oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Try pkinit in w2k mode, also add tests for MS SAN.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20749 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-05-31 17:34:17 +00:00
parent da1be13db5
commit 6eb6bb6ad0
1 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
tests/kdc/check-pkinit.in
View File

@@ -133,7 +133,7 @@ ${hxtool} issue-certificate \
--req="req-kdc.der" \ --req="req-kdc.der" \
--certificate="FILE:kdc.crt" || exit 1 --certificate="FILE:kdc.crt" || exit 1
echo "issue user certificate" echo "issue user certificate (pkinit san)"
${hxtool} issue-certificate \ ${hxtool} issue-certificate \
--ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
--type="pkinit-client" \ --type="pkinit-client" \
@@ -141,13 +141,21 @@ ${hxtool} issue-certificate \
--req="req-pkinit.der" \ --req="req-pkinit.der" \
--certificate="FILE:pkinit.crt" || exit 1 --certificate="FILE:pkinit.crt" || exit 1
echo "issue user 2 certificate" echo "issue user 2 certificate (no san)"
${hxtool} issue-certificate \ ${hxtool} issue-certificate \
--ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
--type="pkinit-client" \ --type="pkinit-client" \
--req="req-pkinit2.der" \ --req="req-pkinit2.der" \
--certificate="FILE:pkinit2.crt" || exit 1 --certificate="FILE:pkinit2.crt" || exit 1
echo "issue user 3 certificate (ms san)"
${hxtool} issue-certificate \
--ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
--type="pkinit-client" \
--ms-upn="bar@test.h5l.se" \
--req="req-pkinit2.der" \
--certificate="FILE:pkinit3.crt" || exit 1
echo foo > ${objdir}/foopassword echo foo > ${objdir}/foopassword
@@ -184,6 +192,42 @@ ${kinit} -C FILE:${base}/pkinit2.crt,${keyfile2} baz@${R} || \
${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; } ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
${kdestroy} ${kdestroy}
echo "Trying pk-init (ms upn)"; > messages.log
${kinit} -C FILE:${base}/pkinit3.crt,${keyfile2} bar@${R} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
${kdestroy}
KRB5_CONFIG="${objdir}/krb5-pkinit-win.conf"
export KRB5_CONFIG
echo "Duplicated tests, now in windows 2000 mode"
echo "Trying pk-init (principal in cert)"; > messages.log
base="${objdir}"
${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} bar@${R} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "Trying pk-init (principal in pki-mapping file) "; > messages.log
${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} foo@${R} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "Trying pk-init (principal subject in DB)"; > messages.log
${kinit} -C FILE:${base}/pkinit2.crt,${keyfile2} baz@${R} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "Trying pk-init (ms upn)"; > messages.log
${kinit} -C FILE:${base}/pkinit3.crt,${keyfile2} bar@${R} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
${kdestroy}
echo "killing kdc (${kdcpid})" echo "killing kdc (${kdcpid})"
kill $kdcpid || exit 1 kill $kdcpid || exit 1