tests/test-tls.sh

   1 #!/usr/bin/env bash
   2 # nbdkit
   3 # Copyright (C) 2017 Red Hat Inc.
   4 #
   5 # Redistribution and use in source and binary forms, with or without
   6 # modification, are permitted provided that the following conditions are
   7 # met:
   8 #
   9 # * Redistributions of source code must retain the above copyright
  10 # notice, this list of conditions and the following disclaimer.
  11 #
  12 # * Redistributions in binary form must reproduce the above copyright
  13 # notice, this list of conditions and the following disclaimer in the
  14 # documentation and/or other materials provided with the distribution.
  15 #
  16 # * Neither the name of Red Hat nor the names of its contributors may be
  17 # used to endorse or promote products derived from this software without
  18 # specific prior written permission.
  19 #
  20 # THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
  21 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  22 # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  23 # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
  24 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  25 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  26 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  27 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  28 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  29 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  30 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31 # SUCH DAMAGE.
  32
  33 source ./functions.sh
  34 set -e
  35 set -x
  36
  37 requires ss --version
  38 requires qemu-img --version
  39
  40 if ! qemu-img --help | grep -- --object; then
  41     echo "$0: 'qemu-img' command does not have the --object option"
  42     exit 77
  43 fi
  44
  45 # Does the nbdkit binary support TLS?
  46 if ! nbdkit --dump-config | grep -sq tls=yes; then
  47     echo "$0: nbdkit built without TLS support"
  48     exit 77
  49 fi
  50
  51 # Did we create the PKI files?
  52 # Probably 'certtool' is missing.
  53 pkidir="$PWD/pki"
  54 if [ ! -f "$pkidir/ca-cert.pem" ]; then
  55     echo "$0: PKI files were not created by the test harness"
  56     exit 77
  57 fi
  58
  59 # Unfortunately qemu cannot do TLS over a Unix domain socket (nbdkit
  60 # probably can, although it is not tested).  Find an unused port to
  61 # listen on.
  62 for port in {50000..65535}; do
  63     if ! ss -ltn | grep -sqE ":$port\b"; then break; fi
  64 done
  65 echo picked unused port $port
  66
  67 cleanup_fn rm -f tls.pid tls.out
  68 start_nbdkit -P tls.pid -p $port -n --tls=require \
  69        --tls-certificates="$pkidir" example1
  70
  71 # Run qemu-img against the server.
  72 LANG=C \
  73 qemu-img info \
  74          --object "tls-creds-x509,id=tls0,endpoint=client,dir=$pkidir" \
  75          --image-opts "file.driver=nbd,file.host=localhost,file.port=$port,file.tls-creds=tls0" > tls.out
  76
  77 cat tls.out
  78
  79 grep -sq "^file format: raw" tls.out
  80 grep -sq "^virtual size: 100M" tls.out