3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-22 06:29:23 +01:00

build: Generate certificates for unit testing locally

This commit is contained in:
Marcel Holtmann 2019-05-11 10:11:12 +02:00
parent f3ed078adf
commit cde9933124
3 changed files with 92 additions and 29 deletions

View File

@ -325,11 +325,6 @@ if CLIENT
unit_tests += unit/test-client
endif
ell_pem_files = cert-ca-key.pem cert-client-key.pem cert-client-key-pkcs8.pem \
cert-server-key.pem cert-server-key-pkcs8.pem \
cert-ca.pem cert-client.pem cert-server.pem
if MAINTAINER_MODE
noinst_PROGRAMS += $(unit_tests)
endif
@ -404,7 +399,10 @@ unit_test_eapol_SOURCES = unit/test-eapol.c \
src/erp.h src/erp.c \
src/mschaputil.h src/mschaputil.c
unit_test_eapol_LDADD = $(ell_ldadd)
unit_test_eapol_DEPENDENCIES = ell/unit/test_data
unit_test_eapol_DEPENDENCIES = unit/cert-server.pem \
unit/cert-server-key-pkcs8.pem \
unit/cert-client.pem \
unit/cert-client-key-pkcs8.pem
unit_test_util_SOURCES = src/util.h src/util.c \
unit/test-util.c
@ -465,10 +463,12 @@ endif
EXTRA_DIST = src/genbuiltin src/iwd.service.in src/net.connman.iwd.service \
wired/ead.service.in wired/net.connman.ead.service \
src/pkcs8.conf doc/main.conf $(manual_pages:.1=.txt)
src/pkcs8.conf unit/gencerts.cnf \
doc/main.conf $(manual_pages:.1=.txt)
AM_CFLAGS = $(ell_cflags) -fvisibility=hidden \
-DELL_UNIT_TEST_DATA=\"$(abs_builddir)/ell/unit/\"
-DUNITDIR=\""$(top_srcdir)/unit/"\" \
-DCERTDIR=\""$(top_builddir)/unit/"\"
CLEANFILES = src/iwd.service wired/ead.service
@ -483,6 +483,58 @@ DISTCLEANFILES = $(BUILT_SOURCES) $(unit_tests) $(manual_pages)
MAINTAINERCLEANFILES = Makefile.in configure config.h.in aclocal.m4
true_redirect_openssl = 2>&1
false_redirect_openssl = 2>/dev/null
unit/cert-ca-key.pem:
$(AM_V_GEN)openssl genrsa -out $@ 2048 $($(AM_V_P)_redirect_openssl)
unit/cert-ca.pem: unit/cert-ca-key.pem unit/gencerts.cnf
$(AM_V_GEN)openssl req -x509 -new -nodes -extensions ca_ext \
-config $(srcdir)/unit/gencerts.cnf \
-subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' \
-key $< -sha256 -days 10000 -out $@
unit/cert-server-key.pem:
$(AM_V_GEN)openssl genrsa -out $@ $($(AM_V_P)_redirect_openssl)
unit/cert-server-key-pkcs8.pem: unit/cert-server-key.pem
$(AM_V_GEN)openssl pkcs8 -topk8 -nocrypt -in $< -out $@
unit/cert-server.csr: unit/cert-server-key.pem unit/gencerts.cnf
$(AM_V_GEN)openssl req -new -extensions cert_ext \
-config $(srcdir)/unit/gencerts.cnf \
-subj '/O=Foo Example Organization/CN=Foo Example Organization/emailAddress=foo@mail.example' \
-key $< -out $@
unit/cert-server.pem: unit/cert-server.csr unit/cert-ca.pem unit/gencerts.cnf
$(AM_V_GEN)openssl x509 -req -extensions cert_ext \
-extfile $(srcdir)/unit/gencerts.cnf \
-in $< -CA $(builddir)/unit/cert-ca.pem \
-CAkey $(builddir)/unit/cert-ca-key.pem \
-CAserial $(builddir)/unit/cert-ca.srl \
-CAcreateserial -sha256 -days 10000 -out $@ $($(AM_V_P)_redirect_openssl)
unit/cert-client-key.pem:
$(AM_V_GEN)openssl genrsa -out $@ $($(AM_V_P)_redirect_openssl)
unit/cert-client-key-pkcs8.pem: unit/cert-client-key.pem
$(AM_V_GEN)openssl pkcs8 -topk8 -nocrypt -in $< -out $@
unit/cert-client.csr: unit/cert-client-key.pem unit/gencerts.cnf
$(AM_V_GEN)openssl req -new -extensions cert_ext \
-config $(srcdir)/unit/gencerts.cnf \
-subj '/O=Bar Example Organization/CN=Bar Example Organization/emailAddress=bar@mail.example' \
-key $< -out $@
unit/cert-client.pem: unit/cert-client.csr unit/cert-ca.pem unit/gencerts.cnf
$(AM_V_GEN)openssl x509 -req -extensions cert_ext \
-extfile $(srcdir)/unit/gencerts.cnf \
-in $< -CA $(builddir)/unit/cert-ca.pem \
-CAkey $(builddir)/unit/cert-ca-key.pem \
-CAserial $(builddir)/unit/cert-ca.srl \
-CAcreateserial -sha256 -days 10000 -out $@ $($(AM_V_P)_redirect_openssl)
BUILT_SOURCES = $(ell_built_sources) src/builtin.h
ell/internal: Makefile
@ -499,14 +551,6 @@ ell/ell.h: Makefile
echo "#include <$$f>" >> $@ ; \
done
ell/unit/test_data: Makefile
$(AM_V_at)$(MKDIR_P) $(abs_builddir)/ell/unit
$(AM_V_GEN)for f in $(ell_pem_files) ; do \
if [ ! -f $$f ] ; then \
$(LN_S) -t $(abs_builddir)/ell/unit -f $(abs_srcdir)/../ell/unit/$$f ; \
fi \
done > $@
SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
$(SED) -e 's,@libexecdir\@,$(libexecdir),g' \
< $< > $@
@ -518,7 +562,7 @@ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
$(AM_V_GEN)$(A2X) --doctype manpage --format manpage $(srcdir)/$<
clean-local:
-rm -rf $(abs_builddir)/ell/unit/*.pem $(abs_builddir)/ell/unit/test_data
-rm -f unit/cert-*.pem unit/cert-*.csr unit/cert-*.srl
maintainer-clean-local:
-rm -rf build-aux ell

19
unit/gencerts.cnf Normal file
View File

@ -0,0 +1,19 @@
[ req ]
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
[ ca_ext ]
basicConstraints = CA:TRUE,pathlen:0
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ int_ext ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ cert_ext ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

View File

@ -2947,9 +2947,9 @@ static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
s->tx_buf_len = 0;
s->tx_buf_offset = 0;
assert(l_tls_set_auth_data(s->tls, ELL_UNIT_TEST_DATA "cert-server.pem",
ELL_UNIT_TEST_DATA "cert-server-key-pkcs8.pem", NULL));
assert(l_tls_set_cacert(s->tls, ELL_UNIT_TEST_DATA "cert-ca.pem"));
assert(l_tls_set_auth_data(s->tls, CERTDIR "cert-server.pem",
CERTDIR "cert-server-key-pkcs8.pem", NULL));
assert(l_tls_set_cacert(s->tls, CERTDIR "cert-ca.pem"));
assert(l_tls_start(s->tls));
start = 1;
@ -3113,9 +3113,9 @@ static void eapol_sm_test_eap_tls(const void *data)
static const char *eapol_8021x_config = "[Security]\n"
"EAP-Method=TLS\n"
"EAP-Identity=abc@example.com\n"
"EAP-TLS-CACert=" ELL_UNIT_TEST_DATA "cert-ca.pem\n"
"EAP-TLS-ClientCert=" ELL_UNIT_TEST_DATA "cert-client.pem\n"
"EAP-TLS-ClientKey=" ELL_UNIT_TEST_DATA "cert-client-key-pkcs8.pem";
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
"EAP-TLS-ClientCert=" CERTDIR "cert-client.pem\n"
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem";
struct eapol_8021x_tls_test_state s;
s.app_data_cb = eapol_sm_test_tls_new_data;
@ -3189,9 +3189,9 @@ static void eapol_sm_test_eap_ttls_md5(const void *data)
static const char *eapol_8021x_config = "[Security]\n"
"EAP-Method=TTLS\n"
"EAP-Identity=abc@example.com\n"
"EAP-TTLS-CACert=" ELL_UNIT_TEST_DATA "cert-ca.pem\n"
"EAP-TTLS-ClientCert=" ELL_UNIT_TEST_DATA "cert-client.pem\n"
"EAP-TTLS-ClientKey=" ELL_UNIT_TEST_DATA "cert-client-key-pkcs8.pem\n"
"EAP-TTLS-CACert=" CERTDIR "cert-ca.pem\n"
"EAP-TTLS-ClientCert=" CERTDIR "cert-client.pem\n"
"EAP-TTLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem\n"
"EAP-TTLS-Phase2-Method=MD5\n"
"EAP-TTLS-Phase2-Identity=abc@example.com\n"
"EAP-TTLS-Phase2-Password=testpasswd";
@ -3258,9 +3258,9 @@ static void eapol_sm_test_eap_nak(const void *data)
static const char *eapol_8021x_config = "[Security]\n"
"EAP-Method=TLS\n"
"EAP-Identity=abc@example.com\n"
"EAP-TLS-CACert=" ELL_UNIT_TEST_DATA "cert-ca.pem\n"
"EAP-TLS-ClientCert=" ELL_UNIT_TEST_DATA "cert-client.pem\n"
"EAP-TLS-ClientKey=" ELL_UNIT_TEST_DATA "cert-client-key-pkcs8.pem";
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
"EAP-TLS-ClientCert=" CERTDIR "cert-client.pem\n"
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem";
static const unsigned char ap_wpa_ie[] = {
0xdd, 0x16, 0x00, 0x50, 0xf2, 0x01, 0x01, 0x00,
0x00, 0x50, 0xf2, 0x02, 0x01, 0x00, 0x00, 0x50,