rpms/nss
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add TMT interoperability tests

Browse Source
This commit is contained in:
Peter Leitmann 2023-04-16 20:26:43 +02:00 committed by not4pedro
parent 7f35208eca
commit 410a644f5b
10 changed files with 42 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

1
ci.fmf Normal file
View File

@ -0,0 +1 @@
resultsdb-testcase: separate

10
plans/gnutls-2way.fmf Normal file
View File

@ -0,0 +1,10 @@
summary: Upstreamed interop-2way tests
contact: Stanislav Zidek <szidek@redhat.com>
discover:
# upstreamed tests (public)
- name: interop-gnutls-2way
how: fmf
url: https://gitlab.com/redhat-crypto/tests/interop.git
filter: 'tag: interop-nss & tag: interop-gnutls & tag: interop-2way'
execute:
how: tmt

10
plans/openssl-2way.fmf Normal file
View File

@ -0,0 +1,10 @@
summary: Upstreamed interop-2way tests
contact: Stanislav Zidek <szidek@redhat.com>
discover:
# upstreamed tests (public)
- name: interop-openssl-2way
how: fmf
url: https://gitlab.com/redhat-crypto/tests/interop.git
filter: 'tag: interop-nss & tag: interop-openssl & tag: interop-2way'
execute:
how: tmt

10
plans/openssl-reneg.fmf Normal file
View File

@ -0,0 +1,10 @@
summary: Upstreamed interop-nss-openssl renegotiation test
contact: Stanislav Zidek <szidek@redhat.com>
discover:
# upstreamed tests (public)
- name: interop-openssl-reneg
how: fmf
url: https://gitlab.com/redhat-crypto/tests/interop.git
filter: 'tag: interop-nss & tag: interop-openssl & tag: interop-reneg'
execute:
how: tmt

10
plans/short-interop-tests.fmf Normal file
View File

@ -0,0 +1,10 @@
summary: Upstreamed interop tests - short tests which do not need to run in parallel
contact: Stanislav Zidek <szidek@redhat.com>
discover:
# upstreamed tests (public)
- name: interop-other+nss-fast
how: fmf
url: https://gitlab.com/redhat-crypto/tests/interop.git
filter: 'tag: interop-nss & tag: -interop-slow'
execute:
how: tmt

64
tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
# Description: NSS tools should not use SHA1 by default when
# Author: Hubert Kario <hkario@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: NSS tools should not use SHA1 by default when" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 10m" >> $(METADATA)
@echo "RunFor: nss openssl" >> $(METADATA)
@echo "Requires: nss nss-tools openssl" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

4
tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE
View File

@ -1,4 +0,0 @@
PURPOSE of NSS-tools-should-not-use-SHA1-by-default-when
Description: NSS tools should not use SHA1 by default when
Author: Hubert Kario <hkario@redhat.com>
Summary: NSS tools should not use SHA1 by default when generating digital signatures/certificates

125
tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh
View File

@ -1,125 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of NSS-tools-should-not-use-SHA1-by-default-when
# Description: NSS tools should not use SHA1 by default when
# Author: Hubert Kario <hkario@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="nss"
PACKAGES="nss openssl"
DBDIR="nssdb"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm --all
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "mkdir nssdb"
rlRun "certutil -N -d $DBDIR --empty-password"
rlLogInfo "Create a JAR file"
rlRun "mkdir java-dir"
rlRun "pushd java-dir"
rlRun "mkdir META-INF mypackage"
rlRun "echo 'Main-Class: mypackage/MyMainFile' > META-INF/MANIFEST.MF"
rlRun "echo 'Those are not the droids you are looking for' > mypackage/MyMainFile.class"
#rlRun "jar -cfe package.jar mypackage/MyMainFile mypackage/MyMainFile.class"
rlRun "popd"
#rlRun "mv java-dir/package.jar ."
rlPhaseEnd
rlPhaseStartTest "Self signing certificates"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "certutil -d $DBDIR -S -n 'CA' -t 'cTC,cTC,cTC' -s 'CN=CA' -x -z noise"
rlRun -s "certutil -d $DBDIR -L -n 'CA' -a | openssl x509 -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Signing certificates"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "certutil -d $DBDIR -S -n 'server' -t 'u,u,u' -s 'CN=server.example.com' -c 'CA' -z noise --nsCertType sslClient,sslServer,objectSigning,smime"
rlRun -s "certutil -d $DBDIR -L -n 'server' -a | openssl x509 -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Certificate request"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "mkdir srv2db"
rlRun "certutil -d srv2db -N --empty-password"
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise"
rlRun -s "openssl req -noout -text -in srv2.req"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
rlRun -s "openssl x509 -in srv2.crt -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "rm -rf srv2db"
rlPhaseEnd
rlPhaseStartTest "Certificate request with SHA1"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "mkdir srv2db"
rlRun "certutil -d srv2db -N --empty-password"
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise -Z SHA1"
rlRun -s "openssl req -noout -text -in srv2.req"
rlAssertGrep "Signature Algorithm: sha1WithRSAEncryption" "$rlRun_LOG"
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
rlRun -s "openssl x509 -in srv2.crt -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "rm -rf srv2db"
rlPhaseEnd
rlPhaseStartTest "Signing CMS messages"
rlRun "echo 'This is a document' > document.txt"
rlRun "cmsutil -S -d $DBDIR -N 'server' -i document.txt -o document.cms"
rlRun -s "openssl cms -in document.cms -inform der -noout -cmsout -print"
rlAssertGrep "algorithm: sha256" $rlRun_LOG
rlAssertNotGrep "algorithm: sha1" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "CRL signing"
rlRun "echo $(date --utc +update=%Y%m%d%H%M%SZ) > script"
rlRun "echo $(date -d 'next week' --utc +nextupdate=%Y%m%d%H%M%SZ) >> script"
rlRun "echo addext crlNumber 0 1245 >>script"
rlRun "echo addcert 12 $(date -d 'yesterday' --utc +%Y%m%d%H%M%SZ) >>script"
rlRun "echo addext reasonCode 0 0 >>script"
rlRun "cat script"
rlRun "crlutil -G -c script -d $DBDIR -n CA -o ca.crl"
rlRun -s "openssl crl -in ca.crl -inform der -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" $rlRun_LOG
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

12
tests/tests.yml
View File

@ -1,12 +0,0 @@
---
# This first play always runs on the local staging system
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
tests:
- NSS-tools-should-not-use-SHA1-by-default-when
required_packages:
- nss-tools
- nss