From: Adrian-Ken Rueegsegger <ken@codelabs.ch>
Date: Fri, 25 Sep 2020 16:36:34 +0000 (+0200)
Subject: testing: Use multi-CA aware TKM
X-Git-Tag: 5.9.2dr2~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eccca505aaf478100bcaed8ce1584b079d1da116;p=thirdparty%2Fstrongswan.git

testing: Use multi-CA aware TKM

Also add CA ID to tkm_keymanager command.
---

diff --git a/testing/scripts/recipes/010_tkm.mk b/testing/scripts/recipes/010_tkm.mk
index a999ef83fe..4d8af638a0 100644
--- a/testing/scripts/recipes/010_tkm.mk
+++ b/testing/scripts/recipes/010_tkm.mk
@@ -2,7 +2,7 @@
 
 PKG = tkm
 SRC = https://git.codelabs.ch/git/$(PKG).git
-REV = 53d224a7312124516aa6220743355c896be6345a
+REV = 5320ec82f2221d9c4d5be106f6b90287bfb4acce
 
 export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
 
diff --git a/testing/tests/tkm/host2host-initiator/pretest.dat b/testing/tests/tkm/host2host-initiator/pretest.dat
index 7cb90ac261..6be277737f 100644
--- a/testing/tests/tkm/host2host-initiator/pretest.dat
+++ b/testing/tests/tkm/host2host-initiator/pretest.dat
@@ -1,7 +1,7 @@
 moon::rm /etc/ipsec.secrets
 moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
 moon::cat /etc/ipsec.conf
-moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der:1 >/tmp/tkm.log 2>&1 &
 moon::expect-file /tmp/tkm.rpc.ike
 moon::DAEMON_NAME=charon-tkm ipsec start
 sun::ipsec start
diff --git a/testing/tests/tkm/host2host-responder/pretest.dat b/testing/tests/tkm/host2host-responder/pretest.dat
index 40e84453f3..9f8c7be1fc 100644
--- a/testing/tests/tkm/host2host-responder/pretest.dat
+++ b/testing/tests/tkm/host2host-responder/pretest.dat
@@ -1,7 +1,7 @@
 moon::rm /etc/ipsec.secrets
 moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
 moon::cat /etc/ipsec.conf
-moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der:1 >/tmp/tkm.log 2>&1 &
 moon::expect-file /tmp/tkm.rpc.ike
 moon::DAEMON_NAME=charon-tkm ipsec start
 sun::ipsec start
diff --git a/testing/tests/tkm/host2host-xfrmproxy/pretest.dat b/testing/tests/tkm/host2host-xfrmproxy/pretest.dat
index d645ddbfe9..9d2d2580c1 100644
--- a/testing/tests/tkm/host2host-xfrmproxy/pretest.dat
+++ b/testing/tests/tkm/host2host-xfrmproxy/pretest.dat
@@ -2,7 +2,7 @@ sun::ipsec start
 moon::rm /etc/ipsec.secrets
 moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
 moon::cat /etc/ipsec.conf
-moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der:1 >/tmp/tkm.log 2>&1 &
 moon::expect-file /tmp/tkm.rpc.ike
 moon::DAEMON_NAME=charon-tkm ipsec start
 moon::expect-file /tmp/tkm.rpc.ees
diff --git a/testing/tests/tkm/multiple-clients/pretest.dat b/testing/tests/tkm/multiple-clients/pretest.dat
index ec83662f5c..16a8ffd0fb 100644
--- a/testing/tests/tkm/multiple-clients/pretest.dat
+++ b/testing/tests/tkm/multiple-clients/pretest.dat
@@ -1,7 +1,7 @@
 sun::rm /etc/ipsec.secrets
 sun::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
 sun::cat /etc/ipsec.conf
-sun::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/sunKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+sun::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/sunKey.der -r /etc/tkm/strongswanCert.der:1 >/tmp/tkm.log 2>&1 &
 sun::expect-file /tmp/tkm.rpc.ike
 sun::DAEMON_NAME=charon-tkm ipsec start
 carol::ipsec start
diff --git a/testing/tests/tkm/net2net-initiator/pretest.dat b/testing/tests/tkm/net2net-initiator/pretest.dat
index f84c8fcd27..e30b3b1b9b 100644
--- a/testing/tests/tkm/net2net-initiator/pretest.dat
+++ b/testing/tests/tkm/net2net-initiator/pretest.dat
@@ -1,7 +1,7 @@
 moon::rm /etc/ipsec.secrets
 moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
 moon::cat /etc/ipsec.conf
-moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der:1 >/tmp/tkm.log 2>&1 &
 moon::expect-file /tmp/tkm.rpc.ike
 moon::DAEMON_NAME=charon-tkm ipsec start
 sun::ipsec start
diff --git a/testing/tests/tkm/net2net-xfrmproxy/pretest.dat b/testing/tests/tkm/net2net-xfrmproxy/pretest.dat
index 4732a37f60..d022155a79 100644
--- a/testing/tests/tkm/net2net-xfrmproxy/pretest.dat
+++ b/testing/tests/tkm/net2net-xfrmproxy/pretest.dat
@@ -2,7 +2,7 @@ sun::ipsec start
 moon::rm /etc/ipsec.secrets
 moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
 moon::cat /etc/ipsec.conf
-moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der:1 >/tmp/tkm.log 2>&1 &
 moon::expect-file /tmp/tkm.rpc.ike
 moon::DAEMON_NAME=charon-tkm ipsec start
 moon::expect-file /tmp/tkm.rpc.ees
diff --git a/testing/tests/tkm/xfrmproxy-expire/pretest.dat b/testing/tests/tkm/xfrmproxy-expire/pretest.dat
index d645ddbfe9..9d2d2580c1 100644
--- a/testing/tests/tkm/xfrmproxy-expire/pretest.dat
+++ b/testing/tests/tkm/xfrmproxy-expire/pretest.dat
@@ -2,7 +2,7 @@ sun::ipsec start
 moon::rm /etc/ipsec.secrets
 moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
 moon::cat /etc/ipsec.conf
-moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der:1 >/tmp/tkm.log 2>&1 &
 moon::expect-file /tmp/tkm.rpc.ike
 moon::DAEMON_NAME=charon-tkm ipsec start
 moon::expect-file /tmp/tkm.rpc.ees
diff --git a/testing/tests/tkm/xfrmproxy-rekey/pretest.dat b/testing/tests/tkm/xfrmproxy-rekey/pretest.dat
index d645ddbfe9..9d2d2580c1 100644
--- a/testing/tests/tkm/xfrmproxy-rekey/pretest.dat
+++ b/testing/tests/tkm/xfrmproxy-rekey/pretest.dat
@@ -2,7 +2,7 @@ sun::ipsec start
 moon::rm /etc/ipsec.secrets
 moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
 moon::cat /etc/ipsec.conf
-moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der:1 >/tmp/tkm.log 2>&1 &
 moon::expect-file /tmp/tkm.rpc.ike
 moon::DAEMON_NAME=charon-tkm ipsec start
 moon::expect-file /tmp/tkm.rpc.ees