From ee0c74e28de9552e683724264b101362c144694c Mon Sep 17 00:00:00 2001 From: ebo Date: Sun, 19 Apr 2020 01:33:21 +0100 Subject: netconf-pnp-simulator: fix sysrepod crash on TLS reconfig The crash was caused by: - the '--permanent' option while updating the ietf-keystore by sysrepocfg - missing some Yang modules on sysrepo installation Other changes: 1. Added TLS integration tests, including reconfiguration 2. reconfigure-*.sh are now synchronous, only returnig after restart is completed Issue-ID: INT-1516 Change-Id: Iddc03fc968aaab60931596045437ba0c78448b08 Signed-off-by: ebo --- .../engine/tests/data/tls_initial/README | 2 + .../engine/tests/data/tls_initial/ca.pem | 24 +++++ .../engine/tests/data/tls_initial/client_cert.pem | 24 +++++ .../engine/tests/data/tls_initial/client_key.pem | 27 +++++ .../engine/tests/data/tls_initial/server_cert.pem | 24 +++++ .../engine/tests/data/tls_initial/server_key.pem | 27 +++++ .../engine/tests/data/tls_new/README | 1 + .../engine/tests/data/tls_new/ca.pem | 21 ++++ .../engine/tests/data/tls_new/ca_key.pem | 28 +++++ .../engine/tests/data/tls_new/client_cert.pem | 21 ++++ .../engine/tests/data/tls_new/client_key.pem | 27 +++++ .../engine/tests/data/tls_new/openssl_2way_auth.sh | 84 +++++++++++++++ .../engine/tests/data/tls_new/server_cert.pem | 21 ++++ .../engine/tests/data/tls_new/server_key.pem | 27 +++++ .../netconf-pnp-simulator/engine/tests/nctest.py | 6 +- .../netconf-pnp-simulator/engine/tests/settings.py | 5 +- .../netconf-pnp-simulator/engine/tests/test_tls.py | 115 +++++++++++++++++++++ 17 files changed, 479 insertions(+), 5 deletions(-) create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/README create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/ca.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_cert.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_key.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_cert.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_key.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/README create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca_key.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_cert.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_key.pem create mode 100755 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/openssl_2way_auth.sh create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/server_cert.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/server_key.pem create mode 100644 test/mocks/netconf-pnp-simulator/engine/tests/test_tls.py (limited to 'test/mocks/netconf-pnp-simulator/engine/tests') diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/README b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/README new file mode 100644 index 000000000..725b6b69b --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/README @@ -0,0 +1,2 @@ +The files 'ca.pem', 'server_key.pem', and 'server_cert.pem' were copied from +../../../config/tls directory. diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/ca.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/ca.pem new file mode 100644 index 000000000..62593ab7c --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/ca.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID7TCCAtWgAwIBAgIJAMtE1NGAR5KoMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD +VQQGEwJDWjEWMBQGA1UECAwNU291dGggTW9yYXZpYTENMAsGA1UEBwwEQnJubzEP +MA0GA1UECgwGQ0VTTkVUMQwwCgYDVQQLDANUTUMxEzARBgNVBAMMCmV4YW1wbGUg +Q0ExIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVjYUBsb2NhbGhvc3QwHhcNMTQwNzI0 +MTQxOTAyWhcNMjQwNzIxMTQxOTAyWjCBjDELMAkGA1UEBhMCQ1oxFjAUBgNVBAgM +DVNvdXRoIE1vcmF2aWExDTALBgNVBAcMBEJybm8xDzANBgNVBAoMBkNFU05FVDEM +MAoGA1UECwwDVE1DMRMwEQYDVQQDDApleGFtcGxlIENBMSIwIAYJKoZIhvcNAQkB +FhNleGFtcGxlY2FAbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEArD3TDHPAMT2Z84orK4lMlarbgooIUCcRZyLe+QM+8KY8Hn+mGaxPEOTS +L3ywszqefB/Utm2hPKLHX684iRC14ID9WDGHxPjvoPArhgFhfV+qnPfxKTgxZC12 +uOj4u1V9y+SkTCocFbRfXVBGpojrBuDHXkDMDEWNvr8/52YCv7bGaiBwUHolcLCU +bmtKILCG0RNJyTaJpXQdAeq5Z1SJotpbfYFFtAXB32hVoLug1dzl2tjG9sb1wq3Q +aDExcbC5w6P65qOkNoyym9ne6QlQagCqVDyFn3vcqkRaTjvZmxauCeUxXgJoXkyW +cm0lM1KMHdoTArmchw2Dz0yHHSyDAQIDAQABo1AwTjAdBgNVHQ4EFgQUc1YQIqjZ +sHVwlea0AB4N+ilNI2gwHwYDVR0jBBgwFoAUc1YQIqjZsHVwlea0AB4N+ilNI2gw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAI/1KH60qnw9Xs2RGfi0/ +IKf5EynXt4bQX8EIyVKwSkYKe04zZxYfLIl/Q2HOPYoFmm3daj5ddr0ZS1i4p4fT +UhstjsYWvXs3W/HhVmFUslakkn3PrswhP77fCk6eEJLxdfyJ1C7Uudq2m1isZbKi +h+XF0mG1LxJaDMocSz4eAya7M5brwjy8DoOmA1TnLQFCVcpn+sCr7VC4wE/JqxyV +hBCk/MuGqqM3B1j90bGFZ112ZOecyE0EDSr6IbiRBtmeNbEwOFjKXhNLYdxpBZ9D +8A/368OckZkCrVLGuJNxK9UwCVTe8IhotHUqU9EqFDmxdV8oIdU/OzUwwNPA/Bd/ +9g== +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_cert.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_cert.pem new file mode 100644 index 000000000..8e52dacfd --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCQ1ox +FjAUBgNVBAgMDVNvdXRoIE1vcmF2aWExDTALBgNVBAcMBEJybm8xDzANBgNVBAoM +BkNFU05FVDEMMAoGA1UECwwDVE1DMRMwEQYDVQQDDApleGFtcGxlIENBMSIwIAYJ +KoZIhvcNAQkBFhNleGFtcGxlY2FAbG9jYWxob3N0MB4XDTE1MDczMDA3MjcxOFoX +DTM1MDcyNTA3MjcxOFowgYUxCzAJBgNVBAYTAkNaMRYwFAYDVQQIDA1Tb3V0aCBN +b3JhdmlhMQ8wDQYDVQQKDAZDRVNORVQxDDAKBgNVBAsMA1RNQzEXMBUGA1UEAwwO +ZXhhbXBsZSBjbGllbnQxJjAkBgkqhkiG9w0BCQEWF2V4YW1wbGVjbGllbnRAbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueCQaNQWoNmF +K6LKu1p8U8ZWdWg/PvDdLsJyzfzl/Qw4UA68SfFNaY06zZl8QB9W02nr5kWeeMY0 +VA3adrPgOlvfx3oWlFbkETnMaN4OT3WTQ0Wt6jAWZDzVfopwpJPAzRPxACDftIqF +GagYcF32hZlVNqqnVdbXh0S0EViweqp/dbG4VDUHSNVbglc+u4UbEzNIFXMdEFsJ +ZpkynOmSiTsIATqIhb+2srkVgLwhfkC2qkuHQwAHdubuB07ObM2z01UhyEdDvEYG +HwtYAGDBL2TAcsI0oGeVkRyuOkV0QY0UN7UEFI1yTYw+xZ42HgFx3uGwApCImxhb +j69GBYWFqwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu +U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUXGpLeLnh2cSDARAV +A7KrBxGYpo8wHwYDVR0jBBgwFoAUc1YQIqjZsHVwlea0AB4N+ilNI2gwDQYJKoZI +hvcNAQELBQADggEBAJPV3RTXFRtNyOU4rjPpYeBAIAFp2aqGc4t2J1c7oPp/1n+l +ZvjnwtlJpZHxMM783e2ryDQ6dkvXDf8kpwKlg3U3mkJ3xKkDdWrM4QwghXdCN519 +aa9qmu0zdFL+jUAaWlQ5tsceOrvbusCcbMqiFGk/QfpHqPv52SVWbYyUx7IX7DE+ +UjgsLHycfV/tlcx4ZE6soTzl9VdgSL/zmzG3rjsr58J80rXckLgBhvijgBlIAJvW +fC7D0vaouvBInSFXymdPVoUDZ30cdGLf+hI/i/TfsEMOinLrXVdkSGNo6FXAHKSv +XeB9oFKSzhQ7OPyRyqvEPycUSw/qD6FVr80oDDc= +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_key.pem new file mode 100644 index 000000000..7ccdab10c --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/client_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAueCQaNQWoNmFK6LKu1p8U8ZWdWg/PvDdLsJyzfzl/Qw4UA68 +SfFNaY06zZl8QB9W02nr5kWeeMY0VA3adrPgOlvfx3oWlFbkETnMaN4OT3WTQ0Wt +6jAWZDzVfopwpJPAzRPxACDftIqFGagYcF32hZlVNqqnVdbXh0S0EViweqp/dbG4 +VDUHSNVbglc+u4UbEzNIFXMdEFsJZpkynOmSiTsIATqIhb+2srkVgLwhfkC2qkuH +QwAHdubuB07ObM2z01UhyEdDvEYGHwtYAGDBL2TAcsI0oGeVkRyuOkV0QY0UN7UE +FI1yTYw+xZ42HgFx3uGwApCImxhbj69GBYWFqwIDAQABAoIBAQCZN9kR8DGu6V7y +t0Ax68asL8O5B/OKaHWKQ9LqpVrXmikZJOxkbzoGldow/CIFoU+q+Zbwu9aDa65a +0wiP7Hoa4Py3q5XNNUrOQDyU/OYC7cI0I83WS0lJ2zOJGYj8wKae5Z81IeQFKGHK +4lsy1OGPAvPRGh7RjUUgRavA2MCwe07rWRuDb/OJFe4Oh56UMEjwMiNBtMNtncog +j1vr/qgRJdf9tf0zlJmLvUJ9+HSFFV9I/97LJyFhb95gAfHkjdVroLVgT3Cho+4P +WtZaKCIGD0OwfOG2nLV4leXvRUk62/LMlB8NI9+JF7Xm+HCKbaWHNWC7mvWSLV58 +Zl4AbUWRAoGBANyJ6SFHFRHSPDY026SsdMzXR0eUxBAK7G70oSBKKhY+O1j0ocLE +jI2krHJBhHbLlnvJVyMUaCUOTS5m0uDw9hgSsAqeSL3hL38kxVZw+KNG9Ouno1Fl +KnE/xXHlPQyeGs/P8nAMzHZxQtEsQdQayJEhK2XXHTsy7Q3MxDisfVJ1AoGBANfD +34gB+OMx6pwj7zk3qWbYXSX8xjCZMR0ciko+h4xeMP2N8B0oyoqC+v1ABMAtJ3wG +sGZd0hV9gwM7OUM3SEwkn6oeg1GemWLcn4rlSmTnZc4aeVwrEWlnSNFX3s4g9l4u +k8Ugu4MVJYqH8HuDQ5Ggl6/QAwPzMSEdCW0O+jOfAoGAIBRbegC5+t6m7Yegz4Ja +dxV1g98K6f58x+MDsQu4tYWV4mmrQgaPH2dtwizvlMwmdpkh+LNWNtWuumowkJHc +akIFo3XExQIFg6wYnGtQb4e5xrGa2xMpKlIJaXjb+YLiCYqJDG2ALFZrTrvuU2kV +9a5qfqTc1qigvNolTM0iaaUCgYApmrZWhnLUdEKV2wP813PNxfioI4afxlpHD8LG +sCn48gymR6E+Lihn7vuwq5B+8fYEH1ISWxLwW+RQUjIneNhy/jjfV8TgjyFqg7or +0Sy4KjpiNI6kLBXOakELRNNMkeSPopGR2E7v5rr3bGD9oAD+aqX1G7oJH/KgPPYd +Vl7+ZwKBgQDcHyWYrimjyUgKaQD2GmoO9wdcJYQ59ke9K+OuGlp4ti5arsi7N1tP +B4f09aeELM2ASIuk8Q/Mx0jQFnm8lzRFXdewgvdPoZW/7VufM9O7dGPOc41cm2Dh +yrTcXx/VmUBb+/fnXVEgCv7gylp/wtdTGHQBQJHR81jFBz0lnLj+gg== +-----END RSA PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_cert.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_cert.pem new file mode 100644 index 000000000..c0e03a3f0 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCQ1ox +FjAUBgNVBAgMDVNvdXRoIE1vcmF2aWExDTALBgNVBAcMBEJybm8xDzANBgNVBAoM +BkNFU05FVDEMMAoGA1UECwwDVE1DMRMwEQYDVQQDDApleGFtcGxlIENBMSIwIAYJ +KoZIhvcNAQkBFhNleGFtcGxlY2FAbG9jYWxob3N0MB4XDTE1MDczMDA3MjU1MFoX +DTM1MDcyNTA3MjU1MFowgYUxCzAJBgNVBAYTAkNaMRYwFAYDVQQIDA1Tb3V0aCBN +b3JhdmlhMQ8wDQYDVQQKDAZDRVNORVQxDDAKBgNVBAsMA1RNQzEXMBUGA1UEAwwO +ZXhhbXBsZSBzZXJ2ZXIxJjAkBgkqhkiG9w0BCQEWF2V4YW1wbGVzZXJ2ZXJAbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdI1TBjzX1Pg +QXFuPCw5/kQwU7qkrhirMcFAXhI8EoXepPa9fKAVuMjHW32P6nNzDpnhFe0YGdNl +oIEN3hJJ87cVOqj4o7zZMbq3zVG2L8As7MTA8tYXm2fSC/0rIxxRRemcGUXM0q+4 +LEACjZj2pOKonaivF5VbhgNjPCO1Jj/TamUc0aViE577C9L9EiObGM+bGbabWk/K +WKLsvxUc+sKZXaJ7psTVgpggJAkUszlmwOQgFiMSR53E9/CAkQYhzGVCmH44Vs6H +zs3RZjOTbce4wr4ongiA5LbPeSNSCFjy9loKpaE1rtOjkNBVdiNPCQTmLuODXUTK +gkeL+9v/OwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu +U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU83qEtQDFzDvLoaII +vqiU6k7j1uswHwYDVR0jBBgwFoAUc1YQIqjZsHVwlea0AB4N+ilNI2gwDQYJKoZI +hvcNAQELBQADggEBAJ+QOLi4gPWGofMkLTqSsbv5xRvTw0xa/sJnEeiejtygAu3o +McAsyevSH9EYVPCANxzISPzd9SFaO56HxWgcxLn9vi8ZNvo2wIp9zucNu285ced1 +K/2nDZfBmvBxXnj/n7spwqOyuoIc8sR7P7YyI806Qsfhk3ybNZE5UHJFZKDRQKvR +J1t4nk9saeo87kIuNEDfYNdwYZzRfXoGJ5qIJQK+uJJv9noaIhfFowDW/G14Ji5p +Vh/YtvnOPh7aBjOj8jmzk8MqzK+TZgT7GWu48Nd/NaV8g/DNg9hlN047LaNsJly3 +NX3+VBlpMnA4rKwl1OnmYSirIVh9RJqNwqe6k/k= +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_key.pem new file mode 100644 index 000000000..d61c77bdf --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_initial/server_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsdI1TBjzX1PgQXFuPCw5/kQwU7qkrhirMcFAXhI8EoXepPa9 +fKAVuMjHW32P6nNzDpnhFe0YGdNloIEN3hJJ87cVOqj4o7zZMbq3zVG2L8As7MTA +8tYXm2fSC/0rIxxRRemcGUXM0q+4LEACjZj2pOKonaivF5VbhgNjPCO1Jj/TamUc +0aViE577C9L9EiObGM+bGbabWk/KWKLsvxUc+sKZXaJ7psTVgpggJAkUszlmwOQg +FiMSR53E9/CAkQYhzGVCmH44Vs6Hzs3RZjOTbce4wr4ongiA5LbPeSNSCFjy9loK +paE1rtOjkNBVdiNPCQTmLuODXUTKgkeL+9v/OwIDAQABAoIBAG/4MG1JbL4C/7vV +pBcpth7Aaznd1eJ2UB4VVOWnT8JOH2L6p1h5KRRhAP9AMkXsCnAQPyZiVAG3FlAZ +01SZaY2YJDr6uQ3JVW4155TWtgSdWux//Ass+lJ17lJ0SRxjsV13ez6CsDWeRjc+ +2xy0S+KJgqk71XzhJG9fZLYyuddp3U/i3xFPUAcQM9xXKxcaD7g6LJf+a9pt6rim +Eqq/pjJxDgTsRLARsazYuxrlOB445mvnLiYhOf2/MvI80jIUKaj8BeAhg49UIg/k +mIh0xdevkcxBFer/BjBjscWaFjx14D6nkFMw7vtCum5KfalLN2edZKAzByOudGD4 +5KnRp3ECgYEA6vnSoNGg9Do80JOpXRGYWhcR1lIDO5yRW5rVagncCcW5Pn/GMtNd +x2q6k1ks8mXKR9CxZrxZGqeYObZ9a/5SLih7ZkpiVWXG8ZiBIPhP6lnwm5OeIqLa +hr0BYWcRfrGg1phj5uySZgsVBE+D8jH42O9ccdvrWv1OiryAHfKIcwMCgYEAwbs+ +HfQtvHOQXSYNhtOeA7IetkGy3cKVg2oILNcROvI96hS0MZKt1Rko0UAapx96eCIr +el7vfdT0eUzNqt2wTKp1zmiG+SnX3fMDJNzMwu/jb/b4wQ20IHWNDnqcqTUVRUnL +iksLFoHbTxsN5NpEQExcSt/zzP4qi1W2Bmo18WkCgYEAnhrk16LVux9ohiulHONW +8N9u+BeM51JtGAcxrDzgGo85Gs2czdwc0K6GxdiN/rfxCKtqgqcfCWlVaxfYgo7I +OxiwF17blXx7BVrJICcUlqpX1Ebac5HCmkCYqjJQuj/I6jv1lI7/3rt8M79RF+j5 ++PXt7Qq97SZd78nwJrZni4MCgYAiPjZ8lOyAouyhilhZvI3xmUpUbMhw6jQDRnqr +clhZUvgeqAoxuPuA7zGHywzq/WVoVqHYv28Vjs6noiu4R/chlf+8vD0fTYYadRnZ +Ki4HRt+sqrrNZN6x3hVQudt3DSr1VFXl293Z3JonIWETUoE93EFz+qHdWg+rETtb +ZuqiAQKBgD+HI/syLECyO8UynuEaDD7qPl87PJ/CmZLMxa2/ZZUjhaXAW7CJMaS6 +9PIzsLk33y3O4Qer0wx/tEdfnxMTBJrgGt/lFFdAKhSJroZ45l5apiavg1oZYp89 +jSd0lVxWSmrBjBZLnqOl336gzaBVkBD5ND+XUPdR1UuVQExJlem4 +-----END RSA PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/README b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/README new file mode 100644 index 000000000..89c12e26f --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/README @@ -0,0 +1 @@ +Based on https://gist.github.com/zapstar/4b51d7cfa74c7e709fcdaace19233443 diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca.pem new file mode 100644 index 000000000..037188ee0 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhTCCAm2gAwIBAgIJAMYVrUQvhZDMMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApBY21lIFN0YXRlMRIwEAYDVQQHDAlBY21lIENpdHkx +EjAQBgNVBAoMCUFjbWUgSW5jLjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wHhcNMjAw +NDE4MTgyMDM1WhcNNDAwNDE3MTgyMDM1WjBgMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQWNtZSBTdGF0ZTESMBAGA1UEBwwJQWNtZSBDaXR5MRIwEAYDVQQKDAlBY21l +IEluYy4xFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAlgIH3JqXrqqGMfz4pvgR6ZHtxKhyhtiH2RXLll4gubzKtLYo +OwXIQjxXOi1Pcz7NIIGs19q4BJkLj0ogghM9pEKZT9elHOKLyx2yZdQl2FbSj4W3 +QoYeMKy7XHMQD35lXrG3FugyyywIRsqQQrmfp68OPCWanB5nWdddiu7aYgeHZwPY +3jQ1XjOiHpoFSwV1/4VG1rHB55AqqFIc05Hwr9D3x4iXD6TaWO925ijfnJgCh1Ze +fk2LT8v2imKjgIyXvgmut/ZXU+2Adcsn3f1HBA8rDdWlAuJAE5Ik4Kb2YPShEMFf +w2RnQfWHQoghIfIhpGEpeszoWlJyd02R3C5jOQIDAQABo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4EFgQUgkGhQz8P8R3yGIU8tVqU +DuqrfskwDQYJKoZIhvcNAQELBQADggEBAIjqdOE/TwuOp+xDicIzwcZKtiDCESqd +9hdqGoQC3Et0d98o6t4TmiqbT+uTcxdWPlDnEFGx6logE/pHZxb1IVKryMcKPIPH +EyT7JN9KBiR2z0LLD9Ov/BC24HQk0JDbv8bC7ZWYL7nUzG/4n2IU2JYO1iGztiTj +p4es4UxcnyzPEgN4FEICK4AYUuJAZ7KLVY8LbZAOAuOMt5HnnR+7SFMGYCkfFXTM +ct3VHnnueA+XSX0vUN9hns+b59kUpC5dzTmPfxXRL1HSaZwkmUxqpAeDfPIkHuTm +433XjfEI7wMU+00E3Hf08VWaXEp2daQgI32RmKlZO9AUd0c/nro2jLE= +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca_key.pem new file mode 100644 index 000000000..887f1a151 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/ca_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWAgfcmpeuqoYx +/Pim+BHpke3EqHKG2IfZFcuWXiC5vMq0tig7BchCPFc6LU9zPs0ggazX2rgEmQuP +SiCCEz2kQplP16Uc4ovLHbJl1CXYVtKPhbdChh4wrLtccxAPfmVesbcW6DLLLAhG +ypBCuZ+nrw48JZqcHmdZ112K7tpiB4dnA9jeNDVeM6IemgVLBXX/hUbWscHnkCqo +UhzTkfCv0PfHiJcPpNpY73bmKN+cmAKHVl5+TYtPy/aKYqOAjJe+Ca639ldT7YB1 +yyfd/UcEDysN1aUC4kATkiTgpvZg9KEQwV/DZGdB9YdCiCEh8iGkYSl6zOhaUnJ3 +TZHcLmM5AgMBAAECggEAGm6pK/ohmCl8E/rbZbB4l4ubNffollI5PctVYF2drpzR +qx4d4KiYLPOs+xdY1JnQU1YGOtLTchv1qX4KVGFHj1Yc5bC962UP9O56rO7A7GoA +GEIblKFFWJZXPWcZAWHoQtNVy7eGm75ahv7ShK9oroduHrMRl0jUNUR5uy1zVapw +47m3Trzo7u1QF194N2SqQJajGVkwWmQ8V77+dvSnesoq5ZNLteLPooqDnesSZxFE +Hus0ZuWz4WcCl9+OUXCZG9Q/lNm3aZMIR1ShpPC74KuKyfTjLoqACt8+8WQr/XD5 +tLDfm0EY+xdnaCke3HdESxTXDXCErHItYNrSRKOaAQKBgQDHAIRmqNuWqKWrd7hz +cRanfzk7iHSKb40+EzSNEvNht+i/PrfuyU7e0aUQjQUwIPMznGGZHE+NIcRPPxSS +zPD+Qye+cXMSXS08rB9LZe/VYHXBnFAHAH0rt63UzjnvNqsg6uH40rXuYPPcbtyP +a74RUShNBp0F3zgegpdEoB0DCQKBgQDA+RsW3WCbm/eBrS/J6wb6Xd8/tj8hOJjP +aMsijWK9F0LOwLgnrBO1tmrOcO7UPCk3MY4aMlPxyQ43JajoJ+HzHosj8plX3fT7 +/6c6hDyZmYDcghxs5aCcWn0lOoafvHzzNYK7Wrgh4twxFoSpy7QuETlYi8ifPr3j +zjkz+YV6sQKBgQCE1LqLz9BrOv0CfDI5lFXbzdcE/utTcGxl7+nW9LxSELEh3ppl +oCeuIV+9sXOyEXxkidC3o6cR/GUNxHxWFMgT3/2KaC24J0vHwNhOuqcg1XckmdLt +KY1jfgJhFpqjKumFWmMldHiNuldsXu+IKBHBe1ucNnrfbYUHEIIqA3n6CQKBgBYj +vl7mMTJJN6FSHFx/MYLCCF4H68BE/Qs2y6+AJybop0qPQ9GRZYWAk0pyHISPDm99 +qP8KbSUdWxsqn/Faugqpo28RY1R4a6YJ08bb6xP4T5d8+gPoaH/nxdnimBV1i6Rf +rEsQgnWo0Hh1S+0rKNXsNfcZun/CtAiR3XBAHXdRAoGAXX97DyQmPaT28XGrT6Mq +Hus73yJnEtSaRtl2HB9d7CEdKZyai5rnW7jV+WibxSNJbL0dTF5EPlzwCElnR6lD +d0elYWbjEEr1z0QNEGKJTgH3IAlCnpv2ATqthRjAcxvrIZ/Pd9mh/2AjWl/2Wfd9 +a3/CHQC6qqYkGz2aBx3OZ3w= +-----END PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_cert.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_cert.pem new file mode 100644 index 000000000..d0f348933 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQWNtZSBTdGF0ZTESMBAGA1UEBwwJQWNtZSBDaXR5MRIwEAYDVQQK +DAlBY21lIEluYy4xFDASBgNVBAMMC2V4YW1wbGUuY29tMB4XDTIwMDQxODE4MjAz +NVoXDTMwMDQxODE4MjAzNVowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkFjbWUg +U3RhdGUxEjAQBgNVBAcMCUFjbWUgQ2l0eTESMBAGA1UECgwJQWNtZSBJbmMuMRsw +GQYDVQQDDBJjbGllbnQuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC/H/NjHx1yQYEiQF2he+RpkuubLJ83rpPKg6ArT+06SADYAmHM +VYIG0QguIXn3Alp+VnRc5rqNgteQ6Z90ykrf9wY61PpPmUZd4LB7MXI04VlJqQhP +MCt9O5Y53hV9ZXXxUwRJEZeC2qxMellDpwaO0G6RaWjjP/KpTIJfgvv0cEJdKBy4 +aJptr65dVg51JN3kNRWUf5hz5gKs2SwgBt2nkiRvSdo8lzxNQjeKKAcfGHEcUjB5 +DMNcCIMgFnW7S8aQVkFeOfQN3VOaDGfKA/lMxD9k93+cPIt9hiTwXPBvheaRiQrZ +O1rDq9ctW4kf63H5zFOKJyaqhHoHpJ67ezs/AgMBAAGjPzA9MAwGA1UdEwEB/wQC +MAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBROdFRq9lmHHgYayhAhnQ1D4RJ6 +0TANBgkqhkiG9w0BAQsFAAOCAQEAQ5fJIV6RhWLEACvxEA91e6NnT7WYNjcSV4Qq +mJfQT7qEq8OrhLLCytew5HzWFrUt5hJvzp9j7T4oHTTqEggg0VABGBUdBAu5oi7j +OAaT1sKekhe/LIBAeASMmgxlT+NzGBG0nUqUC4VI/36ZgiDDLbeeoPw3m4sZJ1KD +EwVdI1HCIRA6Y0B8Fwlx2t6XFyiTsJoR3MlANyK+hRhdsFUWnLPmQBt4AGwJUhsU +ljUDaz7D3qbl2V7nqxhChUVDIobDlw9v+asGzdsqll4EmNOszaQTGWhlv5BFbHoG +u5ibVC6vISg27mbViL0OIQDNq016k8GJJZsLN/L0HMyyXYPcQQ== +-----END CERTIFICATE----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_key.pem b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_key.pem new file mode 100644 index 000000000..80fe4e91a --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/client_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvx/zYx8dckGBIkBdoXvkaZLrmyyfN66TyoOgK0/tOkgA2AJh +zFWCBtEILiF59wJaflZ0XOa6jYLXkOmfdMpK3/cGOtT6T5lGXeCwezFyNOFZSakI +TzArfTuWOd4VfWV18VMESRGXgtqsTHpZQ6cGjtBukWlo4z/yqUyCX4L79HBCXSgc +uGiaba+uXVYOdSTd5DUVlH+Yc+YCrNksIAbdp5Ikb0naPJc8TUI3iigHHxhxHFIw +eQzDXAiDIBZ1u0vGkFZBXjn0Dd1TmgxnygP5TMQ/ZPd/nDyLfYYk8Fzwb4XmkYkK +2Ttaw6vXLVuJH+tx+cxTiicmqoR6B6Seu3s7PwIDAQABAoIBAE3CihvCBRD/ZbKx +zWZuKbhqdkFkHkNhW/ABLaFxm2si8HTyQygHgieT1GgwZpcA9iCAvEcv+KaqnVnw +M1gpFd2Ze4dkL5NDIUYArMzyiSzKorE9fIv7ZTZGkBBrMwMZzKqqxAuWhLZQkdlr +zfWgdyKT2uh+opYS5n/LCSAjAq+oaG7qICZq2V6NS2kKYJxBSnEalYaAQ++df3Bx +D34iQA55AhKYrTcpwjmoVOxg5Itz8k1k07X+k8JQ953YHi8chwVDTFEG52cq+HVu +tcMMrGEzYBzT4FjOsOZ3hjT7EVgTmEonQr26GuE5ZSjyvsfp05X+G40vBNu4SMRM +WsT4PIECgYEA7MiO5mosIMW7ipoCEW5GCK7uJ+4H7d4EvKc4sCnxHnhVpH0kZU88 +4q7q8aKh25vKT5iNqCBE7SdJqlLGK1ooRQJqG2lXBElTDwOP71R8C8jfSNFFr1XI +wbeqIJhuNveQPROep10UpwPG8JWAogYqr3lEky+loSuBvQSNjYnQPPkCgYEAzqLI +iN5gHbQtza11iZkYESwDCyJNebynckhx3NLQQNQ1gUs3giO+HCO7Nqa4KbRhbmLn +Ajan8dklNoTPSrGvFWRY5I098xbHQb35LPC1BPZDbI00VkJ3sGB4H0J9rf56sIDD +BB5mN12xYNk4Jl1WgEurmxH5jWGLQmINUlBwX/cCgYAfQ1fCym/rH9BkO3Ncc8/h +Y59kPERlvrOnaPjOIauJV2APaMp+adjjIS86Gjv+r/IlUkIZ2bDgExjh2S37GVtJ +yUjTN7Rah4fk6pZ9hg0ezTXV+nOV8+Ce2y4mQZoDveoYdlezR1Hrv07sAwFJ40CN +jJhmSps2zXTCzTAXaQPKmQKBgQCRa8pJWIa4INejShHP9mgTna++pDN2GyiUqxtG +1y4skaveBDtaYSEn2JWmjopI/2MaNoxw6FolQDaKOclQvd+D5I0Su7v/WeZ9A99a +m0Qp683jlTRiCIEHJb0j8r1UOCXMFbIpMeOpz0xH5lc32LRJsfdhOLMxppZE75CE +f4u2XQKBgH3X+3p7T952Z2BtnaGXdjyu1XdE20S8FZrBAmC+NLoOA/bE2l66vwT0 +44v3v92DH27Z7rgyTDlPYJRtrKoIma6owOOHRLIMpiibXNUWcYANp9SgWcYrxW21 +nXIJj3zszWcDFa+shpQEgz0wOkFODbkDoae/dPTAYnmrUqY1fuar +-----END RSA PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/openssl_2way_auth.sh b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/openssl_2way_auth.sh new file mode 100755 index 000000000..a6540fc87 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/tests/data/tls_new/openssl_2way_auth.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +set -euo pipefail + +BASE_DN="/C=US/ST=Acme State/L=Acme City/O=Acme Inc." + +WORKDIR=$(mktemp -d) +trap "rm -rf $WORKDIR" EXIT + +CA_DAYS=$((3652 * 2)) +PEER_DAYS=$((3652 * 1)) + +CONFIG_FILE=$WORKDIR/openssl.cnf +CA_SERIAL_FILE=$WORKDIR/ca.srl +echo 01 > $CA_SERIAL_FILE + +cat > $CONFIG_FILE < + + + + +""")) + +INITIAL_CONFIG_DIR = "data/tls_initial" +NEW_CONFIG_DIR = "data/tls_new" + + +class TestTLS: + container: Container + + @classmethod + def setup_class(cls): + dkr = docker.from_env() + containers = dkr.containers.list(filters={"ancestor": "netconf-pnp-simulator:latest"}) + assert len(containers) == 1 + cls.container = containers[0] + + def test_tls_connect(self): + nc_connect(INITIAL_CONFIG_DIR) + + @pytest.mark.parametrize("round_id", [f"round #{i + 1}" for i in range(6)]) + def test_tls_reconfiguration(self, round_id): + # pylint: disable=W0613 + self.reconfigure_and_check(NEW_CONFIG_DIR, INITIAL_CONFIG_DIR) + self.reconfigure_and_check(INITIAL_CONFIG_DIR, NEW_CONFIG_DIR) + + def reconfigure_and_check(self, good_config_dir: str, bad_config_dir: str): + with simple_tar([f"{good_config_dir}/{b}.pem" for b in ["ca", "server_key", "server_cert"]]) as config_tar: + status = self.container.put_archive(f"/config/tls", config_tar) + assert status + test_start = int(time.time()) + exit_code, (_, err) = self.container.exec_run("/opt/bin/reconfigure-tls.sh", demux=True) + if exit_code != 0: + print(f"reconfigure-tls.sh failed with rc={exit_code}") + log_all("stderr", err) + log_all("Container Logs", self.container.logs(since=test_start)) + assert False + nc_connect(good_config_dir) + # Exception matching must be compatible with Py36 and Py37+ + with pytest.raises(ssl.SSLError, match=r".*\[SSL: CERTIFICATE_VERIFY_FAILED\].*"): + nc_connect(bad_config_dir) + + +def log_all(heading: str, lines: object): + print(f"{heading}:") + if isinstance(lines, bytes): + lines = lines.decode("utf-8") + if isinstance(lines, str): + lines = lines.split("\n") + for line in lines: + print(" ", line) + + +def simple_tar(paths: List[str]): + file = tempfile.NamedTemporaryFile() + with tarfile.open(mode="w", fileobj=file) as tar: + for path in paths: + abs_path = os.path.abspath(path) + tar.add(abs_path, arcname=os.path.basename(path), recursive=False) + file.seek(0) + return file + + +def nc_connect(config_dir: str): + with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as sock: + context = ssl.create_default_context() + context.load_verify_locations(f"{config_dir}/ca.pem") + context.load_cert_chain(certfile=f"{config_dir}/client_cert.pem", keyfile=f"{config_dir}/client_key.pem") + context.check_hostname = False + with context.wrap_socket(sock, server_side=False, server_hostname=settings.HOST) as conn: + conn.connect((settings.HOST, settings.TLS_PORT)) + buf = nc_read_msg(conn) + print(f"Received NETCONF HelloMessage:\n{buf}") + conn.close() + assert buf.endswith(MSG_DELIM) + hello_root = etree.XML(buf[:-len(MSG_DELIM)]) + valid = HELLO_DTD.validate(hello_root) + if not valid: + log_all("Invalid NETCONF msg", list(HELLO_DTD.error_log.filter_from_errors())) + assert False + + +def nc_read_msg(conn: ssl.SSLSocket): + buf = '' + while True: + data = conn.recv(4096) + if data: + buf += data.decode(encoding="utf-8") + if buf.endswith(MSG_DELIM): + break + else: + break + return buf -- cgit 1.2.3-korg