Skip to content

Commit 172dd51

Browse files
cytopiacytopia
authored
Merge pull request #12 from devilbox/release-0.4
Adding full integration tests
2 parents 52dbf6e + 14ad9d9 commit 172dd51

File tree

9 files changed

+496
-18
lines changed

9 files changed

+496
-18
lines changed

.editorconfig

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
# EditorConfig is awesome: https://EditorConfig.org
2+
3+
# -------------------------------------------------------------------------------------------------
4+
# Default configuration
5+
# -------------------------------------------------------------------------------------------------
6+
# top-most EditorConfig file
7+
root = true
8+
9+
# Default for all files
10+
[*]
11+
charset = utf-8
12+
end_of_line = lf
13+
insert_final_newline = true
14+
trim_trailing_whitespace = true
15+
16+
17+
# -------------------------------------------------------------------------------------------------
18+
# Scripts
19+
# -------------------------------------------------------------------------------------------------
20+
21+
[*.sh]
22+
indent_style = tab
23+
indent_size = 4
24+
25+
[bin/ca-gen]
26+
indent_style = tab
27+
indent_size = 4
28+
29+
[bin/cert-gen]
30+
indent_style = tab
31+
indent_size = 4
32+
33+
34+
# -------------------------------------------------------------------------------------------------
35+
# Git Repository
36+
# -------------------------------------------------------------------------------------------------
37+
[.travis.yml]
38+
indent_style = space
39+
indent_size = 2
40+
41+
[Makefile]
42+
indent_style = tab
43+
indent_size = 4
44+
45+
46+
# -------------------------------------------------------------------------------------------------
47+
# Documentation
48+
# -------------------------------------------------------------------------------------------------
49+
[*.md]
50+
indent_style = space
51+
trim_trailing_whitespace = false
52+
indent_size = 2

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
.tests/tmp

.tests/.lib.sh

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
#!/usr/bin/env bash
2+
3+
set -e
4+
set -u
5+
set -o pipefail
6+
7+
8+
# -------------------------------------------------------------------------------------------------
9+
# Functions
10+
# -------------------------------------------------------------------------------------------------
11+
12+
###
13+
### Run command
14+
###
15+
run() {
16+
local cmd="${1}"
17+
local retries=1
18+
local workdir=
19+
local verbose=1
20+
21+
# retry?
22+
if [ "${#}" -gt "1" ]; then
23+
retries="${2}"
24+
fi
25+
# change directory?
26+
if [ "${#}" -gt "2" ]; then
27+
workdir="${3}"
28+
fi
29+
30+
# be verbose?
31+
if [ "${#}" -gt "3" ]; then
32+
verbose="${4}"
33+
fi
34+
35+
local red="\\033[0;31m"
36+
local green="\\033[0;32m"
37+
local yellow="\\033[0;33m"
38+
local reset="\\033[0m"
39+
40+
# Set command
41+
if [ -n "${workdir}" ]; then
42+
cmd="cd ${workdir} && ${cmd}"
43+
else
44+
cmd="${cmd}"
45+
fi
46+
# Print command?
47+
if [ "${verbose}" -eq "1" ]; then
48+
>&2 printf "${yellow}%s \$${reset} %s\\n" "$(whoami)" "${cmd}"
49+
fi
50+
51+
for ((i=0; i<retries; i++)); do
52+
if eval "set -e && set -u && set -o pipefail && ${cmd}"; then
53+
if [ "${verbose}" -eq "1" ]; then
54+
>&2 printf "${green}[%s: in %s rounds]${reset}\\n" "OK" "$((i+1))"
55+
fi
56+
return 0
57+
fi
58+
sleep 1
59+
done
60+
if [ "${verbose}" -eq "1" ]; then
61+
>&2 printf "${red}[%s: in %s rounds]${reset}\\n" "FAIL" "${retries}"
62+
fi
63+
return 1
64+
}

.tests/test.sh

Lines changed: 269 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,269 @@
1+
#!/usr/bin/env bash
2+
3+
set -e
4+
set -u
5+
set -o pipefail
6+
7+
TEST_PATH="$( cd "$(dirname "$0")" && pwd -P )"
8+
ROOT_PATH="$( cd "${TEST_PATH}/.." && pwd -P )"
9+
# shellcheck disable=SC1090
10+
. "${TEST_PATH}/.lib.sh"
11+
12+
13+
# -------------------------------------------------------------------------------------------------
14+
# Pre-check
15+
# -------------------------------------------------------------------------------------------------
16+
17+
###
18+
### Clean-up for new round
19+
###
20+
rm -rf "${TEST_PATH}/tmp"
21+
mkdir "${TEST_PATH}/tmp"
22+
23+
24+
###
25+
### Do we test in Docker container?
26+
###
27+
USE_DOCKER=0
28+
if [ "${#}" = "1" ]; then
29+
USE_DOCKER=1
30+
fi
31+
32+
33+
# -------------------------------------------------------------------------------------------------
34+
# Variables
35+
# -------------------------------------------------------------------------------------------------
36+
37+
38+
###
39+
### General
40+
###
41+
DOCKER_NAME="devilbox_openssl_server"
42+
DOCKER_IMAGE="debian:buster-slim"
43+
OPENSSL_PORT=4433
44+
45+
46+
###
47+
### Certificate Authority
48+
###
49+
CA_NAME="devilbox.org"
50+
CA_KEYSIZE=2048
51+
CA_VALIDITY=3650
52+
53+
CA_KEY_NAME="ca.key"
54+
CA_KEY_PATH="${TEST_PATH}/tmp/${CA_KEY_NAME}"
55+
CA_CRT_NAME="ca.crt"
56+
CA_CRT_PATH="${TEST_PATH}/tmp/${CA_CRT_NAME}"
57+
58+
59+
###
60+
### Certificate
61+
###
62+
CERT_NAME="localhost"
63+
CERT_KEYSIZE=2048
64+
CERT_VALIDITY=400
65+
66+
CERT_KEY_NAME="cert.key"
67+
CERT_KEY_PATH="${TEST_PATH}/tmp/${CERT_KEY_NAME}"
68+
CERT_CSR_NAME="cert.csr"
69+
CERT_CSR_PATH="${TEST_PATH}/tmp/${CERT_CSR_NAME}"
70+
CERT_CRT_NAME="cert.crt"
71+
CERT_CRT_PATH="${TEST_PATH}/tmp/${CERT_CRT_NAME}"
72+
73+
74+
# -------------------------------------------------------------------------------------------------
75+
# ENTRYPOINT
76+
# -------------------------------------------------------------------------------------------------
77+
78+
echo
79+
echo "# -------------------------------------------------------------------------------------------------"
80+
echo "# Creating Certificate Authority"
81+
echo "# -------------------------------------------------------------------------------------------------"
82+
echo
83+
run "${ROOT_PATH}/bin/ca-gen \
84+
-v \
85+
-k ${CA_KEYSIZE} \
86+
-d ${CA_VALIDITY} \
87+
-n ${CA_NAME} \
88+
-c DE \
89+
-s Berlin \
90+
-l Berlin \
91+
-o DevilboxOrg \
92+
-u DevilboxUnit \
93+
-e ca@${CA_NAME} \
94+
${CA_KEY_PATH} \
95+
${CA_CRT_PATH}"
96+
97+
# Verify CRT
98+
echo
99+
echo "[INFO] Verify CRT"
100+
run "openssl x509 -noout -in ${CA_CRT_PATH}"
101+
echo
102+
103+
# Verify KEY
104+
echo
105+
echo "[INFO] Verify KEY"
106+
run "openssl rsa -check -noout -in ${CA_KEY_PATH}"
107+
108+
# Check that KEY matches CRT
109+
echo
110+
echo "[INFO] Verify KEY matches CRT"
111+
run "diff -y \
112+
<(openssl x509 -noout -modulus -in ${CA_CRT_PATH} | openssl md5) \
113+
<(openssl rsa -noout -modulus -in ${CA_KEY_PATH} | openssl md5)"
114+
115+
116+
echo
117+
echo "# -------------------------------------------------------------------------------------------------"
118+
echo "# Creating Certificate"
119+
echo "# -------------------------------------------------------------------------------------------------"
120+
echo
121+
122+
run "${ROOT_PATH}/bin/cert-gen \
123+
-v \
124+
-k ${CERT_KEYSIZE} \
125+
-d ${CERT_VALIDITY} \
126+
-n ${CERT_NAME} \
127+
-c DE \
128+
-s Berlin \
129+
-l Berlin \
130+
-o SomeOrg \
131+
-u SomeUnit \
132+
-e cert@${CERT_NAME} \
133+
-a '*.${CERT_NAME},www.${CERT_NAME}' \
134+
${CA_KEY_PATH} \
135+
${CA_CRT_PATH} \
136+
${CERT_KEY_PATH} \
137+
${CERT_CSR_PATH} \
138+
${CERT_CRT_PATH}"
139+
140+
# Verify CRT
141+
echo
142+
echo "[INFO] Verify CRT"
143+
run "openssl x509 -noout -in ${CERT_CRT_PATH}"
144+
145+
# Verify KEY
146+
echo
147+
echo "[INFO] Verify KEY"
148+
run "openssl rsa -check -noout -in ${CERT_KEY_PATH}"
149+
150+
# Verify CSR
151+
echo
152+
echo "[INFO] Verify CSR"
153+
run "openssl req -noout -verify -in ${CERT_CSR_PATH}"
154+
155+
# Check that KEY matches CRT
156+
echo
157+
echo "[INFO] Verify KEY matches CRT"
158+
run "diff -y \
159+
<(openssl x509 -noout -modulus -in ${CERT_CRT_PATH} | openssl md5) \
160+
<(openssl rsa -noout -modulus -in ${CERT_KEY_PATH} | openssl md5)"
161+
162+
# Check that KEY matches CSR
163+
echo
164+
echo "[INFO] Verify KEY matches CSR"
165+
run "diff -y \
166+
<(openssl x509 -noout -modulus -in ${CERT_CRT_PATH} | openssl md5) \
167+
<(openssl req -noout -modulus -in ${CERT_CSR_PATH} | openssl md5)"
168+
169+
# Check certificate is issued by CA
170+
echo
171+
echo "[INFO] Verify certificate is issued by CA"
172+
run "openssl verify -verbose -CAfile ${CA_CRT_PATH} ${CERT_CRT_PATH}"
173+
174+
175+
176+
ERROR=0
177+
if [ "${USE_DOCKER}" = "1" ]; then
178+
echo
179+
echo "# -------------------------------------------------------------------------------------------------"
180+
echo "# Testing browser certificate (inside Docker container)"
181+
echo "# -------------------------------------------------------------------------------------------------"
182+
echo
183+
184+
echo "[INFO] Pulling Docker Image"
185+
run "docker pull ${DOCKER_IMAGE}"
186+
187+
echo
188+
echo "[INFO] Ensuring Docker Image is not running"
189+
run "docker rm -f ${DOCKER_NAME} >/dev/null 2>&1 || true"
190+
191+
echo
192+
echo "[INFO] Starting Docker Image with OpenSSL server"
193+
run "docker run -d --rm --name ${DOCKER_NAME} -w /data -p '${OPENSSL_PORT}:${OPENSSL_PORT}' -v ${TEST_PATH}/tmp:/data ${DOCKER_IMAGE} sh -c '
194+
apt-get update -qq &&
195+
apt-get install -qq -y curl openssl > /dev/null &&
196+
set -x &&
197+
openssl s_server -key ${CERT_KEY_NAME} -cert ${CERT_CRT_NAME} -CAfile ${CA_CRT_NAME} -accept ${OPENSSL_PORT} -www' >/dev/null"
198+
199+
echo
200+
echo "[INFO] Waiting for Docker container to start"
201+
run "sleep 5"
202+
203+
echo
204+
echo "[INFO] Testing valid https connection with curl"
205+
if ! run "docker exec -w /data ${DOCKER_NAME} curl -sS -o /dev/null -w '%{http_code}' --cacert ${CA_CRT_NAME} 'https://localhost:${OPENSSL_PORT}' | grep 200" "60"; then
206+
ERROR=1
207+
fi
208+
209+
echo
210+
echo "[INFO] Testing valid https connection with openssl client"
211+
if ! run "echo | openssl s_client -verify 8 -CAfile ${CA_CRT_PATH} >/dev/null" "60"; then
212+
ERROR=1
213+
fi
214+
215+
echo "[INFO] Validating openssl certificate with openssl client"
216+
if ! run "echo | openssl s_client -verify 8 -CAfile ${CA_CRT_PATH} | grep 'Verify return code: 0 (ok)'" "60"; then
217+
ERROR=1
218+
fi
219+
220+
echo
221+
echo "[INFO] Show info and clean up"
222+
run "docker logs ${DOCKER_NAME} || true"
223+
run "docker rm -f ${DOCKER_NAME} >/dev/null 2>&1 || true"
224+
225+
else
226+
echo
227+
echo "# -------------------------------------------------------------------------------------------------"
228+
echo "# Testing browser certificate (on host system)"
229+
echo "# -------------------------------------------------------------------------------------------------"
230+
echo
231+
232+
echo
233+
echo "[INFO] Ensuring OpenSSL server is not running"
234+
run "ps aux | grep openssl | grep s_server | awk '{print \$2}' | xargs kill 2>/dev/null || true"
235+
236+
echo "[INFO] Starting OpenSSL server"
237+
run "openssl s_server -key ${CERT_KEY_PATH} -cert ${CERT_CRT_PATH} -CAfile ${CA_CRT_PATH} -accept ${OPENSSL_PORT} -www >/dev/null &"
238+
239+
echo
240+
echo "[INFO] Waiting for OpensSL server to start"
241+
run "sleep 5"
242+
243+
echo
244+
echo "[INFO] Testing valid https connection with curl"
245+
if ! run "curl -sS -o /dev/null -w '%{http_code}' --cacert ${CA_CRT_PATH} 'https://localhost:${OPENSSL_PORT}' | grep 200" "60"; then
246+
ERROR=1
247+
fi
248+
249+
echo
250+
echo "[INFO] Testing valid https connection with openssl client"
251+
if ! run "echo | openssl s_client -verify 8 -CAfile ${CA_CRT_PATH} >/dev/null" "60"; then
252+
ERROR=1
253+
fi
254+
255+
echo
256+
echo "[INFO] Validating openssl certificate with openssl client"
257+
if ! run "echo | openssl s_client -verify 8 -CAfile ${CA_CRT_PATH} | grep 'Verify return code: 0 (ok)'" "60"; then
258+
ERROR=1
259+
fi
260+
261+
echo
262+
echo "[INFO] Clean up"
263+
run "ps aux | grep openssl | grep s_server | awk '{print \$2}' | xargs kill 2>/dev/null || true"
264+
265+
fi
266+
267+
echo
268+
echo "[INFO] Return success or failure"
269+
exit "${ERROR}"

0 commit comments

Comments
 (0)