File: testsuite

package info (click to toggle)
hddemux 0.5-1.1
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 212 kB
  • sloc: ansic: 741; sh: 132; makefile: 33
file content (158 lines) | stat: -rwxr-xr-x 4,542 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
#!/bin/bash

# test suite for hddemux

# requires:
#  - nginx
#  - knot-resolver
#  - kdig (from knot-dnsutils)
#  - curl
#  - certtool (from gnutls-bin)

# environment variables:
#  - WORKDIR: a place for all generated files.
#             if unset, it will be auto-generated.
#             it will be created as needed.
#             if the directory doesn't currently exist, it will be cleaned up at exit.
#             if it already exists, it will not be cleaned up.
#  -  TESTIP: the IP address to use for testing.
#             the user needs to be able to open listening sockets, and to connect to them
#             by default, choose a random IP in 127.0.0.0/8

# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
# 2018-08-29
# License: GPLv3+

# error on exit
set -e
# for handling jobspecs:
set -m

# Unset proxy to make sure curl behaves correctly
unset https_proxy http_proxy

hddemux=$(which hddemux) || hddemux=./hddemux

[ -x "$hddemux" ]

if [ -z "$WORKDIR" ]; then
    d="$(mktemp -d)"
    remove="$d"
else
    d="$WORKDIR"
fi
ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}"

printf "hddemux test\n------------\n  binary: %s\n workdir: %s\n IP addr: %s\n" "$hddemux" "$d" "$ip"

section() {
    printf "\n%s\n" "$1"
    sed 's/./-/g' <<<"$1"
}

cleanup () {
    section "cleaning up"
    find "$d" -ls
    tail "$d/"*.err
    /usr/sbin/nginx -c "$d/nginx.conf" -p "$d" -s stop 2> "$d/nginx-stop.err" || true
    kill %2 || true
    kill %1 || true
    if [ "$remove" ]; then
        printf "cleaning up working directory %s\n" "$remove"
        rm -rf "$remove"
    fi
}

trap cleanup EXIT


section "simple failing run"
# hddemux with no arguments and no listening file descriptors should fail:
if "$hddemux" 2>&1; then
    false
fi


section "make Certificate Authority key and certificate"
cat > "$d/ca.template" <<EOF
cn = "testing certificate authority (NOT FOR PRODUCTION)"
expiration_days = 12
ca
path_len = 1
nc_permit_dns = example
cert_signing_key
EOF
certtool --stdout-info --generate-privkey --outfile "$d/ca-key.pem"
certtool --stdout-info --generate-self-signed --template "$d/ca.template" --load-privkey "$d/ca-key.pem" --outfile "$d/ca-cert.pem"

section "make End Entity key and certificate"
cat > "$d/ee.template" <<EOF
cn = "test.example"
dns_name = test.example
expiration_days = 10
signing_key
tls_www_server
EOF
certtool --stdout-info --generate-privkey --outfile "$d/ee-key.pem"
certtool --stdout-info --pubkey-info --load-privkey "$d/ee-key.pem" --outfile "$d/ee-pubkey.pem"
certtool --stdout-info --generate-certificate --load-ca-privkey "$d/ca-key.pem" --load-ca-certificate "$d/ca-cert.pem" --template "$d/ee.template" --load-pubkey "$d/ee-pubkey.pem" --outfile "$d/ee-cert.pem"



section "make knot-resolver configuration on $ip:8853"
cat > "$d/kresd.conf" <<EOF
modules = { 'hints > iterate' }
net.tls("$d/ee-cert.pem", "$d/ee-key.pem")
hints["monkeys.example"] = "127.15.23.5"
EOF
/usr/sbin/kresd --config "$d/kresd.conf" --tls "$ip@8853" --noninteractive "$d" 2> "$d/kresd.err" &

section "make hddemux configuration on $ip:2000"
systemd-socket-activate -l "$ip:2000" -E HTTP_TARGET="$ip:8853" -E DNS_TARGET="$ip:8853" "$hddemux" 2> "$d/hddemux.err" &

section "set up nginx on $ip:4433"
mkdir -p "$d/nginx"
cat >"$d/nginx.conf" <<EOF
# note: an alert might still show up: https://trac.nginx.org/nginx/ticket/147
error_log stderr;
worker_processes 1;
pid nginx.pid;

events {
 worker_connections 10;
}
http {
 default_type text/plain;
 ssl_protocols TLSv1.2;
 ssl_prefer_server_ciphers on;
 client_body_temp_path nginx/body;
 fastcgi_temp_path nginx/fastcgi;
 proxy_temp_path nginx/proxy;
 scgi_temp_path nginx/scgi;
 uwsgi_temp_path nginx/uwsgi;
 server {
  listen $ip:4433 ssl;
  server_name test.example;
  ssl_certificate ee-cert.pem;
  ssl_certificate_key ee-key.pem;
  access_log access.log;
  location / {
   root data;
   index index.txt;
  }
 }
}
EOF
mkdir -p "$d/data"
echo "Hello, world!" > "$d/data/index.txt"
/usr/sbin/nginx -c "$d/nginx.conf" -p "$d" 2> "$d/nginx.err"

section "test with kdig"
x=$(kdig +short +tls +tls-ca="$d/ca-cert.pem" +tls-hostname=test.example @"$ip:2000" monkeys.example)
[ "$x" = "127.15.23.5" ]
echo "successful DNS-over-TLS request to $ip on port 2000"

section "test with curl"
x=$(curl --silent --show-error --cacert "$d/ca-cert.pem" --resolve "test.example:2000:$ip" --resolve "test.example:4433:$ip" https://test.example:4433/)
[ "$x" = "Hello, world!" ]
echo "successful HTTPS request to $ip on port 2000"