From 86197e2d95d71403070d788205bb93040b8862bf Mon Sep 17 00:00:00 2001 From: Sebastian Harl Date: Sun, 1 Feb 2015 20:31:14 +0100 Subject: [PATCH] t/integration/: Added simple SSL tests. --- t/Makefile.am | 2 ++ t/integration/ssl.sh | 54 +++++++++++++++++++++++++++++++++++++++ t/integration/test_lib.sh | 47 ++++++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+) create mode 100755 t/integration/ssl.sh diff --git a/t/Makefile.am b/t/Makefile.am index cff0920..d55349b 100644 --- a/t/Makefile.am +++ b/t/Makefile.am @@ -2,6 +2,7 @@ EXTRA_DIST = \ coverage.sh \ testwrapper.sh \ integration/config.sh \ + integration/ssl.sh \ integration/query.sh \ integration/matching.sh \ integration/filter.sh \ @@ -66,6 +67,7 @@ unit_libsysdb_net_test_LDADD = $(top_builddir)/src/libsysdb.la @CHECK_LIBS@ if INTEGRATION_TESTING TESTS += \ integration/config.sh \ + integration/ssl.sh \ integration/query.sh \ integration/matching.sh \ integration/filter.sh diff --git a/t/integration/ssl.sh b/t/integration/ssl.sh new file mode 100755 index 0000000..c68494a --- /dev/null +++ b/t/integration/ssl.sh @@ -0,0 +1,54 @@ +#! /bin/bash +# +# SysDB -- t/integration/ssl.sh +# Copyright (C) 2015 Sebastian 'tokkee' Harl +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# +# Integration tests using SSL connections. +# + +set -ex + +source "$( dirname "$0" )/test_lib.sh" + +setup_ssl + +cat < "$SYSDBD_CONF" + + SSLCertificate "$SERVER_CERT" + SSLCertificateKey "$SERVER_KEY" + SSLCACertificates "$CA_CERT" + +EOF +run_sysdbd -D -C "$SYSDBD_CONF" +wait_for_sysdbd_tcp localhost 12345 + +run_sysdb -H "localhost:12345" -c 'LIST hosts' -U "$SYSDB_USER-invalid" \ + -A "$CA_CERT" -C "$CLIENT_CERT" -K "$CLIENT_KEY" && exit 1 + +run_sysdb -H "localhost:12345" -c 'LIST hosts' -U "$SYSDB_USER" \ + -A "$CA_CERT" -C "$CLIENT_CERT" -K "$CLIENT_KEY" + +# vim: set tw=78 sw=4 ts=4 noexpandtab : diff --git a/t/integration/test_lib.sh b/t/integration/test_lib.sh index 9f501f6..e3a2092 100644 --- a/t/integration/test_lib.sh +++ b/t/integration/test_lib.sh @@ -54,6 +54,13 @@ SYSDBD_CONF="$TESTDIR/sysdbd.conf" SOCKET_FILE="$TESTDIR/sock" PLUGIN_DIR="$TESTDIR" +CA_KEY="" +CA_CERT="" +SERVER_KEY="" +SERVER_CERT="" +CLIENT_KEY="" +CLIENT_CERT="" + SYSDB_USER="$( id -un )" function run_sysdb() { @@ -101,4 +108,44 @@ function wait_for_sysdbd() { fi } +function wait_for_sysdbd_tcp() { + local host="$1" + local port="$2" + local i + for (( i=0; i<10; i++ )); do + if echo | nc "$host" "$port"; then + break + fi + sleep 1 + done + if test $i -eq 10; then + echo 'SysDBd did not start within 10 seconds' >&2 + exit 1 + fi +} + +function setup_ssl() { + CA_KEY="$TESTDIR/cacert.key" + CA_CERT="$TESTDIR/cacert.cert" + openssl genrsa -out "$CA_KEY" 2048 + openssl req -batch -subj '/CN=Some CA' \ + -x509 -new -key "$CA_KEY" -out "$CA_CERT" -days 1 + + SERVER_KEY="$TESTDIR/server.key" + SERVER_CERT="$TESTDIR/server.cert" + openssl genrsa -out "$SERVER_KEY" 2048 + openssl req -batch -subj '/CN=localhost' \ + -new -out "${SERVER_CERT}.csr" -key "$SERVER_KEY" + openssl x509 -req -in "${SERVER_CERT}.csr" -out "$SERVER_CERT" -days 1 \ + -CAkey "$CA_KEY" -CA "$CA_CERT" -CAcreateserial -CAserial serial + + CLIENT_KEY="$TESTDIR/client.key" + CLIENT_CERT="$TESTDIR/client.cert" + openssl genrsa -out "$CLIENT_KEY" 2048 + openssl req -batch -subj "/CN=$SYSDB_USER" \ + -new -out "${CLIENT_CERT}.csr" -key "$CLIENT_KEY" + openssl x509 -req -in "${CLIENT_CERT}.csr" -out "$CLIENT_CERT" -days 1 \ + -CAkey "$CA_KEY" -CA "$CA_CERT" -CAcreateserial -CAserial serial +} + # vim: set tw=78 sw=4 ts=4 noexpandtab : -- 2.30.2