From: Adrian-Ken Rueegsegger <ken@codelabs.ch>
Date: Fri, 25 Sep 2020 08:47:46 +0000 (+0200)
Subject: testing: Add CA ID mappings to TKM tests
X-Git-Tag: 5.9.2dr2~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6cf4a165bbbaf808c0d9d218c40e9ec440ea8df;p=thirdparty%2Fstrongswan.git

testing: Add CA ID mappings to TKM tests

Extend the build-certs-chroot script is to fill in the public key
fingerprint of the CA certificate in the appropriate strongswan.con
files.
---

diff --git a/testing/scripts/build-certs-chroot b/testing/scripts/build-certs-chroot
index b14e4a9736..7d464c3681 100755
--- a/testing/scripts/build-certs-chroot
+++ b/testing/scripts/build-certs-chroot
@@ -1925,3 +1925,30 @@ do
       -e "s|SUN_PUB_DNS|${SUN_PUB_DNS}|g" \
       ${TEST_DATA}.in > ${TEST_DATA}
 done
+
+################################################################################
+# TKM CA ID mapping                                                            #
+################################################################################
+
+for t in host2host-initiator host2host-responder host2host-xfrmproxy \
+         net2net-initiator net2net-xfrmproxy xfrmproxy-expire xfrmproxy-rekey
+do
+  for h in moon
+  do
+    TEST_DATA="${TEST_DIR}/tkm/${t}/hosts/moon/etc/strongswan.conf"
+    sed -e "s/CA_SPK_HEX/${CA_SPK_HEX}/g" \
+        -e "s/CA_SPKI_HEX/${CA_SPKI_HEX}/g" \
+        ${TEST_DATA}.in > ${TEST_DATA}
+  done
+done
+
+for t in multiple-clients
+do
+  for h in sun
+  do
+    TEST_DATA="${TEST_DIR}/tkm/${t}/hosts/${h}/etc/strongswan.conf"
+    sed -e "s/CA_SPK_HEX/${CA_SPK_HEX}/g" \
+        -e "s/CA_SPKI_HEX/${CA_SPKI_HEX}/g" \
+        ${TEST_DATA}.in > ${TEST_DATA}
+  done
+done
diff --git a/testing/tests/tkm/.gitignore b/testing/tests/tkm/.gitignore
index fd93a9fff3..7fce40b548 100644
--- a/testing/tests/tkm/.gitignore
+++ b/testing/tests/tkm/.gitignore
@@ -1 +1,2 @@
 *.der
+strongswan.conf
diff --git a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf.in
similarity index 55%
rename from testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf.in
index cc9d6e0724..bd076cf846 100644
--- a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/strongswan.conf.in
@@ -5,4 +5,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }
diff --git a/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf.in
similarity index 55%
rename from testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf.in
index cc9d6e0724..bd076cf846 100644
--- a/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-responder/hosts/moon/etc/strongswan.conf.in
@@ -5,4 +5,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }
diff --git a/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf.in
similarity index 55%
rename from testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf.in
index cc9d6e0724..bd076cf846 100644
--- a/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/strongswan.conf.in
@@ -5,4 +5,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }
diff --git a/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf.in
similarity index 55%
rename from testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf
rename to testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf.in
index cc9d6e0724..bd076cf846 100644
--- a/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tkm/multiple-clients/hosts/sun/etc/strongswan.conf.in
@@ -5,4 +5,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }
diff --git a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index cc9d6e0724..0000000000
--- a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-tkm {
-  dh_mapping {
-    15 = 1
-    16 = 2
-  }
-}
diff --git a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf.in b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf.in
new file mode 100644
index 0000000000..bd076cf846
--- /dev/null
+++ b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/strongswan.conf.in
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+  dh_mapping {
+    15 = 1
+    16 = 2
+  }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
+}
diff --git a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index cc9d6e0724..0000000000
--- a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-tkm {
-  dh_mapping {
-    15 = 1
-    16 = 2
-  }
-}
diff --git a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf.in b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf.in
new file mode 100644
index 0000000000..bd076cf846
--- /dev/null
+++ b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/strongswan.conf.in
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon-tkm {
+  dh_mapping {
+    15 = 1
+    16 = 2
+  }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
+}
diff --git a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf.in
similarity index 69%
rename from testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf.in
index 5b79af9f40..e9ab536290 100644
--- a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf.in
@@ -7,4 +7,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }
diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf.in
similarity index 69%
rename from testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf
rename to testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf.in
index 5b79af9f40..e9ab536290 100644
--- a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf.in
@@ -7,4 +7,10 @@ charon-tkm {
     15 = 1
     16 = 2
   }
+  ca_mapping {
+    strongswan_ca {
+      id = 1
+      fingerprint = CA_SPK_HEX
+    }
+  }
 }