[2/2] acceptance-tests: add tests for signer common name check

Message ID 20180827130255.815-3-Denis.Osterland@diehl.com
State New
Headers show
Series
  • signature: allow to verify signers common name
Related show

Commit Message

Denis OSTERLAND Aug. 27, 2018, 1:06 p.m.
Add tests to verify signers common name check implementation.

Signed-off-by: Denis Osterland <Denis.Osterland@diehl.com>
---
 scripts/acceptance-tests/CheckImage.mk | 35 +++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

Patch

diff --git a/scripts/acceptance-tests/CheckImage.mk b/scripts/acceptance-tests/CheckImage.mk
index 6e0fecd..bff7c24 100644
--- a/scripts/acceptance-tests/CheckImage.mk
+++ b/scripts/acceptance-tests/CheckImage.mk
@@ -18,7 +18,7 @@ 
 #
 # test commands for --check command-line option
 #
-SWU_CHECK_BASE = ./swupdate -l 5 -c $(if $(CONFIG_SIGNED_IMAGES),-k $(obj)/cacert.pem)
+SWU_CHECK_BASE = ./swupdate -l 5 -c $(if $(CONFIG_SIGNED_IMAGES),-k $(obj)/cacert.pem) $(if $(strip $(filter %.cfg, $^)), -f $(filter %.cfg, $^))
 SWU_CHECK = $(SWU_CHECK_BASE) $(if $(CONFIG_HW_COMPATIBILITY),-H test:1) $(if $(strip $(filter-out FORCE,$<)),-i $<) $(if $(strip $(KBUILD_VERBOSE:0=)),,>/dev/null 2>&1)
 
 quiet_cmd_swu_check_assert_false = RUN     $@
@@ -53,6 +53,8 @@  tests-$(CONFIG_LIBCONFIG) += ValidImageTest
 tests-y += InvOptsNoImg
 tests-$(CONFIG_MONGOOSE) += InvOptsCheckWithWeb
 tests-$(CONFIG_SURICATTA) += InvOptsCheckWithSur
+tests-$(CONFIG_SIGNED_IMAGES) += InvSigNameCheck
+tests-$(CONFIG_SIGNED_IMAGES) += ValidSigNameCheck
 
 #
 # file not found test
@@ -180,3 +182,34 @@  $(obj)/signer.pem $(obj)/cacert.pem:
 %/sw-description.sig :: %/sw-description $(obj)/signer.pem
 	$(call cmd,sign_desc)
 
+
+#
+# invalid signer name
+#
+PHONY += InvSigNameCheck
+InvSigNameCheck: $(obj)/ValidImage.swu $(obj)/InvSigNameCheck.cfg FORCE $(if $(CONFIG_SIGNED_IMAGES), $(obj)/cacert.pem)
+	$(call cmd,swu_check_assert_false)
+
+clean-files += InvSigNameCheck.cfg
+$(obj)/InvSigNameCheck.cfg:
+	$(Q)printf "\
+globals: {\n\
+	forced-signer-name = \"shall be different\";\n\
+};\n\
+" > $@
+
+#
+# valid signer name
+#
+PHONY += ValidSigNameCheck
+ValidSigNameCheck: $(obj)/ValidImage.swu $(obj)/ValidSigNameCheck.cfg FORCE $(if $(CONFIG_SIGNED_IMAGES), $(obj)/cacert.pem)
+	$(call cmd,swu_check_assert_true)
+
+clean-files += ValidSigNameCheck.cfg
+$(obj)/ValidSigNameCheck.cfg:
+	$(Q)printf "\
+globals: {\n\
+        forced-signer-name = \"OpenSSL test S/MIME signer 1\";\n\
+};\n\
+" > $@
+