testing: Removed TCG SWID IMC/IMV scenarios
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 5 Mar 2018 10:31:27 +0000 (11:31 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 12 Jun 2018 19:47:39 +0000 (21:47 +0200)
44 files changed:
testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat [deleted file]
testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf [deleted file]
testing/tests/tnc/tnccs-20-pdp-eap/description.txt
testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config

diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt
deleted file mode 100644 (file)
index 90e8548..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision 
-point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the
-<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication
-during the <b>TLS setup phase</b>.
-<p/>
-During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs
-loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages
-embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver
-a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>.
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
deleted file mode 100644 (file)
index 7850e2e..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES
-dave:: cat /var/log/auth.log::collected ... SW records::YES
-carol::cat /var/log/auth.log::received SASL Success result::YES
-carol::cat /var/log/auth.log::collected ... SW ID records::YES
-carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES
-carol::cat /var/log/auth.log::collected 1 SW record::YES
-alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
-alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES
-alice::cat /var/log/daemon.log::certificate status is good::YES
-alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
-alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
-alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
-moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
-alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
-alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
-alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES
-alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
-alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::1 SWID tag target::YES
-alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
-moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf
deleted file mode 100644 (file)
index 4075f75..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-WSGIPythonPath /var/www/tnc
-
-<VirtualHost *:80>
-    ServerName tnc.strongswan.org
-    ServerAlias tnc
-    ServerAdmin webmaster@localhost
-
-    DocumentRoot /var/www/tnc
-
-    <Directory /var/www/tnc/config>
-        <Files wsgi.py>
-            <IfModule mod_authz_core.c>
-               Require all granted
-            </IfModule>
-            <IfModule !mod_authz_core.c>
-                Order deny,allow
-                Allow from all
-            </IfModule>
-        </Files>
-    </Directory>
-
-    WSGIScriptAlias / /var/www/tnc/config/wsgi.py
-    WSGIApplicationGroup %{GLOBAL}
-    WSGIPassAuthorization On
-
-    Alias /static/ /var/www/tnc/static/
-
-    ErrorLog ${APACHE_LOG_DIR}/tnc/error.log
-    LogLevel warn
-    CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined
-</VirtualHost>
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default
deleted file mode 100644 (file)
index 1dc8b56..0000000
+++ /dev/null
@@ -1 +0,0 @@
-Include sites-available/000-default.conf
\ No newline at end of file
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules
deleted file mode 100644 (file)
index c556d94..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# open loopback interface
--A INPUT  -i lo -j ACCEPT
--A OUTPUT -o lo -j ACCEPT
-
-# allow PT-TLS
--A INPUT  -i eth0 -p tcp --dport 271 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT
-
-# allow inbound ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow outbound ssh
--A OUTPUT  -p tcp --dport 22 -j ACCEPT
--A INPUT  -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql
deleted file mode 100644 (file)
index 16ab96d..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-/* Devices */
-
-INSERT INTO devices (                  /*  1 */
-  value, product, created
-)
-SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
-FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
-
-/* Groups Members */
-
-INSERT INTO groups_members (
-  group_id, device_id
-) VALUES (
-  10, 1
-);
-
-/* Identities */
-
-INSERT INTO identities (
-  type, value
-) VALUES ( /* dave@strongswan.org */
-  4, X'64617665407374726f6e677377616e2e6f7267'
-);
-
-/* Sessions */
-
-INSERT INTO sessions (
-  time, connection, identity, device, product, rec
-)
-SELECT NOW, 1, 1, 1, id, 0
-FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
-
-/* Results */
-
-INSERT INTO results (
-  session, policy, rec, result
-) VALUES (
-  1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found'
-);
-
-/* Enforcements */
-
-INSERT INTO enforcements (
-  policy, group_id, max_age, rec_fail, rec_noresult
-) VALUES (
-  3, 10, 0, 2, 2
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  17, 2, 86400
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  18, 10, 86400
-);
-
-DELETE FROM enforcements WHERE id = 1;
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini
deleted file mode 100644 (file)
index 5ae53c4..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-[debug]
-DEBUG=0
-TEMPLATE_DEBUG=0
-DEBUG_TOOLBAR=0
-
-[db]
-DJANGO_DB_URL=sqlite:////var/www/tnc/django.db
-STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db
-
-[localization]
-LANGUAGE_CODE=en-us
-TIME_ZONE=Europe/Zurich
-
-[admins]
-Your Name: alice@strongswan.org
-
-[security]
-SECRET_KEY=strongSwan
-ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
deleted file mode 100644 (file)
index 04d7dba..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-systemd {
-  load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
-
-  syslog {
-    daemon {
-      tls = 2
-      tnc = 2
-      imv = 3
-    }
-  }
-  plugins {
-    tnc-pdp {
-      server = aaa.strongswan.org
-      radius {
-        secret = gv6URkSs
-      }
-    }
-    tnc-imv {
-      dlclose = no
-    }
-  }
-}
-
-libtls {
-  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-}
-
-libimcv {
-  database = sqlite:///etc/db.d/config.db
-  policy_script = /usr/local/libexec/ipsec/imv_policy_manager
-
-  plugins {
-    imv-swima {
-      rest_api {
-        uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
-      }
-    }
-  }
-}
-
-imv_policy_manager {
-  command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
-  command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
-}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem
deleted file mode 100644 (file)
index adc47dd..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl
-h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l
-0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a
-VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S
-W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD
-e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k
-nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj
-AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/
-/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs
-P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF
-sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek
-uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj
-PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5
-hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg
-Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+
-Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL
-SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU
-zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH
-xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I
-XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF
-hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9
-AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO
-Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH
-yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5
-9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf
deleted file mode 100644 (file)
index 635620b..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
-secrets {
-
-   eap-carol {
-      id = carol
-      secret = "Ar3etTnp"
-   }
-}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem
deleted file mode 100644 (file)
index 42083c2..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX
-z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii
-95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS
-rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6
-fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR
-dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig
-kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd
-p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
-EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
-ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
-BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
-Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs
-nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/
-TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2
-FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ
-GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH
-sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73
-xyr/Qw==
------END CERTIFICATE-----
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config
deleted file mode 100644 (file)
index 1499dfc..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan client 
-
-IMV "OS"       /usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWIMA"    /usr/local/lib/ipsec/imcvs/imv-swima.so
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql
deleted file mode 100644 (file)
index 805c8bf..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-/* strongSwan SQLite database */
-
-/* configuration is read from the command line */
-/* credentials are read from the command line */
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules
deleted file mode 100644 (file)
index d01d0a3..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow PT-TLS 
--A INPUT  -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT
--A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options
deleted file mode 100644 (file)
index 52a3673..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
---connect aaa.strongswan.org
---client carol
---secret "Ar3etTnp"
---cert /etc/swanctl/x509ca/strongswanCert.pem
---quiet
---debug 2
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 5aad089..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-libtls {
-  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-}
-
-libimcv {
-  swid_gen {
-    tag_creator {
-      name = Debian Project
-      regid = debian.org
-    }
-  }
-}
-
-pt-tls-client {
-  load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
-}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf
deleted file mode 100644 (file)
index 28da4d4..0000000
+++ /dev/null
@@ -1 +0,0 @@
-# the PT-TLS client reads its configuration and secrets via the command line
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index 3975056..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "OS"       /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWIMA"    /usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql
deleted file mode 100644 (file)
index 805c8bf..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-/* strongSwan SQLite database */
-
-/* configuration is read from the command line */
-/* credentials are read from the command line */
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules
deleted file mode 100644 (file)
index d01d0a3..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow PT-TLS 
--A INPUT  -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT
--A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options
deleted file mode 100644 (file)
index 0895314..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
---connect aaa.strongswan.org
---client dave@strongswan.org
---key  /etc/swanctl/rsa/daveKey.pem
---cert /etc/swanctl/x509/daveCert.pem
---cert /etc/swanctl/x509ca/strongswanCert.pem
---quiet
---debug 2
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index cf08b96..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-libimcv {
-  swid_gen {
-    tag_creator {
-      name = Debian Project
-      regid = debian.org
-    }
-  }
-  plugins {
-    imc-os {
-      push_info = no
-    }
-    imc-swima {
-      swid_directory = /usr/share
-      swid_pretty = yes
-    }
-  }
-}
-
-libtls {
-  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-}
-
-pt-tls-client {
-  load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
-}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf
deleted file mode 100644 (file)
index 28da4d4..0000000
+++ /dev/null
@@ -1 +0,0 @@
-# the PT-TLS client reads its configuration and secrets via the command line
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index 3975056..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "OS"       /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWIMA"    /usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index d99a4b7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-# this file is not used in this scenario 
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf
deleted file mode 100644 (file)
index 27f96a6..0000000
+++ /dev/null
@@ -1 +0,0 @@
-# this file is not used in this scenario 
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
deleted file mode 100644 (file)
index c0049d7..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ip route del 10.1.0.0/16 via 192.168.0.1
-dave::ip route del 10.1.0.0/16 via 192.168.0.1
-winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::systemctl stop strongswan-swanctl
-alice::systemctl stop apache2
-alice::rm /etc/swanctl/rsa/aaaKey.pem
-alice::rm /etc/swanctl/x509/aaaCert.pem
-alice::iptables-restore < /etc/iptables.flush
-carol::iptables-restore < /etc/iptables.flush
-dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
deleted file mode 100644 (file)
index c895148..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-alice::iptables-restore < /etc/iptables.rules
-carol::iptables-restore < /etc/iptables.rules
-dave::iptables-restore < /etc/iptables.rules
-alice::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-carol::echo 0 > /proc/sys/net/ipv4/ip_forward
-dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
-dave::cat /etc/tnc_config
-alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql
-alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
-alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db
-alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
-alice::/usr/local/bin/init_tnc
-alice::rm /etc/swanctl/x509/aliceCert.pem
-alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::systemctl start apache2
-alice::systemctl start strongswan-swanctl
-alice::swanctl --load-creds
-winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
-dave::ip route add 10.1.0.0/16 via 192.168.0.1
-dave::cat /etc/pts/options
-dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options
-carol::ip route add 10.1.0.0/16 via 192.168.0.1
-carol::cat /etc/pts/options
-carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf
deleted file mode 100644 (file)
index 08ea543..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# guest instances used for this test
-
-# All guest instances that are required for this test
-#
-VIRTHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# Guest instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# Guest instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="carol moon dave alice"
-
-# Guest instances on which databases are used
-#
-DBHOSTS="alice"
-
-# charon controlled by swanctl
-#
-SWANCTL=1
index a178211..2349411 100644 (file)
@@ -6,7 +6,9 @@ authenticated by an X.509 AAA certificate. The strong EAP-TTLS tunnel protects t
 client authentication based on <b>EAP-MD5</b>. In a next step the EAP-TNC protocol is used within
 the EAP-TTLS tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0</b>
 client-server interface defined by <b>RFC 5793 PB-TNC</b>. The communication between IMCs and IMVs
-is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
+is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>. The <b>SWIMA</b> IMC on <b>carol</b>
+is requested to deliver a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full
+<b>Software Inventory</b>.
 <p>
 <b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the clients
 are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
index 2583528..dfe42ae 100644 (file)
@@ -1,18 +1,22 @@
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
 dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-dave:: cat /var/log/daemon.log::collected ... SWID tags::YES
+dave:: cat /var/log/daemon.log::collected ... SW records::YES
 dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::YES
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
 carol::cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-carol::cat /var/log/daemon.log::collected ... SWID tag IDs::YES
-carol::cat /var/log/daemon.log::collected 1 SWID tag::YES
+carol::cat /var/log/daemon.log::collected ... SW ID records::YES
+carol::cat /var/log/daemon.log::strongswan.org__strongSwan.*swidtag::YES
+carol::cat /var/log/daemon.log::collected 1 SW record::YES
 carol::cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Allowed::YES
 carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 alice::cat /var/log/daemon.log::user AR identity.*dave.*authenticated by password::YES
-alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 3: allow - received inventory of 0 SWID tag IDs and ... SWID tags::YES
+alice::cat /var/log/daemon.log::received software inventory with.*items for request 3 at last eid 1 of epoch::YES
 alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 9: allow - received inventory of ... SWID tag IDs and 1 SWID tag::YES
+alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
+alice::cat /var/log/daemon.log::received software ID inventory with.*items for request 9 at last eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::1 SWID tag target::YES
+alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
 moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
 moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave' successful::YES
 moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES
index e01fe4b..72dbbfa 100644 (file)
@@ -34,8 +34,11 @@ libimcv {
   policy_script = /usr/local/libexec/ipsec/imv_policy_manager
 
   plugins {
-    imv-swid {
-      rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+    imv-swima {
+      rest_api
+      {
+        uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+      }
     }
   }
 }
index ebe88bc..0c6812b 100644 (file)
@@ -1,4 +1,4 @@
-#IMV configuration file for strongSwan client 
+#IMV configuration file for strongSwan client
 
 IMV "OS"       /usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWID"     /usr/local/lib/ipsec/imcvs/imv-swid.so
+IMV "SWIMA"    /usr/local/lib/ipsec/imcvs/imv-swima.so
index a954883..8139c3a 100644 (file)
@@ -1,4 +1,4 @@
-#IMC configuration file for strongSwan client 
+#IMC configuration file for strongSwan client
 
 IMC "OS"       /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID"     /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA"    /usr/local/lib/ipsec/imcvs/imc-swima.so
index 852e071..55d07f5 100644 (file)
@@ -32,7 +32,7 @@ libimcv {
    imc-os {
      push_info = no
     }
-    imc-swid {
+    imc-swima {
       swid_directory = /usr/share
       swid_pretty = no
     }
index a954883..8139c3a 100644 (file)
@@ -1,4 +1,4 @@
-#IMC configuration file for strongSwan client 
+#IMC configuration file for strongSwan client
 
 IMC "OS"       /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID"     /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA"    /usr/local/lib/ipsec/imcvs/imc-swima.so
index 45a77e9..90e8548 100644 (file)
@@ -1,9 +1,9 @@
 The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision 
-point (PDP) <b>alice</b>. <b>carol</b> uses password-based SASL PLAIN client authentication during the
-<b>PT-TLS negotiation phase</b> and <b>dave</b> uses certificate-based TLS client authentication during the
-<b>TLS setup phase</b>.
+point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the
+<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication
+during the <b>TLS setup phase</b>.
 <p/>
-During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWID</b> IMC/IMV pairs
+During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs
 loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages
-embedded in PB-TNC (RFC 5793) batches. The <b>SWID</b> IMC on <b>carol</b> is requested to deliver
-a concise <b>SWID Tag ID Inventory</b> whereas <b>dave</b> must send a full <b>SWID Tag Inventory</b>.
+embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver
+a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>.
index bf41916..7850e2e 100644 (file)
@@ -1,23 +1,25 @@
 dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES
-dave:: cat /var/log/auth.log::collected ... SWID tags::YES
+dave:: cat /var/log/auth.log::collected ... SW records::YES
 carol::cat /var/log/auth.log::received SASL Success result::YES
-carol::cat /var/log/auth.log::collected ... SWID tag IDs::YES
-carol::cat /var/log/auth.log::collected 1 SWID tag::YES
+carol::cat /var/log/auth.log::collected ... SW ID records::YES
+carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES
+carol::cat /var/log/auth.log::collected 1 SW record::YES
 alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
 alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES
 alice::cat /var/log/daemon.log::certificate status is good::YES
 alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
 alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with ... items for request 3 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
 alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
 moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
 alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
 alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
 alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES
 alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items for request 9 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
+alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES
 alice::cat /var/log/daemon.log::1 SWID tag target::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES
+alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES
 alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
 moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
index 944a592..04d7dba 100644 (file)
@@ -17,6 +17,9 @@ charon-systemd {
         secret = gv6URkSs
       }
     }
+    tnc-imv {
+      dlclose = no
+    }
   }
 }
 
@@ -29,8 +32,10 @@ libimcv {
   policy_script = /usr/local/libexec/ipsec/imv_policy_manager
 
   plugins {
-    imv-swid {
-      rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+    imv-swima {
+      rest_api {
+        uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+      }
     }
   }
 }
index ebe88bc..1499dfc 100644 (file)
@@ -1,4 +1,4 @@
 #IMV configuration file for strongSwan client 
 
 IMV "OS"       /usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWID"     /usr/local/lib/ipsec/imcvs/imv-swid.so
+IMV "SWIMA"    /usr/local/lib/ipsec/imcvs/imv-swima.so
index c83805a..5aad089 100644 (file)
@@ -4,6 +4,15 @@ libtls {
   suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 }
 
+libimcv {
+  swid_gen {
+    tag_creator {
+      name = Debian Project
+      regid = debian.org
+    }
+  }
+}
+
 pt-tls-client {
   load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
 }
index f40174e..3975056 100644 (file)
@@ -1,4 +1,4 @@
 #IMC configuration file for strongSwan client 
 
 IMC "OS"       /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID"     /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA"    /usr/local/lib/ipsec/imcvs/imc-swima.so
index 2e2fccd..cf08b96 100644 (file)
@@ -1,11 +1,17 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 libimcv {
+  swid_gen {
+    tag_creator {
+      name = Debian Project
+      regid = debian.org
+    }
+  }
   plugins {
     imc-os {
       push_info = no
     }
-    imc-swid {
+    imc-swima {
       swid_directory = /usr/share
       swid_pretty = yes
     }
index f40174e..3975056 100644 (file)
@@ -1,4 +1,4 @@
 #IMC configuration file for strongSwan client 
 
 IMC "OS"       /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID"     /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA"    /usr/local/lib/ipsec/imcvs/imc-swima.so