From d515a8fe84684980b397cf904ff70fe48ed1ae14 Mon Sep 17 00:00:00 2001 From: Karel Bilek Date: Mon, 9 Dec 2024 13:32:07 +0100 Subject: [PATCH] Simple regression test for existence of SSL keys There is no test for actual validity of the files... just if there is something there. --- regression-tests.dnsdist/test_OutgoingDOH.py | 9 ++++++++- regression-tests.dnsdist/test_OutgoingTLS.py | 9 ++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/regression-tests.dnsdist/test_OutgoingDOH.py b/regression-tests.dnsdist/test_OutgoingDOH.py index 4f73a5a6b7..7b7c31541d 100644 --- a/regression-tests.dnsdist/test_OutgoingDOH.py +++ b/regression-tests.dnsdist/test_OutgoingDOH.py @@ -6,6 +6,7 @@ import requests import ssl import threading import time +import os from dnsdisttests import DNSDistTest, pickAvailablePort @@ -263,6 +264,8 @@ class OutgoingDOHBrokenResponsesTests(object): self.assertEqual(response, receivedResponse) class TestOutgoingDOHOpenSSL(DNSDistTest, OutgoingDOHTests): + if os.path.exists("/tmp/dohkeys"): + os.remove("/tmp/dohkeys") _tlsBackendPort = pickAvailablePort() _tlsProvider = 'openssl' _consoleKey = DNSDistTest.generateConsoleKey() @@ -272,7 +275,7 @@ class TestOutgoingDOHOpenSSL(DNSDistTest, OutgoingDOHTests): setKey("%s") controlSocket("127.0.0.1:%d") setMaxTCPClientThreads(1) - newServer{address="127.0.0.1:%s", tls='%s', validateCertificates=true, caStore='ca.pem', subjectName='powerdns.com', dohPath='/dns-query', pool={'', 'cache'}}:setUp() + newServer{address="127.0.0.1:%s", tls='%s', validateCertificates=true, caStore='ca.pem', subjectName='powerdns.com', dohPath='/dns-query', pool={'', 'cache'}, keyLogFile="/tmp/dohkeys"}:setUp() webserver("127.0.0.1:%s") setWebserverConfig({password="%s", apiKey="%s"}) @@ -283,6 +286,10 @@ class TestOutgoingDOHOpenSSL(DNSDistTest, OutgoingDOHTests): addAction(SuffixMatchNodeRule(smn), PoolAction('cache')) """ + def testZNonEmptyKeyfile(self): + self.assertTrue(os.path.exists("/tmp/dohkeys")) + self.assertTrue(os.path.getsize("/tmp/dohkeys") > 0) + @staticmethod def sniCallback(sslSocket, sni, sslContext): assert(sni == 'powerdns.com') diff --git a/regression-tests.dnsdist/test_OutgoingTLS.py b/regression-tests.dnsdist/test_OutgoingTLS.py index 0430cfd979..534c26789e 100644 --- a/regression-tests.dnsdist/test_OutgoingTLS.py +++ b/regression-tests.dnsdist/test_OutgoingTLS.py @@ -4,6 +4,7 @@ import requests import ssl import threading import time +import os from dnsdisttests import DNSDistTest, pickAvailablePort @@ -137,15 +138,21 @@ class BrokenOutgoingTLSTests(object): self.checkNoResponderHit() class TestOutgoingTLSOpenSSL(DNSDistTest, OutgoingTLSTests): + if os.path.exists("/tmp/dotkeys"): + os.remove("/tmp/dotkeys") _tlsBackendPort = pickAvailablePort() _config_params = ['_tlsBackendPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed'] _config_template = """ setMaxTCPClientThreads(1) - newServer{address="127.0.0.1:%s", tls='openssl', validateCertificates=true, caStore='ca.pem', subjectName='powerdns.com'} + newServer{address="127.0.0.1:%s", tls='openssl', validateCertificates=true, caStore='ca.pem', subjectName='powerdns.com', keyLogFile="/tmp/dotkeys"} webserver("127.0.0.1:%s") setWebserverConfig({password="%s", apiKey="%s"}) """ + def testZNonEmptyKeyfile(self): + self.assertTrue(os.path.exists("/tmp/dotkeys")) + self.assertTrue(os.path.getsize("/tmp/dotkeys") > 0) + @staticmethod def sniCallback(sslSocket, sni, sslContext): assert(sni == 'powerdns.com') -- 2.47.2