tests: Move ocsp-server-cache-{revoked,unknown}.der generation into test case

There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/tests/hwsim/start.sh b/tests/hwsim/start.sh
index 3cb80cf4e5ca47d1d4892e3964c20a6e1825d600..b5b311b81d29c1dd21ecc301b357b1da2d9d26d4 100755 (executable)
--- a/tests/hwsim/start.sh
+++ b/tests/hwsim/start.sh
@@ -155,18 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
     cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
 fi
 
-for i in unknown revoked; do
-    openssl ocsp -index $DIR/auth_serv/index-$i.txt \
-       -rsigner $DIR/auth_serv/ocsp-responder.pem \
-       -rkey $DIR/auth_serv/ocsp-responder.key \
-       -CA $DIR/auth_serv/ca.pem \
-       -issuer $DIR/auth_serv/ca.pem \
-       -verify_other $DIR/auth_serv/ca.pem -trust_other \
-       -ndays 7 \
-       -reqin $DIR/auth_serv/ocsp-req.der \
-       -respout $LOGDIR/ocsp-server-cache-$i.der >> $LOGDIR/ocsp.log 2>&1
-done
-
 openssl ocsp -reqout $LOGDIR/ocsp-req.der -issuer $DIR/auth_serv/ca.pem \
     -sha256 -serial 0xD8D3E3A6CBE3CD1F -no_nonce >> $LOGDIR/ocsp.log 2>&1
 for i in "" "-unknown" "-revoked"; do

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 094f724b93842c8a8f3b634cfee7a8edcf719f7e..3faf46a05a2a29ba5222885eb257966868f8905f 100644 (file)
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -4352,10 +4352,26 @@ def test_ap_wpa2_eap_tls_ocsp_unknown_sign(dev, apdev):
     if ev is None:
         raise Exception("Timeout on EAP failure report")
 
+def ocsp_resp_status(outfile, status):
+    if os.path.exists(outfile):
+        return
+    arg = ["openssl", "ocsp", "-index", "auth_serv/index-%s.txt" % status,
+           '-rsigner', 'auth_serv/ocsp-responder.pem',
+           '-rkey', 'auth_serv/ocsp-responder.key',
+           '-CA', 'auth_serv/ca.pem',
+           '-issuer', 'auth_serv/ca.pem',
+           '-verify_other', 'auth_serv/ca.pem',
+           '-trust_other',
+           '-ndays', '7',
+           '-reqin', 'auth_serv/ocsp-req.der',
+           '-respout', outfile]
+    run_openssl(arg)
+
 def test_ap_wpa2_eap_ttls_ocsp_revoked(dev, apdev, params):
     """WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked"""
     check_ocsp_support(dev[0])
     ocsp = os.path.join(params['logdir'], "ocsp-server-cache-revoked.der")
+    ocsp_resp_status(ocsp, "revoked")
     if not os.path.exists(ocsp):
         raise HwsimSkip("No OCSP response available")
     params = int_eap_server_params()
@@ -4384,9 +4400,10 @@ def test_ap_wpa2_eap_ttls_ocsp_revoked(dev, apdev, params):
         raise Exception("Timeout on EAP failure report")
 
 def test_ap_wpa2_eap_ttls_ocsp_unknown(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked"""
+    """WPA2-Enterprise connection using EAP-TTLS and OCSP status unknown"""
     check_ocsp_support(dev[0])
     ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der")
+    ocsp_resp_status(ocsp, "unknown")
     if not os.path.exists(ocsp):
         raise HwsimSkip("No OCSP response available")
     params = int_eap_server_params()
@@ -4413,9 +4430,10 @@ def test_ap_wpa2_eap_ttls_ocsp_unknown(dev, apdev, params):
         raise Exception("Timeout on EAP failure report")
 
 def test_ap_wpa2_eap_ttls_optional_ocsp_unknown(dev, apdev, params):
-    """WPA2-Enterprise connection using EAP-TTLS and OCSP status revoked"""
+    """WPA2-Enterprise connection using EAP-TTLS and OCSP status unknown"""
     check_ocsp_support(dev[0])
     ocsp = os.path.join(params['logdir'], "ocsp-server-cache-unknown.der")
+    ocsp_resp_status(ocsp, "unknown")
     if not os.path.exists(ocsp):
         raise HwsimSkip("No OCSP response available")
     params = int_eap_server_params()