|
@@ -1,232 +0,0 @@
|
|
|
-Subject: Tests: unify tests
|
|
|
-Origin: v9-3-g69b47ce <https://github.com/latchset/tang/commit/v9-3-g69b47ce>
|
|
|
-Upstream-Author: Sergio Correia <scorreia@redhat.com>
|
|
|
-Date: Wed Apr 28 20:54:16 2021 -0300
|
|
|
-
|
|
|
- Let's try to not duplicate tests but instead reuse them across the
|
|
|
- supported platforms.
|
|
|
-
|
|
|
---- a/tests/adv
|
|
|
-+++ b/tests/adv
|
|
|
-@@ -1,4 +1,4 @@
|
|
|
--#!/bin/bash -x
|
|
|
-+#!/bin/sh -ex
|
|
|
- # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
|
|
|
- #
|
|
|
- # Copyright (c) 2016 Red Hat, Inc.
|
|
|
-@@ -18,35 +18,11 @@
|
|
|
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
- #
|
|
|
-
|
|
|
--function fetch() {
|
|
|
-- curl -sfg http://127.0.0.1:$PORT$1
|
|
|
--}
|
|
|
--
|
|
|
--function ver() {
|
|
|
-- jose jws ver -i- -k "$1"
|
|
|
--}
|
|
|
--
|
|
|
--function on_exit() {
|
|
|
-- if [ "$PID" ]; then kill $PID; wait $PID || true; fi
|
|
|
-- [ -d "$TMP" ] && rm -rf $TMP
|
|
|
--}
|
|
|
--
|
|
|
--validate() {
|
|
|
-- if ! _jwks="$(jose fmt --json="${1}" -Og payload -SyOg keys \
|
|
|
-- -AUo- 2>/dev/null)"; then
|
|
|
-- echo "Advertisement is malformed" >&2
|
|
|
-- exit 1
|
|
|
-- fi
|
|
|
-- _ver="$(printf '%s' "${_jwks}" | jose jwk use -i- -r -u verify -o-)"
|
|
|
-- if ! printf '%s' "${_ver}" | jose jws ver -i "${1}" -k- -a; then
|
|
|
-- echo "Advertisement is missing signatures" >&2
|
|
|
-- exit 1
|
|
|
-- fi
|
|
|
--}
|
|
|
-+. helpers
|
|
|
-
|
|
|
--trap 'on_exit' EXIT
|
|
|
--trap 'exit' ERR
|
|
|
-+sanity_check
|
|
|
-
|
|
|
-+trap 'on_exit' EXIT
|
|
|
- export TMP=`mktemp -d`
|
|
|
- mkdir -p $TMP/db
|
|
|
-
|
|
|
-@@ -54,8 +30,8 @@
|
|
|
- jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.sig.jwk
|
|
|
- jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.oth.jwk
|
|
|
-
|
|
|
--export PORT=`shuf -i 1024-65536 -n 1`
|
|
|
--$SD_ACTIVATE -l "127.0.0.1:$PORT" -a $VALGRIND tangd $TMP/db &
|
|
|
-+export PORT=$(random_port)
|
|
|
-+start_server "${PORT}"
|
|
|
- export PID=$!
|
|
|
- sleep 0.5
|
|
|
-
|
|
|
-@@ -95,7 +71,7 @@
|
|
|
- -g 0 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU \
|
|
|
- -g 1 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU
|
|
|
-
|
|
|
--test "$(tang-show-keys $PORT)" == "$(jose jwk thp -i $TMP/db/sig.jwk)"
|
|
|
-+test "$(tang-show-keys $PORT)" = "$(jose jwk thp -i $TMP/db/sig.jwk)"
|
|
|
-
|
|
|
- # Check that new keys will be created if none exist.
|
|
|
- rm -rf "${TMP}/db" && mkdir -p "${TMP}/db"
|
|
|
---- /dev/null
|
|
|
-+++ b/tests/helpers
|
|
|
-@@ -0,0 +1,62 @@
|
|
|
-+#!/bin/sh -ex
|
|
|
-+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
|
|
|
-+#
|
|
|
-+# Copyright (c) 2016 Red Hat, Inc.
|
|
|
-+# Author: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
-+#
|
|
|
-+# This program is free software: you can redistribute it and/or modify
|
|
|
-+# it under the terms of the GNU General Public License as published by
|
|
|
-+# the Free Software Foundation, either version 3 of the License, or
|
|
|
-+# (at your option) any later version.
|
|
|
-+#
|
|
|
-+# This program is distributed in the hope that it will be useful,
|
|
|
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
-+# GNU General Public License for more details.
|
|
|
-+#
|
|
|
-+# You should have received a copy of the GNU General Public License
|
|
|
-+# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
-+#
|
|
|
-+
|
|
|
-+fetch() {
|
|
|
-+ curl -sfg "http://127.0.0.1:${PORT}${1}"
|
|
|
-+}
|
|
|
-+
|
|
|
-+ver() {
|
|
|
-+ jose jws ver -i- -k "${1}"
|
|
|
-+}
|
|
|
-+
|
|
|
-+random_port() {
|
|
|
-+ if [ -n "${TANG_BSD}" ]; then
|
|
|
-+ jot -r 1 1024 65536
|
|
|
-+ else
|
|
|
-+ shuf -i 1024-65536 -n 1
|
|
|
-+ fi
|
|
|
-+}
|
|
|
-+
|
|
|
-+start_server() {
|
|
|
-+ "${SOCAT}" TCP-LISTEN:"${1}",bind=127.0.0.1,fork SYSTEM:"${VALGRIND} tangd ${TMP}/db" &
|
|
|
-+}
|
|
|
-+
|
|
|
-+on_exit() {
|
|
|
-+ if [ "$PID" ]; then kill "${PID}"; wait "${PID}" || true; fi
|
|
|
-+ [ -d "${TMP}" ] && rm -rf "${TMP}"
|
|
|
-+}
|
|
|
-+
|
|
|
-+validate() {
|
|
|
-+ if ! _jwks="$(jose fmt --json="${1}" -Og payload -SyOg keys \
|
|
|
-+ -AUo- 2>/dev/null)"; then
|
|
|
-+ echo "Advertisement is malformed" >&2
|
|
|
-+ exit 1
|
|
|
-+ fi
|
|
|
-+ _ver="$(printf '%s' "${_jwks}" | jose jwk use -i- -r -u verify -o-)"
|
|
|
-+ if ! printf '%s' "${_ver}" | jose jws ver -i "${1}" -k- -a; then
|
|
|
-+ echo "Advertisement is missing signatures" >&2
|
|
|
-+ exit 1
|
|
|
-+ fi
|
|
|
-+}
|
|
|
-+
|
|
|
-+sanity_check() {
|
|
|
-+ # Skip test if socat is not available.
|
|
|
-+ [ -n "${SOCAT}" ] || exit 77
|
|
|
-+}
|
|
|
---- a/tests/meson.build
|
|
|
-+++ b/tests/meson.build
|
|
|
-@@ -18,9 +18,8 @@
|
|
|
- include_directories: incdir
|
|
|
- )
|
|
|
-
|
|
|
--sd_activate = find_program(
|
|
|
-- 'systemd-socket-activate',
|
|
|
-- 'systemd-activate',
|
|
|
-+socat = find_program(
|
|
|
-+ 'socat',
|
|
|
- required: false
|
|
|
- )
|
|
|
-
|
|
|
-@@ -28,15 +27,21 @@
|
|
|
- env.prepend('PATH',
|
|
|
- join_paths(meson.source_root(), 'src'),
|
|
|
- join_paths(meson.build_root(), 'src'),
|
|
|
-+ join_paths(meson.source_root(), 'tests'),
|
|
|
-+ join_paths(meson.build_root(), 'tests'),
|
|
|
- separator: ':'
|
|
|
- )
|
|
|
-
|
|
|
--if sd_activate.found()
|
|
|
-- env.set('SD_ACTIVATE', sd_activate.path() + ' --inetd')
|
|
|
-+if build_machine.system() == 'freebsd'
|
|
|
-+ env.set('TANG_BSD', '1')
|
|
|
-+endif
|
|
|
-
|
|
|
-- test('adv', find_program('adv'), env: env, timeout: 60)
|
|
|
-- test('rec', find_program('rec'), env: env)
|
|
|
-+if socat.found()
|
|
|
-+ env.set('SOCAT', socat.path())
|
|
|
- endif
|
|
|
-+
|
|
|
-+test('adv', find_program('adv'), env: env, timeout: 60)
|
|
|
-+test('rec', find_program('rec'), env: env)
|
|
|
- test('test-keys', test_keys, env: env, timeout: 60)
|
|
|
-
|
|
|
- # vim:set ts=2 sw=2 et:
|
|
|
---- a/tests/rec
|
|
|
-+++ b/tests/rec
|
|
|
-@@ -1,4 +1,4 @@
|
|
|
--#!/bin/bash -x
|
|
|
-+#!/bin/sh -ex
|
|
|
- # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
|
|
|
- #
|
|
|
- # Copyright (c) 2016 Red Hat, Inc.
|
|
|
-@@ -18,14 +18,11 @@
|
|
|
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
- #
|
|
|
-
|
|
|
--function on_exit() {
|
|
|
-- if [ "$PID" ]; then kill $PID; wait $PID || true; fi
|
|
|
-- [ -d "$TMP" ] && rm -rf $TMP
|
|
|
--}
|
|
|
-+. helpers
|
|
|
-
|
|
|
--trap 'on_exit' EXIT
|
|
|
--trap 'exit' ERR
|
|
|
-+sanity_check
|
|
|
-
|
|
|
-+trap 'on_exit' EXIT
|
|
|
- export TMP=`mktemp -d`
|
|
|
- mkdir -p $TMP/db
|
|
|
-
|
|
|
-@@ -39,19 +36,19 @@
|
|
|
- jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk
|
|
|
-
|
|
|
- # Start the server
|
|
|
--port=`shuf -i 1024-65536 -n 1`
|
|
|
--$SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/db &
|
|
|
-+export PORT=$(random_port)
|
|
|
-+start_server "${PORT}"
|
|
|
- export PID=$!
|
|
|
- sleep 0.5
|
|
|
-
|
|
|
- # Make sure that GET fails
|
|
|
--! curl -sf http://127.0.0.1:$port/rec
|
|
|
--! curl -sf http://127.0.0.1:$port/rec/
|
|
|
-+! curl -sf http://127.0.0.1:$PORT/rec
|
|
|
-+! curl -sf http://127.0.0.1:$PORT/rec/
|
|
|
-
|
|
|
- # Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
|
|
|
- good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
|
|
|
- test=`curl -sf -X POST \
|
|
|
- -H "Content-Type: application/jwk+json" \
|
|
|
- --data-binary @- \
|
|
|
-- http://127.0.0.1:$port/rec/${exc_kid} < $TMP/exc.pub.jwk`
|
|
|
--[ "$good" == "$test" ]
|
|
|
-+ http://127.0.0.1:$PORT/rec/${exc_kid} < $TMP/exc.pub.jwk`
|
|
|
-+[ "$good" = "$test" ]
|