3 # Note: some of this code is lifted from zero_length_keys.sh and
4 # test_keygen.sh, and could be unified.
9 if [ $# -eq 0 ] ||
[ ! -f "${1}" ] ||
[ ! -x "${1}" ]; then
10 if [ "$TESTING_TOR_BINARY" = "" ] ; then
11 echo "Usage: ${0} PATH_TO_TOR [case-number]"
16 UNAME_OS
=$
(uname
-s | cut
-d_ -f1)
17 if test "$UNAME_OS" = 'CYGWIN' || \
18 test "$UNAME_OS" = 'MSYS' || \
19 test "$UNAME_OS" = 'MINGW'; then
20 echo "This test is unreliable on Windows. See trac #26076. Skipping." >&2
28 TOR_BINARY
="${TESTING_TOR_BINARY}"
46 dump
() { xxd
-p "$1" |
tr -d '\n '; }
47 die
() { echo "$1" >&2 ; exit 5; }
48 check_dir
() { [ -d "$1" ] || die
"$1 did not exist"; }
49 check_file
() { [ -e "$1" ] || die
"$1 did not exist"; }
50 check_no_file
() { if [ -e "$1" ]; then die
"$1 was not supposed to exist"; fi }
51 check_files_eq
() { cmp "$1" "$2" || die
"$1 and $2 did not match: $(dump "$1") vs $(dump "$2")"; }
52 check_keys_eq
() { check_files_eq
"${SRC}/keys/${1}" "${ME}/keys/${1}"; }
54 DATA_DIR=$(mktemp -d -t tor_key_expiration_tests.XXXXXX)
55 if [ -z "$DATA_DIR" ]; then
56 echo "Failure
: mktemp invocation returned empty string
" >&2
59 if [ ! -d "$DATA_DIR" ]; then
60 echo "Failure
: mktemp invocation result doesn
't point to directory" >&2
63 trap 'rm -rf "$DATA_DIR"' 0
65 # Use an absolute path for this or Tor will complain
66 DATA_DIR=$(cd "${DATA_DIR}" && pwd)
68 touch "${DATA_DIR}/empty_torrc"
72 TOR="${TOR_BINARY} --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0 -f ${DATA_DIR}/empty_torrc --DataDirectory ${DATA_DIR}"
76 # Here we create a set of keys.
78 # Step 1: Start Tor with --list-fingerprint --quiet. Make sure everything is there.
80 ${TOR} --list-fingerprint ${SILENTLY} > /dev/null
82 check_dir "${DATA_DIR}/keys"
83 check_file "${DATA_DIR}/keys/ed25519_master_id_public_key"
84 check_file "${DATA_DIR}/keys/ed25519_master_id_secret_key"
85 check_file "${DATA_DIR}/keys/ed25519_signing_cert"
86 check_file "${DATA_DIR}/keys/ed25519_signing_secret_key"
87 check_file "${DATA_DIR}/keys/secret_id_key"
88 check_file "${DATA_DIR}/keys/secret_onion_key"
89 check_file "${DATA_DIR}/keys/secret_onion_key_ntor"
93 echo "=== Starting key expiration tests."
95 FN="${DATA_DIR}/stderr"
97 if [ "$CASE1" = 1 ]; then
98 echo "==== Case 1: Test --key-expiration without argument and ensure usage"
99 echo " instructions are printed."
101 ${TOR} ${QUIETLY} --key-expiration 2>"$FN" || true
102 grep "No valid argument to --key-expiration found!" "$FN" >/dev/null || \
103 die "Tor didn't mention supported
--key-expiration argmuents
"
105 echo "==== Case
1: ok
"
108 if [ "$CASE2" = 1 ]; then
109 echo "==== Case
2: Start Tor with
--key-expiration 'sign' and
make sure it prints an expiration.
"
111 ${TOR} ${QUIETLY} --key-expiration sign 2>"$FN"
112 grep "signing-cert-expiry
:" "$FN" >/dev/null || \
113 die "Tor didn
't print an expiration"
115 echo "==== Case 2: ok"
118 if [ "$CASE3" = 1 ]; then
119 echo "==== Case 3: Start Tor with --key-expiration 'sign
', when there is no"
120 echo " signing key, and make sure that Tor generates a new key"
121 echo " and prints its certificate's expiration.
"
123 mv "${DATA_DIR}/keys
/ed25519_signing_cert
" \
124 "${DATA_DIR}/keys
/ed25519_signing_cert.bak
"
126 ${TOR} --key-expiration sign > "$FN" 2>&1
127 grep "It looks like I need to generate and sign a new medium-term signing key
" "$FN" >/dev/null || \
128 die "Tor didn
't create a new signing key"
129 check_file "${DATA_DIR}/keys/ed25519_signing_cert"
130 grep "signing-cert-expiry:" "$FN" >/dev/null || \
131 die "Tor didn't print an expiration
"
133 mv "${DATA_DIR}/keys
/ed25519_signing_cert.bak
" \
134 "${DATA_DIR}/keys
/ed25519_signing_cert
"
136 echo "==== Case
3: ok
"
