diff options
author | ebo <eliezio.oliveira@est.tech> | 2020-04-19 01:33:21 +0100 |
---|---|---|
committer | Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2020-04-20 07:11:26 +0000 |
commit | ee0c74e28de9552e683724264b101362c144694c (patch) | |
tree | 84aef9e38cbdd4c88e25f3bbbe6bff6af703fb20 /test/mocks/netconf-pnp-simulator/engine | |
parent | 93d2ff22d0c8c1bc1fc7a2ea5e5643c88a345667 (diff) |
netconf-pnp-simulator: fix sysrepod crash on TLS reconfig
The crash was caused by:
- the '--permanent' option while updating the ietf-keystore by
sysrepocfg
- missing some Yang modules on sysrepo installation
Other changes:
1. Added TLS integration tests, including reconfiguration
2. reconfigure-*.sh are now synchronous, only returnig after restart is
completed
Issue-ID: INT-1516
Change-Id: Iddc03fc968aaab60931596045437ba0c78448b08
Signed-off-by: ebo <eliezio.oliveira@est.tech>
Diffstat (limited to 'test/mocks/netconf-pnp-simulator/engine')
21 files changed, 527 insertions, 20 deletions
diff --git a/test/mocks/netconf-pnp-simulator/engine/Dockerfile b/test/mocks/netconf-pnp-simulator/engine/Dockerfile index 9eec0baa7..3afca4b6d 100644 --- a/test/mocks/netconf-pnp-simulator/engine/Dockerfile +++ b/test/mocks/netconf-pnp-simulator/engine/Dockerfile @@ -65,8 +65,7 @@ RUN set -eux \ && mkdir build && cd build \ && cmake -DCMAKE_BUILD_TYPE:String="Release" -DENABLE_BUILD_TESTS=OFF \ -DCMAKE_INSTALL_PREFIX:PATH=/opt \ - -DGEN_LANGUAGE_BINDINGS=ON \ - -DPYTHON_MODULE_PATH:PATH=/opt/lib/python3.7/site-packages \ + -DGEN_LANGUAGE_BINDINGS=OFF \ .. \ && make -j2 \ && make install @@ -98,6 +97,7 @@ RUN set -eux \ -DGEN_PYTHON_VERSION=3 \ -DPYTHON_MODULE_PATH:PATH=/opt/lib/python3.7/site-packages \ -DBUILD_EXAMPLES=0 \ + -DBUILD_CPP_EXAMPLES=0 \ .. \ && make -j2 \ && make install @@ -111,8 +111,7 @@ RUN set -eux \ && mkdir build && cd build \ && cmake -DCMAKE_BUILD_TYPE:String="Release" -DENABLE_BUILD_TESTS=OFF \ -DCMAKE_INSTALL_PREFIX:PATH=/opt \ - -DENABLE_PYTHON=ON \ - -DPYTHON_MODULE_PATH:PATH=/opt/lib/python3.7/site-packages \ + -DENABLE_PYTHON=OFF \ .. \ && make \ && make install @@ -127,6 +126,7 @@ RUN set -eux \ && mkdir build && cd build \ && cmake -DCMAKE_BUILD_TYPE:String="Release" \ -DCMAKE_INSTALL_PREFIX:PATH=/opt \ + -DMODEL_INSTALL=ON \ .. \ && make -j2 \ && make install @@ -141,14 +141,16 @@ RUN set -eux \ && make -j2 \ && make install -FROM python:3.7.7-alpine3.11 +FROM python:3.7.7-alpine3.11 as stage0 +RUN apk upgrade --no-cache --available + +FROM scratch LABEL authors="eliezio.oliveira@est.tech" +COPY --from=stage0 / / + RUN set -eux \ - && pip install loguru supervisor virtualenv \ - && apk update \ - && apk upgrade -a \ - && apk add \ + && apk add --no-cache \ coreutils \ libcurl \ libev \ @@ -156,8 +158,7 @@ RUN set -eux \ openssl \ pcre \ protobuf-c \ - xmlstarlet \ - && rm -rf /var/cache/apk/* + xmlstarlet COPY --from=build /opt/ /opt/ @@ -167,6 +168,7 @@ ENV PYTHONPATH=/opt/lib/python3.7/site-packages COPY patches/supervisor/ /usr/src/patches/supervisor/ RUN set -eux \ + && pip install loguru supervisor supervisor virtualenv \ && cd /usr/local/lib/python3.7/site-packages \ && for p in /usr/src/patches/supervisor/*.patch; do patch -p1 -i $p; done @@ -181,8 +183,12 @@ RUN adduser --system --disabled-password --gecos 'Netconf User' netconf # it can start the tests. HEALTHCHECK --interval=1s --start-period=2s --retries=10 CMD test -f /run/netopeer2-server.pid +# SSH EXPOSE 830 +# TLS +EXPOSE 6513 + COPY supervisord.conf /etc/supervisord.conf RUN mkdir /etc/supervisord.d diff --git a/test/mocks/netconf-pnp-simulator/engine/common.sh b/test/mocks/netconf-pnp-simulator/engine/common.sh index 961d51f9b..80e882a06 100644 --- a/test/mocks/netconf-pnp-simulator/engine/common.sh +++ b/test/mocks/netconf-pnp-simulator/engine/common.sh @@ -62,13 +62,33 @@ find_file() { # Extracts the body of a PEM file by removing the dashed header and footer alias pem_body='grep -Fv -- -----' +wait_for_file() { + local file=$1 + local timeout=$2 + + local i=0 + while [ $i -lt $timeout ]; do + if [ -e $file ]; then + return + fi + sleep 1 + done + + false +} kill_service() { local service=$1 - pid=$(cat /var/run/${service}.pid) + pid_file=/run/${service}.pid + pid=$(cat $pid_file) log INFO Killing $service pid=$pid + rm -f $pid_file kill $pid + if ! wait_for_file $pid_file 10; then + log ERROR Timeout while waiting $service to restart + exit 1 + fi } # ------------------------------------ @@ -115,11 +135,16 @@ configure_tls() { log INFO Load CA and server certificates ca_cert=$(pem_body $TLS_CONFIG/ca.pem) server_cert=$(pem_body $TLS_CONFIG/server_cert.pem) + out=$(mktemp -p $WORKDIR ietf-keystore.XXXXXX.xml) xmlstarlet ed --pf --omit-decl \ --update '//_:name[text()="server_cert"]/following-sibling::_:certificate' --value "$server_cert" \ --update '//_:name[text()="ca"]/following-sibling::_:certificate' --value "$ca_cert" \ - $dir/ietf-keystore.xml | \ - sysrepocfg --datastore=$datastore --permanent --format=xml ietf-keystore --${operation}=- + $dir/ietf-keystore.xml > $out + sysrepocfg --datastore=$datastore --format=xml ietf-keystore --${operation}=$out + # The '--permanent' option was causing sysrepod to crash + if [ "$datastore" != "startup" ]; then + sysrepocfg --datastore=startup --format=xml ietf-keystore --${operation}=$out + fi log INFO Configure TLS ingress service ca_fingerprint=$(openssl x509 -noout -fingerprint -in $TLS_CONFIG/ca.pem | cut -d= -f2) diff --git a/test/mocks/netconf-pnp-simulator/engine/container-tag.yaml b/test/mocks/netconf-pnp-simulator/engine/container-tag.yaml index 9bd214eca..c76aa8f61 100644 --- a/test/mocks/netconf-pnp-simulator/engine/container-tag.yaml +++ b/test/mocks/netconf-pnp-simulator/engine/container-tag.yaml @@ -1 +1 @@ -tag: "2.8.4" +tag: "2.8.5" diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/README b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/README new file mode 100644 index 000000000..725b6b69b --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/README @@ -0,0 +1,2 @@ +The files 'ca.pem', 'server_key.pem', and 'server_cert.pem' were copied from +../../../config/tls directory. diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/ca.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/ca.pem new file mode 100644 index 000000000..62593ab7c --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/ca.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID7TCCAtWgAwIBAgIJAMtE1NGAR5KoMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD +VQQGEwJDWjEWMBQGA1UECAwNU291dGggTW9yYXZpYTENMAsGA1UEBwwEQnJubzEP +MA0GA1UECgwGQ0VTTkVUMQwwCgYDVQQLDANUTUMxEzARBgNVBAMMCmV4YW1wbGUg +Q0ExIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVjYUBsb2NhbGhvc3QwHhcNMTQwNzI0 +MTQxOTAyWhcNMjQwNzIxMTQxOTAyWjCBjDELMAkGA1UEBhMCQ1oxFjAUBgNVBAgM +DVNvdXRoIE1vcmF2aWExDTALBgNVBAcMBEJybm8xDzANBgNVBAoMBkNFU05FVDEM +MAoGA1UECwwDVE1DMRMwEQYDVQQDDApleGFtcGxlIENBMSIwIAYJKoZIhvcNAQkB +FhNleGFtcGxlY2FAbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEArD3TDHPAMT2Z84orK4lMlarbgooIUCcRZyLe+QM+8KY8Hn+mGaxPEOTS +L3ywszqefB/Utm2hPKLHX684iRC14ID9WDGHxPjvoPArhgFhfV+qnPfxKTgxZC12 +uOj4u1V9y+SkTCocFbRfXVBGpojrBuDHXkDMDEWNvr8/52YCv7bGaiBwUHolcLCU +bmtKILCG0RNJyTaJpXQdAeq5Z1SJotpbfYFFtAXB32hVoLug1dzl2tjG9sb1wq3Q +aDExcbC5w6P65qOkNoyym9ne6QlQagCqVDyFn3vcqkRaTjvZmxauCeUxXgJoXkyW +cm0lM1KMHdoTArmchw2Dz0yHHSyDAQIDAQABo1AwTjAdBgNVHQ4EFgQUc1YQIqjZ +sHVwlea0AB4N+ilNI2gwHwYDVR0jBBgwFoAUc1YQIqjZsHVwlea0AB4N+ilNI2gw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAI/1KH60qnw9Xs2RGfi0/ +IKf5EynXt4bQX8EIyVKwSkYKe04zZxYfLIl/Q2HOPYoFmm3daj5ddr0ZS1i4p4fT +UhstjsYWvXs3W/HhVmFUslakkn3PrswhP77fCk6eEJLxdfyJ1C7Uudq2m1isZbKi +h+XF0mG1LxJaDMocSz4eAya7M5brwjy8DoOmA1TnLQFCVcpn+sCr7VC4wE/JqxyV +hBCk/MuGqqM3B1j90bGFZ112ZOecyE0EDSr6IbiRBtmeNbEwOFjKXhNLYdxpBZ9D +8A/368OckZkCrVLGuJNxK9UwCVTe8IhotHUqU9EqFDmxdV8oIdU/OzUwwNPA/Bd/ +9g== +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_cert.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_cert.pem new file mode 100644 index 000000000..8e52dacfd --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCQ1ox +FjAUBgNVBAgMDVNvdXRoIE1vcmF2aWExDTALBgNVBAcMBEJybm8xDzANBgNVBAoM +BkNFU05FVDEMMAoGA1UECwwDVE1DMRMwEQYDVQQDDApleGFtcGxlIENBMSIwIAYJ +KoZIhvcNAQkBFhNleGFtcGxlY2FAbG9jYWxob3N0MB4XDTE1MDczMDA3MjcxOFoX +DTM1MDcyNTA3MjcxOFowgYUxCzAJBgNVBAYTAkNaMRYwFAYDVQQIDA1Tb3V0aCBN +b3JhdmlhMQ8wDQYDVQQKDAZDRVNORVQxDDAKBgNVBAsMA1RNQzEXMBUGA1UEAwwO +ZXhhbXBsZSBjbGllbnQxJjAkBgkqhkiG9w0BCQEWF2V4YW1wbGVjbGllbnRAbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueCQaNQWoNmF +K6LKu1p8U8ZWdWg/PvDdLsJyzfzl/Qw4UA68SfFNaY06zZl8QB9W02nr5kWeeMY0 +VA3adrPgOlvfx3oWlFbkETnMaN4OT3WTQ0Wt6jAWZDzVfopwpJPAzRPxACDftIqF +GagYcF32hZlVNqqnVdbXh0S0EViweqp/dbG4VDUHSNVbglc+u4UbEzNIFXMdEFsJ +ZpkynOmSiTsIATqIhb+2srkVgLwhfkC2qkuHQwAHdubuB07ObM2z01UhyEdDvEYG +HwtYAGDBL2TAcsI0oGeVkRyuOkV0QY0UN7UEFI1yTYw+xZ42HgFx3uGwApCImxhb +j69GBYWFqwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu +U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUXGpLeLnh2cSDARAV +A7KrBxGYpo8wHwYDVR0jBBgwFoAUc1YQIqjZsHVwlea0AB4N+ilNI2gwDQYJKoZI +hvcNAQELBQADggEBAJPV3RTXFRtNyOU4rjPpYeBAIAFp2aqGc4t2J1c7oPp/1n+l +ZvjnwtlJpZHxMM783e2ryDQ6dkvXDf8kpwKlg3U3mkJ3xKkDdWrM4QwghXdCN519 +aa9qmu0zdFL+jUAaWlQ5tsceOrvbusCcbMqiFGk/QfpHqPv52SVWbYyUx7IX7DE+ +UjgsLHycfV/tlcx4ZE6soTzl9VdgSL/zmzG3rjsr58J80rXckLgBhvijgBlIAJvW +fC7D0vaouvBInSFXymdPVoUDZ30cdGLf+hI/i/TfsEMOinLrXVdkSGNo6FXAHKSv +XeB9oFKSzhQ7OPyRyqvEPycUSw/qD6FVr80oDDc= +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_key.pem new file mode 100644 index 000000000..7ccdab10c --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAueCQaNQWoNmFK6LKu1p8U8ZWdWg/PvDdLsJyzfzl/Qw4UA68 +SfFNaY06zZl8QB9W02nr5kWeeMY0VA3adrPgOlvfx3oWlFbkETnMaN4OT3WTQ0Wt +6jAWZDzVfopwpJPAzRPxACDftIqFGagYcF32hZlVNqqnVdbXh0S0EViweqp/dbG4 +VDUHSNVbglc+u4UbEzNIFXMdEFsJZpkynOmSiTsIATqIhb+2srkVgLwhfkC2qkuH +QwAHdubuB07ObM2z01UhyEdDvEYGHwtYAGDBL2TAcsI0oGeVkRyuOkV0QY0UN7UE +FI1yTYw+xZ42HgFx3uGwApCImxhbj69GBYWFqwIDAQABAoIBAQCZN9kR8DGu6V7y +t0Ax68asL8O5B/OKaHWKQ9LqpVrXmikZJOxkbzoGldow/CIFoU+q+Zbwu9aDa65a +0wiP7Hoa4Py3q5XNNUrOQDyU/OYC7cI0I83WS0lJ2zOJGYj8wKae5Z81IeQFKGHK +4lsy1OGPAvPRGh7RjUUgRavA2MCwe07rWRuDb/OJFe4Oh56UMEjwMiNBtMNtncog +j1vr/qgRJdf9tf0zlJmLvUJ9+HSFFV9I/97LJyFhb95gAfHkjdVroLVgT3Cho+4P +WtZaKCIGD0OwfOG2nLV4leXvRUk62/LMlB8NI9+JF7Xm+HCKbaWHNWC7mvWSLV58 +Zl4AbUWRAoGBANyJ6SFHFRHSPDY026SsdMzXR0eUxBAK7G70oSBKKhY+O1j0ocLE +jI2krHJBhHbLlnvJVyMUaCUOTS5m0uDw9hgSsAqeSL3hL38kxVZw+KNG9Ouno1Fl +KnE/xXHlPQyeGs/P8nAMzHZxQtEsQdQayJEhK2XXHTsy7Q3MxDisfVJ1AoGBANfD +34gB+OMx6pwj7zk3qWbYXSX8xjCZMR0ciko+h4xeMP2N8B0oyoqC+v1ABMAtJ3wG +sGZd0hV9gwM7OUM3SEwkn6oeg1GemWLcn4rlSmTnZc4aeVwrEWlnSNFX3s4g9l4u +k8Ugu4MVJYqH8HuDQ5Ggl6/QAwPzMSEdCW0O+jOfAoGAIBRbegC5+t6m7Yegz4Ja +dxV1g98K6f58x+MDsQu4tYWV4mmrQgaPH2dtwizvlMwmdpkh+LNWNtWuumowkJHc +akIFo3XExQIFg6wYnGtQb4e5xrGa2xMpKlIJaXjb+YLiCYqJDG2ALFZrTrvuU2kV +9a5qfqTc1qigvNolTM0iaaUCgYApmrZWhnLUdEKV2wP813PNxfioI4afxlpHD8LG +sCn48gymR6E+Lihn7vuwq5B+8fYEH1ISWxLwW+RQUjIneNhy/jjfV8TgjyFqg7or +0Sy4KjpiNI6kLBXOakELRNNMkeSPopGR2E7v5rr3bGD9oAD+aqX1G7oJH/KgPPYd +Vl7+ZwKBgQDcHyWYrimjyUgKaQD2GmoO9wdcJYQ59ke9K+OuGlp4ti5arsi7N1tP +B4f09aeELM2ASIuk8Q/Mx0jQFnm8lzRFXdewgvdPoZW/7VufM9O7dGPOc41cm2Dh +yrTcXx/VmUBb+/fnXVEgCv7gylp/wtdTGHQBQJHR81jFBz0lnLj+gg== +-----END RSA PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_cert.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_cert.pem new file mode 100644 index 000000000..c0e03a3f0 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCQ1ox +FjAUBgNVBAgMDVNvdXRoIE1vcmF2aWExDTALBgNVBAcMBEJybm8xDzANBgNVBAoM +BkNFU05FVDEMMAoGA1UECwwDVE1DMRMwEQYDVQQDDApleGFtcGxlIENBMSIwIAYJ +KoZIhvcNAQkBFhNleGFtcGxlY2FAbG9jYWxob3N0MB4XDTE1MDczMDA3MjU1MFoX +DTM1MDcyNTA3MjU1MFowgYUxCzAJBgNVBAYTAkNaMRYwFAYDVQQIDA1Tb3V0aCBN +b3JhdmlhMQ8wDQYDVQQKDAZDRVNORVQxDDAKBgNVBAsMA1RNQzEXMBUGA1UEAwwO +ZXhhbXBsZSBzZXJ2ZXIxJjAkBgkqhkiG9w0BCQEWF2V4YW1wbGVzZXJ2ZXJAbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdI1TBjzX1Pg +QXFuPCw5/kQwU7qkrhirMcFAXhI8EoXepPa9fKAVuMjHW32P6nNzDpnhFe0YGdNl +oIEN3hJJ87cVOqj4o7zZMbq3zVG2L8As7MTA8tYXm2fSC/0rIxxRRemcGUXM0q+4 +LEACjZj2pOKonaivF5VbhgNjPCO1Jj/TamUc0aViE577C9L9EiObGM+bGbabWk/K +WKLsvxUc+sKZXaJ7psTVgpggJAkUszlmwOQgFiMSR53E9/CAkQYhzGVCmH44Vs6H +zs3RZjOTbce4wr4ongiA5LbPeSNSCFjy9loKpaE1rtOjkNBVdiNPCQTmLuODXUTK +gkeL+9v/OwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu +U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU83qEtQDFzDvLoaII +vqiU6k7j1uswHwYDVR0jBBgwFoAUc1YQIqjZsHVwlea0AB4N+ilNI2gwDQYJKoZI +hvcNAQELBQADggEBAJ+QOLi4gPWGofMkLTqSsbv5xRvTw0xa/sJnEeiejtygAu3o +McAsyevSH9EYVPCANxzISPzd9SFaO56HxWgcxLn9vi8ZNvo2wIp9zucNu285ced1 +K/2nDZfBmvBxXnj/n7spwqOyuoIc8sR7P7YyI806Qsfhk3ybNZE5UHJFZKDRQKvR +J1t4nk9saeo87kIuNEDfYNdwYZzRfXoGJ5qIJQK+uJJv9noaIhfFowDW/G14Ji5p +Vh/YtvnOPh7aBjOj8jmzk8MqzK+TZgT7GWu48Nd/NaV8g/DNg9hlN047LaNsJly3 +NX3+VBlpMnA4rKwl1OnmYSirIVh9RJqNwqe6k/k= +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_key.pem new file mode 100644 index 000000000..d61c77bdf --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsdI1TBjzX1PgQXFuPCw5/kQwU7qkrhirMcFAXhI8EoXepPa9 +fKAVuMjHW32P6nNzDpnhFe0YGdNloIEN3hJJ87cVOqj4o7zZMbq3zVG2L8As7MTA +8tYXm2fSC/0rIxxRRemcGUXM0q+4LEACjZj2pOKonaivF5VbhgNjPCO1Jj/TamUc +0aViE577C9L9EiObGM+bGbabWk/KWKLsvxUc+sKZXaJ7psTVgpggJAkUszlmwOQg +FiMSR53E9/CAkQYhzGVCmH44Vs6Hzs3RZjOTbce4wr4ongiA5LbPeSNSCFjy9loK +paE1rtOjkNBVdiNPCQTmLuODXUTKgkeL+9v/OwIDAQABAoIBAG/4MG1JbL4C/7vV +pBcpth7Aaznd1eJ2UB4VVOWnT8JOH2L6p1h5KRRhAP9AMkXsCnAQPyZiVAG3FlAZ +01SZaY2YJDr6uQ3JVW4155TWtgSdWux//Ass+lJ17lJ0SRxjsV13ez6CsDWeRjc+ +2xy0S+KJgqk71XzhJG9fZLYyuddp3U/i3xFPUAcQM9xXKxcaD7g6LJf+a9pt6rim +Eqq/pjJxDgTsRLARsazYuxrlOB445mvnLiYhOf2/MvI80jIUKaj8BeAhg49UIg/k +mIh0xdevkcxBFer/BjBjscWaFjx14D6nkFMw7vtCum5KfalLN2edZKAzByOudGD4 +5KnRp3ECgYEA6vnSoNGg9Do80JOpXRGYWhcR1lIDO5yRW5rVagncCcW5Pn/GMtNd +x2q6k1ks8mXKR9CxZrxZGqeYObZ9a/5SLih7ZkpiVWXG8ZiBIPhP6lnwm5OeIqLa +hr0BYWcRfrGg1phj5uySZgsVBE+D8jH42O9ccdvrWv1OiryAHfKIcwMCgYEAwbs+ +HfQtvHOQXSYNhtOeA7IetkGy3cKVg2oILNcROvI96hS0MZKt1Rko0UAapx96eCIr +el7vfdT0eUzNqt2wTKp1zmiG+SnX3fMDJNzMwu/jb/b4wQ20IHWNDnqcqTUVRUnL +iksLFoHbTxsN5NpEQExcSt/zzP4qi1W2Bmo18WkCgYEAnhrk16LVux9ohiulHONW +8N9u+BeM51JtGAcxrDzgGo85Gs2czdwc0K6GxdiN/rfxCKtqgqcfCWlVaxfYgo7I +OxiwF17blXx7BVrJICcUlqpX1Ebac5HCmkCYqjJQuj/I6jv1lI7/3rt8M79RF+j5 ++PXt7Qq97SZd78nwJrZni4MCgYAiPjZ8lOyAouyhilhZvI3xmUpUbMhw6jQDRnqr +clhZUvgeqAoxuPuA7zGHywzq/WVoVqHYv28Vjs6noiu4R/chlf+8vD0fTYYadRnZ +Ki4HRt+sqrrNZN6x3hVQudt3DSr1VFXl293Z3JonIWETUoE93EFz+qHdWg+rETtb +ZuqiAQKBgD+HI/syLECyO8UynuEaDD7qPl87PJ/CmZLMxa2/ZZUjhaXAW7CJMaS6 +9PIzsLk33y3O4Qer0wx/tEdfnxMTBJrgGt/lFFdAKhSJroZ45l5apiavg1oZYp89 +jSd0lVxWSmrBjBZLnqOl336gzaBVkBD5ND+XUPdR1UuVQExJlem4 +-----END RSA PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/README b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/README new file mode 100644 index 000000000..89c12e26f --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/README @@ -0,0 +1 @@ +Based on https://gist.github.com/zapstar/4b51d7cfa74c7e709fcdaace19233443 diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca.pem new file mode 100644 index 000000000..037188ee0 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhTCCAm2gAwIBAgIJAMYVrUQvhZDMMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApBY21lIFN0YXRlMRIwEAYDVQQHDAlBY21lIENpdHkx +EjAQBgNVBAoMCUFjbWUgSW5jLjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wHhcNMjAw +NDE4MTgyMDM1WhcNNDAwNDE3MTgyMDM1WjBgMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQWNtZSBTdGF0ZTESMBAGA1UEBwwJQWNtZSBDaXR5MRIwEAYDVQQKDAlBY21l +IEluYy4xFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAlgIH3JqXrqqGMfz4pvgR6ZHtxKhyhtiH2RXLll4gubzKtLYo +OwXIQjxXOi1Pcz7NIIGs19q4BJkLj0ogghM9pEKZT9elHOKLyx2yZdQl2FbSj4W3 +QoYeMKy7XHMQD35lXrG3FugyyywIRsqQQrmfp68OPCWanB5nWdddiu7aYgeHZwPY +3jQ1XjOiHpoFSwV1/4VG1rHB55AqqFIc05Hwr9D3x4iXD6TaWO925ijfnJgCh1Ze +fk2LT8v2imKjgIyXvgmut/ZXU+2Adcsn3f1HBA8rDdWlAuJAE5Ik4Kb2YPShEMFf +w2RnQfWHQoghIfIhpGEpeszoWlJyd02R3C5jOQIDAQABo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4EFgQUgkGhQz8P8R3yGIU8tVqU +DuqrfskwDQYJKoZIhvcNAQELBQADggEBAIjqdOE/TwuOp+xDicIzwcZKtiDCESqd +9hdqGoQC3Et0d98o6t4TmiqbT+uTcxdWPlDnEFGx6logE/pHZxb1IVKryMcKPIPH +EyT7JN9KBiR2z0LLD9Ov/BC24HQk0JDbv8bC7ZWYL7nUzG/4n2IU2JYO1iGztiTj +p4es4UxcnyzPEgN4FEICK4AYUuJAZ7KLVY8LbZAOAuOMt5HnnR+7SFMGYCkfFXTM +ct3VHnnueA+XSX0vUN9hns+b59kUpC5dzTmPfxXRL1HSaZwkmUxqpAeDfPIkHuTm +433XjfEI7wMU+00E3Hf08VWaXEp2daQgI32RmKlZO9AUd0c/nro2jLE= +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca_key.pem new file mode 100644 index 000000000..887f1a151 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWAgfcmpeuqoYx +/Pim+BHpke3EqHKG2IfZFcuWXiC5vMq0tig7BchCPFc6LU9zPs0ggazX2rgEmQuP +SiCCEz2kQplP16Uc4ovLHbJl1CXYVtKPhbdChh4wrLtccxAPfmVesbcW6DLLLAhG +ypBCuZ+nrw48JZqcHmdZ112K7tpiB4dnA9jeNDVeM6IemgVLBXX/hUbWscHnkCqo +UhzTkfCv0PfHiJcPpNpY73bmKN+cmAKHVl5+TYtPy/aKYqOAjJe+Ca639ldT7YB1 +yyfd/UcEDysN1aUC4kATkiTgpvZg9KEQwV/DZGdB9YdCiCEh8iGkYSl6zOhaUnJ3 +TZHcLmM5AgMBAAECggEAGm6pK/ohmCl8E/rbZbB4l4ubNffollI5PctVYF2drpzR +qx4d4KiYLPOs+xdY1JnQU1YGOtLTchv1qX4KVGFHj1Yc5bC962UP9O56rO7A7GoA +GEIblKFFWJZXPWcZAWHoQtNVy7eGm75ahv7ShK9oroduHrMRl0jUNUR5uy1zVapw +47m3Trzo7u1QF194N2SqQJajGVkwWmQ8V77+dvSnesoq5ZNLteLPooqDnesSZxFE +Hus0ZuWz4WcCl9+OUXCZG9Q/lNm3aZMIR1ShpPC74KuKyfTjLoqACt8+8WQr/XD5 +tLDfm0EY+xdnaCke3HdESxTXDXCErHItYNrSRKOaAQKBgQDHAIRmqNuWqKWrd7hz +cRanfzk7iHSKb40+EzSNEvNht+i/PrfuyU7e0aUQjQUwIPMznGGZHE+NIcRPPxSS +zPD+Qye+cXMSXS08rB9LZe/VYHXBnFAHAH0rt63UzjnvNqsg6uH40rXuYPPcbtyP +a74RUShNBp0F3zgegpdEoB0DCQKBgQDA+RsW3WCbm/eBrS/J6wb6Xd8/tj8hOJjP +aMsijWK9F0LOwLgnrBO1tmrOcO7UPCk3MY4aMlPxyQ43JajoJ+HzHosj8plX3fT7 +/6c6hDyZmYDcghxs5aCcWn0lOoafvHzzNYK7Wrgh4twxFoSpy7QuETlYi8ifPr3j +zjkz+YV6sQKBgQCE1LqLz9BrOv0CfDI5lFXbzdcE/utTcGxl7+nW9LxSELEh3ppl +oCeuIV+9sXOyEXxkidC3o6cR/GUNxHxWFMgT3/2KaC24J0vHwNhOuqcg1XckmdLt +KY1jfgJhFpqjKumFWmMldHiNuldsXu+IKBHBe1ucNnrfbYUHEIIqA3n6CQKBgBYj +vl7mMTJJN6FSHFx/MYLCCF4H68BE/Qs2y6+AJybop0qPQ9GRZYWAk0pyHISPDm99 +qP8KbSUdWxsqn/Faugqpo28RY1R4a6YJ08bb6xP4T5d8+gPoaH/nxdnimBV1i6Rf +rEsQgnWo0Hh1S+0rKNXsNfcZun/CtAiR3XBAHXdRAoGAXX97DyQmPaT28XGrT6Mq +Hus73yJnEtSaRtl2HB9d7CEdKZyai5rnW7jV+WibxSNJbL0dTF5EPlzwCElnR6lD +d0elYWbjEEr1z0QNEGKJTgH3IAlCnpv2ATqthRjAcxvrIZ/Pd9mh/2AjWl/2Wfd9 +a3/CHQC6qqYkGz2aBx3OZ3w= +-----END PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_cert.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_cert.pem new file mode 100644 index 000000000..d0f348933 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQWNtZSBTdGF0ZTESMBAGA1UEBwwJQWNtZSBDaXR5MRIwEAYDVQQK +DAlBY21lIEluYy4xFDASBgNVBAMMC2V4YW1wbGUuY29tMB4XDTIwMDQxODE4MjAz +NVoXDTMwMDQxODE4MjAzNVowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkFjbWUg +U3RhdGUxEjAQBgNVBAcMCUFjbWUgQ2l0eTESMBAGA1UECgwJQWNtZSBJbmMuMRsw +GQYDVQQDDBJjbGllbnQuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC/H/NjHx1yQYEiQF2he+RpkuubLJ83rpPKg6ArT+06SADYAmHM +VYIG0QguIXn3Alp+VnRc5rqNgteQ6Z90ykrf9wY61PpPmUZd4LB7MXI04VlJqQhP +MCt9O5Y53hV9ZXXxUwRJEZeC2qxMellDpwaO0G6RaWjjP/KpTIJfgvv0cEJdKBy4 +aJptr65dVg51JN3kNRWUf5hz5gKs2SwgBt2nkiRvSdo8lzxNQjeKKAcfGHEcUjB5 +DMNcCIMgFnW7S8aQVkFeOfQN3VOaDGfKA/lMxD9k93+cPIt9hiTwXPBvheaRiQrZ +O1rDq9ctW4kf63H5zFOKJyaqhHoHpJ67ezs/AgMBAAGjPzA9MAwGA1UdEwEB/wQC +MAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBROdFRq9lmHHgYayhAhnQ1D4RJ6 +0TANBgkqhkiG9w0BAQsFAAOCAQEAQ5fJIV6RhWLEACvxEA91e6NnT7WYNjcSV4Qq +mJfQT7qEq8OrhLLCytew5HzWFrUt5hJvzp9j7T4oHTTqEggg0VABGBUdBAu5oi7j +OAaT1sKekhe/LIBAeASMmgxlT+NzGBG0nUqUC4VI/36ZgiDDLbeeoPw3m4sZJ1KD +EwVdI1HCIRA6Y0B8Fwlx2t6XFyiTsJoR3MlANyK+hRhdsFUWnLPmQBt4AGwJUhsU +ljUDaz7D3qbl2V7nqxhChUVDIobDlw9v+asGzdsqll4EmNOszaQTGWhlv5BFbHoG +u5ibVC6vISg27mbViL0OIQDNq016k8GJJZsLN/L0HMyyXYPcQQ== +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_key.pem new file mode 100644 index 000000000..80fe4e91a --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvx/zYx8dckGBIkBdoXvkaZLrmyyfN66TyoOgK0/tOkgA2AJh +zFWCBtEILiF59wJaflZ0XOa6jYLXkOmfdMpK3/cGOtT6T5lGXeCwezFyNOFZSakI +TzArfTuWOd4VfWV18VMESRGXgtqsTHpZQ6cGjtBukWlo4z/yqUyCX4L79HBCXSgc +uGiaba+uXVYOdSTd5DUVlH+Yc+YCrNksIAbdp5Ikb0naPJc8TUI3iigHHxhxHFIw +eQzDXAiDIBZ1u0vGkFZBXjn0Dd1TmgxnygP5TMQ/ZPd/nDyLfYYk8Fzwb4XmkYkK +2Ttaw6vXLVuJH+tx+cxTiicmqoR6B6Seu3s7PwIDAQABAoIBAE3CihvCBRD/ZbKx +zWZuKbhqdkFkHkNhW/ABLaFxm2si8HTyQygHgieT1GgwZpcA9iCAvEcv+KaqnVnw +M1gpFd2Ze4dkL5NDIUYArMzyiSzKorE9fIv7ZTZGkBBrMwMZzKqqxAuWhLZQkdlr +zfWgdyKT2uh+opYS5n/LCSAjAq+oaG7qICZq2V6NS2kKYJxBSnEalYaAQ++df3Bx +D34iQA55AhKYrTcpwjmoVOxg5Itz8k1k07X+k8JQ953YHi8chwVDTFEG52cq+HVu +tcMMrGEzYBzT4FjOsOZ3hjT7EVgTmEonQr26GuE5ZSjyvsfp05X+G40vBNu4SMRM +WsT4PIECgYEA7MiO5mosIMW7ipoCEW5GCK7uJ+4H7d4EvKc4sCnxHnhVpH0kZU88 +4q7q8aKh25vKT5iNqCBE7SdJqlLGK1ooRQJqG2lXBElTDwOP71R8C8jfSNFFr1XI +wbeqIJhuNveQPROep10UpwPG8JWAogYqr3lEky+loSuBvQSNjYnQPPkCgYEAzqLI +iN5gHbQtza11iZkYESwDCyJNebynckhx3NLQQNQ1gUs3giO+HCO7Nqa4KbRhbmLn +Ajan8dklNoTPSrGvFWRY5I098xbHQb35LPC1BPZDbI00VkJ3sGB4H0J9rf56sIDD +BB5mN12xYNk4Jl1WgEurmxH5jWGLQmINUlBwX/cCgYAfQ1fCym/rH9BkO3Ncc8/h +Y59kPERlvrOnaPjOIauJV2APaMp+adjjIS86Gjv+r/IlUkIZ2bDgExjh2S37GVtJ +yUjTN7Rah4fk6pZ9hg0ezTXV+nOV8+Ce2y4mQZoDveoYdlezR1Hrv07sAwFJ40CN +jJhmSps2zXTCzTAXaQPKmQKBgQCRa8pJWIa4INejShHP9mgTna++pDN2GyiUqxtG +1y4skaveBDtaYSEn2JWmjopI/2MaNoxw6FolQDaKOclQvd+D5I0Su7v/WeZ9A99a +m0Qp683jlTRiCIEHJb0j8r1UOCXMFbIpMeOpz0xH5lc32LRJsfdhOLMxppZE75CE +f4u2XQKBgH3X+3p7T952Z2BtnaGXdjyu1XdE20S8FZrBAmC+NLoOA/bE2l66vwT0 +44v3v92DH27Z7rgyTDlPYJRtrKoIma6owOOHRLIMpiibXNUWcYANp9SgWcYrxW21 +nXIJj3zszWcDFa+shpQEgz0wOkFODbkDoae/dPTAYnmrUqY1fuar +-----END RSA PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/openssl_2way_auth.sh b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/openssl_2way_auth.sh new file mode 100755 index 000000000..a6540fc87 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/openssl_2way_auth.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +set -euo pipefail + +BASE_DN="/C=US/ST=Acme State/L=Acme City/O=Acme Inc." + +WORKDIR=$(mktemp -d) +trap "rm -rf $WORKDIR" EXIT + +CA_DAYS=$((3652 * 2)) +PEER_DAYS=$((3652 * 1)) + +CONFIG_FILE=$WORKDIR/openssl.cnf +CA_SERIAL_FILE=$WORKDIR/ca.srl +echo 01 > $CA_SERIAL_FILE + +cat > $CONFIG_FILE <<EOL +[req] +default_bits = 2048 +distinguished_name = req_distinguised_name +prompt = no +serial = $CA_SERIAL_FILE +default_md = sha256 + +[req_distinguised_name] +C = US +ST = Acme State +L = Acme City +O = Acme Inc. +CN = example.com + +[ca] +basicConstraints = critical, CA:TRUE +keyUsage = critical, keyCertSign +subjectKeyIdentifier = hash + +[peer] +basicConstraints = critical, CA:FALSE +keyUsage = critical, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +EOL + +# Generate a self signed certificate for the CA along with a key. +# NOTE: I'm using -nodes, this means that once anybody gets +# their hands on this particular key, they can become this CA. +openssl req \ + -x509 \ + -nodes \ + -days $CA_DAYS \ + -newkey rsa:2048 \ + -keyout ca_key.pem \ + -out ca.pem \ + -config $CONFIG_FILE \ + -extensions ca + +# Create server private key and certificate request +openssl genrsa -out server_key.pem 2048 +openssl req -new \ + -key server_key.pem \ + -out $WORKDIR/server.csr \ + -subj "$BASE_DN/CN=server.example.com" + +# Create client private key and certificate request +openssl genrsa -out client_key.pem 2048 +openssl req -new \ + -key client_key.pem \ + -out $WORKDIR/client.csr \ + -subj "$BASE_DN/CN=client.example.com" + +# Generate certificates +openssl x509 -req -days $PEER_DAYS -in $WORKDIR/server.csr \ + -CA ca.pem -CAkey ca_key.pem \ + -out server_cert.pem \ + -sha256 \ + -CAserial $CA_SERIAL_FILE \ + -extfile $CONFIG_FILE \ + -extensions peer +openssl x509 -req -days $PEER_DAYS -in $WORKDIR/client.csr \ + -CA ca.pem -CAkey ca_key.pem \ + -out client_cert.pem \ + -sha256 \ + -CAserial $CA_SERIAL_FILE \ + -extfile $CONFIG_FILE \ + -extensions peer diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/server_cert.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/server_cert.pem new file mode 100644 index 000000000..8564438cb --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/server_cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQWNtZSBTdGF0ZTESMBAGA1UEBwwJQWNtZSBDaXR5MRIwEAYDVQQK +DAlBY21lIEluYy4xFDASBgNVBAMMC2V4YW1wbGUuY29tMB4XDTIwMDQxODE4MjAz +NVoXDTMwMDQxODE4MjAzNVowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkFjbWUg +U3RhdGUxEjAQBgNVBAcMCUFjbWUgQ2l0eTESMBAGA1UECgwJQWNtZSBJbmMuMRsw +GQYDVQQDDBJzZXJ2ZXIuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDTxZJCVEcJ0vLn9gWfE2z98wsBxyOEy0obeXzRi6DVIDa+lO71 +8uSSO4TaOlOkIRfGOoLlQASN4eXtCEub2dPn81ubmlRlOtYpnjikQ1GYoqHQ8z4w +h4WuqPZDUwpMAQbbWNAle0klWPYF46s7t51U+JuY3gfAVLnmv11dg3ZOW0pYrC2/ +JbbFxAhGqkp4H4pgkvVaADi2tEtHnNchQ0nYiq14PB/UISZlpiYECk10OoP9Q4Q7 +2UHEn8GuGJoO7SkFSVQY5MUWZkHxe46r8sHaM1lWhHEOJWhUSeALUZKgq+mDfkLR +M474xR0FFinkBOEv06jdVA4OccsEcdRohZiJAgMBAAGjPzA9MAwGA1UdEwEB/wQC +MAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQmOgcOsOQiQfzb9fZ0rICUmSSN +kzANBgkqhkiG9w0BAQsFAAOCAQEADZ4cFI1KbZfwkwien/kNXtd/D5l72Q491CAF +0z9xuLKepKtHu5yMFQGuzBhOG+LJj20DYcyfVx9Pr+X5fnYiQfWjv4H2fuqx4Bh2 +FcjcKHIQiGFyA02FMTFNIua8sNXY1vQk7JU424wSkugQdBp1a1yEzzuZDJ7upJqS +6+8/nW1rjzeS4DNhswga3s12oor1iuESORGU+8D2i3yk9OgLuf/MenPxivJlFC49 +7SXvIw34c13+5bkoMQKnhzs3RVa28babhohviJ+yb8R8FA24hF3lI0C6pKHAtf+2 +lrXvUcxRkkxZi+8BrLdhb/Q9sYvI48aYrVVMeuagtkbnTUiH8Q== +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/server_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/server_key.pem new file mode 100644 index 000000000..6c81826a6 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/server_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA08WSQlRHCdLy5/YFnxNs/fMLAccjhMtKG3l80Yug1SA2vpTu +9fLkkjuE2jpTpCEXxjqC5UAEjeHl7QhLm9nT5/Nbm5pUZTrWKZ44pENRmKKh0PM+ +MIeFrqj2Q1MKTAEG21jQJXtJJVj2BeOrO7edVPibmN4HwFS55r9dXYN2TltKWKwt +vyW2xcQIRqpKeB+KYJL1WgA4trRLR5zXIUNJ2IqteDwf1CEmZaYmBApNdDqD/UOE +O9lBxJ/BrhiaDu0pBUlUGOTFFmZB8XuOq/LB2jNZVoRxDiVoVEngC1GSoKvpg35C +0TOO+MUdBRYp5AThL9Oo3VQODnHLBHHUaIWYiQIDAQABAoIBAFLjCpsBh4h103Ms +3QhlPwyqew1oFyPbuZbFVzBhGUMxx5uSiXEkb4g42Yfcum4MMdT5g9Ac3Wt3FlpP +G+DVQlaP7rQZlJzGiZpifkL0wlQem31AJ4AxGwbAxRqWvvn+kON7gISbG4cNqcWm +VZgbBu6CG8yaYqhJwTVqgy2dzclexTQG39gFEwfFfYAu5tKlEO9GAqMGWdpLhoED +h+mUV+f522ol37EksmesExzc3SRJpVV6So0KmH+a+1jdAYAz0W7bXsHDxsLiFw3R +rlTB3jIskQBQALpIbkzv+KxO8tdsz9+FnLVlhZ6jDdN3whJwgTSlG4klGOwMTvnr +vzPGUQECgYEA+Id4Am2HoXDuG/uNaDiqNMgM32mge5s25ysDEK6JhKtdNFKCLP2x +VfHcc3g0W7dZAneXaoPeHJB+pdGo7OF5cO5NicX6pMKZS1ODK2ioME+8Lpr8uwp3 +Ss4a94G0c6qCzJndvQxLTP3fXhvmBomDFUHluy7B0287ZV9psnLZI+ECgYEA2iM9 +VQ6FoaxgQ8Mt+sskI+veR+i4J16FwaPXRf4x/GIf4FyYG4vfFkypOWsNH9MRnSfn +H2JR+hj1apX2jducpCcaeRq2EJJ3n721rdwf9DGlEt8MoDR4qn1ZHj9s4rKolgSb +wnz1UlDhIVwLG0H4Wp0Y6TfhnsLPLCWbv1IqCakCgYEAvuoR3ouVLQc7YnOS5QTi +ezlR6i2SAmHxgxMff6kUKr4ZEyBur3ES0RrCZlFopyvpTGPiBQjXjsnRAEBWq+Fp +EL9/AN7886QpbhvxH19+E96siIC2tFgN24EIZilVHaVWZSWtmJPhJHvBIuH7ifoI +oEPG3kvEyU8hKXZqE5L2CwECgYEAkr34CVr+jFcAXzVSng6/3iZS3r7v+xP8GNqV ++7DXgXelB/JiJM3AIikqAcVBC/KaO8VXFma2zO6zUaNWO/HLeyYPCf7tEVLmhCBD +spSNLmGjMYG45aDGt7IhHFcAcbRL8rdg7MHQ6jIccKuRkSGc56Ac3O7JqVpVsdYO +4vJr8xkCgYB3t2iwhnHqT78bSHVCmGRL7zAK6aIm96nUEODIE3LI87JpecJV9blS +ABwt3Pl6D35OTA1s0ShUc2qqUL7em+pPPlvKl63IQLZRo1W6qkukgkpQ+UvdsEVN +ZJf7Kr9jlRXxTvwDXF+2b9eDfie8u70w9H9eliqcEvO4uLL+bsM8WA== +-----END RSA PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/nctest.py b/test/mocks/netconf-pnp-simulator/engine/tests/nctest.py index 11ff6ffc4..c508ca47a 100644 --- a/test/mocks/netconf-pnp-simulator/engine/tests/nctest.py +++ b/test/mocks/netconf-pnp-simulator/engine/tests/nctest.py @@ -1,4 +1,4 @@ -import logging.config +import logging from ncclient import manager, operations @@ -38,9 +38,9 @@ class NCTestCase: def setup(self): self.nc = manager.connect( host=settings.HOST, - port=settings.PORT, + port=settings.SSH_PORT, username=settings.USERNAME, - key_filename=settings.KEY_FILENAME, + key_filename=settings.SSH_KEY_FILENAME, allow_agent=False, look_for_keys=False, hostkey_verify=False) diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/settings.py b/test/mocks/netconf-pnp-simulator/engine/tests/settings.py index 124e333cd..0c665c738 100644 --- a/test/mocks/netconf-pnp-simulator/engine/tests/settings.py +++ b/test/mocks/netconf-pnp-simulator/engine/tests/settings.py @@ -2,6 +2,7 @@ import os HOST = "127.0.0.1" # Set by tox-docker -PORT = int(os.environ["NETCONF_PNP_SIMULATOR_830_TCP_PORT"]) +SSH_PORT = int(os.environ["NETCONF_PNP_SIMULATOR_830_TCP_PORT"]) +TLS_PORT = int(os.environ["NETCONF_PNP_SIMULATOR_6513_TCP_PORT"]) USERNAME = "netconf" -KEY_FILENAME = "../config/ssh/id_rsa" +SSH_KEY_FILENAME = "../config/ssh/id_rsa" diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/test_tls.py b/test/mocks/netconf-pnp-simulator/engine/tests/test_tls.py new file mode 100644 index 000000000..f0adf447f --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/test_tls.py @@ -0,0 +1,115 @@ +import os +import socket +import ssl +import tarfile +import tempfile +import time +from io import StringIO +from typing import List + +import docker +import pytest +from docker.models.containers import Container +from lxml import etree +from ncclient.transport.ssh import MSG_DELIM + +import settings + +HELLO_DTD = etree.DTD(StringIO(""" +<!ELEMENT hello (capabilities, session-id)> +<!ATTLIST hello xmlns CDATA #REQUIRED> +<!ELEMENT capabilities (capability+)> +<!ELEMENT capability (#PCDATA)> +<!ELEMENT session-id (#PCDATA)> +""")) + +INITIAL_CONFIG_DIR = "data/tls_initial" +NEW_CONFIG_DIR = "data/tls_new" + + +class TestTLS: + container: Container + + @classmethod + def setup_class(cls): + dkr = docker.from_env() + containers = dkr.containers.list(filters={"ancestor": "netconf-pnp-simulator:latest"}) + assert len(containers) == 1 + cls.container = containers[0] + + def test_tls_connect(self): + nc_connect(INITIAL_CONFIG_DIR) + + @pytest.mark.parametrize("round_id", [f"round #{i + 1}" for i in range(6)]) + def test_tls_reconfiguration(self, round_id): + # pylint: disable=W0613 + self.reconfigure_and_check(NEW_CONFIG_DIR, INITIAL_CONFIG_DIR) + self.reconfigure_and_check(INITIAL_CONFIG_DIR, NEW_CONFIG_DIR) + + def reconfigure_and_check(self, good_config_dir: str, bad_config_dir: str): + with simple_tar([f"{good_config_dir}/{b}.pem" for b in ["ca", "server_key", "server_cert"]]) as config_tar: + status = self.container.put_archive(f"/config/tls", config_tar) + assert status + test_start = int(time.time()) + exit_code, (_, err) = self.container.exec_run("/opt/bin/reconfigure-tls.sh", demux=True) + if exit_code != 0: + print(f"reconfigure-tls.sh failed with rc={exit_code}") + log_all("stderr", err) + log_all("Container Logs", self.container.logs(since=test_start)) + assert False + nc_connect(good_config_dir) + # Exception matching must be compatible with Py36 and Py37+ + with pytest.raises(ssl.SSLError, match=r".*\[SSL: CERTIFICATE_VERIFY_FAILED\].*"): + nc_connect(bad_config_dir) + + +def log_all(heading: str, lines: object): + print(f"{heading}:") + if isinstance(lines, bytes): + lines = lines.decode("utf-8") + if isinstance(lines, str): + lines = lines.split("\n") + for line in lines: + print(" ", line) + + +def simple_tar(paths: List[str]): + file = tempfile.NamedTemporaryFile() + with tarfile.open(mode="w", fileobj=file) as tar: + for path in paths: + abs_path = os.path.abspath(path) + tar.add(abs_path, arcname=os.path.basename(path), recursive=False) + file.seek(0) + return file + + +def nc_connect(config_dir: str): + with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as sock: + context = ssl.create_default_context() + context.load_verify_locations(f"{config_dir}/ca.pem") + context.load_cert_chain(certfile=f"{config_dir}/client_cert.pem", keyfile=f"{config_dir}/client_key.pem") + context.check_hostname = False + with context.wrap_socket(sock, server_side=False, server_hostname=settings.HOST) as conn: + conn.connect((settings.HOST, settings.TLS_PORT)) + buf = nc_read_msg(conn) + print(f"Received NETCONF HelloMessage:\n{buf}") + conn.close() + assert buf.endswith(MSG_DELIM) + hello_root = etree.XML(buf[:-len(MSG_DELIM)]) + valid = HELLO_DTD.validate(hello_root) + if not valid: + log_all("Invalid NETCONF <hello> msg", list(HELLO_DTD.error_log.filter_from_errors())) + assert False + + +def nc_read_msg(conn: ssl.SSLSocket): + buf = '' + while True: + data = conn.recv(4096) + if data: + buf += data.decode(encoding="utf-8") + if buf.endswith(MSG_DELIM): + break + else: + break + return buf diff --git a/test/mocks/netconf-pnp-simulator/engine/tox.ini b/test/mocks/netconf-pnp-simulator/engine/tox.ini index 20870cf5e..2ad8a166e 100644 --- a/test/mocks/netconf-pnp-simulator/engine/tox.ini +++ b/test/mocks/netconf-pnp-simulator/engine/tox.ini @@ -29,6 +29,8 @@ docker = deps = pytest + docker + lxml ncclient commands = pytest -v |