TLS initializes correctly but Bats tests still fail

Author: d-w-moore

irods/test/harness/manage_irods5_procs

@@ -1,13 +1,31 @@
+if [ `id -un` = irods ]; then
+  LAUNCH='bash -c'
+else
+  LAUNCH='sudo su - irods -c'
+fi
+
+start() {
+  $LAUNCH 'irodsServer -d -p /tmp/irods.pid'
+}
+
+stop() { 
+  $LAUNCH 'kill -QUIT $(cat /tmp/irods.pid) && rm -f /tmp/irods.pid'
+}
+
 if [ "$1" = "start" ]; then
-  sudo su - irods -c 'irodsServer -d -p /tmp/irods.pid'
+  start
 elif [ "$1" = "start-bg" ]; then
-  sudo su - irods -c 'irodsServer --stdout -p /tmp/irods.pid >/tmp/irods.log &'
+  $LAUNCH 'irodsServer --stdout -p /tmp/irods.pid >/tmp/irods.log &'
+elif [ "$1" = "rescan-config" ]; then
+  $LAUNCH 'pkill -HUP irodsServer'
 elif [ "$1" = "status" ]; then
   pgrep -afl "irods(Delay|Agent|Server)"
 elif [ "$1" = "stop" ]; then
-  sudo su - irods -c 'kill -QUIT $(cat /tmp/irods.pid) && rm -f /tmp/irods.pid'
+  stop
+elif [ "$1" = "restart" ]; then
+  stop && start
 elif [ "$1" = "wait" ]; then
-  sudo su - irods -c '
+  $LAUNCH '
       pid=`cat /tmp/irods.pid 2>/dev/null`;
       [ -n "$pid" ] && { while ps -eo pid |grep $pid >/dev/null 2>&1; do sleep 1; done; }'
 else

irods/test/login_auth_test.sh

@@ -2,6 +2,7 @@
 . $(dirname $0)/scripts/test_support_functions
 . $(dirname $0)/scripts/update_json_for_test
 
+IRODS_SERVER_CONFIG=/etc/irods/server_config.json
 IRODS_SERVICE_ACCOUNT_ENV_FILE=~irods/.irods/irods_environment.json 
 LOCAL_ACCOUNT_ENV_FILE=~/.irods/irods_environment.json 
 
@@ -10,7 +11,7 @@ setup_preconnect_preference DONT_CARE
 add_irods_to_system_pam_configuration
 
 # set up /etc/irods/ssl directory and files
-set_up_ssl sudo -q
+set_up_ssl sudo
 
 sudo useradd -ms/bin/bash alissa 
 sudo chpasswd <<<"alissa:test123"
@@ -23,6 +24,18 @@ activate_virtual_env_with_prc_installed >/dev/null 2>&1 || { echo >&2 "couldn't
 
 # Set up testuser with rods+SSL so we never have to run login_auth_tests.py as the service account.
 iinit_as_rods >/dev/null 2>&1 || { echo >&2 "couldn't iinit as rods"; exit 2; }
+
+# Configure clients with admin user but no TLS yet because that requires a rebounce (or rescan-config) in >= iRODS 5.0
+
+if irods_server_version ge 5.0.0; then
+  update_json_file $IRODS_SERVER_CONFIG \
+                   "$(newcontent $IRODS_SERVER_CONFIG tls_server_items tls_client_items)"
+  #sudo su - irods -c "/manage_irods5_procs restart"
+  sudo su - irods -c "/manage_irods5_procs rescan-config"
+fi
+
+# Configure clients with admin user + TLS
+
 update_json_file $LOCAL_ACCOUNT_ENV_FILE \
                  "$(newcontent $LOCAL_ACCOUNT_ENV_FILE ssl_keys encrypt_keys)"
 

irods/test/scripts/update_json_for_test

@@ -1,4 +1,17 @@
 #!/bin/bash
+
+declare -A tls_server_items=(
+    [tls_server]='{"certificate_chain_file":"/etc/irods/ssl/irods.crt",
+    "certificate_key_file":"/etc/irods/ssl/irods.key",
+    "dh_params_file":"/etc/irods/ssl/dhparams.pem"}'
+)
+
+declare -A tls_client_items=(
+    [tls_client]='{"ca_certificate_file":"/etc/irods/ssl/irods.crt",
+    "ca_certificate_path":"/etc/ssl/certs",
+    "verify_server":"cert"}'
+)
+
 declare -A ssl_keys=(
     [irods_client_server_negotiation]='"request_server_negotiation"'
     [irods_client_server_policy]='"CS_NEG_REQUIRE"'
@@ -12,6 +25,7 @@ declare -A ssl_keys=(
 declare -A pam_keys=(
     [irods_authentication_scheme]="\"$(pam_auth_string)\""
 )
+
 declare -A encrypt_keys=(
     [irods_encryption_key_size]=16
     [irods_encryption_salt_size]=8