ULib/tests/examples/tsa_ssoap.test

#!/bin/sh

. ../.function

## tsa_ssoap.test -- Test TSA feature

start_msg tsa_ssoap

#UTRACE="0 130M 0"
#UOBJDUMP="0 100k 10"
#USIMERR="error.sim"
 export UTRACE UOBJDUMP USIMERR

DOC_ROOT=TSA

rm -rf $DOC_ROOT/*log \
		 out/userver_ssl.out err/userver_ssl.err \
                trace.*userver_*.[0-9]*           object.*userver_*.[0-9]*           stack.*userver_*.[0-9]*           mempool.*userver_*.[0-9]* \
      $DOC_ROOT/trace.*userver_*.[0-9]* $DOC_ROOT/object.*userver_*.[0-9]* $DOC_ROOT/stack.*userver_*.[0-9]* $DOC_ROOT/mempool.*userver_*.[0-9]*

# ----------------------------------------------------------------
# usage: openssl s_client args
# ----------------------------------------------------------------
# -host host    - use -connect instead
# -port port    - use -connect instead
# -connect host:port - who to connect to (default is localhost:433)
# -verify arg   - turn on peer certificate verification
# -cert arg     - certificate file to use, PEM format assumed
# -key arg      - Private key file to use, PEM format assumed, in cert file if not specified but cert file is.
# -CApath arg   - PEM format directory of CA's
# -CAfile arg   - PEM format file of CA's
# -reconnect    - Drop and re-make the connection with the same Session-ID
# -pause        - sleep(1) after each read(2) and write(2) system call
# -showcerts    - show all certificates in the chain
# -debug        - extra output
# -msg          - Show protocol messages
# -nbio_test    - more ssl protocol testing
# -state        - print the 'ssl' states
# -nbio         - Run with non-blocking IO
# -crlf         - convert LF from terminal into CRLF
# -quiet        - no s_client output
# -ign_eof      - ignore input eof (default when -quiet)
# -ssl2         - just use SSLv2
# -ssl3         - just use SSLv3
# -tls1         - just use TLSv1
# -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
# -bugs         - Switch on all SSL implementation bug workarounds
# -serverpref   - Use server's cipher preferences (only SSLv2)
# -cipher       - preferred cipher to use, use the 'openssl ciphers' command to see what is available
# -starttls prot - use the STARTTLS command before starting TLS for those protocols that support it, where 'prot'
#						 defines which one to assume.  Currently, only "smtp" and "pop3" are supported.
# -engine id    - Initialise and use the specified engine
# -rand file:file:...
# ----------------------------------------------------------------

CAPATH="../ulib/CA/CApath"
CACERT="../ulib/CA/username.crt"
USER_KEY="../ulib/CA/username.key"
LCMD="$OPENSSL s_client -quiet -cert $CACERT -key $USER_KEY -pass pass:caciucco -CApath $CAPATH -connect localhost:443"

creat_link . $DOC_ROOT/$DOC_ROOT

cat <<EOF >inp/webserver.cfg
userver {
 REQ_TIMEOUT 5
 MAX_KEEP_ALIVE 256
 LOG_FILE tsa_ssoap.log
 LOG_FILE_SZ 1M
 DOCUMENT_ROOT TSA
 PLUGIN "soap http"
 PLUGIN_DIR ../../../src/ulib/net/server/plugin/.libs
 ORM_DRIVER_DIR ../../../src/ulib/orm/driver/.libs
 CERT_FILE ../../ulib/CA/server.crt
  KEY_FILE ../../ulib/CA/server.key
 PASSWORD caciucco
 CA_PATH ../../ulib/CA/CApath
 CA_FILE ../../ulib/CA/cacert.pem
 VERIFY_MODE 1
}
http {
#include "http.cfg"
 CACHE_FILE_MASK _off_
}
soap {
#include "soap_or_rpc_tsa.cfg"
}
EOF

DIR_CMD="../../examples/userver"

rm -f TSA/response/response*

start_prg_background userver_ssl -c inp/webserver.cfg

wait_server_ready localhost 443

TIMEOUT 6 $LCMD <TSA/request/soap.req >TSA/response/soap.res 2>>err/userver_ssl.err
 tail -c +471 TSA/response/soap.res | cut -d'<' -f1 | $WINELOADER ../base/crypto_base64$SUFFIX -d > TSA/response/soap.tsr
#tail -c +471 TSA/response/soap.res																					  > TSA/response/soap.tsr

kill_server userver_ssl

mv err/userver_ssl.err err/tsa_ssoap.err

TSA/bin/openssl ts -verify -queryfile TSA/request/tsq.req \
						 -in TSA/response/soap.tsr -CApath TSA/CA/CApath > out/tsa_ssoap.out

rm -f $DOC_ROOT/$DOC_ROOT

# Test against expected output
test_output_diff tsa_ssoap