Merge pull request #10749 from Icinga/fix-certificate-fixture-broken-after-failed-test

yhabteab · web-flow · commit 2d172fb87b92 · 2026-03-12T12:28:20.000+01:00
Fix `CertificateFixture` error if previous test fails
diff --git a/test/base-tlsutility.cpp b/test/base-tlsutility.cpp
@@ -6,6 +6,7 @@
 #include "base/utility.hpp"
 #include "remote/pkiutility.hpp"
 #include "test/remote-certificate-fixture.hpp"
+#include "test/test-ctest.hpp"
 #include <BoostTestTargetConfig.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
@@ -171,7 +172,8 @@ BOOST_AUTO_TEST_CASE(static_certs_uptodate)
 	BOOST_CHECK(!IsCertUptodate(StringToCertificate(l_ExpiredCrt)));
 }
 
-BOOST_FIXTURE_TEST_CASE(create_verify_ca, CertificateFixture)
+BOOST_FIXTURE_TEST_CASE(create_verify_ca, CertificateFixture,
+	*CTestProperties("FIXTURES_REQUIRED dirty_ssl_certs"))
 {
 	auto cacert(GetX509Certificate(m_CaDir.string()+"/ca.crt"));
 	if constexpr (OPENSSL_VERSION_NUMBER >= 0x10100000L) {
@@ -195,7 +197,8 @@ BOOST_FIXTURE_TEST_CASE(create_verify_ca, CertificateFixture)
 	BOOST_CHECK(!IsCaUptodate(cacert.get())); // Still outdated, as it's less than LEAF_VALID_FOR.
 }
 
-BOOST_FIXTURE_TEST_CASE(create_verify_leaf_certs, CertificateFixture)
+BOOST_FIXTURE_TEST_CASE(create_verify_leaf_certs, CertificateFixture,
+	*CTestProperties("FIXTURES_REQUIRED dirty_ssl_certs"))
 {
 	String caDir = m_CaDir.string();
 	String certsDir = m_CertsDir.string();
diff --git a/test/remote-certificate-fixture.cpp b/test/remote-certificate-fixture.cpp
@@ -28,7 +28,18 @@ static void CleanupPersistentCertificateDir()
 	}
 }
 
-BOOST_FIXTURE_TEST_CASE(prepare_directory, ConfigurationDataDirFixture, *CTestProperties("FIXTURES_SETUP ssl_certs"))
+BOOST_FIXTURE_TEST_CASE(prepare_directory_for_dirty_tests, ConfigurationDataDirFixture,
+	*CTestProperties("FIXTURES_SETUP dirty_ssl_certs"))
+{
+	/* Same as the other prepare_directory below, only that the dirty_ssl_certs fixture this
+	 * establishes cleans up before and after tests that leave behind certs in a broken state.
+	 */
+	CleanupPersistentCertificateDir();
+}
+
+BOOST_FIXTURE_TEST_CASE(prepare_directory_for_regular_tests, ConfigurationDataDirFixture,
+	*CTestProperties("FIXTURES_CLEANUP dirty_ssl_certs")
+	*CTestProperties("FIXTURES_SETUP ssl_certs"))
 {
 	// Remove any existing left-overs of the persistent certificate directory from a previous
 	// test run.
diff --git a/test/remote-certificate-fixture.hpp b/test/remote-certificate-fixture.hpp
@@ -20,30 +20,43 @@ struct CertificateFixture : ConfigurationDataDirFixture
 		m_CertsDir = ApiListener::GetCertsDir();
 		m_CaCrtFile = m_CertsDir / "ca.crt";
 
-		fs::create_directories(m_PersistentCertsDir / "ca");
-		fs::create_directories(m_PersistentCertsDir / "certs");
+		Utility::MkDirP((m_PersistentCertsDir / "ca").string(), 0700);
+		Utility::MkDirP((m_PersistentCertsDir / "certs").string(), 0700);
 
-		if (fs::exists(m_DataDir / "ca")) {
-			fs::remove(m_DataDir / "ca");
+		if (Utility::PathExists(m_CaDir.string())) {
+			Utility::RemoveDirRecursive(m_CaDir.string());
 		}
-		if (fs::exists(m_DataDir / "certs")) {
-			fs::remove(m_DataDir / "certs");
+		if (Utility::PathExists(m_CertsDir.string())) {
+			Utility::RemoveDirRecursive(m_CertsDir.string());
 		}
 
-		fs::rename(m_PersistentCertsDir / "ca", m_DataDir / "ca");
-		fs::rename(m_PersistentCertsDir / "certs", m_DataDir / "certs");
+		Utility::MkDirP(m_CaDir.string(), 0700);
+		for(const auto& entry : fs::directory_iterator{m_PersistentCertsDir / "ca"}){
+			Utility::CopyFile(entry.path().string(), (m_CaDir / entry.path().filename()).string());
+		}
+
+		Utility::MkDirP(m_CertsDir.string(), 0700);
+		for(const auto& entry : fs::directory_iterator{m_PersistentCertsDir / "certs"}){
+			Utility::CopyFile(entry.path().string(), (m_CertsDir / entry.path().filename()).string());
+		}
 
-		if (!fs::exists(m_CaCrtFile)) {
+		if (!Utility::PathExists(m_CaCrtFile.string())) {
 			PkiUtility::NewCa();
-			fs::copy_file(m_CaDir / "ca.crt", m_CaCrtFile);
+			Utility::CopyFile((m_CaDir / "ca.crt").string(), m_CaCrtFile.string());
 		}
 	}
 
 	~CertificateFixture()
 	{
 		namespace fs = boost::filesystem;
-		fs::rename(m_DataDir / "ca", m_PersistentCertsDir / "ca");
-		fs::rename(m_DataDir / "certs", m_PersistentCertsDir / "certs");
+
+		for(const auto& entry : fs::directory_iterator{m_CaDir}){
+			Utility::CopyFile(entry.path().string(), (m_PersistentCertsDir / "ca" / entry.path().filename()).string());
+		}
+
+		for(const auto& entry : fs::directory_iterator{m_CertsDir}){
+			Utility::CopyFile(entry.path().string(), (m_PersistentCertsDir / "certs" / entry.path().filename()).string());
+		}
 	}
 
 	[[nodiscard]] auto EnsureCertFor(const std::string& name, bool overrideExisting = false) const

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`#include "base/utility.hpp"`
`7`	`7`	`#include "remote/pkiutility.hpp"`
`8`	`8`	`#include "test/remote-certificate-fixture.hpp"`
	`9`	`+#include "test/test-ctest.hpp"`
`9`	`10`	`#include <BoostTestTargetConfig.h>`
`10`	`11`	`#include <openssl/evp.h>`
`11`	`12`	`#include <openssl/x509.h>`
`@@ -171,7 +172,8 @@ BOOST_AUTO_TEST_CASE(static_certs_uptodate)`
`171`	`172`	`BOOST_CHECK(!IsCertUptodate(StringToCertificate(l_ExpiredCrt)));`
`172`	`173`	`}`
`173`	`174`
`174`		`-BOOST_FIXTURE_TEST_CASE(create_verify_ca, CertificateFixture)`
	`175`	`+BOOST_FIXTURE_TEST_CASE(create_verify_ca, CertificateFixture,`
	`176`	`+ *CTestProperties("FIXTURES_REQUIRED dirty_ssl_certs"))`
`175`	`177`	`{`
`176`	`178`	`auto cacert(GetX509Certificate(m_CaDir.string()+"/ca.crt"));`
`177`	`179`	`if constexpr (OPENSSL_VERSION_NUMBER >= 0x10100000L) {`
`@@ -195,7 +197,8 @@ BOOST_FIXTURE_TEST_CASE(create_verify_ca, CertificateFixture)`
`195`	`197`	`BOOST_CHECK(!IsCaUptodate(cacert.get())); // Still outdated, as it's less than LEAF_VALID_FOR.`
`196`	`198`	`}`
`197`	`199`
`198`		`-BOOST_FIXTURE_TEST_CASE(create_verify_leaf_certs, CertificateFixture)`
	`200`	`+BOOST_FIXTURE_TEST_CASE(create_verify_leaf_certs, CertificateFixture,`
	`201`	`+ *CTestProperties("FIXTURES_REQUIRED dirty_ssl_certs"))`
`199`	`202`	`{`
`200`	`203`	`String caDir = m_CaDir.string();`
`201`	`204`	`String certsDir = m_CertsDir.string();`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,18 @@ static void CleanupPersistentCertificateDir()`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
`31`		`-BOOST_FIXTURE_TEST_CASE(prepare_directory, ConfigurationDataDirFixture, *CTestProperties("FIXTURES_SETUP ssl_certs"))`
	`31`	`+BOOST_FIXTURE_TEST_CASE(prepare_directory_for_dirty_tests, ConfigurationDataDirFixture,`
	`32`	`+ *CTestProperties("FIXTURES_SETUP dirty_ssl_certs"))`
	`33`	`+{`
	`34`	`+ /* Same as the other prepare_directory below, only that the dirty_ssl_certs fixture this`
	`35`	`+ * establishes cleans up before and after tests that leave behind certs in a broken state.`
	`36`	`+ */`
	`37`	`+ CleanupPersistentCertificateDir();`
	`38`	`+}`
	`39`	`+`
	`40`	`+BOOST_FIXTURE_TEST_CASE(prepare_directory_for_regular_tests, ConfigurationDataDirFixture,`
	`41`	`+ *CTestProperties("FIXTURES_CLEANUP dirty_ssl_certs")`
	`42`	`+ *CTestProperties("FIXTURES_SETUP ssl_certs"))`
`32`	`43`	`{`
`33`	`44`	`// Remove any existing left-overs of the persistent certificate directory from a previous`
`34`	`45`	`// test run.`