From 99904e84d9f8f0637f66107807ac4ac9e3339e4a Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 14 Jan 2014 11:20:57 +0100 Subject: trust: Add installcheck target for testing extract This is an integration test that the extract and blacklist functionality basics work. More integration tests should follow, at which point we should place the various generic testing bits into their own file. --- .gitignore | 2 + configure.ac | 1 + trust/tests/Makefile.am | 6 ++ trust/tests/test-extract.in | 189 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 198 insertions(+) create mode 100644 trust/tests/test-extract.in diff --git a/.gitignore b/.gitignore index 5c18615..0d348a5 100644 --- a/.gitignore +++ b/.gitignore @@ -56,8 +56,10 @@ x86_64-w64-mingw32 /*/tests/test-* !/*/tests/test-*.[ch] +!/*/tests/test-*.in /*/tests/frob-* !/*/tests/frob-*.[ch] +!/*/tests/frob-*.in /x86_64_w64-mingw32/ diff --git a/configure.ac b/configure.ac index 4538079..b2f4f8b 100644 --- a/configure.ac +++ b/configure.ac @@ -512,6 +512,7 @@ AC_CONFIG_FILES([Makefile trust/Makefile trust/trust-extract-compat trust/tests/Makefile + trust/tests/test-extract ]) AC_OUTPUT diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am index e53a6ae..1f13b2a 100644 --- a/trust/tests/Makefile.am +++ b/trust/tests/Makefile.am @@ -114,3 +114,9 @@ test_openssl_SOURCES = \ $(TRUST)/extract-openssl.c \ $(TRUST)/save.c \ $(NULL) + +noinst_SCRIPTS = \ + test-extract + +installcheck-local: + sh $(builddir)/test-extract diff --git a/trust/tests/test-extract.in b/trust/tests/test-extract.in new file mode 100644 index 0000000..59f6cd6 --- /dev/null +++ b/trust/tests/test-extract.in @@ -0,0 +1,189 @@ +#!/bin/sh + +set -euf + +# ----------------------------------------------------------------------------- +# Basic fundamentals + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +datarootdir=@datarootdir@ +datadir=@datadir@ +sysconfdir=@sysconfdir@ +libdir=@libdir@ +privatedir=@privatedir@ +with_trust_paths=@with_trust_paths@ +script=$(basename $0) + +# ----------------------------------------------------------------------------- +# Testing + +warning() +{ + echo "$script: $@" >&2 +} + +assert_fail() +{ + warning $@ + exit 1 +} + +assert_contains() +{ + if ! grep -qF $2 $1; then + assert_fail "$1 does not contain $2" + fi +} + +assert_not_contains() +{ + if grep -qF $2 $1; then + assert_fail "$1 contains $2" + fi +} + +teardown() +{ + for x in $TD; do + if [ -d $x ]; then + rmdir $x + elif [ -f $x ]; then + rm $x + fi + done + TD="" +} + +teardown_dirty() +{ + echo "not ok $TEST_NUMBER $TEST_NAME" + teardown +} + +openssl_quiet() +( + command='/Generating a|-----|^[.+]+$|writing new private key/d' + exec 3>&1 + openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&- +) + +skip() +{ + TEST_SKIP=yes + echo "ok $TEST_NUMBER # skip $TEST_NAME: $@" +} + +setup() +{ + # Parse the trust paths + oldifs="$IFS" + IFS=: + set $with_trust_paths + IFS="$oldifs" + + if [ ! -d $1 ]; then + skip "$1 is not a directory" + return + fi + + SOURCE_1=$1 + if [ $# -lt 2 ]; then + warning "certain tests neutered if only 1 trust path: $with_trust_paths" + SOURCE_2=$1 + else + SOURCE_2=$2 + fi + + # Make a temporary directory + dir=$(mktemp -d) + cd $dir + CLEANUP="$dir $TD" + + # Generate a unique identifier + CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + + # Generate relevant certificates + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_1.pem -subj /CN=$CERT_1_CN + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_2.pem -subj /CN=$CERT_2_CN + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_3.pem -subj /CN=$CERT_3_CN + + TD="cert_1.pem cert_2.pem cert_3.pem $TD" + + mkdir -p $SOURCE_1/anchors + cp cert_1.pem $SOURCE_1/anchors/ + + mkdir -p $SOURCE_2/anchors + cp cert_2.pem $SOURCE_2/anchors/ + cp cert_3.pem $SOURCE_2/anchors/ + + TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD" +} + +run() +{ + TOTAL=0 + for TEST_NAME in $@; do + TOTAL=$(expr $TOTAL + 1) + done + + echo "1..$TOTAL" + + TEST_NUMBER=0 + for TEST_NAME in $@; do + TEST_NUMBER=$(expr $TEST_NUMBER + 1) + ( + trap teardown_dirty EXIT + trap "teardown_dirty; exit 127" INT TERM + TD="" + + TEST_SKIP=no + setup + + if [ $TEST_SKIP != "yes" ]; then + $TEST_NAME + fi + if [ $TEST_SKIP != "yes" ]; then + echo "ok $TEST_NUMBER $TEST_NAME" + fi + + trap - EXIT + teardown + ) + done +} + +# ----------------------------------------------------------------------------- +# Main tests + +test_extract() +{ + trust extract --filter=ca-anchors --format=pem-bundle \ + --purpose=server-auth --comment \ + extract-test.pem + + assert_contains extract-test.pem $CERT_1_CN + assert_contains extract-test.pem $CERT_2_CN + assert_contains extract-test.pem $CERT_3_CN +} + +test_blacklist() +{ + mkdir -p $SOURCE_1/blacklist + cp cert_3.pem $SOURCE_1/blacklist + TD="$SOURCE_1/blacklist/cert_3.pem $TD" + + trust extract --filter=ca-anchors --format=pem-bundle \ + --purpose=server-auth --comment \ + blacklist-test.pem + + assert_contains blacklist-test.pem $CERT_1_CN + assert_not_contains blacklist-test.pem $CERT_3_CN +} + +run test_extract test_blacklist -- cgit v1.1