1 | #!/bin/bash |
---|
2 | |
---|
3 | # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> |
---|
4 | |
---|
5 | set -e |
---|
6 | |
---|
7 | tests="${1##t-}" |
---|
8 | |
---|
9 | if [ -n "${TEST_LOCK}" ]; then |
---|
10 | TEST_LOCK="$(realpath ${TEST_LOCK})" |
---|
11 | flock_cmd="flock -w 10 ${TEST_LOCK}" |
---|
12 | fi |
---|
13 | |
---|
14 | BADVARS=0 |
---|
15 | for v in TEST_HOST TEST_IP TEST_PORT TEST_QUERY_DELAY TEST_GAP MSVA_PORT; do |
---|
16 | if [ ! -v "$v" ]; then |
---|
17 | printf "You need to set the %s environment variable\n" "$v" >&2 |
---|
18 | BADVARS=1 |
---|
19 | fi |
---|
20 | done |
---|
21 | |
---|
22 | if [ 0 != "$BADVARS" ]; then |
---|
23 | exit 1 |
---|
24 | fi |
---|
25 | |
---|
26 | if [ . != "$(dirname "$0")" ]; then |
---|
27 | printf "You should only run this mod-gnutls test suite from the test/ directory of the mod_gnutls source.\n" >&2 |
---|
28 | exit 1 |
---|
29 | fi |
---|
30 | |
---|
31 | function stop_msva() { |
---|
32 | kill %1 |
---|
33 | } |
---|
34 | |
---|
35 | # Compare expected/actual outputs, filtering out headers from actual |
---|
36 | # output that are expected to change between runs or builds (currently |
---|
37 | # "Date" and "Server"). The headers must be excluded in the expected |
---|
38 | # output. |
---|
39 | # |
---|
40 | # Parameters: |
---|
41 | # $1: path to expected output |
---|
42 | # $2: path to actual output |
---|
43 | # $3: additional options for diff (optional) |
---|
44 | function diff_output_filter_headers() |
---|
45 | { |
---|
46 | expected="$1" |
---|
47 | actual="$2" |
---|
48 | diff $3 -u "${expected}" <( cat "${actual}" | \ |
---|
49 | grep -v -P '^Date:\s.*GMT\s?$' | \ |
---|
50 | grep -v -P '^Server:\sApache' | \ |
---|
51 | tail -n "$(wc -l < ${expected})" ) |
---|
52 | } |
---|
53 | |
---|
54 | function apache_down_err() { |
---|
55 | printf "FAILURE: %s\n" "$TEST_NAME" |
---|
56 | /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k stop || true |
---|
57 | if [ -e output ]; then |
---|
58 | printf "\ngnutls-cli outputs:\n" |
---|
59 | diff_output_filter_headers "output" "$output" || true |
---|
60 | fi |
---|
61 | printf "\nApache error logs:\n" |
---|
62 | tail "../../logs/${TEST_NAME}.error.log" |
---|
63 | if [ -n "${USE_MSVA}" ]; then |
---|
64 | stop_msva |
---|
65 | fi |
---|
66 | } |
---|
67 | |
---|
68 | if [ -z "$tests" ] ; then |
---|
69 | tests=./tests/* |
---|
70 | else |
---|
71 | tests=./tests/"$(printf "%02d" "$tests")"_* |
---|
72 | fi |
---|
73 | |
---|
74 | if [ -n "${USE_MSVA}" ]; then |
---|
75 | GNUPGHOME=$(pwd)/msva.gnupghome MSVA_KEYSERVER_POLICY=never monkeysphere-validation-agent & |
---|
76 | trap stop_msva EXIT |
---|
77 | |
---|
78 | sleep "$TEST_GAP" |
---|
79 | |
---|
80 | printf "TESTING: initial MSVA verification\n" |
---|
81 | MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" msva-query-agent https "$(cat client.uid)" x509pem client < client/x509.pem |
---|
82 | printf "\nSUCCESS: initial MSVA verification\n" |
---|
83 | fi |
---|
84 | |
---|
85 | for t in $tests; do |
---|
86 | if [ -z "${flock_cmd}" ]; then |
---|
87 | echo "Warning: no lock file set" |
---|
88 | sleep "$TEST_GAP" |
---|
89 | fi |
---|
90 | export TEST_NAME="$(basename "$t")" |
---|
91 | output="../../outputs/${TEST_NAME}.output" |
---|
92 | rm -f "$output" |
---|
93 | cd "$t" |
---|
94 | if [ -e fail.* ]; then |
---|
95 | EXPECTED_FAILURE="$(printf " (expected: %s)" fail.*)" |
---|
96 | else |
---|
97 | unset EXPECTED_FAILURE |
---|
98 | fi |
---|
99 | printf "TESTING: %s%s\n" "$TEST_NAME" "$EXPECTED_FAILURE" |
---|
100 | trap apache_down_err EXIT |
---|
101 | if [ -n "${USE_MSVA}" ]; then |
---|
102 | MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" \ |
---|
103 | ${flock_cmd} \ |
---|
104 | /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k start \ |
---|
105 | || [ -e fail.server ] |
---|
106 | else |
---|
107 | ${flock_cmd} \ |
---|
108 | /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k start \ |
---|
109 | || [ -e fail.server ] |
---|
110 | fi |
---|
111 | |
---|
112 | # The sleep call keeps the pipe from the subshell to gnutls-cli |
---|
113 | # open. Without it gnutls-cli would terminate as soon as sed is |
---|
114 | # done, and not wait for a response from the server, leading to |
---|
115 | # failing tests. Sending sleep to the background allows the test |
---|
116 | # case to proceed instead of waiting for it to return, but has the |
---|
117 | # disadvantage of leaving the sleep process dangling until it |
---|
118 | # eventually times out. Still preferable to a fixed delay. |
---|
119 | if (sed "s/__HOSTNAME__/${TEST_HOST}/" <./input && \ |
---|
120 | sleep "${TEST_QUERY_DELAY}" &) | \ |
---|
121 | gnutls-cli -p "${TEST_PORT}" $(cat ./gnutls-cli.args) "${TEST_HOST}" \ |
---|
122 | >"$output"; |
---|
123 | then |
---|
124 | if [ -e fail* ]; then |
---|
125 | printf "%s should have failed but succeeded\n" "$(basename "$t")" >&2 |
---|
126 | exit 1 |
---|
127 | fi |
---|
128 | else |
---|
129 | if [ ! -e fail* ]; then |
---|
130 | printf "%s should have succeeded but failed\n" "$(basename "$t")" >&2 |
---|
131 | exit 1 |
---|
132 | fi |
---|
133 | fi |
---|
134 | |
---|
135 | if [ -e output ] ; then |
---|
136 | diff_output_filter_headers "output" "$output" "-q" |
---|
137 | fi |
---|
138 | /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k stop || [ -e fail.server ] |
---|
139 | if [ -n "${USE_MSVA}" ]; then |
---|
140 | trap stop_msva EXIT |
---|
141 | else |
---|
142 | trap - EXIT |
---|
143 | fi |
---|
144 | printf "SUCCESS: %s\n" "$TEST_NAME" |
---|
145 | cd ../.. |
---|
146 | done |
---|
147 | |
---|
148 | if [ -n "${USE_MSVA}" ]; then |
---|
149 | stop_msva |
---|
150 | fi |
---|