testing: Add CA ID mappings to TKM tests

Extend the build-certs-chroot script is to fill in the public key
fingerprint of the CA certificate in the appropriate strongswan.con
files.

diff --git a/testing/scripts/build-certs-chroot b/testing/scripts/build-certs-chroot
index b14e4a9736ac85890837b6c7a87e63ce54a534ef..7d464c36819f3818dade6e3de48d77e51b292534 100755 (executable)
--- a/testing/scripts/build-certs-chroot
+++ b/testing/scripts/build-certs-chroot
@@ -1925,3 +1925,30 @@ do
       -e "s|SUN_PUB_DNS|${SUN_PUB_DNS}|g" \
       ${TEST_DATA}.in > ${TEST_DATA}
 done
+
+################################################################################
+# TKM CA ID mapping                                                            #
+################################################################################
+
+for t in host2host-initiator host2host-responder host2host-xfrmproxy \
+         net2net-initiator net2net-xfrmproxy xfrmproxy-expire xfrmproxy-rekey
+do
+  for h in moon
+  do
+    TEST_DATA="${TEST_DIR}/tkm/${t}/hosts/moon/etc/strongswan.conf"
+    sed -e "s/CA_SPK_HEX/${CA_SPK_HEX}/g" \
+        -e "s/CA_SPKI_HEX/${CA_SPKI_HEX}/g" \
+        ${TEST_DATA}.in > ${TEST_DATA}
+  done
+done
+
+for t in multiple-clients
+do
+  for h in sun
+  do
+    TEST_DATA="${TEST_DIR}/tkm/${t}/hosts/${h}/etc/strongswan.conf"
+    sed -e "s/CA_SPK_HEX/${CA_SPK_HEX}/g" \
+        -e "s/CA_SPKI_HEX/${CA_SPKI_HEX}/g" \
+        ${TEST_DATA}.in > ${TEST_DATA}
+  done
+done

diff --git a/testing/tests/tkm/.gitignore b/testing/tests/tkm/.gitignore
index fd93a9fff30c22f26c5dd3ce5211d4ee4be47553..7fce40b5486302218f30a2a45a3c93680900314c 100644 (file)
--- a/testing/tests/tkm/.gitignore
+++ b/testing/tests/tkm/.gitignore
@@ -1 +1,2 @@
 *.der
+strongswan.conf

diff --git a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf.in
similarity index 55%
rename from testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf.in
index cc9d6e07241913c4a1c1a8f9a9a54bbac3489298..bd076cf846deaeb721e19adcd311b3fa1692d65b 100644 (file)
--- a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf.in
@@ -5,4 +5,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }

diff --git a/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf.in
similarity index 55%
rename from testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf.in
index cc9d6e07241913c4a1c1a8f9a9a54bbac3489298..bd076cf846deaeb721e19adcd311b3fa1692d65b 100644 (file)
--- a/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf.in
@@ -5,4 +5,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }

diff --git a/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf.in
similarity index 55%
rename from testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf.in
index cc9d6e07241913c4a1c1a8f9a9a54bbac3489298..bd076cf846deaeb721e19adcd311b3fa1692d65b 100644 (file)
--- a/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf.in
@@ -5,4 +5,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }

diff --git a/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf.in
similarity index 55%
rename from testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf
rename to testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf.in
index cc9d6e07241913c4a1c1a8f9a9a54bbac3489298..bd076cf846deaeb721e19adcd311b3fa1692d65b 100644 (file)
--- a/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf.in
@@ -5,4 +5,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }

diff --git a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index cc9d6e0..0000000
--- a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-tkm {
-  dh_mapping {
-    15 = 1
-    16 = 2
-  }
-}

diff --git a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf.in b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf.in
new file mode 100644 (file)
index 0000000..bd076cf
--- /dev/null
+++ b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf.in
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+  dh_mapping {
+    15 = 1
+    16 = 2
+  }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
+}

diff --git a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index cc9d6e0..0000000
--- a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-tkm {
-  dh_mapping {
-    15 = 1
-    16 = 2
-  }
-}

diff --git a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf.in b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf.in
new file mode 100644 (file)
index 0000000..bd076cf
--- /dev/null
+++ b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf.in
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+  dh_mapping {
+    15 = 1
+    16 = 2
+  }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
+}

diff --git a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf.in
similarity index 69%
rename from testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf.in
index 5b79af9f40476a7c05e86832ad95f61f57852e09..e9ab53629062d00eb10f8ed5709f6ae87d1b0efe 100644 (file)
--- a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf.in
@@ -7,4 +7,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }

diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf.in
similarity index 69%
rename from testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf.in
index 5b79af9f40476a7c05e86832ad95f61f57852e09..e9ab53629062d00eb10f8ed5709f6ae87d1b0efe 100644 (file)
--- a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf.in
@@ -7,4 +7,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }