Merge pull request #325 from tls-attacker/integrationTestsProbes

Integration Tests (server probes)

Author: NErinola

Jenkinsfile

@@ -54,7 +54,7 @@ pipeline {
                 }
             }
             options {
-                timeout(activity: true, time: 120, unit: 'SECONDS')
+                timeout(activity: true, time: 240, unit: 'SECONDS')
             }
             steps {
                 withMaven(jdk: env.JDK_TOOL_NAME, maven: env.MAVEN_TOOL_NAME) {
@@ -77,7 +77,7 @@ pipeline {
                 }
             }
             options {
-                timeout(activity: true, time: 120, unit: 'SECONDS')
+                timeout(activity: true, time: 180, unit: 'SECONDS')
             }
             steps {
                 withMaven(jdk: env.JDK_TOOL_NAME, maven: env.MAVEN_TOOL_NAME) {
@@ -99,7 +99,7 @@ pipeline {
                 }
             }
             options {
-                timeout(activity: true, time: 120, unit: 'SECONDS')
+                timeout(activity: true, time: 600, unit: 'SECONDS')
             }
             steps {
                 withMaven(jdk: env.JDK_TOOL_NAME, maven: env.MAVEN_TOOL_NAME) {
@@ -135,4 +135,4 @@ pipeline {
             recordIssues enabledForFailure: true, tools: [mavenConsole(), java(), javaDoc()]
         }
     }
-}
+}

Scanner-Core/src/main/java/de/rub/nds/scanner/core/config/ExecutorConfig.java

@@ -12,6 +12,7 @@
 import de.rub.nds.scanner.core.constants.ProbeType;
 import de.rub.nds.scanner.core.constants.ScannerDetail;
 import java.util.Arrays;
+import java.util.LinkedList;
 import java.util.List;
 
 public final class ExecutorConfig {
@@ -98,6 +99,20 @@ public void setProbes(ProbeType... probes) {
         this.probes = Arrays.asList(probes);
     }
 
+    public void addProbes(List<ProbeType> probes) {
+        if (this.probes == null) {
+            this.probes = new LinkedList<>();
+        }
+        this.probes.addAll(probes);
+    }
+
+    public void addProbes(ProbeType... probes) {
+        if (this.probes == null) {
+            this.probes = new LinkedList<>();
+        }
+        this.probes.addAll(Arrays.asList(probes));
+    }
+
     public int getProbeTimeout() {
         return probeTimeout;
     }

Scanner-Core/src/main/java/de/rub/nds/scanner/core/report/ScanReport.java

@@ -139,6 +139,18 @@ public synchronized void putResult(AnalyzedProperty property, Boolean result) {
                                 : TestResults.UNCERTAIN);
     }
 
+    public synchronized void putResult(AnalyzedProperty property, List<?> result) {
+        this.putResult(property, new ListResult<>((List<?>) result, property.getName()));
+    }
+
+    public synchronized void putResult(AnalyzedProperty property, Set<?> result) {
+        this.putResult(property, new SetResult<>((Set<?>) result, property.getName()));
+    }
+
+    public synchronized void putResult(AnalyzedProperty property, Map<?, ?> result) {
+        this.putResult(property, new MapResult<>((Map<?, ?>) result, property.getName()));
+    }
+
     public synchronized void markAsChangedAndNotify() {
         this.hasChanged();
         this.notifyObservers();

TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/report/TlsScanReport.java

@@ -42,9 +42,6 @@ public abstract class TlsScanReport extends ScanReport {
 
     private KnownPaddingOracleVulnerability knownPaddingOracleVulnerability = null;
 
-    // Extensions
-    private List<String> supportedAlpns = null;
-
     // DTLS
     private Integer totalReceivedRetransmissions = 0;
 
@@ -73,14 +70,6 @@ public synchronized void setKnownPaddingOracleVulnerability(
         this.knownPaddingOracleVulnerability = knownPaddingOracleVulnerability;
     }
 
-    public synchronized List<String> getSupportedAlpns() {
-        return supportedAlpns;
-    }
-
-    public synchronized void setSupportedAlpns(List<String> supportedAlpns) {
-        this.supportedAlpns = supportedAlpns;
-    }
-
     public synchronized Integer getTotalReceivedRetransmissions() {
         return totalReceivedRetransmissions;
     }
@@ -239,6 +228,13 @@ public synchronized List<NamedGroup> getSupportedNamedGroups() {
         return listResult == null ? null : listResult.getList();
     }
 
+    public synchronized List<NamedGroup> getStaticEcdsaPkgGroups() {
+        @SuppressWarnings("unchecked")
+        ListResult<NamedGroup> listResult =
+                (ListResult<NamedGroup>) getListResult(TlsAnalyzedProperty.STATIC_ECDSA_PK_GROUPS);
+        return listResult == null ? null : listResult.getList();
+    }
+
     public synchronized List<NamedGroup> getEphemeralEcdsaPkgGroups() {
         @SuppressWarnings("unchecked")
         ListResult<NamedGroup> listResult =
@@ -298,4 +294,11 @@ public synchronized List<TokenBindingKeyParameters> getSupportedTokenbindingKeyP
                         getListResult(TlsAnalyzedProperty.SUPPORTED_TOKENBINDING_KEY_PARAMETERS);
         return listResult == null ? null : listResult.getList();
     }
+
+    public synchronized List<String> getSupportedAlpnConstans() {
+        @SuppressWarnings("unchecked")
+        ListResult<String> listResult =
+                (ListResult<String>) getListResult(TlsAnalyzedProperty.SUPPORTED_ALPN_CONSTANTS);
+        return listResult == null ? null : listResult.getList();
+    }
 }

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/report/ServerContainerReportCreator.java

@@ -442,15 +442,15 @@ private ReportContainer createAttackVulnerabilitiesContainer(ServerReport report
 
     private ReportContainer createAlpnContainer(ServerReport report) {
         ListContainer container = new ListContainer();
-        if (report.getSupportedAlpns() == null) {
+        if (report.getSupportedAlpnConstans() == null) {
             return container;
         }
         container.add(new HeadlineContainer("ALPN"));
         for (AlpnProtocol alpnProtocol : AlpnProtocol.values()) {
             if (alpnProtocol.isGrease()) {
                 continue;
             }
-            if (report.getSupportedAlpns().contains(alpnProtocol.getConstant())) {
+            if (report.getSupportedAlpnConstans().contains(alpnProtocol.getConstant())) {
                 container.add(
                         new KeyValueContainer(
                                 alpnProtocol.getPrintableName(),

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/report/ServerReportPrinter.java

@@ -2159,23 +2159,18 @@ public StringBuilder appendAlpacaAttack(StringBuilder builder) {
 
     public StringBuilder appendAlpn(StringBuilder builder) {
         @SuppressWarnings("unchecked")
-        ListResult<String> alpnResult =
-                (ListResult<String>)
-                        report.getListResult(TlsAnalyzedProperty.SUPPORTED_ALPN_CONSTANTS);
-        if (alpnResult != null) {
-            List<String> alpns = alpnResult.getList();
-            if (alpns != null) {
-                prettyAppendHeading(builder, "ALPN");
-                for (AlpnProtocol alpnProtocol : AlpnProtocol.values()) {
-                    if (alpnProtocol.isGrease()) {
-                        continue;
-                    }
-                    if (alpns.contains(alpnProtocol.getConstant())) {
-                        prettyAppend(builder, alpnProtocol.getPrintableName(), true);
-                    } else {
-                        if (detail.isGreaterEqualTo(ScannerDetail.DETAILED)) {
-                            prettyAppend(builder, alpnProtocol.getPrintableName(), false);
-                        }
+        List<String> alpns = report.getSupportedAlpnConstans();
+        if (alpns != null) {
+            prettyAppendHeading(builder, "ALPN");
+            for (AlpnProtocol alpnProtocol : AlpnProtocol.values()) {
+                if (alpnProtocol.isGrease()) {
+                    continue;
+                }
+                if (alpns.contains(alpnProtocol.getConstant())) {
+                    prettyAppend(builder, alpnProtocol.getPrintableName(), true);
+                } else {
+                    if (detail.isGreaterEqualTo(ScannerDetail.DETAILED)) {
+                        prettyAppend(builder, alpnProtocol.getPrintableName(), false);
                     }
                 }
             }

TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/AbstractProbeIT.java

@@ -0,0 +1,188 @@
+/*
+ * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker
+ *
+ * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH
+ *
+ * Licensed under Apache License, Version 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0.txt
+ */
+package de.rub.nds.tlsscanner.serverscanner.probe;
+
+import static org.junit.Assume.assumeNotNull;
+
+import com.github.dockerjava.api.exception.DockerException;
+import com.github.dockerjava.api.model.Image;
+import de.rub.nds.scanner.core.constants.TestResult;
+import de.rub.nds.tls.subject.ConnectionRole;
+import de.rub.nds.tls.subject.TlsImplementationType;
+import de.rub.nds.tls.subject.constants.TransportType;
+import de.rub.nds.tls.subject.docker.DockerClientManager;
+import de.rub.nds.tls.subject.docker.DockerTlsInstance;
+import de.rub.nds.tls.subject.docker.DockerTlsManagerFactory;
+import de.rub.nds.tls.subject.docker.DockerTlsServerInstance;
+import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
+import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
+import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty;
+import de.rub.nds.tlsscanner.serverscanner.config.ServerScannerConfig;
+import de.rub.nds.tlsscanner.serverscanner.report.ServerReport;
+import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector;
+import java.security.Security;
+import java.util.List;
+import java.util.UUID;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.Assume;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+
+@TestInstance(TestInstance.Lifecycle.PER_CLASS)
+public abstract class AbstractProbeIT {
+
+    private static final Logger LOGGER = LogManager.getLogger();
+    private static final int MAX_ATTEMPTS = 3;
+    private static List<Image> localImages;
+
+    private final TlsImplementationType implementation;
+    private final String version;
+    private final String additionalParameters;
+    private final TransportType transportType;
+
+    private DockerTlsInstance dockerInstance;
+    protected ServerReport report;
+    protected ParallelExecutor parallelExecutor;
+    protected ConfigSelector configSelector;
+    private ServerScannerConfig config;
+
+    public AbstractProbeIT(
+            TlsImplementationType implementation, String version, String additionalParameters) {
+        this.implementation = implementation;
+        this.version = version;
+        this.additionalParameters = additionalParameters;
+        this.transportType = TransportType.TCP;
+    }
+
+    public AbstractProbeIT(
+            TlsImplementationType implementation,
+            String version,
+            String additionalParameters,
+            TransportType transportType) {
+        this.implementation = implementation;
+        this.version = version;
+        this.additionalParameters = additionalParameters;
+        this.transportType = transportType;
+    }
+
+    @BeforeAll
+    public void loadList() {
+        try {
+            DockerClientManager.getDockerClient().listContainersCmd().exec();
+        } catch (Exception ex) {
+            Assume.assumeNoException(ex);
+        }
+        localImages = DockerTlsManagerFactory.getAllImages();
+    }
+
+    @BeforeEach
+    public void setUp() throws InterruptedException {
+        Security.addProvider(new BouncyCastleProvider());
+        DockerClientManager.setDockerServerUsername(System.getenv("DOCKER_USERNAME"));
+        DockerClientManager.setDockerServerPassword(System.getenv("DOCKER_PASSWORD"));
+        prepareContainer();
+    }
+
+    private void prepareContainer() throws DockerException, InterruptedException {
+        Image image =
+                DockerTlsManagerFactory.getMatchingImage(
+                        localImages, implementation, version, ConnectionRole.SERVER);
+        getDockerInstance(image);
+    }
+
+    private void getDockerInstance(Image image) throws DockerException, InterruptedException {
+        DockerTlsManagerFactory.TlsServerInstanceBuilder serverInstanceBuilder;
+        if (image != null) {
+            serverInstanceBuilder =
+                    new DockerTlsManagerFactory.TlsServerInstanceBuilder(image, transportType);
+        } else {
+            serverInstanceBuilder =
+                    new DockerTlsManagerFactory.TlsServerInstanceBuilder(
+                                    implementation, version, transportType)
+                            .pull();
+            localImages = DockerTlsManagerFactory.getAllImages();
+            assumeNotNull(
+                    image,
+                    String.format(
+                            "TLS implementation %s %s not available",
+                            implementation.name(), version));
+        }
+        serverInstanceBuilder
+                .containerName("server-scanner-test-server-" + UUID.randomUUID())
+                .additionalParameters(additionalParameters);
+        dockerInstance = serverInstanceBuilder.build();
+        dockerInstance.start();
+    }
+
+    @AfterEach
+    public void tearDown() {
+        killContainer();
+    }
+
+    private void killContainer() {
+        if (dockerInstance != null && dockerInstance.getId() != null) {
+            dockerInstance.kill();
+        }
+    }
+
+    @Test
+    public void testProbe() throws InterruptedException {
+        LOGGER.info("Testing: " + getProbe().getProbeName());
+        for (int i = 0; i < MAX_ATTEMPTS; i++) {
+            try {
+                executeProbe();
+            } catch (Exception ignored) {
+                LOGGER.info(
+                        "Encountered exception during scanner execution ("
+                                + ignored.getMessage()
+                                + ")");
+            }
+            if (!executedAsPlanned()) {
+                LOGGER.info("Failed to complete scan, reexecuting...");
+                killContainer();
+                prepareContainer();
+            } else {
+                return;
+            }
+        }
+        LOGGER.error("Failed");
+    }
+
+    private void executeProbe() {
+        // Preparing config, executor, config selector, and report
+        config = new ServerScannerConfig(new GeneralDelegate());
+        config.getClientDelegate()
+                .setHost("localhost:" + ((DockerTlsServerInstance) dockerInstance).getPort());
+        parallelExecutor = new ParallelExecutor(1, 3);
+        configSelector = new ConfigSelector(config, parallelExecutor);
+        configSelector.findWorkingConfigs();
+        report = new ServerReport();
+        prepareReport();
+        // Executing probe
+        TlsServerProbe probe = getProbe();
+        probe.adjustConfig(report);
+        probe.executeTest();
+        probe.merge(report);
+    }
+
+    protected abstract TlsServerProbe getProbe();
+
+    protected abstract void prepareReport();
+
+    protected abstract boolean executedAsPlanned();
+
+    protected boolean verifyProperty(TlsAnalyzedProperty property, TestResult result) {
+        return report.getResult(property) == result;
+    }
+}