123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232 |
- Subject: Tests: unify tests
- Origin: upstream, v9-3-g69b47ce <https://github.com/latchset/tang/commit/v9-3-g69b47ce>
- Upstream-Author: Sergio Correia <scorreia@redhat.com>
- Date: Wed Apr 28 20:54:16 2021 -0300
- Let's try to not duplicate tests but instead reuse them across the
- supported platforms.
- --- a/tests/adv
- +++ b/tests/adv
- @@ -1,4 +1,4 @@
- -#!/bin/bash -x
- +#!/bin/sh -ex
- # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
- #
- # Copyright (c) 2016 Red Hat, Inc.
- @@ -18,35 +18,11 @@
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- #
-
- -function fetch() {
- - curl -sfg http://127.0.0.1:$PORT$1
- -}
- -
- -function ver() {
- - jose jws ver -i- -k "$1"
- -}
- -
- -function on_exit() {
- - if [ "$PID" ]; then kill $PID; wait $PID || true; fi
- - [ -d "$TMP" ] && rm -rf $TMP
- -}
- -
- -validate() {
- - if ! _jwks="$(jose fmt --json="${1}" -Og payload -SyOg keys \
- - -AUo- 2>/dev/null)"; then
- - echo "Advertisement is malformed" >&2
- - exit 1
- - fi
- - _ver="$(printf '%s' "${_jwks}" | jose jwk use -i- -r -u verify -o-)"
- - if ! printf '%s' "${_ver}" | jose jws ver -i "${1}" -k- -a; then
- - echo "Advertisement is missing signatures" >&2
- - exit 1
- - fi
- -}
- +. helpers
-
- -trap 'on_exit' EXIT
- -trap 'exit' ERR
- +sanity_check
-
- +trap 'on_exit' EXIT
- export TMP=`mktemp -d`
- mkdir -p $TMP/db
-
- @@ -54,8 +30,8 @@
- jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.sig.jwk
- jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.oth.jwk
-
- -export PORT=`shuf -i 1024-65536 -n 1`
- -$SD_ACTIVATE -l "127.0.0.1:$PORT" -a $VALGRIND tangd $TMP/db &
- +export PORT=$(random_port)
- +start_server "${PORT}"
- export PID=$!
- sleep 0.5
-
- @@ -95,7 +71,7 @@
- -g 0 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU \
- -g 1 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU
-
- -test "$(tang-show-keys $PORT)" == "$(jose jwk thp -i $TMP/db/sig.jwk)"
- +test "$(tang-show-keys $PORT)" = "$(jose jwk thp -i $TMP/db/sig.jwk)"
-
- # Check that new keys will be created if none exist.
- rm -rf "${TMP}/db" && mkdir -p "${TMP}/db"
- --- /dev/null
- +++ b/tests/helpers
- @@ -0,0 +1,62 @@
- +#!/bin/sh -ex
- +# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
- +#
- +# Copyright (c) 2016 Red Hat, Inc.
- +# Author: Nathaniel McCallum <npmccallum@redhat.com>
- +#
- +# This program is free software: you can redistribute it and/or modify
- +# it under the terms of the GNU General Public License as published by
- +# the Free Software Foundation, either version 3 of the License, or
- +# (at your option) any later version.
- +#
- +# This program is distributed in the hope that it will be useful,
- +# but WITHOUT ANY WARRANTY; without even the implied warranty of
- +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- +# GNU General Public License for more details.
- +#
- +# You should have received a copy of the GNU General Public License
- +# along with this program. If not, see <http://www.gnu.org/licenses/>.
- +#
- +
- +fetch() {
- + curl -sfg "http://127.0.0.1:${PORT}${1}"
- +}
- +
- +ver() {
- + jose jws ver -i- -k "${1}"
- +}
- +
- +random_port() {
- + if [ -n "${TANG_BSD}" ]; then
- + jot -r 1 1024 65536
- + else
- + shuf -i 1024-65536 -n 1
- + fi
- +}
- +
- +start_server() {
- + "${SOCAT}" TCP-LISTEN:"${1}",bind=127.0.0.1,fork SYSTEM:"${VALGRIND} tangd ${TMP}/db" &
- +}
- +
- +on_exit() {
- + if [ "$PID" ]; then kill "${PID}"; wait "${PID}" || true; fi
- + [ -d "${TMP}" ] && rm -rf "${TMP}"
- +}
- +
- +validate() {
- + if ! _jwks="$(jose fmt --json="${1}" -Og payload -SyOg keys \
- + -AUo- 2>/dev/null)"; then
- + echo "Advertisement is malformed" >&2
- + exit 1
- + fi
- + _ver="$(printf '%s' "${_jwks}" | jose jwk use -i- -r -u verify -o-)"
- + if ! printf '%s' "${_ver}" | jose jws ver -i "${1}" -k- -a; then
- + echo "Advertisement is missing signatures" >&2
- + exit 1
- + fi
- +}
- +
- +sanity_check() {
- + # Skip test if socat is not available.
- + [ -n "${SOCAT}" ] || exit 77
- +}
- --- a/tests/meson.build
- +++ b/tests/meson.build
- @@ -18,9 +18,8 @@
- include_directories: incdir
- )
-
- -sd_activate = find_program(
- - 'systemd-socket-activate',
- - 'systemd-activate',
- +socat = find_program(
- + 'socat',
- required: false
- )
-
- @@ -28,15 +27,21 @@
- env.prepend('PATH',
- join_paths(meson.source_root(), 'src'),
- join_paths(meson.build_root(), 'src'),
- + join_paths(meson.source_root(), 'tests'),
- + join_paths(meson.build_root(), 'tests'),
- separator: ':'
- )
-
- -if sd_activate.found()
- - env.set('SD_ACTIVATE', sd_activate.path() + ' --inetd')
- +if build_machine.system() == 'freebsd'
- + env.set('TANG_BSD', '1')
- +endif
-
- - test('adv', find_program('adv'), env: env, timeout: 60)
- - test('rec', find_program('rec'), env: env)
- +if socat.found()
- + env.set('SOCAT', socat.path())
- endif
- +
- +test('adv', find_program('adv'), env: env, timeout: 60)
- +test('rec', find_program('rec'), env: env)
- test('test-keys', test_keys, env: env, timeout: 60)
-
- # vim:set ts=2 sw=2 et:
- --- a/tests/rec
- +++ b/tests/rec
- @@ -1,4 +1,4 @@
- -#!/bin/bash -x
- +#!/bin/sh -ex
- # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
- #
- # Copyright (c) 2016 Red Hat, Inc.
- @@ -18,14 +18,11 @@
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- #
-
- -function on_exit() {
- - if [ "$PID" ]; then kill $PID; wait $PID || true; fi
- - [ -d "$TMP" ] && rm -rf $TMP
- -}
- +. helpers
-
- -trap 'on_exit' EXIT
- -trap 'exit' ERR
- +sanity_check
-
- +trap 'on_exit' EXIT
- export TMP=`mktemp -d`
- mkdir -p $TMP/db
-
- @@ -39,19 +36,19 @@
- jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk
-
- # Start the server
- -port=`shuf -i 1024-65536 -n 1`
- -$SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/db &
- +export PORT=$(random_port)
- +start_server "${PORT}"
- export PID=$!
- sleep 0.5
-
- # Make sure that GET fails
- -! curl -sf http://127.0.0.1:$port/rec
- -! curl -sf http://127.0.0.1:$port/rec/
- +! curl -sf http://127.0.0.1:$PORT/rec
- +! curl -sf http://127.0.0.1:$PORT/rec/
-
- # Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
- good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
- test=`curl -sf -X POST \
- -H "Content-Type: application/jwk+json" \
- --data-binary @- \
- - http://127.0.0.1:$port/rec/${exc_kid} < $TMP/exc.pub.jwk`
- -[ "$good" == "$test" ]
- + http://127.0.0.1:$PORT/rec/${exc_kid} < $TMP/exc.pub.jwk`
- +[ "$good" = "$test" ]
|