diff options
| author | Stef Walter <stef@thewalter.net> | 2014-01-14 11:20:57 +0100 |
|---|---|---|
| committer | Stef Walter <stef@thewalter.net> | 2014-01-14 11:42:11 +0100 |
| commit | 99904e84d9f8f0637f66107807ac4ac9e3339e4a (patch) | |
| tree | 32009e6e609366b48f2718bf6b556705c2fea2ca | |
| parent | 1f4f072346e388d7b6b6cf79b111952069c4e95c (diff) | |
| download | p11-kit-99904e84d9f8f0637f66107807ac4ac9e3339e4a.tar.gz | |
trust: Add installcheck target for testing extract
This is an integration test that the extract and blacklist
functionality basics work.
More integration tests should follow, at which point we should
place the various generic testing bits into their own file.
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | configure.ac | 1 | ||||
| -rw-r--r-- | trust/tests/Makefile.am | 6 | ||||
| -rw-r--r-- | trust/tests/test-extract.in | 189 |
4 files changed, 198 insertions, 0 deletions
@@ -56,8 +56,10 @@ x86_64-w64-mingw32 /*/tests/test-* !/*/tests/test-*.[ch] +!/*/tests/test-*.in /*/tests/frob-* !/*/tests/frob-*.[ch] +!/*/tests/frob-*.in /x86_64_w64-mingw32/ diff --git a/configure.ac b/configure.ac index 4538079..b2f4f8b 100644 --- a/configure.ac +++ b/configure.ac @@ -512,6 +512,7 @@ AC_CONFIG_FILES([Makefile trust/Makefile trust/trust-extract-compat trust/tests/Makefile + trust/tests/test-extract ]) AC_OUTPUT diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am index e53a6ae..1f13b2a 100644 --- a/trust/tests/Makefile.am +++ b/trust/tests/Makefile.am @@ -114,3 +114,9 @@ test_openssl_SOURCES = \ $(TRUST)/extract-openssl.c \ $(TRUST)/save.c \ $(NULL) + +noinst_SCRIPTS = \ + test-extract + +installcheck-local: + sh $(builddir)/test-extract diff --git a/trust/tests/test-extract.in b/trust/tests/test-extract.in new file mode 100644 index 0000000..59f6cd6 --- /dev/null +++ b/trust/tests/test-extract.in @@ -0,0 +1,189 @@ +#!/bin/sh + +set -euf + +# ----------------------------------------------------------------------------- +# Basic fundamentals + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +datarootdir=@datarootdir@ +datadir=@datadir@ +sysconfdir=@sysconfdir@ +libdir=@libdir@ +privatedir=@privatedir@ +with_trust_paths=@with_trust_paths@ +script=$(basename $0) + +# ----------------------------------------------------------------------------- +# Testing + +warning() +{ + echo "$script: $@" >&2 +} + +assert_fail() +{ + warning $@ + exit 1 +} + +assert_contains() +{ + if ! grep -qF $2 $1; then + assert_fail "$1 does not contain $2" + fi +} + +assert_not_contains() +{ + if grep -qF $2 $1; then + assert_fail "$1 contains $2" + fi +} + +teardown() +{ + for x in $TD; do + if [ -d $x ]; then + rmdir $x + elif [ -f $x ]; then + rm $x + fi + done + TD="" +} + +teardown_dirty() +{ + echo "not ok $TEST_NUMBER $TEST_NAME" + teardown +} + +openssl_quiet() +( + command='/Generating a|-----|^[.+]+$|writing new private key/d' + exec 3>&1 + openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&- +) + +skip() +{ + TEST_SKIP=yes + echo "ok $TEST_NUMBER # skip $TEST_NAME: $@" +} + +setup() +{ + # Parse the trust paths + oldifs="$IFS" + IFS=: + set $with_trust_paths + IFS="$oldifs" + + if [ ! -d $1 ]; then + skip "$1 is not a directory" + return + fi + + SOURCE_1=$1 + if [ $# -lt 2 ]; then + warning "certain tests neutered if only 1 trust path: $with_trust_paths" + SOURCE_2=$1 + else + SOURCE_2=$2 + fi + + # Make a temporary directory + dir=$(mktemp -d) + cd $dir + CLEANUP="$dir $TD" + + # Generate a unique identifier + CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + + # Generate relevant certificates + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_1.pem -subj /CN=$CERT_1_CN + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_2.pem -subj /CN=$CERT_2_CN + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_3.pem -subj /CN=$CERT_3_CN + + TD="cert_1.pem cert_2.pem cert_3.pem $TD" + + mkdir -p $SOURCE_1/anchors + cp cert_1.pem $SOURCE_1/anchors/ + + mkdir -p $SOURCE_2/anchors + cp cert_2.pem $SOURCE_2/anchors/ + cp cert_3.pem $SOURCE_2/anchors/ + + TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD" +} + +run() +{ + TOTAL=0 + for TEST_NAME in $@; do + TOTAL=$(expr $TOTAL + 1) + done + + echo "1..$TOTAL" + + TEST_NUMBER=0 + for TEST_NAME in $@; do + TEST_NUMBER=$(expr $TEST_NUMBER + 1) + ( + trap teardown_dirty EXIT + trap "teardown_dirty; exit 127" INT TERM + TD="" + + TEST_SKIP=no + setup + + if [ $TEST_SKIP != "yes" ]; then + $TEST_NAME + fi + if [ $TEST_SKIP != "yes" ]; then + echo "ok $TEST_NUMBER $TEST_NAME" + fi + + trap - EXIT + teardown + ) + done +} + +# ----------------------------------------------------------------------------- +# Main tests + +test_extract() +{ + trust extract --filter=ca-anchors --format=pem-bundle \ + --purpose=server-auth --comment \ + extract-test.pem + + assert_contains extract-test.pem $CERT_1_CN + assert_contains extract-test.pem $CERT_2_CN + assert_contains extract-test.pem $CERT_3_CN +} + +test_blacklist() +{ + mkdir -p $SOURCE_1/blacklist + cp cert_3.pem $SOURCE_1/blacklist + TD="$SOURCE_1/blacklist/cert_3.pem $TD" + + trust extract --filter=ca-anchors --format=pem-bundle \ + --purpose=server-auth --comment \ + blacklist-test.pem + + assert_contains blacklist-test.pem $CERT_1_CN + assert_not_contains blacklist-test.pem $CERT_3_CN +} + +run test_extract test_blacklist |