summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2014-01-14 11:20:57 +0100
committerStef Walter <stef@thewalter.net>2014-01-14 11:42:11 +0100
commit99904e84d9f8f0637f66107807ac4ac9e3339e4a (patch)
tree32009e6e609366b48f2718bf6b556705c2fea2ca
parent1f4f072346e388d7b6b6cf79b111952069c4e95c (diff)
trust: Add installcheck target for testing extract
This is an integration test that the extract and blacklist functionality basics work. More integration tests should follow, at which point we should place the various generic testing bits into their own file.
-rw-r--r--.gitignore2
-rw-r--r--configure.ac1
-rw-r--r--trust/tests/Makefile.am6
-rw-r--r--trust/tests/test-extract.in189
4 files changed, 198 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index 5c18615..0d348a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -56,8 +56,10 @@ x86_64-w64-mingw32
/*/tests/test-*
!/*/tests/test-*.[ch]
+!/*/tests/test-*.in
/*/tests/frob-*
!/*/tests/frob-*.[ch]
+!/*/tests/frob-*.in
/x86_64_w64-mingw32/
diff --git a/configure.ac b/configure.ac
index 4538079..b2f4f8b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -512,6 +512,7 @@ AC_CONFIG_FILES([Makefile
trust/Makefile
trust/trust-extract-compat
trust/tests/Makefile
+ trust/tests/test-extract
])
AC_OUTPUT
diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am
index e53a6ae..1f13b2a 100644
--- a/trust/tests/Makefile.am
+++ b/trust/tests/Makefile.am
@@ -114,3 +114,9 @@ test_openssl_SOURCES = \
$(TRUST)/extract-openssl.c \
$(TRUST)/save.c \
$(NULL)
+
+noinst_SCRIPTS = \
+ test-extract
+
+installcheck-local:
+ sh $(builddir)/test-extract
diff --git a/trust/tests/test-extract.in b/trust/tests/test-extract.in
new file mode 100644
index 0000000..59f6cd6
--- /dev/null
+++ b/trust/tests/test-extract.in
@@ -0,0 +1,189 @@
+#!/bin/sh
+
+set -euf
+
+# -----------------------------------------------------------------------------
+# Basic fundamentals
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+datarootdir=@datarootdir@
+datadir=@datadir@
+sysconfdir=@sysconfdir@
+libdir=@libdir@
+privatedir=@privatedir@
+with_trust_paths=@with_trust_paths@
+script=$(basename $0)
+
+# -----------------------------------------------------------------------------
+# Testing
+
+warning()
+{
+ echo "$script: $@" >&2
+}
+
+assert_fail()
+{
+ warning $@
+ exit 1
+}
+
+assert_contains()
+{
+ if ! grep -qF $2 $1; then
+ assert_fail "$1 does not contain $2"
+ fi
+}
+
+assert_not_contains()
+{
+ if grep -qF $2 $1; then
+ assert_fail "$1 contains $2"
+ fi
+}
+
+teardown()
+{
+ for x in $TD; do
+ if [ -d $x ]; then
+ rmdir $x
+ elif [ -f $x ]; then
+ rm $x
+ fi
+ done
+ TD=""
+}
+
+teardown_dirty()
+{
+ echo "not ok $TEST_NUMBER $TEST_NAME"
+ teardown
+}
+
+openssl_quiet()
+(
+ command='/Generating a|-----|^[.+]+$|writing new private key/d'
+ exec 3>&1
+ openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&-
+)
+
+skip()
+{
+ TEST_SKIP=yes
+ echo "ok $TEST_NUMBER # skip $TEST_NAME: $@"
+}
+
+setup()
+{
+ # Parse the trust paths
+ oldifs="$IFS"
+ IFS=:
+ set $with_trust_paths
+ IFS="$oldifs"
+
+ if [ ! -d $1 ]; then
+ skip "$1 is not a directory"
+ return
+ fi
+
+ SOURCE_1=$1
+ if [ $# -lt 2 ]; then
+ warning "certain tests neutered if only 1 trust path: $with_trust_paths"
+ SOURCE_2=$1
+ else
+ SOURCE_2=$2
+ fi
+
+ # Make a temporary directory
+ dir=$(mktemp -d)
+ cd $dir
+ CLEANUP="$dir $TD"
+
+ # Generate a unique identifier
+ CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
+ CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
+ CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
+
+ # Generate relevant certificates
+ openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
+ -out cert_1.pem -subj /CN=$CERT_1_CN
+ openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
+ -out cert_2.pem -subj /CN=$CERT_2_CN
+ openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
+ -out cert_3.pem -subj /CN=$CERT_3_CN
+
+ TD="cert_1.pem cert_2.pem cert_3.pem $TD"
+
+ mkdir -p $SOURCE_1/anchors
+ cp cert_1.pem $SOURCE_1/anchors/
+
+ mkdir -p $SOURCE_2/anchors
+ cp cert_2.pem $SOURCE_2/anchors/
+ cp cert_3.pem $SOURCE_2/anchors/
+
+ TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD"
+}
+
+run()
+{
+ TOTAL=0
+ for TEST_NAME in $@; do
+ TOTAL=$(expr $TOTAL + 1)
+ done
+
+ echo "1..$TOTAL"
+
+ TEST_NUMBER=0
+ for TEST_NAME in $@; do
+ TEST_NUMBER=$(expr $TEST_NUMBER + 1)
+ (
+ trap teardown_dirty EXIT
+ trap "teardown_dirty; exit 127" INT TERM
+ TD=""
+
+ TEST_SKIP=no
+ setup
+
+ if [ $TEST_SKIP != "yes" ]; then
+ $TEST_NAME
+ fi
+ if [ $TEST_SKIP != "yes" ]; then
+ echo "ok $TEST_NUMBER $TEST_NAME"
+ fi
+
+ trap - EXIT
+ teardown
+ )
+ done
+}
+
+# -----------------------------------------------------------------------------
+# Main tests
+
+test_extract()
+{
+ trust extract --filter=ca-anchors --format=pem-bundle \
+ --purpose=server-auth --comment \
+ extract-test.pem
+
+ assert_contains extract-test.pem $CERT_1_CN
+ assert_contains extract-test.pem $CERT_2_CN
+ assert_contains extract-test.pem $CERT_3_CN
+}
+
+test_blacklist()
+{
+ mkdir -p $SOURCE_1/blacklist
+ cp cert_3.pem $SOURCE_1/blacklist
+ TD="$SOURCE_1/blacklist/cert_3.pem $TD"
+
+ trust extract --filter=ca-anchors --format=pem-bundle \
+ --purpose=server-auth --comment \
+ blacklist-test.pem
+
+ assert_contains blacklist-test.pem $CERT_1_CN
+ assert_not_contains blacklist-test.pem $CERT_3_CN
+}
+
+run test_extract test_blacklist