t/integration/: Added simple SSL tests.

diff --git a/t/Makefile.am b/t/Makefile.am
index cff09200d359f11a93a0211ac44c14b7a7180728..d55349b837e5745f5a93d82162d560d49e559644 100644 (file)
--- a/t/Makefile.am
+++ b/t/Makefile.am
@@ -2,6 +2,7 @@ EXTRA_DIST = \
                coverage.sh \
                testwrapper.sh \
                integration/config.sh \
                coverage.sh \
                testwrapper.sh \
                integration/config.sh \

+               integration/ssl.sh \

                integration/query.sh \
                integration/matching.sh \
                integration/filter.sh \
                integration/query.sh \
                integration/matching.sh \
                integration/filter.sh \


@@ -66,6 +67,7 @@ unit_libsysdb_net_test_LDADD = $(top_builddir)/src/libsysdb.la @CHECK_LIBS@
 if INTEGRATION_TESTING
 TESTS += \
                integration/config.sh \
 if INTEGRATION_TESTING
 TESTS += \
                integration/config.sh \

+               integration/ssl.sh \

                integration/query.sh \
                integration/matching.sh \
                integration/filter.sh
                integration/query.sh \
                integration/matching.sh \
                integration/filter.sh

diff --git a/t/integration/ssl.sh b/t/integration/ssl.sh
new file mode 100755 (executable)
index 0000000..c68494a
--- /dev/null
+++ b/t/integration/ssl.sh
@@ -0,0 +1,54 @@
+#! /bin/bash
+#
+# SysDB -- t/integration/ssl.sh
+# Copyright (C) 2015 Sebastian 'tokkee' Harl <sh@tokkee.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#
+# Integration tests using SSL connections.
+#
+
+set -ex
+
+source "$( dirname "$0" )/test_lib.sh"
+
+setup_ssl
+
+cat <<EOF > "$SYSDBD_CONF"
+<Listen "tcp:localhost:12345">
+       SSLCertificate "$SERVER_CERT"
+       SSLCertificateKey "$SERVER_KEY"
+       SSLCACertificates "$CA_CERT"
+</Listen>
+EOF
+run_sysdbd -D -C "$SYSDBD_CONF"
+wait_for_sysdbd_tcp localhost 12345
+
+run_sysdb -H "localhost:12345" -c 'LIST hosts' -U "$SYSDB_USER-invalid" \
+       -A "$CA_CERT" -C "$CLIENT_CERT" -K "$CLIENT_KEY" && exit 1
+
+run_sysdb -H "localhost:12345" -c 'LIST hosts' -U "$SYSDB_USER" \
+       -A "$CA_CERT" -C "$CLIENT_CERT" -K "$CLIENT_KEY"
+
+# vim: set tw=78 sw=4 ts=4 noexpandtab :

diff --git a/t/integration/test_lib.sh b/t/integration/test_lib.sh
index 9f501f6c3f7ccbf587c6637f6560074102486d87..e3a2092b2ee3d2a74701b460cd3e3137e8e35a98 100644 (file)
--- a/t/integration/test_lib.sh
+++ b/t/integration/test_lib.sh
@@ -54,6 +54,13 @@ SYSDBD_CONF="$TESTDIR/sysdbd.conf"
 SOCKET_FILE="$TESTDIR/sock"
 PLUGIN_DIR="$TESTDIR"
 
 SOCKET_FILE="$TESTDIR/sock"
 PLUGIN_DIR="$TESTDIR"
 

+CA_KEY=""
+CA_CERT=""
+SERVER_KEY=""
+SERVER_CERT=""
+CLIENT_KEY=""
+CLIENT_CERT=""
+

 SYSDB_USER="$( id -un )"
 
 function run_sysdb() {
 SYSDB_USER="$( id -un )"
 
 function run_sysdb() {


@@ -101,4 +108,44 @@ function wait_for_sysdbd() {
        fi
 }
 
        fi
 }
 

+function wait_for_sysdbd_tcp() {
+       local host="$1"
+       local port="$2"
+       local i
+       for (( i=0; i<10; i++ )); do
+               if echo | nc "$host" "$port"; then
+                       break
+               fi
+               sleep 1
+       done
+       if test $i -eq 10; then
+               echo 'SysDBd did not start within 10 seconds' >&2
+               exit 1
+       fi
+}
+
+function setup_ssl() {
+       CA_KEY="$TESTDIR/cacert.key"
+       CA_CERT="$TESTDIR/cacert.cert"
+       openssl genrsa -out "$CA_KEY" 2048
+       openssl req -batch -subj '/CN=Some CA' \
+               -x509 -new -key "$CA_KEY" -out "$CA_CERT" -days 1
+
+       SERVER_KEY="$TESTDIR/server.key"
+       SERVER_CERT="$TESTDIR/server.cert"
+       openssl genrsa -out "$SERVER_KEY" 2048
+       openssl req -batch -subj '/CN=localhost' \
+               -new -out "${SERVER_CERT}.csr" -key "$SERVER_KEY"
+       openssl x509 -req -in "${SERVER_CERT}.csr" -out "$SERVER_CERT" -days 1 \
+               -CAkey "$CA_KEY" -CA "$CA_CERT" -CAcreateserial -CAserial serial
+
+       CLIENT_KEY="$TESTDIR/client.key"
+       CLIENT_CERT="$TESTDIR/client.cert"
+       openssl genrsa -out "$CLIENT_KEY" 2048
+       openssl req -batch -subj "/CN=$SYSDB_USER" \
+               -new -out "${CLIENT_CERT}.csr" -key "$CLIENT_KEY"
+       openssl x509 -req -in "${CLIENT_CERT}.csr" -out "$CLIENT_CERT" -days 1 \
+               -CAkey "$CA_KEY" -CA "$CA_CERT" -CAcreateserial -CAserial serial
+}
+

 # vim: set tw=78 sw=4 ts=4 noexpandtab :
 # vim: set tw=78 sw=4 ts=4 noexpandtab :