-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathMakefile_tests
155 lines (133 loc) · 6.19 KB
/
Makefile_tests
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#!/usr/bin/make
# Optional CMPCLIENT specifies the CMP CLI application (including path) to use
# Optional OPENSSL specifies the OpenSSL CLI application (including path) to use
PERL=/usr/bin/perl
ifeq ($(OS),Windows_NT)
EXE=.exe
DLL=.dll
OBJ=.obj
# LIB=bin
PINGCOUNTOPT=-n
else
EXE=
DLL=.so
OBJ=.o
# LIB=lib
PINGCOUNTOPT=-c
endif
# defaults for tests:
CMPCLIENT ?= ./cmpClient$(EXE)
OPENSSL ?= openssl$(EXE)
# optional SET_PROXY variable can be set to override default proxy settings
SET_PROXY ?= no_proxy=localhost,127.0.0.1
# LightweightCmpRa #############################################################
LWCMPRA_DIR=LightweightCmpRa
CMPRACOMP_DIR=cmp-ra-component
$(LWCMPRA_DIR)/pom.xml:
git submodule update $(GIT_PROGRESS) --init --depth 1 $(LWCMPRA_DIR)
$(CMPRACOMP_DIR)/pom.xml:
git submodule update $(GIT_PROGRESS) --init --depth 1 $(CMPRACOMP_DIR)
LWCMPRA_JAR=$(LWCMPRA_DIR)/target/LightweightCmpRa-4.0.2.jar # TODO make version flexible
$(LWCMPRA_JAR): $(LWCMPRA_DIR)/pom.xml
cd $(LWCMPRA_DIR) && mvn clean install -DskipTests=true
CMPRACOMP_JAR=$(CMPRACOMP_DIR)/target/CmpRaComponent-4.1.2.jar # TODO make version flexible
$(CMPRACOMP_JAR): $(CMPRACOMP_DIR)/pom.xml
cd $(CMPRACOMP_DIR) && mvn clean install -DskipTests=true -Dgpg.skip
LWCMPRA_JAR ?= $(LWCMPRA_JAR) # was: ./LightweightCmpRa.jar
LWCMPRA_RUN = java -jar $(LWCMPRA_JAR)
# may insert before -jar: -Dorg.slf4j.simpleLogger.log.com.siemens.pki.cmpracomponent.msgprocessing.CmpRaImplementation=trace
CMPCAMOCK_JAR ?= ./CmpCaMock.jar # TODO: $(LWCMPRA_DIR)/target/??
CMPCAMOCK_RUN = java -jar $(CMPCAMOCK_JAR)# -verbose:class
.phony: tests_LwCmp
tests_LwCmp:
ifneq ("$(wildcard $(CMPCAMOCK_JAR))","")
tests_LwCmp: start_LwCmp conformance_cmpclient conformance_openssl test_LwCmp stop_LwCmp
endif
.phony: start_LwCmp stop_LwCmp
start_LwCmp: $(CMPRACOMP_JAR) $(LWCMPRA_JAR)
@echo starting LightweightCmpRA
@ #mkdir test/Upstream test/Downstream 2>/dev/null || true
@$(LWCMPRA_RUN) config/tests.yml &
@echo starting CmpCaMock
@CLASSPATH=CmpCaMock_lib $(CMPCAMOCK_RUN) . http://localhost:7000/ca credentials/ENROLL_Keystore.p12 credentials/CMP_CA_Keystore.p12 &
@sleep 2
stop_LwCmp:
@PID=`ps aux|grep "$(LWCMPRA_RUN)" | grep -v grep | awk '{ print $$2 }'` && \
if [ -n "$$PID" ]; then echo "stopping LightweightCmpRA" && kill $$PID; fi
@PID=`ps aux|grep "$(CMPCAMOCK_RUN)" | grep -v grep | awk '{ print $$2 }'` && \
if [ -n "$$PID" ]; then echo "stopping CmpCaMock" && kill $$PID; fi
# conformance ##################################################################
GENERATE_OPERATIONAL=$(OPENSSL) x509 -in creds/operational.crt -x509toreq -signkey creds/operational.pem -out creds/operational.csr -passin pass:12345 2>/dev/null
BASIC_ARGS = -verbosity 3 -path /lra -section CmpRa,
CMPCLNT = $(CMPCLIENT) $(BASIC_ARGS)
CMPOSSL = $(OPENSSL) cmp -config config/demo.cnf $(BASIC_ARGS)
.phony: test_conformance_openssl test_conformance_cmpclient test_conformance
test_conformance_openssl: start_LwCmp conformance_openssl stop_LwCmp
test_conformance_cmpclient: start_LwCmp conformance_cmpclient stop_LwCmp
test_conformance: start_LwCmp conformance_cmpclient conformance_openssl stop_LwCmp
.phony: newkey conformance_openssl conformance_cmpclient conformance
newkey:
@which $(OPENSSL) >/dev/null || (echo "cannot find $(OPENSSL), please install it"; false)
@$(OPENSSL) ecparam -genkey -name secp521r1 -out creds/manufacturer.pem
@$(OPENSSL) ecparam -genkey -name prime256v1 -out creds/operational.pem
conformance_openssl: newkey
@CMPCL="$(CMPOSSL)" $(MAKE) -f Makefile_tests conformance
conformance_cmpclient:
@CMPCL="$(CMPCLNT)" $(MAKE) -f Makefile_tests conformance
conformance: $(CMPCLIENT)
$(CMPCL)imprint
$(CMPCL)bootstrap
$(GENERATE_OPERATIONAL)
$(CMPCL)pkcs10 # when using openssl, requires at least version 3.3(-dev)
$(CMPCL)update
$(CMPCL)revoke
@ # $(CMPCL)bootstrap $(BASIC_ARGS) -server localhost:6003/delayedlra
# cli ##########################################################################
OPENSSL_CMP_CONFIG ?= test.cnf
.phony: test_cli
test_cli:
@which $(PERL) || (echo "cannot find Perl, please install it"; false)
@echo -en "\n#### running CLI-based tests #### "
@if [ -n "$$OPENSSL_CMP_SERVER" ]; then echo -en "with server=$$OPENSSL_CMP_SERVER"; else echo -n "without server"; fi
@echo -e " in test/recipes/80-test_cmp_http_data/$$OPENSSL_CMP_SERVER"
@ :
( HARNESS_ACTIVE=1 \
HARNESS_VERBOSE=$(V) \
HARNESS_FAILLOG=../test/faillog_$$OPENSSL_CMP_SERVER.txt \
SRCTOP=. \
BLDTOP=. \
BIN_D=. \
EXE_EXT= \
LD_LIBRARY_PATH=$(BIN_D):$(LD_LIBRARY_PATH) \
OPENSSL_CMP_CONFIG=$(OPENSSL_CMP_CONFIG) \
$(PERL) test/recipes/80-test_cmp_http.t )
@ :
# Mock #########################################################################
# uses $(OPENSSL) as binary of mock server
.phony: test_Mock
test_Mock:
$(MAKE) -f Makefile_tests test_cli OPENSSL_CMP_SERVER=Mock OPENSSL=$(OPENSSL) \
|| (($(OPENSSL) version; echo $(OPENSSL_VERSION)) | grep -e "1\.0\|1\.1")
# with OpenSSL 1.1 and 3.0, these Mock genm command test cases fail: 'genm certReqTemplate' 'genm caCerts'
# with OpenSSL 1.1, Mock enrollment test 'out_trusted accept issuing ca cert ...' fails likely due to -partial_chain not being respected
# Better use these extended tests only with builds with USE_LIBCMP and OpenSSL >= 3.0.
# LwCmp ########################################################################
.phony: test_LwCmp
test_LwCmp:
$(MAKE) -f Makefile_tests test_cli OPENSSL_CMP_SERVER=LwCmp OPENSSL=$(OPENSSL) \
|| (($(OPENSSL) version; echo $(OPENSSL_VERSION)) | grep -e "1\.0\|1\.1")
# with OpenSSL 1.1 and 3.0, most LwCmp genm command test cases fail
# Better use these extended tests only with builds with USE_LIBCMP and OpenSSL >= 3.0.
# clean ########################################################################
.phony: clean
clean:
@rm -f creds/{manufacturer,operational}.*
@rm -f creds/{cacerts,extracerts}.pem
@rm -f creds/InstaDemoCA_client.pem
@rm -f creds/*_????????-????????-????????-????????-????????.pem
@rm -f creds/Aventra_Test_Sub_CA_*.pem
@rm -fr creds/crls
@rm -f test/recipes/80-test_cmp_http_data/*/test.*cert*.pem
@rm -f test/recipes/80-test_cmp_http_data/*/{req,rsp}*.der
@rm -f test/faillog_*.txt
@rm -fr test/{Upstream,Downstream}