dexter submitted this change.

View Change

Approvals: osmith: Looks good to me, approved Jenkins Builder: Verified 
ES2Plus_Tests: cleanup/add module parameters

The ES2Plus_Tests only have minimal configuration options. Let's remove
hardcoded options and replace them with module parameters. Let's also
document the module parameters.

Change-Id: Ib8e128e4af8e819799c4d7ea3e6a36189462f382
Related: SYS#7339
---
M smdpp/ES2Plus_Tests.ttcn
1 file changed, 39 insertions(+), 17 deletions(-)

diff --git a/smdpp/ES2Plus_Tests.ttcn b/smdpp/ES2Plus_Tests.ttcn
index c6e84cd..3303d7d 100644
--- a/smdpp/ES2Plus_Tests.ttcn
+++ b/smdpp/ES2Plus_Tests.ttcn
@@ -30,22 +30,44 @@
 const charstring c_eid1 := "89049032123451234512345678901235";
 const charstring c_eid2 := "89049032123451234512345678901236";
 
-// Client certificate paths
-const charstring c_cert_path := "./test_certs/CERT_MNO_ECDSA_NIST.pem";
-const charstring c_key_path := "./test_certs/SK_MNO_ECDSA_NIST.pem";
-
-// Wrong certificate for testing
+// Wrong certificate for testing (randomly picked from the sgp26 directory)
 const charstring c_wrong_cert_path := "./sgp26/eUICC/CERT_EUICC_ECDSA_NIST.der";
 const charstring c_wrong_key_path := "./sgp26/eUICC/SK_EUICC_ECDSA_NIST.pem";
 
+// The external function ext_RSPClient_create requires a path and a name filter as input to load test certificates.
+// While those certfiicates are required for the ES9+ interface related tests (smdpp_Tests.ttcn), for the ES2+
+// interface tests those certificates have no relevance.
+const charstring c_es2plus_cert_path := "./sgp26/";
+const charstring c_es2plus_cert_name_filter := "NIST";
+
 // Module parameters
 modulepar {
+    // The SMDP server host name (FQDN) must match the host name of the SSL certificate of the server. To resolve the
+    // server host name to an IP address, an entry in /etc/hosts is sufficient. It should also be pointed out that this
+    // testsuite (libcurl) will also verify the presented server certificate against the related CA. To ensure that
+    // the server certificate verification is possible, ensure that the related CA certificates are made available in
+    // /etc/ssl/certs
     charstring mp_es2plus_server_host := "testsmdpplus1.example.com";
-    integer mp_es9_server_port := 8000;
-    integer mp_es2plus_server_port := 8000;  // NIST tests use port 8000
+
+    // Sets the server port of the ES2+ server (SM-DP+).
+    integer mp_es2plus_server_port := 8000;
+
+    // Sets the client certificate to be used to authenticate towards the ES2+ server (SM-DP+)
+    charstring mp_es2plus_client_cert_path := "./test_certs/CERT_MNO_ECDSA_NIST.pem";
+
+    // Sets the private key to be used to authenticate towards the ES2+ server (SM-DP+)
+    charstring mp_es2plus_client_key_path := "./test_certs/SK_MNO_ECDSA_NIST.pem";
+
+    // Sets the operator ID to be used on the ES2+ interface. (this parameter has no relation to SSL/TLS)
     charstring mp_operator_id := "test.operator.com";
-    charstring mp_nist_rsp_cert_path := "./sgp26/";
+
+    // ES2+ normally uses SSL with client authentication, however for debug purposes it is possible to disable
+    // SSL entirely.
     boolean mp_use_ssl := true;  // SSL with mutual TLS authentication enabled
+
+    // ES2+ normally uses SSL with client authentication, however for debug purposes it is possible to disable
+    // mutual authentication.
+    boolean mp_use_mutual_tls := true;
 }
 
 // Test component - extend smdpp_ConnHdlr to reuse RSPClient functionality
@@ -175,8 +197,8 @@
     g_rsp_client_handle := smdpp_Tests.ext_RSPClient_create(
         mp_es2plus_server_host,
         mp_es2plus_server_port,
-        mp_nist_rsp_cert_path,
-        "NIST"
+	c_es2plus_cert_path,
+	c_es2plus_cert_name_filter
     );
 
     if (g_rsp_client_handle < 0) {
@@ -187,9 +209,9 @@
     // Set authentication parameters once for all ES2+ operations
     var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
         g_rsp_client_handle,
-        true,  // useMutualTLS
-        c_cert_path,
-        c_key_path
+        mp_use_mutual_tls,
+        mp_es2plus_client_cert_path,
+        mp_es2plus_client_key_path
     );
 
     if (result != 0) {
@@ -961,7 +983,7 @@
     // Temporarily set wrong authentication parameters
     var integer result := smdpp_Tests.ext_RSPClient_setAuthParams(
         g_rsp_client_handle,
-        true,  // useMutualTLS
+	mp_use_mutual_tls,
         c_wrong_cert_path,  // Using wrong certificate
         c_wrong_key_path    // Using wrong key
     );
@@ -994,9 +1016,9 @@
     // Restore correct auth params for cleanup
     smdpp_Tests.ext_RSPClient_setAuthParams(
         g_rsp_client_handle,
-        true,
-        c_cert_path,
-        c_key_path
+        mp_use_mutual_tls,
+        mp_es2plus_client_cert_path,
+        mp_es2plus_client_key_path
     );
 }

To view, visit change 41250. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: Ib8e128e4af8e819799c4d7ea3e6a36189462f382
Gerrit-Change-Number: 41250
Gerrit-PatchSet: 3
Gerrit-Owner: dexter <pmaier@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: dexter <pmaier@sysmocom.de>
Gerrit-Reviewer: osmith <osmith@sysmocom.de>