From 49b40a0170b80b204746ab3bc42a73c5c60bcf0c Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Thu, 25 Aug 2016 16:50:39 +0200 Subject: Move tests to test/Makefile Tests only touch the catlfish/tests directory. --- test/Makefile | 200 +++++++++++++++++++++++++++++++++++ test/catlfish-test-local-1.cfg | 18 ++-- test/catlfish-test-local-merge-2.cfg | 16 +-- test/catlfish-test-local-signing.cfg | 14 +-- 4 files changed, 224 insertions(+), 24 deletions(-) create mode 100644 test/Makefile (limited to 'test') diff --git a/test/Makefile b/test/Makefile new file mode 100644 index 0000000..892506b --- /dev/null +++ b/test/Makefile @@ -0,0 +1,200 @@ +-include test.mk + +PREFIX=.. +INSTDIR=$(PREFIX)/catlfish +SOFTHSM=/usr/local/bin/softhsm2-util + +tests-prepare: + rm -r $(INSTDIR)/tests || true + mkdir $(INSTDIR)/tests + make tests-createca + make tests-createcert + mkdir $(INSTDIR)/tests/keys + (cd $(INSTDIR)/tests/keys ; ../../../tools/create-key.sh logkey) + openssl pkcs8 -topk8 -nocrypt -in $(INSTDIR)/tests/keys/logkey-private.pem -out $(INSTDIR)/tests/keys/logkey-private.pkcs8 + mkdir $(INSTDIR)/tests/mergedb + touch $(INSTDIR)/tests/mergedb/logorder + mkdir $(INSTDIR)/tests/mergedb-secondary + touch $(INSTDIR)/tests/mergedb-secondary/logorder + printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize + mkdir $(INSTDIR)/tests/known_roots + cp $(PREFIX)/tools/testcerts/roots/* $(INSTDIR)/tests/known_roots + @for machine in $(MACHINES); do \ + (cd $(INSTDIR)/tests; ../../tools/compileconfig.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-$$machine.cfg) && \ + mkdir -p $(INSTDIR)/tests/machine/machine-$$machine/db && \ + touch $(INSTDIR)/tests/machine/machine-$$machine/db/index && \ + touch $(INSTDIR)/tests/machine/machine-$$machine/db/newentries ; \ + done + (cd $(INSTDIR)/tests; ../../tools/compileconfig.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-merge-2.cfg) + (cd $(INSTDIR)/tests; ../../tools/compileconfig.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-signing.cfg) + mkdir $(INSTDIR)/tests/privatekeys + mkdir $(INSTDIR)/tests/publickeys + @for node in $(NODES); do \ + (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh $$node) ; \ + mv $(INSTDIR)/tests/privatekeys/$$node.pem $(INSTDIR)/tests/publickeys/ ; \ + mkdir -p $(INSTDIR)/tests/nodes/$$node/log ; \ + done + (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh merge-1) + mv $(INSTDIR)/tests/privatekeys/merge-1.pem $(INSTDIR)/tests/publickeys/ + (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh merge-2) + mv $(INSTDIR)/tests/privatekeys/merge-2.pem $(INSTDIR)/tests/publickeys/ + -test -x $(SOFTHSM) && $(SOFTHSM) --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff + -test -x $(SOFTHSM) && $(SOFTHSM) --import $(INSTDIR)/tests/keys/logkey-private.pkcs8 --slot 0 --label mylabel --pin ffff --id 00 + +tests-start: + @for node in $(ERLANGNODES); do \ + (cd $(INSTDIR)/tests ; ../bin/run_erl -daemon nodes/$$node/ nodes/$$node/log/ "exec ../bin/erl -config $$node") \ + done + @for i in 1 2 3 4 5 6 7 8 9 10; do \ + echo "waiting for system to start" ; \ + sleep 0.5 ; \ + allstarted=1 ; \ + notstarted= ; \ + for testurl in $(TESTURLS); do \ + if curl -s --cacert $(INSTDIR)/tests/httpsca/demoCA/cacert.pem -4 https://$$testurl > /dev/null ; then : ; else allstarted=0 ; notstarted="$$testurl $$notstarted" ; fi ; \ + : ; \ + done ; \ + if [ $$allstarted -eq 1 ]; then break ; \ + elif [ $$i -eq 10 ]; then echo Not started: $$notstarted ; fi ; \ + done + +tests-run: + @(cd $(INSTDIR) && python ../tools/testcase1.py https://localhost:8080/ tests/keys/logkey.pem tests/httpsca/demoCA/cacert.pem) || (echo "Tests failed" ; false) + @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) || (echo "Check failed" ; false) + @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/storagegc.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert3.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert4.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert5.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/pre1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/pre2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/storagegc.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false) + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) || (echo "Check failed" ; false) + @(cd $(INSTDIR) && mkdir tests/fetchcertstore) + @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --store tests/fetchcertstore --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false) + @(cd $(INSTDIR)/tests/fetchcertstore && unzip 0000.zip) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert1.txt tests/fetchcertstore/00000000) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert2.txt tests/fetchcertstore/00000001) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert3.txt tests/fetchcertstore/00000002) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert4.txt tests/fetchcertstore/00000003) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert5.txt tests/fetchcertstore/00000004) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre1.txt:../tools/testcerts/pre2.txt tests/fetchcertstore/00000005:tests/fetchcertstore/00000006) || (echo "Verification failed" ; false) + @(cd $(INSTDIR)/tests && python ../../tools/storagegc.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false) + + @$(PREFIX)/tools/to_catlfish.py to_erl $(INSTDIR)/tests/nodes/merge-2/ "init:stop()" + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert6.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @echo NOTE: merge backup should fail with 111 Connection refused + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR) && treesize=$$(../tools/loginfo.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/) ; \ + test "$$treesize" = "7" || (echo "Tree size $$treesize != expected 7" ; false)) + @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) + @(cd $(INSTDIR)/tests && ../bin/run_erl -daemon nodes/merge-2/ nodes/merge-2/log/ "exec ../bin/erl -config merge-2") + @for i in 1 2 3 4 5 6 7 8 9 10; do \ + echo "waiting for system to start" ; \ + sleep 0.5 ; \ + if curl -s --cacert $(INSTDIR)/tests/httpsca/demoCA/cacert.pem -4 https://localhost:8181 > /dev/null ; then break; fi ; \ + done + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR) && treesize=$$(../tools/loginfo.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/) ; \ + test "$$treesize" = "8" || (echo "Tree size $$treesize != expected 8" ; false)) + @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) + +tests-run2: + @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed" + @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) + @(cd $(INSTDIR)/tests && python ../../tools/storagegc.py --config ../../test/catlfish-test.cfg --localconfig ../../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false) + +tests-prepare-merge-takeover: + @echo $@ + mv $(INSTDIR)/tests/mergedb $(INSTDIR)/tests/mergedb-down + mv $(INSTDIR)/tests/mergedb-secondary $(INSTDIR)/tests/mergedb + mkdir $(INSTDIR)/tests/mergedb-secondary + touch $(INSTDIR)/tests/mergedb-secondary/logorder + printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize + +tests-run3: + @echo $@ + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) + @(cd $(INSTDIR)/tests && python ../../tools/submitcert.py --parallel=1 --store ../../tools/testcerts/cert7.txt --check-sct --sct-file=submittedcerts-7 $(BASEURL) --publickey=keys/logkey.pem --cafile httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed" + @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) + + +tests-prepare-redistribute-frontend: + @echo $@ + mv $(INSTDIR)/tests/machine/machine-1 $(INSTDIR)/tests/machine/machine-1-down && \ + mkdir -p $(INSTDIR)/tests/machine/machine-1/db && \ + touch $(INSTDIR)/tests/machine/machine-1/db/index && \ + touch $(INSTDIR)/tests/machine/machine-1/db/newentries ; \ + +tests-run4: + @echo $@ + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR)/tests && ../../tools/check-sth.py $(BASEURL) --publickey=keys/logkey.pem --cur-sth=stored-sth --cafile httpsca/demoCA/cacert.pem) + +tests-stop: + @for node in $(NODES); do \ + $(PREFIX)/tools/to_catlfish.py to_erl $(INSTDIR)/tests/nodes/$$node/ "init:stop()"; \ + done + +tests-wait: + sleep 5 + +tests-makemk: + $(PREFIX)/tools/compileconfig.py --config=$(PREFIX)/test/catlfish-test.cfg --testmakefile=$(PREFIX)/test/test.mk --machines 1 + +tests: + @make tests-makemk + @make tests-prepare + @make tests-start + @make tests-run || (sleep 5; make tests-stop ; false) + @make tests-wait + @make tests-stop + @make tests-wait + @make tests-start + @make tests-run2 || (sleep 5; make tests-stop ; false) + @make tests-wait + @make tests-stop + @make tests-wait + @make tests-prepare-merge-takeover + @make tests-start + @make tests-run3 || (sleep 5; make tests-stop ; false) + @make tests-wait + @make tests-stop + @make tests-wait + @make tests-prepare-redistribute-frontend + @make tests-start + @make tests-run4 || (sleep 5; make tests-stop ; false) + @make tests-wait + @make tests-stop + +tests-createca: + mkdir $(INSTDIR)/tests/httpsca + ( cd $(INSTDIR)/tests/httpsca ; \ + mkdir -p demoCA/newcerts ; \ + touch demoCA/index.txt ; \ + echo 00 > demoCA/serial ; \ + echo '[ req ]' > caconfig.txt ; \ + echo 'distinguished_name = req_distinguished_name' >> caconfig.txt ; \ + echo 'x509_extensions = v3_ca' >> caconfig.txt ; \ + echo 'string_mask = utf8only' >> caconfig.txt ; \ + echo '[ req_distinguished_name ]' >> caconfig.txt ; \ + echo '[ v3_ca ]' >> caconfig.txt ; \ + echo 'basicConstraints=CA:true' >> caconfig.txt ; \ + openssl req -newkey rsa:2048 -keyout key.pem -out req.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/commonName=ca/O=ca' -config caconfig.txt ; \ + openssl ca -in req.csr -selfsign -keyfile key.pem -out demoCA/cacert.pem -batch \ + ) + +tests-createcert: + mkdir $(INSTDIR)/tests/httpscert + openssl req -new -newkey rsa:2048 -keyout $(INSTDIR)/tests/httpscert/httpskey-1.pem -out $(INSTDIR)/tests/httpsca/httpscert-1.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=localhost' + ( cd $(INSTDIR)/tests/httpsca ; \ + openssl ca -in httpscert-1.csr -keyfile key.pem -out httpscert-1.pem -batch \ + ) + cp $(INSTDIR)/tests/httpsca/httpscert-1.pem $(INSTDIR)/tests/httpscert/ + diff --git a/test/catlfish-test-local-1.cfg b/test/catlfish-test-local-1.cfg index a4a0859..adc3e84 100644 --- a/test/catlfish-test-local-1.cfg +++ b/test/catlfish-test-local-1.cfg @@ -17,15 +17,15 @@ storageaddresses: paths: configdir: . - knownroots: tests/known_roots - https_certfile: tests/httpscert/httpscert-1.pem - https_keyfile: tests/httpscert/httpskey-1.pem - https_cacertfile: tests/httpsca/demoCA/cacert.pem - public_cacertfile: tests/httpsca/demoCA/cacert.pem - db: tests/machine/machine-1/db/ - publickeys: tests/publickeys - logpublickey: tests/keys/logkey.pem - privatekeys: tests/privatekeys + knownroots: known_roots + https_certfile: httpscert/httpscert-1.pem + https_keyfile: httpscert/httpskey-1.pem + https_cacertfile: httpsca/demoCA/cacert.pem + public_cacertfile: httpsca/demoCA/cacert.pem + db: machine/machine-1/db/ + publickeys: publickeys + logpublickey: keys/logkey.pem + privatekeys: privatekeys ratelimits: add_chain: 10 per second diff --git a/test/catlfish-test-local-merge-2.cfg b/test/catlfish-test-local-merge-2.cfg index 7096619..579e360 100644 --- a/test/catlfish-test-local-merge-2.cfg +++ b/test/catlfish-test-local-merge-2.cfg @@ -10,11 +10,11 @@ nodename: merge-2 paths: configdir: . - knownroots: tests/known_roots - mergedb: tests/mergedb-secondary - https_certfile: tests/httpscert/httpscert-1.pem - https_keyfile: tests/httpscert/httpskey-1.pem - https_cacertfile: tests/httpsca/demoCA/cacert.pem - publickeys: tests/publickeys - logpublickey: tests/keys/logkey.pem - privatekeys: tests/privatekeys + knownroots: known_roots + mergedb: mergedb-secondary + https_certfile: httpscert/httpscert-1.pem + https_keyfile: httpscert/httpskey-1.pem + https_cacertfile: httpsca/demoCA/cacert.pem + publickeys: publickeys + logpublickey: keys/logkey.pem + privatekeys: privatekeys diff --git a/test/catlfish-test-local-signing.cfg b/test/catlfish-test-local-signing.cfg index a48b2d4..386001e 100644 --- a/test/catlfish-test-local-signing.cfg +++ b/test/catlfish-test-local-signing.cfg @@ -6,13 +6,13 @@ addresses: paths: configdir: . - https_certfile: tests/httpscert/httpscert-1.pem - https_keyfile: tests/httpscert/httpskey-1.pem - https_cacertfile: tests/httpsca/demoCA/cacert.pem - publickeys: tests/publickeys - logpublickey: tests/keys/logkey.pem - logprivatekey: tests/keys/logkey-private.pem - privatekeys: tests/privatekeys + https_certfile: httpscert/httpscert-1.pem + https_keyfile: httpscert/httpskey-1.pem + https_cacertfile: httpsca/demoCA/cacert.pem + publickeys: publickeys + logpublickey: keys/logkey.pem + logprivatekey: keys/logkey-private.pem + privatekeys: privatekeys #hsm: # library: /usr/local/lib/softhsm/libsofthsm2.so -- cgit v1.1