From 410a644f5b55862123f59d15bc32a57da81ca2f8 Mon Sep 17 00:00:00 2001 From: Peter Leitmann Date: Sun, 16 Apr 2023 20:26:43 +0200 Subject: [PATCH] Add TMT interoperability tests --- .fmf/version | 1 + ci.fmf | 1 + plans/gnutls-2way.fmf | 10 ++ plans/openssl-2way.fmf | 10 ++ plans/openssl-reneg.fmf | 10 ++ plans/short-interop-tests.fmf | 10 ++ .../Makefile | 64 --------- .../PURPOSE | 4 - .../runtest.sh | 125 ------------------ tests/tests.yml | 12 -- 10 files changed, 42 insertions(+), 205 deletions(-) create mode 100644 .fmf/version create mode 100644 ci.fmf create mode 100644 plans/gnutls-2way.fmf create mode 100644 plans/openssl-2way.fmf create mode 100644 plans/openssl-reneg.fmf create mode 100644 plans/short-interop-tests.fmf delete mode 100644 tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile delete mode 100644 tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE delete mode 100755 tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh delete mode 100644 tests/tests.yml diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/ci.fmf b/ci.fmf new file mode 100644 index 0000000..c5aa0e0 --- /dev/null +++ b/ci.fmf @@ -0,0 +1 @@ +resultsdb-testcase: separate diff --git a/plans/gnutls-2way.fmf b/plans/gnutls-2way.fmf new file mode 100644 index 0000000..69b116b --- /dev/null +++ b/plans/gnutls-2way.fmf @@ -0,0 +1,10 @@ +summary: Upstreamed interop-2way tests +contact: Stanislav Zidek +discover: + # upstreamed tests (public) + - name: interop-gnutls-2way + how: fmf + url: https://gitlab.com/redhat-crypto/tests/interop.git + filter: 'tag: interop-nss & tag: interop-gnutls & tag: interop-2way' +execute: + how: tmt diff --git a/plans/openssl-2way.fmf b/plans/openssl-2way.fmf new file mode 100644 index 0000000..ddebbfb --- /dev/null +++ b/plans/openssl-2way.fmf @@ -0,0 +1,10 @@ +summary: Upstreamed interop-2way tests +contact: Stanislav Zidek +discover: + # upstreamed tests (public) + - name: interop-openssl-2way + how: fmf + url: https://gitlab.com/redhat-crypto/tests/interop.git + filter: 'tag: interop-nss & tag: interop-openssl & tag: interop-2way' +execute: + how: tmt diff --git a/plans/openssl-reneg.fmf b/plans/openssl-reneg.fmf new file mode 100644 index 0000000..b66cb6a --- /dev/null +++ b/plans/openssl-reneg.fmf @@ -0,0 +1,10 @@ +summary: Upstreamed interop-nss-openssl renegotiation test +contact: Stanislav Zidek +discover: + # upstreamed tests (public) + - name: interop-openssl-reneg + how: fmf + url: https://gitlab.com/redhat-crypto/tests/interop.git + filter: 'tag: interop-nss & tag: interop-openssl & tag: interop-reneg' +execute: + how: tmt diff --git a/plans/short-interop-tests.fmf b/plans/short-interop-tests.fmf new file mode 100644 index 0000000..67fb89c --- /dev/null +++ b/plans/short-interop-tests.fmf @@ -0,0 +1,10 @@ +summary: Upstreamed interop tests - short tests which do not need to run in parallel +contact: Stanislav Zidek +discover: + # upstreamed tests (public) + - name: interop-other+nss-fast + how: fmf + url: https://gitlab.com/redhat-crypto/tests/interop.git + filter: 'tag: interop-nss & tag: -interop-slow' +execute: + how: tmt diff --git a/tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile b/tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile deleted file mode 100644 index ea65d87..0000000 --- a/tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile +++ /dev/null @@ -1,64 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when -# Description: NSS tools should not use SHA1 by default when -# Author: Hubert Kario -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2016 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Hubert Kario " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: NSS tools should not use SHA1 by default when" >> $(METADATA) - @echo "Type: Regression" >> $(METADATA) - @echo "TestTime: 10m" >> $(METADATA) - @echo "RunFor: nss openssl" >> $(METADATA) - @echo "Requires: nss nss-tools openssl" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE b/tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE deleted file mode 100644 index 7caf493..0000000 --- a/tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE +++ /dev/null @@ -1,4 +0,0 @@ -PURPOSE of NSS-tools-should-not-use-SHA1-by-default-when -Description: NSS tools should not use SHA1 by default when -Author: Hubert Kario -Summary: NSS tools should not use SHA1 by default when generating digital signatures/certificates diff --git a/tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh b/tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh deleted file mode 100755 index 8290d92..0000000 --- a/tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of NSS-tools-should-not-use-SHA1-by-default-when -# Description: NSS tools should not use SHA1 by default when -# Author: Hubert Kario -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2016 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="nss" -PACKAGES="nss openssl" -DBDIR="nssdb" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm --all - rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlRun "mkdir nssdb" - rlRun "certutil -N -d $DBDIR --empty-password" - rlLogInfo "Create a JAR file" - rlRun "mkdir java-dir" - rlRun "pushd java-dir" - rlRun "mkdir META-INF mypackage" - rlRun "echo 'Main-Class: mypackage/MyMainFile' > META-INF/MANIFEST.MF" - rlRun "echo 'Those are not the droids you are looking for' > mypackage/MyMainFile.class" - #rlRun "jar -cfe package.jar mypackage/MyMainFile mypackage/MyMainFile.class" - rlRun "popd" - #rlRun "mv java-dir/package.jar ." - rlPhaseEnd - - rlPhaseStartTest "Self signing certificates" - rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null" - rlRun "certutil -d $DBDIR -S -n 'CA' -t 'cTC,cTC,cTC' -s 'CN=CA' -x -z noise" - rlRun -s "certutil -d $DBDIR -L -n 'CA' -a | openssl x509 -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlPhaseEnd - - rlPhaseStartTest "Signing certificates" - rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null" - rlRun "certutil -d $DBDIR -S -n 'server' -t 'u,u,u' -s 'CN=server.example.com' -c 'CA' -z noise --nsCertType sslClient,sslServer,objectSigning,smime" - rlRun -s "certutil -d $DBDIR -L -n 'server' -a | openssl x509 -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlPhaseEnd - - rlPhaseStartTest "Certificate request" - rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null" - rlRun "mkdir srv2db" - rlRun "certutil -d srv2db -N --empty-password" - rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise" - rlRun -s "openssl req -noout -text -in srv2.req" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt" - rlRun -s "openssl x509 -in srv2.crt -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlRun "rm -rf srv2db" - rlPhaseEnd - - rlPhaseStartTest "Certificate request with SHA1" - rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null" - rlRun "mkdir srv2db" - rlRun "certutil -d srv2db -N --empty-password" - rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise -Z SHA1" - rlRun -s "openssl req -noout -text -in srv2.req" - rlAssertGrep "Signature Algorithm: sha1WithRSAEncryption" "$rlRun_LOG" - rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt" - rlRun -s "openssl x509 -in srv2.crt -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlRun "rm -rf srv2db" - rlPhaseEnd - - rlPhaseStartTest "Signing CMS messages" - rlRun "echo 'This is a document' > document.txt" - rlRun "cmsutil -S -d $DBDIR -N 'server' -i document.txt -o document.cms" - rlRun -s "openssl cms -in document.cms -inform der -noout -cmsout -print" - rlAssertGrep "algorithm: sha256" $rlRun_LOG - rlAssertNotGrep "algorithm: sha1" $rlRun_LOG - rlPhaseEnd - - rlPhaseStartTest "CRL signing" - rlRun "echo $(date --utc +update=%Y%m%d%H%M%SZ) > script" - rlRun "echo $(date -d 'next week' --utc +nextupdate=%Y%m%d%H%M%SZ) >> script" - rlRun "echo addext crlNumber 0 1245 >>script" - rlRun "echo addcert 12 $(date -d 'yesterday' --utc +%Y%m%d%H%M%SZ) >>script" - rlRun "echo addext reasonCode 0 0 >>script" - rlRun "cat script" - rlRun "crlutil -G -c script -d $DBDIR -n CA -o ca.crl" - rlRun -s "openssl crl -in ca.crl -inform der -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" $rlRun_LOG - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index df64aa2..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# This first play always runs on the local staging system -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - tests: - - NSS-tools-should-not-use-SHA1-by-default-when - required_packages: - - nss-tools - - nss