From 645f5f1ca43ed6e5570971db5c90661acd63a57a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 10 May 2007 19:05:26 +0000 Subject: [PATCH] try principal subject in DB git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20650 ec53bebd-3082-4978-b11e-865c3cabbd6b --- tests/kdc/check-pkinit.in | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/tests/kdc/check-pkinit.in b/tests/kdc/check-pkinit.in index c4687532b..f7421c8d6 100644 --- a/tests/kdc/check-pkinit.in +++ b/tests/kdc/check-pkinit.in @@ -95,6 +95,9 @@ ${kadmin} \ ${kadmin} add -p foo --use-defaults foo@${R} || exit 1 ${kadmin} add -p bar --use-defaults bar@${R} || exit 1 +${kadmin} add -p baz --use-defaults baz@${R} || exit 1 +${kadmin} modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" baz@${R} || exit 1 + ${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1 echo "Doing database check" @@ -109,6 +112,10 @@ ${hxtool} request-create \ --subject="CN=bar,DC=test,DC=h5l,DC=se" \ --key=FILE:${keyfile2} \ req-pkinit.der || exit 1 +${hxtool} request-create \ + --subject="CN=baz,DC=test,DC=h5l,DC=se" \ + --key=FILE:${keyfile2} \ + req-pkinit2.der || exit 1 echo "issue self-signed ca cert" ${hxtool} issue-certificate \ @@ -134,6 +141,14 @@ ${hxtool} issue-certificate \ --req="req-pkinit.der" \ --certificate="FILE:pkinit.crt" || exit 1 +echo "issue user 2 certificate" +${hxtool} issue-certificate \ + --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ + --type="pkinit-client" \ + --req="req-pkinit2.der" \ + --certificate="FILE:pkinit2.crt" || exit 1 + + echo foo > ${objdir}/foopassword echo Starting kdc @@ -156,12 +171,19 @@ ${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} bar@${R} || \ { ec=1 ; eval "${testfailed}"; } ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; } ${kdestroy} -echo "Trying pk-init (principal in pki-mapping) "; > messages.log + +echo "Trying pk-init (principal in pki-mapping file) "; > messages.log ${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} foo@${R} || \ { ec=1 ; eval "${testfailed}"; } ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; } ${kdestroy} +echo "Trying pk-init (principal subject in DB)"; > messages.log +${kinit} -C FILE:${base}/pkinit2.crt,${keyfile2} baz@${R} || \ + { ec=1 ; eval "${testfailed}"; } +${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; } +${kdestroy} + echo "killing kdc (${kdcpid})" kill $kdcpid || exit 1