i will try to write some testing document mainly for security relevant
actions (which will be quite a lot since a lot of actions are security
relevant in an pki)
so we get some procedures and a document to follow for testing a new rc
or version and the rise quality of released stuff, and i think the
effort would it be worth...
maybe we should also think about creating some documentation at the kind
of an uml-digramm, yeah lots of work (since its kind of reverse
engeneering of the source codes), but sometimes i would like to have one
to trace dataflows and object interaction more easyly
but i don't know if i get this (testing document) ready since i have to
prepare some presentations till end of next week, but this would be a
good idea anyway for the planed workshop this year - so this may be used
as a starting point for this too...
--------------------------------
the document should look something like this:
action
pre-condition
post-condition
expected behavior
to get an version passed through the post-conditions and expected
behavior should be reach for every defined action of the system
but i'm not sure if this is the best way
example
action:
approve certificate with signature
pre-condition:
loged in as operator
certificate is in state new
post-condition:
request is signed with operator signatur
request is in state approved
expected behavior:
check signature of operator
sign and change state if signature is valid
don't sign if signature is not valid
don't change state if signature is not valid
throw an error if signature is not valid
so this would mean, to check this action there are several tests
necessary so it would get to split into several real tests as:
action:
approve certificate with signature - subtest a
pre-condition:
loged in as operator
certificate is in state new
to be used signing certificate is valid
post-condition:
request is signed with (choosen) operator signatur
request is in state approved
expected behavior:
check signature of operator
sign and change state
show correct ending of action
approve request
action:
approve certificate with signature - subtest b
pre-condition:
loged in as operator
certificate is in state new
to be used certificate is expired
post-condition:
request is not signed with operator signatur
request is in state new
expected behavior:
check signature of operator
show signature error
stop action
dont approve request
dont change state
security break attemped logged and mail to
security officer send *g*
and so on - any comments?
an then there it may be possible to automate some of the tests ;o)
its really a lot of work in the end of the day
greetings
dalini
--
Ives Steglich Email: [EMAIL PROTECTED]
System Administration Tel.: +49 (0)3677 - 69 4382/4383
Fax: +49 (0)3677 - 69 4399
Fraunhofer Institute for Digital Media Technology
Langewiesener Strasse 22
98693 Ilmenau Email (private): [EMAIL PROTECTED]
Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
