From 6b3e5ef3c235e4c4721ca0d6b5f9861489cc3e5c Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Sun, 8 Jul 2012 08:35:50 -0400
Subject: [PATCH] Added a test for a dual-usage key in access.conf

---
 test/conf/dual_key_usage_access.conf |  9 +++++++++
 test/test-fwknop.pl                  | 20 ++++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 test/conf/dual_key_usage_access.conf

diff --git a/test/conf/dual_key_usage_access.conf b/test/conf/dual_key_usage_access.conf
new file mode 100644
index 00000000..0cc0d8ec
--- /dev/null
+++ b/test/conf/dual_key_usage_access.conf
@@ -0,0 +1,9 @@
+SOURCE: ANY;
+KEY: fwknoptest;
+OPEN_PORTS: tcp/22;
+FW_ACCESS_TIMEOUT:  2;
+
+SOURCE: ANY;
+KEY: fwknoptest;
+OPEN_PORTS: tcp/80;
+FW_ACCESS_TIMEOUT:  3;
diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl
index ab3c4c93..a34d5b35 100755
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@@ -27,6 +27,7 @@ my $future_expired_access_conf = "$conf_dir/future_expired_stanza_access.conf";
 my $expired_epoch_access_conf = "$conf_dir/expired_epoch_stanza_access.conf";
 my $invalid_expire_access_conf = "$conf_dir/invalid_expire_access.conf";
 my $force_nat_access_conf = "$conf_dir/force_nat_access.conf";
+my $dual_key_usage_access_conf = "$conf_dir/dual_key_usage_access.conf";
 my $gpg_access_conf     = "$conf_dir/gpg_access.conf";
 my $default_digest_file = "$run_dir/digest.cache";
 my $default_pid_file    = "$run_dir/fwknopd.pid";
@@ -590,6 +591,25 @@ my @tests = (
         'fw_rule_removed' => $NEW_RULE_REMOVED,
         'fatal'    => $NO
     },
+    {
+        'category' => 'Rijndael SPA',
+        'subcategory' => 'client+server',
+        'detail'   => 'dual usage access key (tcp/80 http)',
+        'err_msg'  => 'could not complete SPA cycle',
+        'function' => \&spa_cycle,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --get-key " .
+            "$local_key_file --verbose --verbose",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $default_conf -a $dual_key_usage_access_conf " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        ### check for the first stanza that does not allow tcp/80 - the
+        ### second stanza allows this
+        'server_positive_output_matches' => [qr/stanza #1\)\sOne\sor\smore\srequested\sprotocol\/ports\swas\sdenied/],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'fatal'    => $NO
+    },
     {
         'category' => 'Rijndael SPA',
         'subcategory' => 'client+server',