git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
tang
1
0
Fork 0
Files
Tree: 25efc194d4
Branches Tags
tang
/
debian
/
patches
/
cherry-pick
/
1619654056.v9-3-g69b47ce.tests-unify-tests.patch

1619654056.v9-3-g69b47ce.tests-unify-tests.patch 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232 
  1. Subject: Tests: unify tests
    2. 

  2. Origin: v9-3-g69b47ce <https://github.com/latchset/tang/commit/v9-3-g69b47ce>
    3. 

  3. Upstream-Author: Sergio Correia <scorreia@redhat.com>
    4. 

  4. Date: Wed Apr 28 20:54:16 2021 -0300
    5. 

  5. 

  6.     Let's try to not duplicate tests but instead reuse them across the
    7. 

  7.     supported platforms.
    8. 

  8. 

  9. --- a/tests/adv
    10. 

  10. +++ b/tests/adv
    11. 

  11. @@ -1,4 +1,4 @@
    12. 

  12. -#!/bin/bash -x
    13. 

  13. +#!/bin/sh -ex
    14. 

  14.  # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
    15. 

  15.  #
    16. 

  16.  # Copyright (c) 2016 Red Hat, Inc.
    17. 

  17. @@ -18,35 +18,11 @@
    18. 

  18.  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    19. 

  19.  #
    20. 

  20.  
    21. 

  21. -function fetch() {
    22. 

  22. -    curl -sfg http://127.0.0.1:$PORT$1
    23. 

  23. -}
    24. 

  24. -
    25. 

  25. -function ver() {
    26. 

  26. -    jose jws ver -i- -k "$1"
    27. 

  27. -}
    28. 

  28. -
    29. 

  29. -function on_exit() {
    30. 

  30. -    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
    31. 

  31. -    [ -d "$TMP" ] && rm -rf $TMP
    32. 

  32. -}
    33. 

  33. -
    34. 

  34. -validate() {
    35. 

  35. -    if ! _jwks="$(jose fmt --json="${1}" -Og payload -SyOg keys \
    36. 

  36. -                 -AUo- 2>/dev/null)"; then
    37. 

  37. -        echo "Advertisement is malformed" >&2
    38. 

  38. -        exit 1
    39. 

  39. -    fi
    40. 

  40. -    _ver="$(printf '%s' "${_jwks}" | jose jwk use -i- -r -u verify -o-)"
    41. 

  41. -    if ! printf '%s' "${_ver}" | jose jws ver -i "${1}" -k- -a; then
    42. 

  42. -        echo "Advertisement is missing signatures" >&2
    43. 

  43. -        exit 1
    44. 

  44. -    fi
    45. 

  45. -}
    46. 

  46. +. helpers
    47. 

  47.  
    48. 

  48. -trap 'on_exit' EXIT
    49. 

  49. -trap 'exit' ERR
    50. 

  50. +sanity_check
    51. 

  51.  
    52. 

  52. +trap 'on_exit' EXIT
    53. 

  53.  export TMP=`mktemp -d`
    54. 

  54.  mkdir -p $TMP/db
    55. 

  55.  
    56. 

  56. @@ -54,8 +30,8 @@
    57. 

  57.  jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.sig.jwk
    58. 

  58.  jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.oth.jwk
    59. 

  59.  
    60. 

  60. -export PORT=`shuf -i 1024-65536 -n 1`
    61. 

  61. -$SD_ACTIVATE -l "127.0.0.1:$PORT" -a $VALGRIND tangd $TMP/db &
    62. 

  62. +export PORT=$(random_port)
    63. 

  63. +start_server "${PORT}"
    64. 

  64.  export PID=$!
    65. 

  65.  sleep 0.5
    66. 

  66.  
    67. 

  67. @@ -95,7 +71,7 @@
    68. 

  68.                 -g 0 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU \
    69. 

  69.                 -g 1 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU
    70. 

  70.  
    71. 

  71. -test "$(tang-show-keys $PORT)" == "$(jose jwk thp -i $TMP/db/sig.jwk)"
    72. 

  72. +test "$(tang-show-keys $PORT)" = "$(jose jwk thp -i $TMP/db/sig.jwk)"
    73. 

  73.  
    74. 

  74.  # Check that new keys will be created if none exist.
    75. 

  75.  rm -rf "${TMP}/db" && mkdir -p "${TMP}/db"
    76. 

  76. --- /dev/null
    77. 

  77. +++ b/tests/helpers
    78. 

  78. @@ -0,0 +1,62 @@
    79. 

  79. +#!/bin/sh -ex
    80. 

  80. +# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
    81. 

  81. +#
    82. 

  82. +# Copyright (c) 2016 Red Hat, Inc.
    83. 

  83. +# Author: Nathaniel McCallum <npmccallum@redhat.com>
    84. 

  84. +#
    85. 

  85. +# This program is free software: you can redistribute it and/or modify
    86. 

  86. +# it under the terms of the GNU General Public License as published by
    87. 

  87. +# the Free Software Foundation, either version 3 of the License, or
    88. 

  88. +# (at your option) any later version.
    89. 

  89. +#
    90. 

  90. +# This program is distributed in the hope that it will be useful,
    91. 

  91. +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    92. 

  92. +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    93. 

  93. +# GNU General Public License for more details.
    94. 

  94. +#
    95. 

  95. +# You should have received a copy of the GNU General Public License
    96. 

  96. +# along with this program.  If not, see <http://www.gnu.org/licenses/>.
    97. 

  97. +#
    98. 

  98. +
    99. 

  99. +fetch() {
    100. 

  100. +    curl -sfg "http://127.0.0.1:${PORT}${1}"
    101. 

  101. +}
    102. 

  102. +
    103. 

  103. +ver() {
    104. 

  104. +    jose jws ver -i- -k "${1}"
    105. 

  105. +}
    106. 

  106. +
    107. 

  107. +random_port() {
    108. 

  108. +    if [ -n "${TANG_BSD}" ]; then
    109. 

  109. +        jot -r 1 1024 65536
    110. 

  110. +    else
    111. 

  111. +        shuf -i 1024-65536 -n 1
    112. 

  112. +    fi
    113. 

  113. +}
    114. 

  114. +
    115. 

  115. +start_server() {
    116. 

  116. +    "${SOCAT}" TCP-LISTEN:"${1}",bind=127.0.0.1,fork SYSTEM:"${VALGRIND} tangd ${TMP}/db" &
    117. 

  117. +}
    118. 

  118. +
    119. 

  119. +on_exit() {
    120. 

  120. +    if [ "$PID" ]; then kill "${PID}"; wait "${PID}" || true; fi
    121. 

  121. +    [ -d "${TMP}" ] && rm -rf "${TMP}"
    122. 

  122. +}
    123. 

  123. +
    124. 

  124. +validate() {
    125. 

  125. +    if ! _jwks="$(jose fmt --json="${1}" -Og payload -SyOg keys \
    126. 

  126. +                 -AUo- 2>/dev/null)"; then
    127. 

  127. +        echo "Advertisement is malformed" >&2
    128. 

  128. +        exit 1
    129. 

  129. +    fi
    130. 

  130. +    _ver="$(printf '%s' "${_jwks}" | jose jwk use -i- -r -u verify -o-)"
    131. 

  131. +    if ! printf '%s' "${_ver}" | jose jws ver -i "${1}" -k- -a; then
    132. 

  132. +        echo "Advertisement is missing signatures" >&2
    133. 

  133. +        exit 1
    134. 

  134. +    fi
    135. 

  135. +}
    136. 

  136. +
    137. 

  137. +sanity_check() {
    138. 

  138. +    # Skip test if socat is not available.
    139. 

  139. +    [ -n "${SOCAT}" ] || exit 77
    140. 

  140. +}
    141. 

  141. --- a/tests/meson.build
    142. 

  142. +++ b/tests/meson.build
    143. 

  143. @@ -18,9 +18,8 @@
    144. 

  144.    include_directories: incdir
    145. 

  145.  )
    146. 

  146.  
    147. 

  147. -sd_activate = find_program(
    148. 

  148. -  'systemd-socket-activate',
    149. 

  149. -  'systemd-activate',
    150. 

  150. +socat = find_program(
    151. 

  151. +  'socat',
    152. 

  152.    required: false
    153. 

  153.  )
    154. 

  154.  
    155. 

  155. @@ -28,15 +27,21 @@
    156. 

  156.  env.prepend('PATH',
    157. 

  157.    join_paths(meson.source_root(), 'src'),
    158. 

  158.    join_paths(meson.build_root(), 'src'),
    159. 

  159. +  join_paths(meson.source_root(), 'tests'),
    160. 

  160. +  join_paths(meson.build_root(), 'tests'),
    161. 

  161.    separator: ':'
    162. 

  162.  )
    163. 

  163.  
    164. 

  164. -if sd_activate.found()
    165. 

  165. -  env.set('SD_ACTIVATE', sd_activate.path() + ' --inetd')
    166. 

  166. +if build_machine.system() == 'freebsd'
    167. 

  167. +  env.set('TANG_BSD', '1')
    168. 

  168. +endif
    169. 

  169.  
    170. 

  170. -  test('adv', find_program('adv'), env: env, timeout: 60)
    171. 

  171. -  test('rec', find_program('rec'), env: env)
    172. 

  172. +if socat.found()
    173. 

  173. +  env.set('SOCAT', socat.path())
    174. 

  174.  endif
    175. 

  175. +
    176. 

  176. +test('adv', find_program('adv'), env: env, timeout: 60)
    177. 

  177. +test('rec', find_program('rec'), env: env)
    178. 

  178.  test('test-keys', test_keys, env: env, timeout: 60)
    179. 

  179.  
    180. 

  180.  # vim:set ts=2 sw=2 et:
    181. 

  181. --- a/tests/rec
    182. 

  182. +++ b/tests/rec
    183. 

  183. @@ -1,4 +1,4 @@
    184. 

  184. -#!/bin/bash -x
    185. 

  185. +#!/bin/sh -ex
    186. 

  186.  # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
    187. 

  187.  #
    188. 

  188.  # Copyright (c) 2016 Red Hat, Inc.
    189. 

  189. @@ -18,14 +18,11 @@
    190. 

  190.  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    191. 

  191.  #
    192. 

  192.  
    193. 

  193. -function on_exit() {
    194. 

  194. -    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
    195. 

  195. -    [ -d "$TMP" ] && rm -rf $TMP
    196. 

  196. -}
    197. 

  197. +. helpers
    198. 

  198.  
    199. 

  199. -trap 'on_exit' EXIT
    200. 

  200. -trap 'exit' ERR
    201. 

  201. +sanity_check
    202. 

  202.  
    203. 

  203. +trap 'on_exit' EXIT
    204. 

  204.  export TMP=`mktemp -d`
    205. 

  205.  mkdir -p $TMP/db
    206. 

  206.  
    207. 

  207. @@ -39,19 +36,19 @@
    208. 

  208.  jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk
    209. 

  209.  
    210. 

  210.  # Start the server
    211. 

  211. -port=`shuf -i 1024-65536 -n 1`
    212. 

  212. -$SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/db &
    213. 

  213. +export PORT=$(random_port)
    214. 

  214. +start_server "${PORT}"
    215. 

  215.  export PID=$!
    216. 

  216.  sleep 0.5
    217. 

  217.  
    218. 

  218.  # Make sure that GET fails
    219. 

  219. -! curl -sf http://127.0.0.1:$port/rec
    220. 

  220. -! curl -sf http://127.0.0.1:$port/rec/
    221. 

  221. +! curl -sf http://127.0.0.1:$PORT/rec
    222. 

  222. +! curl -sf http://127.0.0.1:$PORT/rec/
    223. 

  223.  
    224. 

  224.  # Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
    225. 

  225.  good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
    226. 

  226.  test=`curl -sf -X POST \
    227. 

  227.             -H "Content-Type: application/jwk+json" \
    228. 

  228.             --data-binary @- \
    229. 

  229. -           http://127.0.0.1:$port/rec/${exc_kid} < $TMP/exc.pub.jwk`
    230. 

  230. -[ "$good" == "$test" ]
    231. 

  231. +           http://127.0.0.1:$PORT/rec/${exc_kid} < $TMP/exc.pub.jwk`
    232. 

  232. +[ "$good" = "$test" ]
    233.