diff options
author | Job Snijders <job@cvs.openbsd.org> | 2021-10-11 17:32:28 +0000 |
---|---|---|
committer | Job Snijders <job@cvs.openbsd.org> | 2021-10-11 17:32:28 +0000 |
commit | 37ea59e424cca99a480bc267b7a18743e615f87e (patch) | |
tree | f14cdb3fddb333c91d3bebfb49c1d886015c9bfb | |
parent | 84ad07567c4577f10050e880dc47c02f3c97583c (diff) |
Fold bgpsec cert & traditional certs into same test
-rw-r--r-- | regress/usr.sbin/rpki-client/Makefile.inc | 8 | ||||
-rw-r--r-- | regress/usr.sbin/rpki-client/cer/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer (renamed from regress/usr.sbin/rpki-client/bgpsec/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer) | bin | 875 -> 875 bytes | |||
-rw-r--r-- | regress/usr.sbin/rpki-client/test-bgpsec.c | 124 | ||||
-rw-r--r-- | regress/usr.sbin/rpki-client/test-cert.c | 21 |
4 files changed, 14 insertions, 139 deletions
diff --git a/regress/usr.sbin/rpki-client/Makefile.inc b/regress/usr.sbin/rpki-client/Makefile.inc index cb6d1e07398..cb5ef1b9a4f 100644 --- a/regress/usr.sbin/rpki-client/Makefile.inc +++ b/regress/usr.sbin/rpki-client/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.13 2021/10/07 10:34:39 claudio Exp $ +# $OpenBSD: Makefile.inc,v 1.14 2021/10/11 17:32:27 job Exp $ .PATH: ${.CURDIR}/../../../../usr.sbin/rpki-client @@ -8,7 +8,6 @@ PROGS += test-gbr PROGS += test-mft PROGS += test-roa PROGS += test-tal -PROGS += test-bgpsec .for p in ${PROGS} REGRESS_TARGETS += run-regress-$p @@ -32,11 +31,6 @@ run-regress-test-cert: test-cert ./test-cert -v ${.CURDIR}/../cer/*.cer ./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,} -SRCS_test-bgpsec+= test-bgpsec.c cert.c cms.c x509.c ip.c as.c io.c \ - log.c tal.c validate.c encoding.c -run-regress-test-bgpsec: test-bgpsec - ./test-bgpsec -v ${.CURDIR}/../bgpsec/*.cer - SRCS_test-mft+= test-mft.c mft.c cms.c x509.c io.c log.c validate.c \ encoding.c dummy.c run-regress-test-mft: test-mft diff --git a/regress/usr.sbin/rpki-client/bgpsec/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer b/regress/usr.sbin/rpki-client/cer/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer Binary files differindex 5eb4fc0be20..5eb4fc0be20 100644 --- a/regress/usr.sbin/rpki-client/bgpsec/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer +++ b/regress/usr.sbin/rpki-client/cer/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer diff --git a/regress/usr.sbin/rpki-client/test-bgpsec.c b/regress/usr.sbin/rpki-client/test-bgpsec.c deleted file mode 100644 index 4ac3ada9a5a..00000000000 --- a/regress/usr.sbin/rpki-client/test-bgpsec.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $Id: test-bgpsec.c,v 1.2 2021/10/11 16:55:18 job Exp $ */ -/* - * Copyright (c) 2021 Job Snijders <job@sobornost.net> - * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/socket.h> -#include <arpa/inet.h> - -#include <assert.h> -#include <err.h> -#include <inttypes.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include <openssl/err.h> -#include <openssl/evp.h> -#include <openssl/x509v3.h> - -#include "extern.h" - -#include "test-common.c" - -int verbose; - -static void -cert_print(const struct cert *p) -{ - size_t i; - char buf1[64], buf2[64]; - int sockt; - BIO *bio_out = NULL; - char tbuf[21]; - - assert(p != NULL); - - if ((bio_out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) - errx(1, "BIO_new_fp"); - - printf("Subject key identifier: %s\n", pretty_key_id(p->ski)); - printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); - printf("Authority info access: %s\n", p->aia); - printf("Revocation list: %s\n", p->crl); - strftime(tbuf, sizeof(tbuf), "%FT%TZ", gmtime(&p->expires)); - printf("Key valid until: %s\n", tbuf); - - for (i = 0; i < p->asz; i++) - switch (p->as[i].type) { - case CERT_AS_ID: - printf("%5zu: AS: %" - PRIu32 "\n", i + 1, p->as[i].id); - break; - case CERT_AS_RANGE: - printf("%5zu: AS: %" - PRIu32 "--%" PRIu32 "\n", i + 1, - p->as[i].range.min, p->as[i].range.max); - break; - default: - printf("%5zu: AS: invalid element", i + 1); - } - - printf("P-256 ECDSA key: %s", p->bgpsec_pubkey); -} - -int -main(int argc, char *argv[]) -{ - int c, i, verb = 0; - X509 *xp = NULL; - struct cert *p; - - ERR_load_crypto_strings(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); - - while ((c = getopt(argc, argv, "v")) != -1) - switch (c) { - case 'v': - verb++; - break; - default: - errx(1, "bad argument %c", c); - } - - argv += optind; - argc -= optind; - - if (argc == 0) - errx(1, "argument missing"); - - for (i = 0; i < argc; i++) { - p = cert_parse(&xp, argv[i]); - if (p == NULL) - break; - if (verb) - cert_print(p); - cert_free(p); - X509_free(xp); - } - - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - - if (i < argc) - errx(1, "test failed for %s", argv[i]); - - printf("\nOK\n"); - return 0; -} diff --git a/regress/usr.sbin/rpki-client/test-cert.c b/regress/usr.sbin/rpki-client/test-cert.c index 3fa2e69386e..f7385d4f84e 100644 --- a/regress/usr.sbin/rpki-client/test-cert.c +++ b/regress/usr.sbin/rpki-client/test-cert.c @@ -1,4 +1,4 @@ -/* $Id: test-cert.c,v 1.11 2021/10/07 10:34:39 claudio Exp $ */ +/* $Id: test-cert.c,v 1.12 2021/10/11 17:32:27 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -46,19 +46,23 @@ cert_print(const struct cert *p) assert(p != NULL); - printf("Manifest: %s\n", p->mft); - printf("caRepository: %s\n", p->repo); - if (p->notify != NULL) - printf("Notify URL: %s\n", p->notify); - if (p->crl != NULL) - printf("Revocation list: %s\n", p->crl); printf("Subject key identifier: %s\n", pretty_key_id(p->ski)); if (p->aki != NULL) printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); if (p->aia != NULL) printf("Authority info access: %s\n", p->aia); + if (p->mft != NULL) + printf("Manifest: %s\n", p->mft); + if (p->repo != NULL) + printf("caRepository: %s\n", p->repo); + if (p->notify != NULL) + printf("Notify URL: %s\n", p->notify); + if (p->bgpsec_pubkey != NULL) + printf("BGPsec P-256 ECDSA public key: %s\n", p->bgpsec_pubkey); strftime(tbuf, sizeof(tbuf), "%FT%TZ", gmtime(&p->expires)); - printf("CA valid until: %s\n", tbuf); + printf("Valid until: %s\n", tbuf); + + printf("Subordinate Resources:\n"); for (i = 0; i < p->asz; i++) switch (p->as[i].type) { @@ -94,6 +98,7 @@ cert_print(const struct cert *p) printf("%5zu: IP: %s--%s\n", i + 1, buf1, buf2); break; } + } int |