| blob | 4c8f0b2a3e2a131b2b9479a5fdb77801fe4b22eb |
1 use Test::More tests => 2;
2 use File::Path;
3 use File::Spec;
4 use File::Copy;
5 use Cwd;
6 use English;
8 use POSIX ":sys_wait_h";
9 use Errno;
11 use strict;
12 use warnings;
14 our %config;
15 require 't/common.pl';
17 my $debug = $config{debug};
18 my $stderr = '2>/dev/null';
19 #if ($debug) {
20 # $stderr = '';
21 #}
23 diag("SCEP Client Test: automatic renewal");
25 my $sscep = 'sscep';
26 my $cgi_dir = $config{cgi_dir};
29 SKIP: {
30 if (system("$sscep >/dev/null 2>&1") != 0) {
31 skip "sscep binary not installed.", 2;
32 }
33 if (! (`$config{openssl} version` =~ m{\A OpenSSL\ 0\.9\.8 }xms)) {
34 skip "OpenSSL 0.9.8 not available.", 2;
35 }
36 # TODO -- skip if sscep does not support renewal
38 #ok(mkpath([ $cgi_dir ]));
39 # create configuration
40 open my $HANDLE, ">", "$cgi_dir/scep.cfg";
41 print $HANDLE "[global]\n";
42 print $HANDLE "socket=$config{socket_file}\n";
43 print $HANDLE "realm=I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA\n";
44 print $HANDLE "iprange=127.0.0.0/8\n";
45 print $HANDLE "profile=I18N_OPENXPKI_PROFILE_TLS_SERVER\n";
46 print $HANDLE "servername=testscepserver1\n";
47 print $HANDLE "encryption_algorithm=3DES\n";
48 close $HANDLE;
50 my $scep_uri = "http://127.0.0.1:$config{http_server_port}/cgi-bin/scep";
52 my $cacert_base = "$config{server_dir}/cacert";
55 my $redo_count = 0;
56 my $pid;
57 FORK:
58 do {
59 $pid = fork();
60 if (! defined $pid) {
61 if ($!{EAGAIN}) {
62 # recoverable fork error
63 if ($redo_count > 5) {
64 print STDERR "FAILED.\n";
65 print STDERR "Could not fork process\n";
66 return;
67 }
68 print STDERR '.';
69 sleep 5;
70 $redo_count++;
71 redo FORK;
72 }
74 # other fork error
75 print STDERR "FAILED.\n";
76 print STDERR "Could not fork process: $ERRNO\n";
77 return;
78 }
79 } until defined $pid;
81 if ($pid) {
82 # parent here
83 # child process pid is available in $pid
84 sleep 3;
86 # create a key and a certificate request
87 my $openssl = $config{'openssl'};
88 `$openssl genrsa -out t/instance/renewal_key.pem 1024 $stderr`;
89 `(echo '.'; echo '.'; echo '.'; echo 'OpenXPKI'; echo 'SCEP test certificate'; echo 'SCEP test certificate'; echo '.'; echo '.'; echo '.')| openssl req -new -key t/instance/renewal_key.pem -out t/instance/renewal_request.csr $stderr`;
91 # use sscep to start the enrollment
92 my $scep_uri = "http://127.0.0.1:$config{http_server_port}/cgi-bin/scep";
93 my $scep_result = `$sscep enroll -u $scep_uri -c $config{server_dir}/cacert-0 -k t/instance/renewal_key.pem -r t/instance/renewal_request.csr -l t/instance/renewal_certificate -O t/instance/certificate -K t/instance/request_key.pem -t 30 -n 2 -v $stderr`;
94 if ($debug) {
95 print STDERR $scep_result;
96 }
97 ok($scep_result =~ m{pkistatus:\ SUCCESS}xms);
98 ok(-s 't/instance/renewal_certificate');
100 kill(9, $pid);
102 my $kid;
103 do {
104 $kid = waitpid(-1, WNOHANG);
105 } until $kid > 0;
108 } else {
109 # child here
110 # parent process pid is available with getppid
112 # start a minimal HTTP server to test the CGI
113 my $http_server = getcwd . "/t/http_server.pl";
114 chdir $cgi_dir;
115 exec("perl $http_server $config{http_server_port}");
116 }
117 }