From 47ccb9ce247885bec0899cccdb0f2684f1ea91d1 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 27 Dec 2019 19:37:06 +0200
Subject: [PATCH] tests: Move ocsp-server-cache-key-id.der generation into test
 case

There is no need to generate this OCSP response for every single test
session. Generate this more dynamically if the test case that uses the
particular file is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 tests/hwsim/start.sh       | 11 -----------
 tests/hwsim/test_ap_eap.py | 29 +++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/tests/hwsim/start.sh b/tests/hwsim/start.sh
index f09f407c4..3cb80cf4e 100755
--- a/tests/hwsim/start.sh
+++ b/tests/hwsim/start.sh
@@ -155,17 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
     cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
 fi
 
-openssl ocsp -index $DIR/auth_serv/index.txt \
-    -rsigner $DIR/auth_serv/ocsp-responder.pem \
-    -rkey $DIR/auth_serv/ocsp-responder.key \
-    -resp_key_id \
-    -CA $DIR/auth_serv/ca.pem \
-    -issuer $DIR/auth_serv/ca.pem \
-    -verify_other $DIR/auth_serv/ca.pem -trust_other \
-    -ndays 7 \
-    -reqin $DIR/auth_serv/ocsp-req.der \
-    -respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1
-
 for i in unknown revoked; do
     openssl ocsp -index $DIR/auth_serv/index-$i.txt \
 	-rsigner $DIR/auth_serv/ocsp-responder.pem \
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index c6e724ad3..0c0288a79 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -4118,11 +4118,40 @@ def int_eap_server_params():
               "dh_file": "auth_serv/dh.conf"}
     return params
 
+def run_openssl(arg):
+    logger.info(' '.join(arg))
+    cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
+                           stderr=subprocess.PIPE)
+    res = cmd.stdout.read().decode() + "\n" + cmd.stderr.read().decode()
+    cmd.stdout.close()
+    cmd.stderr.close()
+    cmd.wait()
+    if cmd.returncode != 0:
+        raise Exception("bad return code from openssl\n\n" + res)
+    logger.info("openssl result:\n" + res)
+
+def ocsp_cache_key_id(outfile):
+    if os.path.exists(outfile):
+        return
+    arg = ["openssl", "ocsp", "-index", "auth_serv/index.txt",
+           '-rsigner', 'auth_serv/ocsp-responder.pem',
+           '-rkey', 'auth_serv/ocsp-responder.key',
+           '-resp_key_id',
+           '-CA', 'auth_serv/ca.pem',
+           '-issuer', 'auth_serv/ca.pem',
+           '-verify_other', 'auth_serv/ca.pem',
+           '-trust_other',
+           '-ndays', '7',
+           '-reqin', 'auth_serv/ocsp-req.der',
+           '-respout', outfile]
+    run_openssl(arg)
+
 def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params):
     """EAP-TLS and OCSP certificate signed OCSP response using key ID"""
     check_ocsp_support(dev[0])
     check_pkcs12_support(dev[0])
     ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der")
+    ocsp_cache_key_id(ocsp)
     if not os.path.exists(ocsp):
         raise HwsimSkip("No OCSP response available")
     params = int_eap_server_params()
-- 
2.39.2