Skip to content

Commit

Permalink
checkpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@kgiusti
kgiusti committed Sep 23, 2024
1 parent 58523a7 commit 727eaa0
Show file tree
Hide file tree
Showing 2 changed files with 169 additions and 47 deletions.
9 changes: 7 additions & 2 deletions tests/TCP_echo_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,8 @@ def run(self):
self.error = ('%s configuring ssl_context for %s:%s exception: %s' %
(self.prefix, self.HOST, self.port, traceback.format_exc()))
self.logger.log(self.error)
return 1
self.is_running = False
return

# run the client socket event loop until it is cancelled
try:
Expand Down Expand Up @@ -219,7 +220,9 @@ async def event_loop(self, ssl_context, conn_stall, close_on_conn, close_on_data
await self.server.serve_forever()

except Exception:
self.error = "ERROR: exception : '%s'" % traceback.format_exc()
if self.error is None:
self.error = "ERROR: exception : '%s'" % traceback.format_exc()
self.logger.log(self.error)

def wait(self, timeout=TIMEOUT):
self.logger.log(" %s Server is shutting down" % self.prefix)
Expand All @@ -232,6 +235,8 @@ def _cancel_server():

self.loop.call_soon_threadsafe(_cancel_server)
self._thread.join(timeout)
if self.error is not None:
raise Exception(self.error)
self.logger.log(" %s Server shutdown completed" % self.prefix)


Expand Down
207 changes: 162 additions & 45 deletions tests/system_tests_tcp_adaptor_tls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -786,6 +786,11 @@ def setUpClass(cls):
'password': CLIENT_PRIVATE_KEY_PASSWORD
}

# default extra arguments for the openssl test client and server

cls.s_server_args = ['-Verify', '1', '-verify_return_error']
cls.s_client_args = ['-verify', '10', '-verify_return_error', '-nocommands']

# Set up two routers, TCP listener on one, connector on another

inter_router_port = cls.tester.get_port()
Expand Down Expand Up @@ -841,8 +846,7 @@ def test_ssl_profile_update(self):
openssl_server = server_create(listening_port=self.openssl_server_listening_port,
ssl_info=server_ssl_info,
name="OpenSSLServerAuthPeer",
cl_args=['-Verify', '1',
'-verify_return_error'])
cl_args=self.s_server_args)

client_ssl_info = dict()
client_ssl_info['CA_CERT'] = CA_CERT
Expand All @@ -853,8 +857,7 @@ def test_ssl_profile_update(self):
out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"Sanity Check the Configuration!" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
cl_args=self.s_client_args)
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")

Expand Down Expand Up @@ -888,8 +891,7 @@ def test_ssl_profile_update(self):
out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"Hey password is good!" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
cl_args=self.s_client_args)
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")

Expand All @@ -909,8 +911,7 @@ def test_ssl_profile_update(self):
ssl_info=client_ssl_info,
data=b"The CA will not allow this!" + payload,
expect=Process.EXIT_FAIL,
cl_args=['-verify', '10',
'-verify_return_error'])
cl_args=self.s_client_args)
self.router_qdra.wait_log_message(r'TLS connection failed')

#
Expand All @@ -926,8 +927,7 @@ def test_ssl_profile_update(self):
out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"Hey we recovered!" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
cl_args=self.s_client_args)
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")

Expand All @@ -952,14 +952,12 @@ def test_ssl_profile_update(self):
openssl_server = server_create(listening_port=self.openssl_server_listening_port,
ssl_info=server_ssl_info,
name="OpenSSLServerAuthPeer2",
cl_args=['-Verify', '1',
'-verify_return_error'])
cl_args=self.s_server_args)

out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"The server conn must fail" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
cl_args=self.s_client_args)
self.router_qdrb.wait_log_message(r'TLS connection failed')
with open(openssl_server.outfile_path, 'rt') as out_file:
self.assertFalse(is_pattern_present(out_file,
Expand All @@ -978,52 +976,171 @@ def test_ssl_profile_update(self):
out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"The server conn must succeed!" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
cl_args=self.s_client_args)
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")
openssl_server.wait_out_message("The server conn must succeed!")
openssl_server.teardown()

# Restore the original sslProfile configurations

# Restore the original sslProfile configuration
skmgr_a.update(SSL_PROFILE_TYPE, self.listener_profile_cfg, name='listener-ssl-profile')
skmgr_b.update(SSL_PROFILE_TYPE, self.connector_profile_cfg, name='connector-ssl-profile')

def test_ssl_profile_update_dummy(self):
"""
Test only - remove
"""
payload = b'?' * 1024 * 65
server_ssl_info_1 = dict()
server_ssl_info_1['CA_CERT'] = CA_CERT
server_ssl_info_1['SERVER_CERTIFICATE'] = SERVER_CERTIFICATE
server_ssl_info_1['SERVER_PRIVATE_KEY'] = SERVER_PRIVATE_KEY
server_ssl_info_1['SERVER_PRIVATE_KEY_PASSWORD'] = SERVER_PRIVATE_KEY_PASSWORD

server_ssl_info_2 = dict()
server_ssl_info_2['CA_CERT'] = CA2_CERT
server_ssl_info_2['SERVER_CERTIFICATE'] = SERVER2_CERTIFICATE
server_ssl_info_2['SERVER_PRIVATE_KEY'] = SERVER2_PRIVATE_KEY
server_ssl_info_2['SERVER_PRIVATE_KEY_PASSWORD'] = SERVER2_PRIVATE_KEY_PASSWORD

client_ssl_info_1 = dict()
client_ssl_info_1['CA_CERT'] = CA_CERT
client_ssl_info_1['CLIENT_CERTIFICATE'] = CLIENT_CERTIFICATE
client_ssl_info_1['CLIENT_PRIVATE_KEY'] = CLIENT_PRIVATE_KEY
client_ssl_info_1['CLIENT_PRIVATE_KEY_PASSWORD'] = CLIENT_PRIVATE_KEY_PASSWORD

client_ssl_info_2 = dict()
client_ssl_info_2['CA_CERT'] = CA2_CERT
client_ssl_info_2['CLIENT_CERTIFICATE'] = CLIENT2_CERTIFICATE
client_ssl_info_2['CLIENT_PRIVATE_KEY'] = CLIENT2_PRIVATE_KEY
client_ssl_info_2['CLIENT_PRIVATE_KEY_PASSWORD'] = CLIENT2_PRIVATE_KEY_PASSWORD

server_port = self.tester.get_port()
server_create = self.tester.openssl_server

# verify SSL1 to SSL1
openssl_server = server_create(listening_port=server_port,
ssl_info=server_ssl_info_1,
name="OpenSSLServerAuthPeerDummy",
cl_args=self.s_server_args)

out, error = self.opensslclient(port=server_port,
ssl_info=client_ssl_info_1,
data=b"Sanity Check the Configuration!" + payload,
cl_args=self.s_client_args)
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")
openssl_server.wait_out_message("Sanity Check the Configuration!")

# SSL2 to SSL1 fails

out, error = self.opensslclient(port=server_port,
ssl_info=client_ssl_info_2,
data=b"This should not succeed!" + payload,
expect=Process.EXIT_FAIL,
cl_args=self.s_client_args)
openssl_server.wait_out_message("ERROR")

# Retest SSL1 to SSL1 ok

out, error = self.opensslclient(port=server_port,
ssl_info=client_ssl_info_1,
data=b"This SSL1 to SSL1 should work!" + payload,
cl_args=self.s_client_args)
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")
openssl_server.wait_out_message("This SSL1 to SSL1 should work!")

openssl_server.teardown()

openssl_server = server_create(listening_port=server_port,
ssl_info=server_ssl_info_2,
name="OpenSSLServerAuthPeerDummy",
cl_args=self.s_server_args)

# SSL1 to SSL2 fails

out, error = self.opensslclient(port=server_port,
ssl_info=client_ssl_info_1,
data=b"This should not succeed!" + payload,
expect=Process.EXIT_FAIL,
cl_args=self.s_client_args)
openssl_server.wait_out_message("ERROR")

# SSL2 to SSL2 ok

out, error = self.opensslclient(port=server_port,
ssl_info=client_ssl_info_2,
data=b"This SSL2 to SSL2 should work!" + payload,
cl_args=self.s_client_args)
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")
openssl_server.wait_out_message("This SSL2 to SSL2 should work!")

openssl_server.teardown()

def test_ssl_profile_update_load(self):
"""
Test sslProfile updates while under load
Test sslProfile updates while under client load
"""
server_logger = Logger(title="SslProfileEchoServer-1",
print_to_console=True,
ofilename=os.path.join(os.path.dirname(os.getcwd()),
"SslProfileEchoServer-1.log"))

skmgr_a = self.router_qdra.sk_manager
skmgr_a.update(SSL_PROFILE_TYPE, self.listener_profile_cfg, name='listener-ssl-profile')

skmgr_b = self.router_qdrb.sk_manager
skmgr_b.update(SSL_PROFILE_TYPE, self.connector_profile_cfg, name='connector-ssl-profile')

server_ssl_info = {'SERVER_CERTIFICATE': SERVER_CERTIFICATE,
'SERVER_PRIVATE_KEY': SERVER_PRIVATE_KEY_NO_PASS,
'CA_CERT': CA_CERT}
client_ssl_info = {'CLIENT_CERTIFICATE': CLIENT_CERTIFICATE,
'CLIENT_PRIVATE_KEY': CLIENT_PRIVATE_KEY,
'CLIENT_PRIVATE_KEY_PASSWORD': CLIENT_PRIVATE_KEY_PASSWORD,
'CA_CERT': CA_CERT}

server_name = "SslProfileEchoLoadServer"
server_logger = Logger(title=server_name,
print_to_console=False,
ofilename=os.path.join(os.path.dirname(os.getcwd()),
f"{server_name}.log"))
echo_server = TcpEchoServer(prefix="SslProfileEchoServer",
port=self.openssl_server_listening_port,
logger=server_logger,
ssl_info=server_ssl_info)
print("ECHO SERVER SPAWNED", flush=True)
from time import sleep
sleep(2)
assert echo_server.is_running
if echo_server.is_running is False:
echo_server.logger.dump()
self.assertTrue(echo_server.is_running, "Echo Server failed to start")

clients = []

for test in range(10):
for c_index in range(2):
client_name = f"SslProfileEchoClient-{test}-{c_index}"
client_logger = Logger(title=client_name,
print_to_console=False,
ofilename=os.path.join(os.path.dirname(os.getcwd()),
f"{client_name}.log"))
echo_client = TcpEchoClient(prefix=client_name,
host='localhost',
port=self.router_listener_port,
size=5000,
count=10,
logger=client_logger,
ssl_info=client_ssl_info)
clients.append(echo_client)
skmgr_a.update(SSL_PROFILE_TYPE, self.listener_profile_cfg, name='listener-ssl-profile')
skmgr_b.update(SSL_PROFILE_TYPE, self.connector_profile_cfg, name='connector-ssl-profile')

for client in clients:
try:
# expect no failures
client.wait()
except Exception:
client.logger.dump()
raise

client_logger = Logger(title="SslProfileEchoClient-1",
print_to_console=True,
ofilename=os.path.join(os.path.dirname(os.getcwd()),
"SslProfileEchoClient-1.log"))
client_ssl_info = {'CLIENT_CERTIFICATE': CLIENT_CERTIFICATE,
'CLIENT_PRIVATE_KEY': CLIENT_PRIVATE_KEY,
'CLIENT_PRIVATE_KEY_PASSWORD': CLIENT_PRIVATE_KEY_PASSWORD,
'CA_CERT': CA_CERT}
echo_client = TcpEchoClient(prefix="SslProfileEchoClient-1",
host='localhost',
port=self.router_listener_port,
size=1000,
count=2,
logger=client_logger,
ssl_info=client_ssl_info)
while echo_client.is_running:
sleep(1.0)
echo_client.wait()
try:
echo_server.wait()
except Exception:
echo_server.logger.dump()
raise

0 comments on commit 727eaa0

Please sign in to comment.