source: mod_gnutls/test/runtests

mod_gnutls/0.9.1
Last change on this file was 20a20df, checked in by Krista Karppinen <krista.celestia@…>, 5 weeks ago

Test suite: ignore "Content-Length" header

Do not check the returned "Content-Length" header value when running the
tests, as long as it's valid. This will allow for more flexibility in
matching the content in the future.

  • Property mode set to 100755
File size: 8.0 KB
RevLine 
[4b53371]1#!/bin/bash
2
[ae38a49]3# Authors:
4# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
[3c123cd]5# Fiona Klute <fiona.klute@gmx.de>
[4b53371]6
7set -e
[412ee84]8. ${srcdir}/common.bash
[1872744]9. ${srcdir}/apache_service.bash
[cf4e708]10netns_reexec ${@}
[4b53371]11
[56056de]12testid="${1##t-}"
13
14if [ -z "$testid" ] ; then
15    echo -e "No test case selected.\nUsage: ${0} t-N" >&2
16    exit 1
17else
18    testid=${srcdir}/tests/"$(printf "%02d" "$testid")"_*
19fi
[b28158c]20testdir="$(realpath ${testid})"
[4b53371]21
22BADVARS=0
[4fb510d]23for v in APACHE2 TEST_HOST TEST_PORT TEST_QUERY_TIMEOUT TEST_SERVICE_WAIT \
[412ee84]24                 MSVA_PORT; do
[4b53371]25    if [ ! -v "$v" ]; then
26        printf "You need to set the %s environment variable\n" "$v" >&2
27        BADVARS=1
28    fi
29done
30
31if [ 0 != "$BADVARS" ]; then
32    exit 1
33fi
34
[45ae2ef]35# write script file and line to stderr on error
36function pinpoint_error()
37{
[5f3222b]38    echo "Command \"${BASH_COMMAND}\" failed. Call trace:" >&2
39    local stack=0
40    while caller $((stack++)) >&2; do true; done
[45ae2ef]41}
[5f3222b]42trap 'pinpoint_error' ERR
[45ae2ef]43
[ae38a49]44function stop_msva()
45{
46    kill_by_pidfile "${msva_pidfile}"
47    unset msva_pidfile
[e3cbda4]48}
49
[a213967]50# Compare expected/actual outputs, filtering out headers from actual
51# output that are expected to change between runs or builds (currently
[20a20df]52# "Date", "Server" and "Content-Length"). The headers must be excluded
53# in the expected output.
[54aa269]54#
55# Parameters:
56# $1: path to expected output
57# $2: path to actual output
58# $3: additional options for diff (optional)
[a213967]59function diff_output_filter_headers()
[54aa269]60{
[232fb60]61    local expected="$1"
62    local actual="$2"
[54aa269]63    diff $3 -u "${expected}" <( cat "${actual}" | \
[a213967]64        grep -v -P '^Date:\s.*GMT\s?$' | \
65        grep -v -P '^Server:\sApache'  | \
[20a20df]66        grep -v -P '^Content-Length:\s\d+\s?$' | \
[a213967]67        tail -n "$(wc -l < ${expected})" )
[54aa269]68}
69
[232fb60]70# Run a command, storing its PID in the given file
71# Usage: run_with_pidfile PIDFILE COMMAND [ARGS]
72function run_with_pidfile()
73{
74    local pidfile=$1
75    local cmd=$2
76    shift 2
77    echo $BASHPID >${pidfile}
78    exec ${cmd} $*
79}
80
81# Kills the process with the PID contained in a given file, then
82# deletes the file.
83# Usage: kill_by_pidfile PIDFILE
84function kill_by_pidfile()
85{
86    local pidfile="${1}"
87    # In some testcases with expected failure, gnutls-cli sometimes
88    # failed before the subshell in front of the pipe (see gnutls-cli
89    # call below) got so far as to write the PID, much less exec
90    # sleep. So we need to check if there actually is anything to
91    # kill.
92    if [ -n "${pidfile}" ]; then
93        local pid=$(cat "${pidfile}")
94        if [ -n "${pid}" ] && ps -p "${pid}"; then
95            kill "${pid}"
[bbfcbb5]96        else
97            echo "No running process with PID ${pid} (${pidfile})."
[232fb60]98        fi
99        rm "${pidfile}"
100    fi
101}
102
[4b53371]103function apache_down_err() {
104    printf "FAILURE: %s\n" "$TEST_NAME"
[b28158c]105    ${APACHE2} -f "${testdir}/apache.conf" -k stop || true
[4b53371]106    if [ -e output ]; then
[54aa269]107        printf "\ngnutls-cli outputs:\n"
[a213967]108        diff_output_filter_headers "output" "$output" || true
[4b53371]109    fi
[232fb60]110
[b28158c]111    if [ -r "${testdir}/backend.conf" ]; then
[1872744]112        apache_service "${testdir}" "backend.conf" stop || true
[b28158c]113    fi
114
[321912b]115    if [ -r "${testdir}/ocsp.conf" ]; then
116        apache_service "${testdir}" "ocsp.conf" stop || true
117    fi
118
[232fb60]119    if [ -n "${sleep_pidfile}" ]; then
120        kill_by_pidfile "${sleep_pidfile}"
121    fi
122
[03295a9]123    local errlog="logs/${TEST_NAME}.error.log"
124    if [ -r "${errlog}" ]; then
125        printf "\nApache error logs:\n"
126        tail "${errlog}"
127    fi
[232fb60]128
[302965e]129    if [ -n "${USE_MSVA}" ]; then
130        stop_msva
131    fi
[4b53371]132}
133
[302965e]134if [ -n "${USE_MSVA}" ]; then
[ae38a49]135    msva_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
136    GNUPGHOME=msva.gnupghome MSVA_KEYSERVER_POLICY=never run_with_pidfile "${msva_pidfile}" monkeysphere-validation-agent &
[302965e]137    trap stop_msva EXIT
[e3cbda4]138
[302965e]139    printf "TESTING: initial MSVA verification\n"
[7adbcd7]140    export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
[a61edfd]141
[e5546be]142    msva_test_cmd="msva-query-agent https \"$(cat authority/client/uid)\" x509pem client < authority/client/x509.pem"
[7adbcd7]143    # check if MSVA is up, fail if not
[4fb510d]144    if wait_ready "${msva_test_cmd}"; then
[7adbcd7]145        printf "\nSUCCESS: initial MSVA verification\n"
146    else
147        printf "\nFAIL: initial MSVA verification\n"
148        exit 1
149    fi
[302965e]150fi
[e3cbda4]151
[dbec528]152# configure locking for the Apache process
[cf4e708]153if [ -n "${USE_TEST_NAMESPACE}" ]; then
154    echo "Using namespaces to isolate tests, no need for locking."
155    flock_cmd=""
[cdc6e4a]156elif [ -n "${FLOCK}" ]; then
[4ae5b82]157    flock_cmd="${FLOCK} -w ${TEST_LOCK_WAIT} $(realpath ${TEST_LOCK})"
[412ee84]158else
159    echo "Locking disabled, using wait based on Apache PID file."
[e00d91a]160    wait_pid_gone "${TEST_LOCK}"
[412ee84]161    flock_cmd=""
162fi
[dbec528]163
[5d85ad3]164export srcdir="$(realpath ${srcdir})"
[b28158c]165export TEST_NAME="$(basename "${testdir}")"
[5d85ad3]166output="outputs/${TEST_NAME}.output"
167rm -f "$output"
168
[b28158c]169if [ -e ${testdir}/fail.* ]; then
[5d85ad3]170    EXPECTED_FAILURE="$(printf " (expected: %s)" fail.*)"
171else
172    unset EXPECTED_FAILURE
173fi
174printf "TESTING: %s%s\n" "$TEST_NAME" "$EXPECTED_FAILURE"
175trap apache_down_err EXIT
176if [ -n "${USE_MSVA}" ]; then
[d39ea18]177    export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
178fi
[fb4da99]179
180# If VERBOSE is enabled, log the HTTPD build configuration
181if [ -n "${VERBOSE}" ]; then
182    ${APACHE2} -f "${srcdir}/base_apache.conf" -V
183fi
184
[321912b]185# Start OCSP responder, if configured
186if [ -r "${testdir}/ocsp.conf" ]; then
187    apache_service "${testdir}" "ocsp.conf" start "${OCSP_LOCK}"
188    CHECK_OCSP_SERVER="true"
189    if [ -n "${VERBOSE}" ]; then
190        echo "OCSP index for the test CA:"
191        cat authority/ocsp_index.txt
192    fi
193fi
194
195# Start proxy backend server, if configured
[b28158c]196if [ -r "${testdir}/backend.conf" ]; then
[1872744]197    apache_service "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
[b28158c]198fi
199
200if ! ${flock_cmd} ${APACHE2} -f "${testdir}/apache.conf" -k start; then
201    if [ -e "${testdir}/fail.server" ]; then
[d39ea18]202        echo "Apache HTTPD failed to start as expected."
203        exit 0
204    else
205        echo "Apache HTTPD unexpectedly failed to start."
206        exit 1
207    fi
[5d85ad3]208fi
[4b53371]209
[c4d6e77]210# check OCSP server
211if [ -n "${CHECK_OCSP_SERVER}" ]; then
[94cb972]212    if [ -n "${OCSP_RESPONSE_FILE}" ]; then
213        store_ocsp="--outfile ${OCSP_RESPONSE_FILE}"
214    fi
[c4d6e77]215    echo "---- Testing OCSP server ----"
[c825c3a]216    wait_ready "ocsptool --ask --nonce --load-issuer authority/x509.pem --load-cert authority/server/x509.pem ${store_ocsp}"
[c4d6e77]217    echo "---- OCSP test done ----"
218fi
219
[849b87e]220if [ -n "${TARGET_IP}" ]; then
221    TARGET="${TARGET_IP}"
222else
223    TARGET="${TEST_HOST}"
224fi
225
[5d85ad3]226# PID file for sleep command (explanation below)
227sleep_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
228
229# The sleep call keeps the pipe from the subshell to gnutls-cli
230# open. Without it gnutls-cli would terminate as soon as sed is
231# done, and not wait for a response from the server, leading to
232# failing tests. Sending sleep to the background allows the test
233# case to proceed instead of waiting for it to return. The sleep
234# process is stopped after gnutls-cli terminates.
[0a12ff8]235#
236# The line end manipulation in sed guarantees that all header lines
237# end with CRLF as required by RFC 7230, Section 3.1.1 regardless of
238# the line ends in the input file.
[b28158c]239if (sed -r "s/__HOSTNAME__/${TEST_HOST}/;s/\r?$/\r/" <${testdir}/input && \
[6c030c1]240           run_with_pidfile "${sleep_pidfile}" sleep "${TEST_QUERY_TIMEOUT}" &) | \
[849b87e]241       gnutls-cli -p "${TEST_PORT}" $(cat ${testdir}/gnutls-cli.args) "${TARGET}" \
[28fc74b]242       | tee "$output" && test "${PIPESTATUS[1]}" -eq 0;
[5d85ad3]243then
[b28158c]244    if [ -e ${testdir}/fail* ]; then
245        printf "%s should have failed but succeeded\n" "$(basename "$testdir")" >&2
[5d85ad3]246        exit 1
[4b53371]247    fi
[5d85ad3]248else
[b28158c]249    if [ ! -e ${testdir}/fail* ]; then
250        printf "%s should have succeeded but failed\n" "$(basename "$testdir")" >&2
[5d85ad3]251        exit 1
252    fi
253fi
[dda3acf]254
[5d85ad3]255kill_by_pidfile "${sleep_pidfile}"
256unset sleep_pidfile
[232fb60]257
[b28158c]258if [ -e ${testdir}/output ] ; then
259    diff_output_filter_headers "${testdir}/output" "$output" >&2
[5d85ad3]260fi
261if [ -n "${USE_MSVA}" ]; then
262    trap stop_msva EXIT
263else
264    trap - EXIT
265fi
[b28158c]266${APACHE2} -f "${testdir}/apache.conf" -k stop || [ -e ${testdir}/fail.server ]
[5d85ad3]267printf "SUCCESS: %s\n" "$TEST_NAME"
[e3cbda4]268
[b28158c]269if [ -r "${testdir}/backend.conf" ]; then
[1872744]270    apache_service "${testdir}" "backend.conf" stop || true
[b28158c]271fi
272
[321912b]273if [ -r "${testdir}/ocsp.conf" ]; then
274    apache_service "${testdir}" "ocsp.conf" stop || true
275fi
276
[302965e]277if [ -n "${USE_MSVA}" ]; then
278    stop_msva
[ae38a49]279    # Without explicitly resetting the trap function, it would be
280    # called again on exit. Of course, we could just not stop MSVA and
281    # let the trap do the work, but I think the code is easier to
282    # understand like this.
283    trap - EXIT
[302965e]284fi
Note: See TracBrowser for help on using the repository browser.