summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile201
-rw-r--r--test/Makefile200
-rw-r--r--test/catlfish-test-local-1.cfg18
-rw-r--r--test/catlfish-test-local-merge-2.cfg16
-rw-r--r--test/catlfish-test-local-signing.cfg14
5 files changed, 225 insertions, 224 deletions
diff --git a/Makefile b/Makefile
index 3d842a5..5af5508 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,6 @@
PREFIX=.
INSTDIR=$(PREFIX)/catlfish
-SOFTHSM=/usr/local/bin/softhsm2-util
build all:
./make.erl
@@ -15,206 +14,8 @@ release: all
mkdir $(INSTDIR)
./makerelease.erl $(INSTDIR)
--include test/test.mk
-
-tests-prepare:
- rm -r $(INSTDIR)/tests || true
- mkdir $(INSTDIR)/tests
- make tests-createca
- make tests-createcert
- mkdir $(INSTDIR)/tests/keys
- (cd $(INSTDIR)/tests/keys ; ../../../tools/create-key.sh logkey)
- openssl pkcs8 -topk8 -nocrypt -in $(INSTDIR)/tests/keys/logkey-private.pem -out $(INSTDIR)/tests/keys/logkey-private.pkcs8
- mkdir $(INSTDIR)/tests/mergedb
- touch $(INSTDIR)/tests/mergedb/logorder
- mkdir $(INSTDIR)/tests/mergedb-secondary
- touch $(INSTDIR)/tests/mergedb-secondary/logorder
- printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize
- mkdir $(INSTDIR)/tests/known_roots
- cp tools/testcerts/roots/* $(INSTDIR)/tests/known_roots
- @for machine in $(MACHINES); do \
- (cd $(INSTDIR); ../tools/compileconfig.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-$$machine.cfg) && \
- mkdir -p $(INSTDIR)/tests/machine/machine-$$machine/db && \
- touch $(INSTDIR)/tests/machine/machine-$$machine/db/index && \
- touch $(INSTDIR)/tests/machine/machine-$$machine/db/newentries ; \
- done
- (cd $(INSTDIR); ../tools/compileconfig.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge-2.cfg)
- (cd $(INSTDIR); ../tools/compileconfig.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-signing.cfg)
- mkdir $(INSTDIR)/tests/privatekeys
- mkdir $(INSTDIR)/tests/publickeys
- @for node in $(NODES); do \
- (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh $$node) ; \
- mv $(INSTDIR)/tests/privatekeys/$$node.pem $(INSTDIR)/tests/publickeys/ ; \
- mkdir -p test/nodes/$$node/log ; \
- done
- (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh merge-1)
- mv $(INSTDIR)/tests/privatekeys/merge-1.pem $(INSTDIR)/tests/publickeys/
- (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh merge-2)
- mv $(INSTDIR)/tests/privatekeys/merge-2.pem $(INSTDIR)/tests/publickeys/
- -test -x $(SOFTHSM) && $(SOFTHSM) --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff
- -test -x $(SOFTHSM) && $(SOFTHSM) --import $(INSTDIR)/tests/keys/logkey-private.pkcs8 --slot 0 --label mylabel --pin ffff --id 00
- rm -f $(INSTDIR)/cur-sth.json
-
-tests-start:
- @for node in $(ERLANGNODES); do \
- (cd $(INSTDIR) ; bin/run_erl -daemon ../test/nodes/$$node/ ../test/nodes/$$node/log/ "exec bin/erl -config $$node") \
- done
- @for i in 1 2 3 4 5 6 7 8 9 10; do \
- echo "waiting for system to start" ; \
- sleep 0.5 ; \
- allstarted=1 ; \
- notstarted= ; \
- for testurl in $(TESTURLS); do \
- if curl -s --cacert $(INSTDIR)/tests/httpsca/demoCA/cacert.pem -4 https://$$testurl > /dev/null ; then : ; else allstarted=0 ; notstarted="$$testurl $$notstarted" ; fi ; \
- : ; \
- done ; \
- if [ $$allstarted -eq 1 ]; then break ; \
- elif [ $$i -eq 10 ]; then echo Not started: $$notstarted ; fi ; \
- done
-
-tests-run:
- @(cd $(INSTDIR) && python ../tools/testcase1.py https://localhost:8080/ tests/keys/logkey.pem tests/httpsca/demoCA/cacert.pem) || (echo "Tests failed" ; false)
- @(cd $(INSTDIR) && ../tools/check-sth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem)
- @(cd $(INSTDIR) && python ../tools/check-sth.py --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem https://localhost:8080/) || (echo "Check failed" ; false)
- @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false)
- @(cd $(INSTDIR) && rm -f submittedcerts)
- @(cd $(INSTDIR) && python ../tools/storagegc.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false)
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert3.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert4.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert5.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @(cd $(INSTDIR) && python ../tools/storagegc.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false)
- @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
- @(cd $(INSTDIR) && ../tools/check-sth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem)
- @(cd $(INSTDIR) && python ../tools/check-sth.py --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem https://localhost:8080/) || (echo "Check failed" ; false)
- @(cd $(INSTDIR) && rm -r fetchcertstore || true)
- @(cd $(INSTDIR) && mkdir fetchcertstore)
- @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --store fetchcertstore --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false)
- @(cd $(INSTDIR)/fetchcertstore && unzip 0000.zip)
- @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert1.txt fetchcertstore/00000000) || (echo "Verification failed" ; false)
- @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert2.txt fetchcertstore/00000001) || (echo "Verification failed" ; false)
- @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert3.txt fetchcertstore/00000002) || (echo "Verification failed" ; false)
- @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert4.txt fetchcertstore/00000003) || (echo "Verification failed" ; false)
- @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert5.txt fetchcertstore/00000004) || (echo "Verification failed" ; false)
- @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre1.txt:../tools/testcerts/pre2.txt fetchcertstore/00000005:fetchcertstore/00000006) || (echo "Verification failed" ; false)
- @(cd $(INSTDIR) && python ../tools/storagegc.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false)
-
- @./tools/to_catlfish.py to_erl test/nodes/merge-2/ "init:stop()"
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert6.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @echo NOTE: merge backup should fail with 111 Connection refused
- @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
- @(cd $(INSTDIR) && treesize=$$(../tools/loginfo.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/) ; \
- test "$$treesize" = "7" || (echo "Tree size $$treesize != expected 7" ; false))
- @(cd $(INSTDIR) && ../tools/check-sth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem)
- @(cd $(INSTDIR) && bin/run_erl -daemon ../test/nodes/merge-2/ ../test/nodes/merge-2/log/ "exec bin/erl -config merge-2")
- @for i in 1 2 3 4 5 6 7 8 9 10; do \
- echo "waiting for system to start" ; \
- sleep 0.5 ; \
- if curl -s --cacert $(INSTDIR)/tests/httpsca/demoCA/cacert.pem -4 https://localhost:8181 > /dev/null ; then break; fi ; \
- done
- @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
- @(cd $(INSTDIR) && treesize=$$(../tools/loginfo.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/) ; \
- test "$$treesize" = "8" || (echo "Tree size $$treesize != expected 8" ; false))
- @(cd $(INSTDIR) && ../tools/check-sth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem)
-
-tests-run2:
- @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed"
- @(cd $(INSTDIR) && ../tools/check-sth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem)
- @(cd $(INSTDIR) && python ../tools/storagegc.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false)
-
-tests-prepare-merge-takeover:
- @echo $@
- mv $(INSTDIR)/tests/mergedb catlfish/tests/mergedb-down
- mv $(INSTDIR)/tests/mergedb-secondary catlfish/tests/mergedb
- mkdir $(INSTDIR)/tests/mergedb-secondary
- touch $(INSTDIR)/tests/mergedb-secondary/logorder
- printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize
-
-tests-run3:
- @echo $@
- @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
- @(cd $(INSTDIR) && ../tools/check-sth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem)
- @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert7.txt --check-sct --sct-file=submittedcerts-7 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
- @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
- @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed"
- @(cd $(INSTDIR) && ../tools/check-sth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem)
-
-
-tests-prepare-redistribute-frontend:
- @echo $@
- mv $(INSTDIR)/tests/machine/machine-1 $(INSTDIR)/tests/machine/machine-1-down && \
- mkdir -p $(INSTDIR)/tests/machine/machine-1/db && \
- touch $(INSTDIR)/tests/machine/machine-1/db/index && \
- touch $(INSTDIR)/tests/machine/machine-1/db/newentries ; \
-
-tests-run4:
- @echo $@
- @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
- @(cd $(INSTDIR) && ../tools/check-sth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem)
-
-tests-stop:
- @for node in $(NODES); do \
- ./tools/to_catlfish.py to_erl test/nodes/$$node/ "init:stop()"; \
- done
-
-tests-wait:
- sleep 5
-
-tests-makemk:
- tools/compileconfig.py --config=test/catlfish-test.cfg --testmakefile=test/test.mk --machines 1
-
tests:
- @make tests-makemk
- @make tests-prepare
- @make tests-start
- @make tests-run || (sleep 5; make tests-stop ; false)
- @make tests-wait
- @make tests-stop
- @make tests-wait
- @make tests-start
- @make tests-run2 || (sleep 5; make tests-stop ; false)
- @make tests-wait
- @make tests-stop
- @make tests-wait
- @make tests-prepare-merge-takeover
- @make tests-start
- @make tests-run3 || (sleep 5; make tests-stop ; false)
- @make tests-wait
- @make tests-stop
- @make tests-wait
- @make tests-prepare-redistribute-frontend
- @make tests-start
- @make tests-run4 || (sleep 5; make tests-stop ; false)
- @make tests-wait
- @make tests-stop
-
-tests-createca:
- mkdir $(INSTDIR)/tests/httpsca
- ( cd $(INSTDIR)/tests/httpsca ; \
- mkdir -p demoCA/newcerts ; \
- touch demoCA/index.txt ; \
- echo 00 > demoCA/serial ; \
- echo '[ req ]' > caconfig.txt ; \
- echo 'distinguished_name = req_distinguished_name' >> caconfig.txt ; \
- echo 'x509_extensions = v3_ca' >> caconfig.txt ; \
- echo 'string_mask = utf8only' >> caconfig.txt ; \
- echo '[ req_distinguished_name ]' >> caconfig.txt ; \
- echo '[ v3_ca ]' >> caconfig.txt ; \
- echo 'basicConstraints=CA:true' >> caconfig.txt ; \
- openssl req -newkey rsa:2048 -keyout key.pem -out req.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/commonName=ca/O=ca' -config caconfig.txt ; \
- openssl ca -in req.csr -selfsign -keyfile key.pem -out demoCA/cacert.pem -batch \
- )
-
-tests-createcert:
- mkdir $(INSTDIR)/tests/httpscert
- openssl req -new -newkey rsa:2048 -keyout $(INSTDIR)/tests/httpscert/httpskey-1.pem -out $(INSTDIR)/tests/httpsca/httpscert-1.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=localhost'
- ( cd $(INSTDIR)/tests/httpsca ; \
- openssl ca -in httpscert-1.csr -keyfile key.pem -out httpscert-1.pem -batch \
- )
- cp $(INSTDIR)/tests/httpsca/httpscert-1.pem $(INSTDIR)/tests/httpscert/
+ make -C test tests
dialyze: build
dialyzer ebin
diff --git a/test/Makefile b/test/Makefile
new file mode 100644
index 0000000..892506b
--- /dev/null
+++ b/test/Makefile
@@ -0,0 +1,200 @@
+-include test.mk
+
+PREFIX=..
+INSTDIR=$(PREFIX)/catlfish
+SOFTHSM=/usr/local/bin/softhsm2-util
+
+tests-prepare:
+ rm -r $(INSTDIR)/tests || true
+ mkdir $(INSTDIR)/tests
+ make tests-createca
+ make tests-createcert
+ mkdir $(INSTDIR)/tests/keys
+ (cd $(INSTDIR)/tests/keys ; ../../../tools/create-key.sh logkey)
+ openssl pkcs8 -topk8 -nocrypt -in $(INSTDIR)/tests/keys/logkey-private.pem -out $(INSTDIR)/tests/keys/logkey-private.pkcs8
+ mkdir $(INSTDIR)/tests/mergedb
+ touch $(INSTDIR)/tests/mergedb/logorder
+ mkdir $(INSTDIR)/tests/mergedb-secondary
+ touch $(INSTDIR)/tests/mergedb-secondary/logorder
+ printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize
+ mkdir $(INSTDIR)/tests/known_roots
+ cp $(PREFIX)/tools/testcerts/roots/* $(INSTDIR)/tests/known_roots
+ @for machine in $(MACHINES); do \
+ (cd $(INSTDIR)/tests; ../../tools/compileconfig.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-$$machine.cfg) && \
+ mkdir -p $(INSTDIR)/tests/machine/machine-$$machine/db && \
+ touch $(INSTDIR)/tests/machine/machine-$$machine/db/index && \
+ touch $(INSTDIR)/tests/machine/machine-$$machine/db/newentries ; \
+ done
+ (cd $(INSTDIR)/tests; ../../tools/compileconfig.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-merge-2.cfg)
+ (cd $(INSTDIR)/tests; ../../tools/compileconfig.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-signing.cfg)
+ mkdir $(INSTDIR)/tests/privatekeys
+ mkdir $(INSTDIR)/tests/publickeys
+ @for node in $(NODES); do \
+ (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh $$node) ; \
+ mv $(INSTDIR)/tests/privatekeys/$$node.pem $(INSTDIR)/tests/publickeys/ ; \
+ mkdir -p $(INSTDIR)/tests/nodes/$$node/log ; \
+ done
+ (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh merge-1)
+ mv $(INSTDIR)/tests/privatekeys/merge-1.pem $(INSTDIR)/tests/publickeys/
+ (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh merge-2)
+ mv $(INSTDIR)/tests/privatekeys/merge-2.pem $(INSTDIR)/tests/publickeys/
+ -test -x $(SOFTHSM) && $(SOFTHSM) --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff
+ -test -x $(SOFTHSM) && $(SOFTHSM) --import $(INSTDIR)/tests/keys/logkey-private.pkcs8 --slot 0 --label mylabel --pin ffff --id 00
+
+tests-start:
+ @for node in $(ERLANGNODES); do \
+ (cd $(INSTDIR)/tests ; ../bin/run_erl -daemon nodes/$$node/ nodes/$$node/log/ "exec ../bin/erl -config $$node") \
+ done
+ @for i in 1 2 3 4 5 6 7 8 9 10; do \
+ echo "waiting for system to start" ; \
+ sleep 0.5 ; \
+ allstarted=1 ; \
+ notstarted= ; \
+ for testurl in $(TESTURLS); do \
+ if curl -s --cacert $(INSTDIR)/tests/httpsca/demoCA/cacert.pem -4 https://$$testurl > /dev/null ; then : ; else allstarted=0 ; notstarted="$$testurl $$notstarted" ; fi ; \
+ : ; \
+ done ; \
+ if [ $$allstarted -eq 1 ]; then break ; \
+ elif [ $$i -eq 10 ]; then echo Not started: $$notstarted ; fi ; \
+ done
+
+tests-run:
+ @(cd $(INSTDIR) && python ../tools/testcase1.py https://localhost:8080/ tests/keys/logkey.pem tests/httpsca/demoCA/cacert.pem) || (echo "Tests failed" ; false)
+ @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) || (echo "Check failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/storagegc.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert3.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert4.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert5.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/pre1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/pre2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/storagegc.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false)
+ @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
+ @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) || (echo "Check failed" ; false)
+ @(cd $(INSTDIR) && mkdir tests/fetchcertstore)
+ @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --store tests/fetchcertstore --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR)/tests/fetchcertstore && unzip 0000.zip)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert1.txt tests/fetchcertstore/00000000) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert2.txt tests/fetchcertstore/00000001) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert3.txt tests/fetchcertstore/00000002) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert4.txt tests/fetchcertstore/00000003) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert5.txt tests/fetchcertstore/00000004) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre1.txt:../tools/testcerts/pre2.txt tests/fetchcertstore/00000005:tests/fetchcertstore/00000006) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR)/tests && python ../../tools/storagegc.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false)
+
+ @$(PREFIX)/tools/to_catlfish.py to_erl $(INSTDIR)/tests/nodes/merge-2/ "init:stop()"
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert6.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @echo NOTE: merge backup should fail with 111 Connection refused
+ @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
+ @(cd $(INSTDIR) && treesize=$$(../tools/loginfo.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/) ; \
+ test "$$treesize" = "7" || (echo "Tree size $$treesize != expected 7" ; false))
+ @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem)
+ @(cd $(INSTDIR)/tests && ../bin/run_erl -daemon nodes/merge-2/ nodes/merge-2/log/ "exec ../bin/erl -config merge-2")
+ @for i in 1 2 3 4 5 6 7 8 9 10; do \
+ echo "waiting for system to start" ; \
+ sleep 0.5 ; \
+ if curl -s --cacert $(INSTDIR)/tests/httpsca/demoCA/cacert.pem -4 https://localhost:8181 > /dev/null ; then break; fi ; \
+ done
+ @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
+ @(cd $(INSTDIR) && treesize=$$(../tools/loginfo.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/) ; \
+ test "$$treesize" = "8" || (echo "Tree size $$treesize != expected 8" ; false))
+ @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem)
+
+tests-run2:
+ @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed"
+ @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem)
+ @(cd $(INSTDIR)/tests && python ../../tools/storagegc.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false)
+
+tests-prepare-merge-takeover:
+ @echo $@
+ mv $(INSTDIR)/tests/mergedb $(INSTDIR)/tests/mergedb-down
+ mv $(INSTDIR)/tests/mergedb-secondary $(INSTDIR)/tests/mergedb
+ mkdir $(INSTDIR)/tests/mergedb-secondary
+ touch $(INSTDIR)/tests/mergedb-secondary/logorder
+ printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize
+
+tests-run3:
+ @echo $@
+ @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
+ @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem)
+ @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert7.txt --check-sct --sct-file=submittedcerts-7 $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
+ @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
+ @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed"
+ @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem)
+
+
+tests-prepare-redistribute-frontend:
+ @echo $@
+ mv $(INSTDIR)/tests/machine/machine-1 $(INSTDIR)/tests/machine/machine-1-down && \
+ mkdir -p $(INSTDIR)/tests/machine/machine-1/db && \
+ touch $(INSTDIR)/tests/machine/machine-1/db/index && \
+ touch $(INSTDIR)/tests/machine/machine-1/db/newentries ; \
+
+tests-run4:
+ @echo $@
+ @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)
+ @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem)
+
+tests-stop:
+ @for node in $(NODES); do \
+ $(PREFIX)/tools/to_catlfish.py to_erl $(INSTDIR)/tests/nodes/$$node/ "init:stop()"; \
+ done
+
+tests-wait:
+ sleep 5
+
+tests-makemk:
+ $(PREFIX)/tools/compileconfig.py --config=$(PREFIX)/test/catlfish-test.cfg --testmakefile=$(PREFIX)/test/test.mk --machines 1
+
+tests:
+ @make tests-makemk
+ @make tests-prepare
+ @make tests-start
+ @make tests-run || (sleep 5; make tests-stop ; false)
+ @make tests-wait
+ @make tests-stop
+ @make tests-wait
+ @make tests-start
+ @make tests-run2 || (sleep 5; make tests-stop ; false)
+ @make tests-wait
+ @make tests-stop
+ @make tests-wait
+ @make tests-prepare-merge-takeover
+ @make tests-start
+ @make tests-run3 || (sleep 5; make tests-stop ; false)
+ @make tests-wait
+ @make tests-stop
+ @make tests-wait
+ @make tests-prepare-redistribute-frontend
+ @make tests-start
+ @make tests-run4 || (sleep 5; make tests-stop ; false)
+ @make tests-wait
+ @make tests-stop
+
+tests-createca:
+ mkdir $(INSTDIR)/tests/httpsca
+ ( cd $(INSTDIR)/tests/httpsca ; \
+ mkdir -p demoCA/newcerts ; \
+ touch demoCA/index.txt ; \
+ echo 00 > demoCA/serial ; \
+ echo '[ req ]' > caconfig.txt ; \
+ echo 'distinguished_name = req_distinguished_name' >> caconfig.txt ; \
+ echo 'x509_extensions = v3_ca' >> caconfig.txt ; \
+ echo 'string_mask = utf8only' >> caconfig.txt ; \
+ echo '[ req_distinguished_name ]' >> caconfig.txt ; \
+ echo '[ v3_ca ]' >> caconfig.txt ; \
+ echo 'basicConstraints=CA:true' >> caconfig.txt ; \
+ openssl req -newkey rsa:2048 -keyout key.pem -out req.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/commonName=ca/O=ca' -config caconfig.txt ; \
+ openssl ca -in req.csr -selfsign -keyfile key.pem -out demoCA/cacert.pem -batch \
+ )
+
+tests-createcert:
+ mkdir $(INSTDIR)/tests/httpscert
+ openssl req -new -newkey rsa:2048 -keyout $(INSTDIR)/tests/httpscert/httpskey-1.pem -out $(INSTDIR)/tests/httpsca/httpscert-1.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=localhost'
+ ( cd $(INSTDIR)/tests/httpsca ; \
+ openssl ca -in httpscert-1.csr -keyfile key.pem -out httpscert-1.pem -batch \
+ )
+ cp $(INSTDIR)/tests/httpsca/httpscert-1.pem $(INSTDIR)/tests/httpscert/
+
diff --git a/test/catlfish-test-local-1.cfg b/test/catlfish-test-local-1.cfg
index a4a0859..adc3e84 100644
--- a/test/catlfish-test-local-1.cfg
+++ b/test/catlfish-test-local-1.cfg
@@ -17,15 +17,15 @@ storageaddresses:
paths:
configdir: .
- knownroots: tests/known_roots
- https_certfile: tests/httpscert/httpscert-1.pem
- https_keyfile: tests/httpscert/httpskey-1.pem
- https_cacertfile: tests/httpsca/demoCA/cacert.pem
- public_cacertfile: tests/httpsca/demoCA/cacert.pem
- db: tests/machine/machine-1/db/
- publickeys: tests/publickeys
- logpublickey: tests/keys/logkey.pem
- privatekeys: tests/privatekeys
+ knownroots: known_roots
+ https_certfile: httpscert/httpscert-1.pem
+ https_keyfile: httpscert/httpskey-1.pem
+ https_cacertfile: httpsca/demoCA/cacert.pem
+ public_cacertfile: httpsca/demoCA/cacert.pem
+ db: machine/machine-1/db/
+ publickeys: publickeys
+ logpublickey: keys/logkey.pem
+ privatekeys: privatekeys
ratelimits:
add_chain: 10 per second
diff --git a/test/catlfish-test-local-merge-2.cfg b/test/catlfish-test-local-merge-2.cfg
index 7096619..579e360 100644
--- a/test/catlfish-test-local-merge-2.cfg
+++ b/test/catlfish-test-local-merge-2.cfg
@@ -10,11 +10,11 @@ nodename: merge-2
paths:
configdir: .
- knownroots: tests/known_roots
- mergedb: tests/mergedb-secondary
- https_certfile: tests/httpscert/httpscert-1.pem
- https_keyfile: tests/httpscert/httpskey-1.pem
- https_cacertfile: tests/httpsca/demoCA/cacert.pem
- publickeys: tests/publickeys
- logpublickey: tests/keys/logkey.pem
- privatekeys: tests/privatekeys
+ knownroots: known_roots
+ mergedb: mergedb-secondary
+ https_certfile: httpscert/httpscert-1.pem
+ https_keyfile: httpscert/httpskey-1.pem
+ https_cacertfile: httpsca/demoCA/cacert.pem
+ publickeys: publickeys
+ logpublickey: keys/logkey.pem
+ privatekeys: privatekeys
diff --git a/test/catlfish-test-local-signing.cfg b/test/catlfish-test-local-signing.cfg
index a48b2d4..386001e 100644
--- a/test/catlfish-test-local-signing.cfg
+++ b/test/catlfish-test-local-signing.cfg
@@ -6,13 +6,13 @@ addresses:
paths:
configdir: .
- https_certfile: tests/httpscert/httpscert-1.pem
- https_keyfile: tests/httpscert/httpskey-1.pem
- https_cacertfile: tests/httpsca/demoCA/cacert.pem
- publickeys: tests/publickeys
- logpublickey: tests/keys/logkey.pem
- logprivatekey: tests/keys/logkey-private.pem
- privatekeys: tests/privatekeys
+ https_certfile: httpscert/httpscert-1.pem
+ https_keyfile: httpscert/httpskey-1.pem
+ https_cacertfile: httpsca/demoCA/cacert.pem
+ publickeys: publickeys
+ logpublickey: keys/logkey.pem
+ logprivatekey: keys/logkey-private.pem
+ privatekeys: privatekeys
#hsm:
# library: /usr/local/lib/softhsm/libsofthsm2.so