am (modified) (6 diffs)
• authority/client/template.in (moved) (moved from test/client/template.in)
• authority/client/uid.in (moved) (moved from test/client/uid.in)
• runtests (modified) (1 diff)
• tests/10_basic_client_verification/gnutls-cli.args (modified) (1 diff)
• tests/12_cgi_variables/gnutls-cli.args (modified) (1 diff)
• tests/15_basic_msva/gnutls-cli.args (modified) (1 diff)
• tests/17_cgi_vars_large_cert/gnutls-cli.args (modified) (1 diff)
• tests/20_TLS_reverse_proxy_client_auth/apache.conf (modified) (1 diff)

test/Makefile.am

@@ -56 +56 @@
 # Identities in the miniature CA, server, and client environment for
 # the test suite
-shared_identities = authority client
+shared_identities = authority authority/client
 pgp_identities = $(shared_identities)
 x509_only_identities = server rogueca imposter rogueclient
@@ -97 +97 @@
 MOSTLYCLEANFILES = cache/* logs/* outputs/* server/crl.pem
 
-cert_templates = authority/template.in client/template.in \
+cert_templates = authority/template.in authority/client/template.in \
         imposter/template.in ocsp-responder/template rogueca/template \
         rogueclient/template.in server/template.in
-generated_templates = authority/template client/template \
+generated_templates = authority/template authority/client/template \
         imposter/template rogueclient/template server/template
 
@@ -113 +113 @@
 # (e.g. host names) without wasting time on new keys (which would
 # happen after "clean").
-MOSTLYCLEANFILES += */x509.pem $(generated_templates) */uid
+MOSTLYCLEANFILES += $(x509_certs) $(generated_templates) $(identities:=/uid)
 
 
@@ -120 +120 @@
 # one day, so regenerating them is both fast and frequently
 # necessary.
-MOSTLYCLEANFILES += */*.pgp */*.pgp.raw */*.gpg */*.gpg~ */gpg.conf \
-        authority/lock */*.kbx */*.kbx~ */S.gpg-agent */private-keys-v1.d/* \
-        authority/tofu.db
+pgp_patterns = /*.pgp /*.pgp.raw /*.gpg /*.gpg~ /gpg.conf \
+        /*.kbx /*.kbx~ /S.gpg-agent /private-keys-v1.d/*
+MOSTLYCLEANFILES += $(foreach pat,$(pgp_patterns),$(pgp_identities:=$(pat))) \
+        authority/lock authority/tofu.db
 # GnuPG random pool, no need to regenerate on every build
 CLEANFILES += authority/random_seed
@@ -145 +146 @@
 if USE_MSVA
 msva_home = msva.gnupghome
-check_DATA += $(msva_home)/trustdb.gpg client/uid
-MOSTLYCLEANFILES += $(msva_home)/trustdb.gpg
-$(msva_home)/trustdb.gpg: authority/minimal.pgp client/cert.pgp
+check_DATA += $(msva_home)/trustdb.gpg authority/client/uid
+MOSTLYCLEANFILES += $(foreach pat,$(pgp_patterns),$(msva_home)$(pat))
+$(msva_home)/trustdb.gpg: authority/minimal.pgp authority/client/cert.pgp
         mkdir -p -m 0700 $(dir $@)
         GNUPGHOME=$(dir $@) gpg --import < $<
         printf "%s:6:\n" "$$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
-        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
+        GNUPGHOME=$(dir $@) gpg --import < authority/client/cert.pgp
         printf "keyserver does-not-exist.example\n" > $(msva_home)/gpg.conf
 endif
@@ -160 +161 @@
 MOSTLYCLEANFILES += authority/ocsp_index.txt authority/ocsp_index.txt.attr
 authority/ocsp_index.txt: $(x509_tokens) gen_ocsp_index authority/ocsp_index.txt.attr
-        ./gen_ocsp_index server/x509.pem client/x509.pem > $@
+        ./gen_ocsp_index server/x509.pem authority/client/x509.pem > $@
 
 authority/ocsp_index.txt.attr: authority/secret.key

test/runtests

@@ -139 +139 @@
     export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
 
-    msva_test_cmd="msva-query-agent https \"$(cat client/uid)\" x509pem client < client/x509.pem"
+    msva_test_cmd="msva-query-agent https \"$(cat authority/client/uid)\" x509pem client < authority/client/x509.pem"
     # check if MSVA is up, fail if not
     if wait_ready "${msva_test_cmd}"; then

test/tests/10_basic_client_verification/gnutls-cli.args

@@ -1 @@
---x509certfile=client/x509.pem
---x509keyfile=client/secret.key
+--x509certfile=authority/client/x509.pem
+--x509keyfile=authority/client/secret.key
 --x509cafile=authority/x509.pem
 --priority=NORMAL

test/tests/12_cgi_variables/gnutls-cli.args

@@ -1 @@
---x509certfile=client/x509.pem
---x509keyfile=client/secret.key
+--x509certfile=authority/client/x509.pem
+--x509keyfile=authority/client/secret.key
 --x509cafile=authority/x509.pem
 --priority=NORMAL:-KX-ALL:+DHE-RSA

test/tests/15_basic_msva/gnutls-cli.args

@@ -1 @@
---x509certfile=client/x509.pem
---x509keyfile=client/secret.key
+--x509certfile=authority/client/x509.pem
+--x509keyfile=authority/client/secret.key
 --x509cafile=authority/x509.pem
 --priority=NORMAL

test/tests/17_cgi_vars_large_cert/gnutls-cli.args

@@ -1 @@
---x509certfile=client/x509.pem
---x509keyfile=client/secret.key
+--x509certfile=authority/client/x509.pem
+--x509keyfile=authority/client/secret.key
 --x509cafile=authority/x509.pem
 --priority=NORMAL:-KX-ALL:+DHE-RSA

test/tests/20_TLS_reverse_proxy_client_auth/apache.conf

@@ -12 +12 @@
 
  GnuTLSProxyEngine              On
- GnuTLSProxyKeyFile             client/secret.key
- GnuTLSProxyCertificateFile     client/x509.pem
+ GnuTLSProxyKeyFile             authority/client/secret.key
+ GnuTLSProxyCertificateFile     authority/client/x509.pem
  GnuTLSProxyCAFile              authority/x509.pem
  GnuTLSProxyPriorities          NORMAL