From: Tomas Krizek Date: Thu, 15 Nov 2018 16:44:15 +0000 (+0100) Subject: pytests: import test_tls_selfsigned_cert (test15) X-Git-Tag: v3.2.0~18^2~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aaf6526684d64c245f83e157770230298909f408;p=thirdparty%2Fknot-resolver.git pytests: import test_tls_selfsigned_cert (test15) --- diff --git a/tests/pytests/conftest.py b/tests/pytests/conftest.py index b065f9d43..2681a42f7 100644 --- a/tests/pytests/conftest.py +++ b/tests/pytests/conftest.py @@ -1,3 +1,4 @@ +from contextlib import contextmanager import random import socket @@ -27,8 +28,8 @@ def is_port_free(port, ip=None, ip6=None): return True -@pytest.fixture -def kresd(tmpdir): +@contextmanager +def make_kresd(workdir, certname=None): ip = '127.0.0.1' ip6 = '::1' @@ -41,13 +42,31 @@ def kresd(tmpdir): port = make_port() tls_port = make_port() - with Kresd(tmpdir, port, tls_port, ip, ip6) as kresd: + with Kresd(workdir, port, tls_port, ip, ip6, certname) as kresd: yield kresd # TODO: add verbose option? # with open(kresd.logfile_path) as log: # print(log.read()) # display log for debugging purposes +@pytest.fixture +def kresd(tmpdir): + with make_kresd(tmpdir) as kresd: + yield kresd + + +@pytest.fixture +def kresd_tt(tmpdir): + with make_kresd(tmpdir, 'tt') as kresd: + yield kresd + + +@pytest.fixture +def kresd_tt_expired(tmpdir): + with make_kresd(tmpdir, 'tt-expired') as kresd: + yield kresd + + @pytest.fixture(params=[ 'ip_tcp_socket', 'ip6_tcp_socket', diff --git a/tests/pytests/kresd.py b/tests/pytests/kresd.py index 72b856810..96c854eb4 100644 --- a/tests/pytests/kresd.py +++ b/tests/pytests/kresd.py @@ -11,7 +11,9 @@ import pytest import utils -TEMPLATES_DIR = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'templates') +PYTESTS_DIR = os.path.dirname(os.path.realpath(__file__)) +CERTS_DIR = os.path.join(PYTESTS_DIR, 'certs') +TEMPLATES_DIR = os.path.join(PYTESTS_DIR, 'templates') KRESD_CONF_TEMPLATE = 'kresd.conf.j2' @@ -26,7 +28,7 @@ def create_file_from_template(template_path, dest, data): class Kresd(ContextDecorator): - def __init__(self, workdir, port, tls_port, ip=None, ip6=None): + def __init__(self, workdir, port, tls_port, ip=None, ip6=None, certname=None): if ip is None and ip6 is None: raise ValueError("IPv4 or IPv6 must be specified!") self.workdir = str(workdir) @@ -38,6 +40,13 @@ class Kresd(ContextDecorator): self.sockets = [] self.logfile = None + if certname: + self.tls_cert_path = os.path.join(CERTS_DIR, certname + '.cert.pem') + self.tls_key_path = os.path.join(CERTS_DIR, certname + '.key.pem') + else: + self.tls_cert_path = None + self.tls_key_path = None + @property def config_path(self): return str(os.path.join(self.workdir, 'kresd.conf')) diff --git a/tests/pytests/templates/kresd.conf.j2 b/tests/pytests/templates/kresd.conf.j2 index ab249f39f..012e8030b 100644 --- a/tests/pytests/templates/kresd.conf.j2 +++ b/tests/pytests/templates/kresd.conf.j2 @@ -10,7 +10,9 @@ net.listen('{{ kresd.ip6 }}', {{ kresd.tls_port }}, {tls = true}) net.ipv4=true net.ipv6=false net.tcp_pipeline(65535) ---net.tls("./certs/tt.cert.pem", "./certs/tt.key.pem") +{% if kresd.tls_key_path and kresd.tls_cert_path %} +net.tls("{{ kresd.tls_cert_path }}", "{{ kresd.tls_key_path }}") +{% endif %} modules.unload("ta_signal_query") modules.unload("priming") modules.unload("detect_time_skew") diff --git a/tests/pytests/test_tls_certs.py b/tests/pytests/test_tls_certs.py index a4536969a..18d7d9477 100644 --- a/tests/pytests/test_tls_certs.py +++ b/tests/pytests/test_tls_certs.py @@ -10,3 +10,12 @@ def test_tls_no_cert(kresd, sock_family): ssock.connect(dest) utils.ping_alive(ssock) + + +def test_tls_selfsigned_cert(kresd_tt, sock_family): + sock, dest = kresd_tt.stream_socket(sock_family, tls=True) + ctx = utils.make_ssl_context(verify_location=kresd_tt.tls_cert_path) + ssock = ctx.wrap_socket(sock, server_hostname='transport-test-server.com') + ssock.connect(dest) + + utils.ping_alive(ssock)