]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/80-test_cmp_http.t
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
80-test_cmp_http.t: Improve the way the test server is launched and killed
[thirdparty/openssl.git] / test / recipes / 80-test_cmp_http.t
1 #! /usr/bin/env perl
2 # Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
3 # Copyright Nokia 2007-2019
4 # Copyright Siemens AG 2015-2019
5 #
6 # Licensed under the Apache License 2.0 (the "License"). You may not use
7 # this file except in compliance with the License. You can obtain a copy
8 # in the file LICENSE in the source distribution or at
9 # https://www.openssl.org/source/license.html
10
11 use strict;
12 use warnings;
13
14 use POSIX;
15 use OpenSSL::Test qw/:DEFAULT cmdstr data_file data_dir srctop_dir bldtop_dir result_dir/;
16 use OpenSSL::Test::Utils;
17
18 BEGIN {
19 setup("test_cmp_http");
20 }
21 use lib srctop_dir('Configurations');
22 use lib bldtop_dir('.');
23
24 plan skip_all => "These tests are not supported in a fuzz build"
25 if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|enable-fuzz-afl/;
26
27 plan skip_all => "These tests are not supported in a no-cmp build"
28 if disabled("cmp");
29 plan skip_all => "These tests are not supported in a no-ec build"
30 if disabled("ec");
31 plan skip_all => "These tests are not supported in a no-sock build"
32 if disabled("sock");
33
34 plan skip_all => "Tests involving local HTTP server not available on Windows or VMS"
35 if $^O =~ /^(VMS|MSWin32)$/;
36 plan skip_all => "Tests involving local HTTP server not available in cross-compile builds"
37 if defined $ENV{EXE_SHELL};
38
39 sub chop_dblquot { # chop any leading and trailing '"' (needed for Windows)
40 my $str = shift;
41 $str =~ s/^\"(.*?)\"$/$1/;
42 return $str;
43 }
44
45 my $proxy = "<EMPTY>";
46 $proxy = chop_dblquot($ENV{http_proxy} // $ENV{HTTP_PROXY} // $proxy);
47 $proxy =~ s{^https?://}{}i;
48 my $no_proxy = $ENV{no_proxy} // $ENV{NO_PROXY};
49
50 my $app = "apps/openssl cmp";
51
52 # the CMP server configuration consists of:
53 my $ca_dn; # The CA's Distinguished Name
54 my $server_dn; # The server's Distinguished Name
55 my $server_host;# The server's host name or IP address
56 my $server_port;# The server's port
57 my $server_tls; # The server's TLS port, if any, or 0
58 my $server_path;# The server's CMP alias
59 my $server_cert;# The server's cert
60 my $kur_port; # The server's port for kur (cert update)
61 my $pbm_port; # The server port to be used for PBM
62 my $pbm_ref; # The reference for PBM
63 my $pbm_secret; # The secret for PBM
64 my $column; # The column number of the expected result
65 my $sleep = 0; # The time to sleep between two requests
66 my $server_fh; # Server file handle
67
68 # The local $server_name variables below are among others taken as the name of a
69 # sub-directory with server-specific certs etc. and CA-specific config section.
70
71 sub load_config {
72 my $server_name = shift;
73 my $section = shift;
74 my $test_config = $ENV{OPENSSL_CMP_CONFIG} // "$server_name/test.cnf";
75 open (CH, $test_config) or die "Cannot open $test_config: $!";
76 my $active = 0;
77 while (<CH>) {
78 if (m/\[\s*$section\s*\]/) {
79 $active = 1;
80 } elsif (m/\[\s*.*?\s*\]/) {
81 $active = 0;
82 } elsif ($active) {
83 $ca_dn = $1 eq "" ? '""""' : $1 if m/^\s*ca_dn\s*=\s*(.*)?\s*$/;
84 $server_dn = $1 eq "" ? '""""' : $1 if m/^\s*server_dn\s*=\s*(.*)?\s*$/;
85 $server_host = $1 eq "" ? '""""' : $1 if m/^\s*server_host\s*=\s*(\S*)?\s*(\#.*)?$/;
86 $server_port = $1 eq "" ? '""""' : $1 if m/^\s*server_port\s*=\s*(.*)?\s*$/;
87 $server_tls = $1 eq "" ? '""""' : $1 if m/^\s*server_tls\s*=\s*(.*)?\s*$/;
88 $server_path = $1 eq "" ? '""""' : $1 if m/^\s*server_path\s*=\s*(.*)?\s*$/;
89 $server_cert = $1 eq "" ? '""""' : $1 if m/^\s*server_cert\s*=\s*(.*)?\s*$/;
90 $kur_port = $1 eq "" ? '""""' : $1 if m/^\s*kur_port\s*=\s*(.*)?\s*$/;
91 $pbm_port = $1 eq "" ? '""""' : $1 if m/^\s*pbm_port\s*=\s*(.*)?\s*$/;
92 $pbm_ref = $1 eq "" ? '""""' : $1 if m/^\s*pbm_ref\s*=\s*(.*)?\s*$/;
93 $pbm_secret = $1 eq "" ? '""""' : $1 if m/^\s*pbm_secret\s*=\s*(.*)?\s*$/;
94 $column = $1 eq "" ? '""""' : $1 if m/^\s*column\s*=\s*(.*)?\s*$/;
95 $sleep = $1 eq "" ? '""""' : $1 if m/^\s*sleep\s*=\s*(.*)?\s*$/;
96 }
97 }
98 close CH;
99 die "Cannot find all CMP server config values in $test_config section [$section]\n"
100 if !defined $ca_dn
101 || !defined $server_dn || !defined $server_host
102 || !defined $server_port || !defined $server_tls
103 || !defined $server_path || !defined $server_cert
104 || !defined $kur_port || !defined $pbm_port
105 || !defined $pbm_ref || !defined $pbm_secret
106 || !defined $column || !defined $sleep;
107 $server_dn = $server_dn // $ca_dn;
108 }
109
110 my @server_configurations = ("Mock");
111 @server_configurations = split /\s+/, $ENV{OPENSSL_CMP_SERVER} if $ENV{OPENSSL_CMP_SERVER};
112 # set env variable, e.g., OPENSSL_CMP_SERVER="Mock Insta" to include further CMP servers
113
114 my @all_aspects = ("connection", "verification", "credentials", "commands", "enrollment");
115 @all_aspects = split /\s+/, $ENV{OPENSSL_CMP_ASPECTS} if $ENV{OPENSSL_CMP_ASPECTS};
116 # set env variable, e.g., OPENSSL_CMP_ASPECTS="commands enrollment" to select specific aspects
117
118 my $faillog;
119 my $file = $ENV{HARNESS_FAILLOG}; # pathname relative to result_dir
120 if ($file) {
121 open($faillog, ">", $file) or die "Cannot open $file for writing: $!";
122 }
123
124 sub test_cmp_http {
125 my $server_name = shift;
126 my $aspect = shift;
127 my $n = shift;
128 my $i = shift;
129 my $title = shift;
130 my $params = shift;
131 my $expected_result = shift;
132 my $path_app = bldtop_dir($app);
133 $params = [ '-server', "127.0.0.1:$server_port", @$params ]
134 unless grep { $_ eq '-server' } @$params;
135
136 unless (is(my $actual_result = run(cmd([$path_app, @$params,])),
137 $expected_result,
138 $title)) {
139 if ($faillog) {
140 my $quote_spc_empty = sub { $_ eq "" ? '""' : $_ =~ m/ / ? '"'.$_.'"' : $_ };
141 my $invocation = "$path_app ".join(' ', map $quote_spc_empty->($_), @$params);
142 print $faillog "$server_name $aspect \"$title\" ($i/$n)".
143 " expected=$expected_result actual=$actual_result\n";
144 print $faillog "$invocation\n\n";
145 }
146 }
147 }
148
149 sub test_cmp_http_aspect {
150 my $server_name = shift;
151 my $aspect = shift;
152 my $tests = shift;
153 subtest "CMP app CLI $server_name $aspect\n" => sub {
154 my $n = scalar @$tests;
155 plan tests => $n;
156 my $i = 1;
157 foreach (@$tests) {
158 test_cmp_http($server_name, $aspect, $n, $i++, $$_[0], $$_[1], $$_[2]);
159 sleep($sleep);
160 }
161 };
162 # not unlinking test.certout*.pem, test.cacerts.pem, and test.extracerts.pem
163 }
164
165 # The input files for the tests done here dynamically depend on the test server
166 # selected (where the Mock server used by default is just one possibility).
167 # On the other hand the main test configuration file test.cnf, which references
168 # several server-dependent input files by relative file names, is static.
169 # Moreover the tests use much greater variety of input files than output files.
170 # Therefore we chose the current directory as a subdirectory of $SRCTOP and it
171 # was simpler to prepend the output file names by BLDTOP than doing the tests
172 # from $BLDTOP/test-runs/test_cmp_http and prepending the input files by SRCTOP.
173
174 indir data_dir() => sub {
175 plan tests => @server_configurations * @all_aspects
176 + (grep(/^Mock$/, @server_configurations)
177 && grep(/^certstatus$/, @all_aspects));
178
179 foreach my $server_name (@server_configurations) {
180 $server_name = chop_dblquot($server_name);
181 load_config($server_name, $server_name);
182 {
183 SKIP: {
184 my $pid;
185 if ($server_name eq "Mock") {
186 indir "Mock" => sub {
187 $pid = start_mock_server("");
188 die "Cannot start or find the started CMP mock server" unless $pid;
189 }
190 }
191 foreach my $aspect (@all_aspects) {
192 $aspect = chop_dblquot($aspect);
193 next if $server_name eq "Mock" && $aspect eq "certstatus";
194 load_config($server_name, $aspect); # update with any aspect-specific settings
195 indir $server_name => sub {
196 my $tests = load_tests($server_name, $aspect);
197 test_cmp_http_aspect($server_name, $aspect, $tests);
198 };
199 };
200 stop_mock_server($pid) if $pid;
201 }
202 }
203 };
204 };
205
206 close($faillog) if $faillog;
207
208 sub load_tests {
209 my $server_name = shift;
210 my $aspect = shift;
211 my $test_config = $ENV{OPENSSL_CMP_CONFIG} // "$server_name/test.cnf";
212 my $file = data_file("test_$aspect.csv");
213 my $result_dir = result_dir();
214 my @result;
215
216 open(my $data, '<', $file) || die "Cannot open $file for reading: $!";
217 LOOP:
218 while (my $line = <$data>) {
219 chomp $line;
220 $line =~ s{\r\n}{\n}g; # adjust line endings
221 $line =~ s{_CA_DN}{$ca_dn}g;
222 $line =~ s{_SERVER_DN}{$server_dn}g;
223 $line =~ s{_SERVER_HOST}{$server_host}g;
224 $line =~ s{_SERVER_PORT}{$server_port}g;
225 $line =~ s{_SERVER_TLS}{$server_tls}g;
226 $line =~ s{_SERVER_PATH}{$server_path}g;
227 $line =~ s{_SERVER_CERT}{$server_cert}g;
228 $line =~ s{_KUR_PORT}{$kur_port}g;
229 $line =~ s{_PBM_PORT}{$pbm_port}g;
230 $line =~ s{_PBM_REF}{$pbm_ref}g;
231 $line =~ s{_PBM_SECRET}{$pbm_secret}g;
232 $line =~ s{_RESULT_DIR}{$result_dir}g;
233
234 next LOOP if $server_tls == 0 && $line =~ m/,\s*-tls_used\s*,/;
235 my $noproxy = $no_proxy;
236 if ($line =~ m/,\s*-no_proxy\s*,(.*?)(,|$)/) {
237 $noproxy = $1;
238 } elsif ($server_host eq "127.0.0.1") {
239 # do connections to localhost (e.g., Mock server) without proxy
240 $line =~ s{-section,,}{-section,,-no_proxy,127.0.0.1,} ;
241 }
242 if ($line =~ m/,\s*-proxy\s*,/) {
243 next LOOP if $no_proxy && ($noproxy =~ $server_host);
244 } else {
245 $line =~ s{-section,,}{-section,,-proxy,$proxy,};
246 }
247 $line =~ s{-section,,}{-section,,-certout,$result_dir/test.cert.pem,};
248 $line =~ s{-section,,}{-config,../$test_config,-section,$server_name $aspect,};
249
250 my @fields = grep /\S/, split ",", $line;
251 s/^<EMPTY>$// for (@fields); # used for proxy=""
252 s/^\s+// for (@fields); # remove leading whitespace from elements
253 s/\s+$// for (@fields); # remove trailing whitespace from elements
254 s/^\"(\".*?\")\"$/$1/ for (@fields); # remove escaping from quotation marks from elements
255 my $expected_result = $fields[$column];
256 my $description = 1;
257 my $title = $fields[$description];
258 next LOOP if (!defined($expected_result)
259 || ($expected_result ne 0 && $expected_result ne 1));
260 @fields = grep {$_ ne 'BLANK'} @fields[$description + 1 .. @fields - 1];
261 push @result, [$title, \@fields, $expected_result];
262 }
263 close($data);
264 return \@result;
265 }
266
267 sub start_mock_server {
268 my $args = $_[0]; # optional further CLI arguments
269 my $cmd = cmdstr(app(['openssl', 'cmp', '-config', 'server.cnf',
270 $args ? $args : ()]), display => 1);
271 print "Current directory is ".getcwd()."\n";
272 print "Launching mock server: $cmd\n";
273 die "Invalid port: $server_port" unless $server_port =~ m/^\d+$/;
274 my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd";
275 print "Pid is: $pid\n";
276 if ($server_port == 0) {
277 # Find out the actual server port
278 while (<$server_fh>) {
279 print "Server output: $_";
280 next if m/using section/;
281 s/\R$//; # Better chomp
282 ($server_port, $pid) = ($1, $2) if /^ACCEPT\s.*:(\d+) PID=(\d+)$/;
283 last; # Do not loop further to prevent hangs on server misbehavior
284 }
285 }
286 unless ($server_port > 0) {
287 stop_mock_server($pid);
288 return 0;
289 }
290 $server_tls = $kur_port = $pbm_port = $server_port;
291 return $pid;
292 }
293
294 sub stop_mock_server {
295 my $pid = $_[0];
296 print "Killing mock server with pid=$pid\n";
297 kill('QUIT', $pid);
298 }
A mirror of the official openssl repository