tang-validate-adv 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
  1. #!/bin/bash -xe
  2. # vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
  3. #
  4. # Copyright (c) 2020 Red Hat, Inc.
  5. # Author: Sergio Correia <scorreia@redhat.com>
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU General Public License as published by
  9. # the Free Software Foundation, either version 3 of the License, or
  10. # (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. . tang-common-test-functions
  21. on_exit() {
  22. local exit_status=$?
  23. tang_stop "${TMP}"
  24. [ -d "${TMP}" ] && rm -rf "${TMP}"
  25. exit "${exit_status}"
  26. }
  27. do_test() {
  28. local port="${1}"
  29. local response="${2}"
  30. local stderr="${3:-/dev/stderr}"
  31. run_test_server "${port}" "${response}"
  32. cfg="$(printf '{"url":"localhost:%d"}' "${port}")"
  33. if ! echo foo | clevis encrypt tang "${cfg}" -y 2>"${stderr}"; then
  34. echo "Error (do_test) response: ${response}" >&2
  35. [ -r "${stderr}" ] && cat "${stderr}" >&2
  36. return 1
  37. fi
  38. }
  39. do_test_with_adv() {
  40. local port="${1}"
  41. local adv="${2}"
  42. local stderr="${3:-/dev/stderr}"
  43. cfg="$(printf '{"url":"localhost:%d","adv":"%s"}' "${port}" "${adv}")"
  44. if ! echo foo-adv | clevis encrypt tang "${cfg}" 2>"${stderr}"; then
  45. echo "Error (do_test_with_adv) adv: ${adv} response: ${response}" >&2
  46. [ -r "${stderr}" ] && cat "${stderr}" >&2
  47. return 1
  48. fi
  49. }
  50. validate_output() {
  51. local output="${1}"
  52. if grep -Fq jose "${output}"; then
  53. tang_error "'jose' is not expected to appear in the error output"
  54. fi
  55. }
  56. trap 'on_exit' EXIT
  57. TMP="$(mktemp -d)"
  58. CASES="${TMP}/cases"
  59. mkdir -p "${CASES}"
  60. port=$(tang_new_random_port)
  61. # Let's test server responses.
  62. # Case 1 - regular advertisement - PASS.
  63. RESP="${CASES}"/good-01
  64. cat << EOF > "${RESP}"
  65. HTTP/1.0 200 OK
  66. $(tang_create_adv "${TMP}" /dev/stdout)
  67. EOF
  68. # Case 2 - bad advertisement.
  69. RESP="${CASES}"/bad-01
  70. adv='{'
  71. cat << EOF > "${RESP}"
  72. HTTP/1.0 200 OK
  73. ${adv}
  74. EOF
  75. # Case 3 - returning 404.
  76. RESP="${CASES}"/bad-02
  77. cat << EOF > "${RESP}"
  78. HTTP/1.0 404 Not Found
  79. EOF
  80. # case 4 - returning 301.
  81. RESP="${CASES}"/bad-03
  82. cat << EOF > "${RESP}"
  83. HTTP/1.0 301 Moved Permanently
  84. EOF
  85. # case 5 - returning 500.
  86. RESP="${CASES}"/bad-04
  87. cat << EOF > "${RESP}"
  88. HTTP/1.0 500 Internal Server Error
  89. EOF
  90. for c in "${CASES}"/good-*; do
  91. port=$(tang_new_random_port)
  92. STDERR="${c}".stderr
  93. do_test "${port}" "${c}" "${STDERR}"
  94. validate_output "${STDERR}"
  95. done
  96. # Tests where bind is expected to fail (validate is still expected to succeed).
  97. for c in "${CASES}"/bad-*; do
  98. port=$(tang_new_random_port)
  99. STDERR="${c}".stderr
  100. ! do_test "${port}" "${c}" "${STDERR}"
  101. validate_output "${STDERR}"
  102. done
  103. # Now let's do some tests passing "adv" in the configuration.
  104. STDERR="${CASES}"/stderr
  105. for adv in "[]" "]" "" "{}"; do
  106. ! do_test_with_adv "${port}" "${adv}" "${STDERR}"
  107. validate_output "${STDERR}"
  108. done
  109. # Now let's use existing files as well.
  110. tang_run "${TMP}" "${port}"
  111. touch "${CASES}"/adv-bad-01
  112. echo '{' > "${CASES}"/adv-bad-02
  113. echo "foobar" > "${CASES}"/adv-bad-03
  114. tang_get_adv "${port}" "${CASES}"/adv-good-01
  115. # Tests where bind is expected to pass.
  116. for adv in "${CASES}"/adv-good-*; do
  117. STDERR="${adv}".stderr
  118. do_test_with_adv "${port}" "${adv}" "${STDERR}"
  119. validate_output "${STDERR}"
  120. done
  121. # Tests where bind is expected to fail. validate still should pass.
  122. for adv in "${CASES}"/adv-bad-*; do
  123. STDERR="${adv}".stderr
  124. ! do_test_with_adv "${port}" "${adv}" "${STDERR}"
  125. validate_output "${STDERR}"
  126. done