diff options
Diffstat (limited to 'src/bin/shell/tests/tls_ca_process_tests.sh.in')
-rw-r--r-- | src/bin/shell/tests/tls_ca_process_tests.sh.in | 222 |
1 files changed, 222 insertions, 0 deletions
diff --git a/src/bin/shell/tests/tls_ca_process_tests.sh.in b/src/bin/shell/tests/tls_ca_process_tests.sh.in new file mode 100644 index 0000000..52ec3c5 --- /dev/null +++ b/src/bin/shell/tests/tls_ca_process_tests.sh.in @@ -0,0 +1,222 @@ +#!/bin/sh + +# Copyright (C) 2016-2021 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# shellcheck disable=SC1091 +# SC1091: Not following: ... was not specified as input (see shellcheck -x). + +# shellcheck disable=SC2039 +# SC2039: In POSIX sh, 'local' is undefined. + +# Exit with error if commands exit with non-zero and if undefined variables are +# used. +set -eu + +# Include common test library. +. "@abs_top_builddir@/src/lib/testutils/dhcp_test_lib.sh" + +# Path to the temporary configuration file. +CFG_FILE="@abs_top_builddir@/src/bin/agent/tests/test_config.json" + +# Path to the Control Agent log file. +LOG_FILE="@abs_top_builddir@/src/bin/agent/tests/test.log" + +# Path to the test certificate authority directory. +TEST_CA_DIR="@abs_top_srcdir@/src/lib/asiolink/testutils/ca" + +# Configuration without TLS. +CONFIG_NONE="{ + \"Control-agent\": + { + \"http-host\": \"127.0.0.1\", + \"http-port\": 8443, + \"loggers\": [ + { + \"name\": \"kea-ctrl-agent\", + \"output_options\": [ + { + \"output\": \"${LOG_FILE}\" + } + ], + \"severity\": \"DEBUG\" + } + ] + } +}" + +# Configuration without mutual authentication i.e. only channel protection. +CONFIG_NOCR="{ + \"Control-agent\": + { + \"http-host\": \"127.0.0.1\", + \"http-port\": 8443, + \"trust-anchor\": \"${TEST_CA_DIR}/kea-ca.crt\", + \"cert-file\": \"${TEST_CA_DIR}/kea-server-addr.crt\", + \"key-file\": \"${TEST_CA_DIR}/kea-server.key\", + \"cert-required\": false, + \"loggers\": [ + { + \"name\": \"kea-ctrl-agent\", + \"output_options\": [ + { + \"output\": \"${LOG_FILE}\" + } + ], + \"severity\": \"DEBUG\" + } + ] + } +}" + +# Configuration with mutual authentication. +CONFIG="{ + \"Control-agent\": + { + \"http-host\": \"127.0.0.1\", + \"http-port\": 8443, + \"trust-anchor\": \"${TEST_CA_DIR}/kea-ca.crt\", + \"cert-file\": \"${TEST_CA_DIR}/kea-server-addr.crt\", + \"key-file\": \"${TEST_CA_DIR}/kea-server.key\", + \"cert-required\": true, + \"loggers\": [ + { + \"name\": \"kea-ctrl-agent\", + \"output_options\": [ + { + \"output\": \"${LOG_FILE}\" + } + ], + \"severity\": \"DEBUG\" + } + ] + } +}" + +# In these tests we need to use two binaries: Control Agent and Kea shell. +# Using bin and bin_path would be confusing, so we omit defining bin +# and bin_path on purpose. +ca_bin="kea-ctrl-agent" +ca_bin_path="@abs_top_builddir@/src/bin/agent" + +shell_bin="kea-shell" +shell_bin_path="@abs_top_builddir@/src/bin/shell" + +tmpfile_path="@abs_top_builddir@/src/bin/agent/tests" + +# Import common test library. +. "@abs_top_builddir@/src/lib/testutils/dhcp_test_lib.sh" + +list_commands_test() { + local test_name="${1}" + local config="${2}" + local arguments="${3}" + local expected_response="${4}" + + # Setup phase: start CA. + + # Log the start of the test and print test name. + test_start "${test_name}" + + # Create correct configuration file. + create_config "${config}" + + # Instruct Control Agent to log to the specific file. + set_logger + + # Start Control Agent + start_kea ${ca_bin_path}/${ca_bin} + + # Wait up to 20s for Control Agent to start. + wait_for_kea 20 + if [ "${_WAIT_FOR_KEA}" -eq 0 ]; then + printf "ERROR: timeout waiting for Control Agent to start.\n" + clean_exit 1 + fi + + # Check if it is still running. It could have terminated (e.g. as a result + # of configuration failure). + get_pid ${ca_bin} + if [ "${_GET_PIDS_NUM}" -ne 1 ]; then + printf "ERROR: expected one Control Agent process to be started. \ + Found %d processes started.\n" "${_GET_PIDS_NUM}" + clean_exit 1 + fi + + # Check in the log file, how many times server has been configured. + # It should be just once on startup. + get_reconfigs + if [ "${_GET_RECONFIGS}" -ne 1 ]; then + printf 'ERROR: server been configured %s time(s), but exactly 1 was expected.\n' "${_GET_RECONFIGS}" + clean_exit 1 + else + printf "Server successfully configured.\n" + fi + + # Main test phase: send command, check response. + tmp="echo | ${shell_bin_path}/${shell_bin} --port 8443 \ + ${arguments} > ${tmpfile_path}/shell-stdout.txt" + echo "Executing kea-shell ($tmp)" + + echo | ${shell_bin_path}/${shell_bin} --port 8443 \ + ${arguments} > ${tmpfile_path}/shell-stdout.txt + EXIT_CODE=$? + + # Check the exit code + if [ "${EXIT_CODE}" -ne 0 ]; then + echo "ERROR: kea-shell returned ${EXIT_CODE} exit code, expected 0." + else + echo "kea-shell returned ${EXIT_CODE} exit code as expected." + fi + + # Now check the response + rm -f ${tmpfile_path}/shell-expected.txt + printf '%s\n' "${expected_response}" > ${tmpfile_path}/shell-expected.txt + diff ${tmpfile_path}/shell-stdout.txt ${tmpfile_path}/shell-expected.txt + diff_code=$? + if [ "${diff_code}" -ne 0 ]; then + echo "ERROR:" \ + "content returned is different than expected." \ + "See ${tmpfile_path}/shell-*.txt" + echo "EXPECTED:" + cat ${tmpfile_path}/shell-expected.txt + echo "ACTUAL RESULT:" + cat ${tmpfile_path}/shell-stdout.txt + clean_exit 1 + else + echo "Content returned by kea-shell meets expectation." + rm ${tmpfile_path}/shell-*.txt + fi + # Main test phase ends. + + # Cleanup phase: shutdown Control Agent + + # Send SIGTERM signal to Control Agent + send_signal 15 ${ca_bin} + + # Now wait for process to log that it is exiting. + wait_for_message 10 "DCTL_SHUTDOWN" 1 + if [ "${_WAIT_FOR_MESSAGE}" -eq 0 ]; then + printf "ERROR: Control Agent did not log shutdown.\n" + clean_exit 1 + fi + + # Make sure the agent is down. + wait_for_server_down 5 ${ca_bin} + assert_eq 1 "${_WAIT_FOR_SERVER_DOWN}" \ + "Expected wait_for_server_down return %d, returned %d" + + test_finish 0 +} + +list_commands_test "NoTLS" "${CONFIG_NONE}" "" \ +"[ { \"arguments\": [ \"build-report\", \"config-get\", \"config-reload\", \"config-set\", \"config-test\", \"config-write\", \"list-commands\", \"shutdown\", \"status-get\", \"version-get\" ], \"result\": 0 } ]" +list_commands_test "Encrypted" "${CONFIG_NOCR}" \ +"--ca ${TEST_CA_DIR}/kea-ca.crt" \ +"[ { \"arguments\": [ \"build-report\", \"config-get\", \"config-reload\", \"config-set\", \"config-test\", \"config-write\", \"list-commands\", \"shutdown\", \"status-get\", \"version-get\" ], \"result\": 0 } ]" +list_commands_test "Authenticated" "${CONFIG}" \ +"--ca ${TEST_CA_DIR}/kea-ca.crt --cert ${TEST_CA_DIR}/kea-client.crt --key ${TEST_CA_DIR}/kea-client.key" \ +"[ { \"arguments\": [ \"build-report\", \"config-get\", \"config-reload\", \"config-set\", \"config-test\", \"config-write\", \"list-commands\", \"shutdown\", \"status-get\", \"version-get\" ], \"result\": 0 } ]" |