source: mod_gnutls/test/runtests @ e3e0de1

proxy-ticket
Last change on this file since e3e0de1 was e3e0de1, checked in by Fiona Klute <fiona.klute@…>, 7 months ago

https-test-client.py: Make host and port configurable per connection

Both variables can use environment variables. If unset they default to
TEST_TARGET and TEST_PORT. This makes it possible to connect to
different servers in one test, for example in proxy tests to check
that the backend server is behaving as expected.

  • Property mode set to 100755
File size: 6.1 KB
Line 
1#!/bin/bash
2
3# Authors:
4# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5# Fiona Klute <fiona.klute@gmx.de>
6
7set -e
8. ${srcdir}/common.bash
9. ${srcdir}/apache_service.bash
10netns_reexec ${@}
11
12testid="${1##t-}"
13
14if [ -z "$testid" ] ; then
15    echo -e "No test case selected.\nUsage: ${0} t-N" >&2
16    exit 1
17else
18    testid=${srcdir}/tests/"$(printf "%02d" "$testid")"_*
19fi
20testdir="$(realpath ${testid})"
21
22BADVARS=0
23for v in APACHE2 TEST_HOST TEST_PORT TEST_QUERY_TIMEOUT TEST_SERVICE_WAIT \
24                 MSVA_PORT; do
25    if [ ! -v "$v" ]; then
26        printf "You need to set the %s environment variable\n" "$v" >&2
27        BADVARS=1
28    fi
29done
30
31if [ 0 != "$BADVARS" ]; then
32    exit 1
33fi
34
35# write script file and line to stderr on error
36function pinpoint_error()
37{
38    echo "Command \"${BASH_COMMAND}\" failed. Call trace:" >&2
39    local stack=0
40    while caller $((stack++)) >&2; do true; done
41}
42trap 'pinpoint_error' ERR
43
44function stop_msva()
45{
46    kill_by_pidfile "${msva_pidfile}"
47    unset msva_pidfile
48}
49
50# Run a command, storing its PID in the given file
51# Usage: run_with_pidfile PIDFILE COMMAND [ARGS]
52function run_with_pidfile()
53{
54    local pidfile=$1
55    local cmd=$2
56    shift 2
57    echo $BASHPID >${pidfile}
58    exec ${cmd} $*
59}
60
61# Kills the process with the PID contained in a given file, then
62# deletes the file.
63# Usage: kill_by_pidfile PIDFILE
64function kill_by_pidfile()
65{
66    local pidfile="${1}"
67    # In some testcases with expected failure, gnutls-cli sometimes
68    # failed before the subshell in front of the pipe (see gnutls-cli
69    # call below) got so far as to write the PID, much less exec
70    # sleep. So we need to check if there actually is anything to
71    # kill.
72    if [ -n "${pidfile}" ]; then
73        local pid=$(cat "${pidfile}")
74        if [ -n "${pid}" ] && ps -p "${pid}"; then
75            kill "${pid}"
76        else
77            echo "No running process with PID ${pid} (${pidfile})."
78        fi
79        rm "${pidfile}"
80    fi
81}
82
83function apache_down_err() {
84    printf "FAILURE: %s\n" "$TEST_NAME"
85    ${APACHE2} -f "${testdir}/apache.conf" -k stop || true
86
87    if [ -r "${testdir}/backend.conf" ]; then
88        apache_service "${testdir}" "backend.conf" stop || true
89    fi
90
91    if [ -r "${testdir}/ocsp.conf" ]; then
92        apache_service "${testdir}" "ocsp.conf" stop || true
93    fi
94
95    local errlog="logs/${TEST_NAME}.error.log"
96    if [ -r "${errlog}" ]; then
97        printf "\nApache error logs:\n"
98        tail "${errlog}"
99    fi
100
101    if [ -n "${USE_MSVA}" ]; then
102        stop_msva
103    fi
104}
105
106if [ -n "${USE_MSVA}" ]; then
107    msva_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
108    GNUPGHOME=msva.gnupghome MSVA_KEYSERVER_POLICY=never run_with_pidfile "${msva_pidfile}" monkeysphere-validation-agent &
109    trap stop_msva EXIT
110
111    printf "TESTING: initial MSVA verification\n"
112    export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
113
114    msva_test_cmd="msva-query-agent https \"$(cat authority/client/uid)\" x509pem client < authority/client/x509.pem"
115    # check if MSVA is up, fail if not
116    if wait_ready "${msva_test_cmd}"; then
117        printf "\nSUCCESS: initial MSVA verification\n"
118    else
119        printf "\nFAIL: initial MSVA verification\n"
120        exit 1
121    fi
122fi
123
124# configure locking for the Apache process
125if [ -n "${USE_TEST_NAMESPACE}" ]; then
126    echo "Using namespaces to isolate tests, no need for locking."
127    flock_cmd=""
128elif [ -n "${FLOCK}" ]; then
129    flock_cmd="${FLOCK} -w ${TEST_LOCK_WAIT} $(realpath ${TEST_LOCK})"
130else
131    echo "Locking disabled, using wait based on Apache PID file."
132    wait_pid_gone "${TEST_LOCK}"
133    flock_cmd=""
134fi
135
136export srcdir="$(realpath ${srcdir})"
137export TEST_NAME="$(basename "${testdir}")"
138output="outputs/${TEST_NAME}.output"
139rm -f "$output"
140
141if [ -e ${testdir}/fail.* ]; then
142    EXPECTED_FAILURE="$(printf " (expected: %s)" fail.*)"
143else
144    unset EXPECTED_FAILURE
145fi
146printf "TESTING: %s%s\n" "$TEST_NAME" "$EXPECTED_FAILURE"
147trap apache_down_err EXIT
148if [ -n "${USE_MSVA}" ]; then
149    export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
150fi
151
152# If VERBOSE is enabled, log the HTTPD build configuration
153if [ -n "${VERBOSE}" ]; then
154    ${APACHE2} -f "${srcdir}/base_apache.conf" -V
155fi
156
157# Start OCSP responder, if configured
158if [ -r "${testdir}/ocsp.conf" ]; then
159    apache_service "${testdir}" "ocsp.conf" start "${OCSP_LOCK}"
160    CHECK_OCSP_SERVER="true"
161    if [ -n "${VERBOSE}" ]; then
162        echo "OCSP index for the test CA:"
163        cat authority/ocsp_index.txt
164    fi
165fi
166
167# Start proxy backend server, if configured
168if [ -r "${testdir}/backend.conf" ]; then
169    apache_service "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
170fi
171
172if ! ${flock_cmd} ${APACHE2} -f "${testdir}/apache.conf" -k start; then
173    if [ -e "${testdir}/fail.server" ]; then
174        echo "Apache HTTPD failed to start as expected."
175        exit 0
176    else
177        echo "Apache HTTPD unexpectedly failed to start."
178        exit 1
179    fi
180fi
181
182# check OCSP server
183if [ -n "${CHECK_OCSP_SERVER}" ]; then
184    if [ -n "${OCSP_RESPONSE_FILE}" ]; then
185        store_ocsp="--outfile ${OCSP_RESPONSE_FILE}"
186    fi
187    echo "---- Testing OCSP server ----"
188    wait_ready "ocsptool --ask --nonce --load-issuer authority/x509.pem --load-cert authority/server/x509.pem ${store_ocsp}"
189    echo "---- OCSP test done ----"
190fi
191
192if [ -n "${TARGET_IP}" ]; then
193    export TEST_TARGET="${TARGET_IP}"
194else
195    export TEST_TARGET="${TEST_HOST}"
196fi
197
198${PYTHON} ${srcdir}/https-test-client.py \
199          --test-config "${testdir}/test.yml" \
200          --timeout "${TEST_QUERY_TIMEOUT}" \
201    |& tee "$output"
202# We care about the exit status of the Python script, not tee
203if [ ${PIPESTATUS[0]} -ne 0 ]; then
204    exit 1
205fi
206
207if [ -n "${USE_MSVA}" ]; then
208    trap stop_msva EXIT
209else
210    trap - EXIT
211fi
212${APACHE2} -f "${testdir}/apache.conf" -k stop || [ -e ${testdir}/fail.server ]
213printf "SUCCESS: %s\n" "$TEST_NAME"
214
215if [ -r "${testdir}/backend.conf" ]; then
216    apache_service "${testdir}" "backend.conf" stop || true
217fi
218
219if [ -r "${testdir}/ocsp.conf" ]; then
220    apache_service "${testdir}" "ocsp.conf" stop || true
221fi
222
223if [ -n "${USE_MSVA}" ]; then
224    stop_msva
225    # Without explicitly resetting the trap function, it would be
226    # called again on exit. Of course, we could just not stop MSVA and
227    # let the trap do the work, but I think the code is easier to
228    # understand like this.
229    trap - EXIT
230fi
Note: See TracBrowser for help on using the repository browser.