From ee56d8dd4a0a6083bf8f18dcd37f8d4dfc12bca8 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 21 Sep 2017 00:35:32 +0200 Subject: [PATCH] tests: Add initial integration test for p11-kit These are documented here and will be used to ensure that p11-kit works as expected. https://fedoraproject.org/wiki/CI This is just the first such test. Feel free to edit it if there are mistakes or add others, or check out the docs: https://fedoraproject.org/wiki/CI/Tests --- tests/.gitignore | 2 + tests/tests.yml | 14 ++++ .../Makefile | 64 +++++++++++++++++++ .../PURPOSE | 17 +++++ .../runtest.sh | 59 +++++++++++++++++ 5 files changed, 156 insertions(+) create mode 100644 tests/.gitignore create mode 100644 tests/tests.yml create mode 100644 tests/trust-anchor-complains-about-invalid-attribute-and/Makefile create mode 100644 tests/trust-anchor-complains-about-invalid-attribute-and/PURPOSE create mode 100755 tests/trust-anchor-complains-about-invalid-attribute-and/runtest.sh diff --git a/tests/.gitignore b/tests/.gitignore new file mode 100644 index 0000000..13555f0 --- /dev/null +++ b/tests/.gitignore @@ -0,0 +1,2 @@ +*.retry +artifacts/ diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..6188ad8 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,14 @@ +--- +# This first play always runs on the local staging system +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + - atomic + - container + tests: + - trust-anchor-complains-about-invalid-attribute-and + required_packages: + - openssl + - p11-kit diff --git a/tests/trust-anchor-complains-about-invalid-attribute-and/Makefile b/tests/trust-anchor-complains-about-invalid-attribute-and/Makefile new file mode 100644 index 0000000..0f10a06 --- /dev/null +++ b/tests/trust-anchor-complains-about-invalid-attribute-and/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and +# Description: Test for trust anchor complains about invalid attribute and +# Author: Hubert Kario +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Hubert Kario " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test for trust anchor complains about invalid attribute and" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 2m" >> $(METADATA) + @echo "RunFor: p11-kit" >> $(METADATA) + @echo "Requires: openssl p11-kit" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/trust-anchor-complains-about-invalid-attribute-and/PURPOSE b/tests/trust-anchor-complains-about-invalid-attribute-and/PURPOSE new file mode 100644 index 0000000..e7886f9 --- /dev/null +++ b/tests/trust-anchor-complains-about-invalid-attribute-and/PURPOSE @@ -0,0 +1,17 @@ +PURPOSE of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and +Description: Test for trust anchor complains about invalid attribute and +Author: Hubert Kario +Bug summary: trust anchor complains about invalid attribute and fails when a new certificate tries to store into trust place + +Steps to Reproduce: +1. /etc/pki/tls/certs/make-dummy-cert mycert-tmp.pem +2. openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem +3. trust anchor --store mycert.pem + +Actual results: +p11-kit: the CKA_TRUSTED attribute is not valid for the object +p11-kit: couldn't create object: Certain fields have invalid values + + +Expected results: +Certificate is stored in trust place. diff --git a/tests/trust-anchor-complains-about-invalid-attribute-and/runtest.sh b/tests/trust-anchor-complains-about-invalid-attribute-and/runtest.sh new file mode 100755 index 0000000..3ca17e1 --- /dev/null +++ b/tests/trust-anchor-complains-about-invalid-attribute-and/runtest.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and +# Description: Test for trust anchor complains about invalid attribute and +# Author: Hubert Kario +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="p11-kit" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "rlFileBackup --clean /etc/pki" + rlPhaseEnd + + rlPhaseStartTest + DUMMY_MAKER_BIN="/etc/pki/tls/certs/make-dummy-cert" + [ -x /usr/bin/make-dummy-cert ] && DUMMY_MAKER_BIN="/usr/bin/make-dummy-cert" + rlRun "$DUMMY_MAKER_BIN mycert-tmp.pem" + rlRun "openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem" + rlAssertNotExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit" + rlRun -s "trust anchor --store mycert.pem" + rlAssertNotGrep "p11-kit:" $rlRun_LOG + rlAssertExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rlFileRestore" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd