From 0c5881062ed71db928ce53289e47ed64bd918250 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zden=C4=9Bk=20=C5=A0ustr?= Date: Thu, 8 Nov 2012 18:12:11 +0000 Subject: [PATCH] Use proxy instead of host cert for tests. --- .../gridsite/tests/gridsite-test-all.sh | 63 +++++++++++----------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/org.glite.testsuites.ctb/gridsite/tests/gridsite-test-all.sh b/org.glite.testsuites.ctb/gridsite/tests/gridsite-test-all.sh index dae8f3e..45e6002 100755 --- a/org.glite.testsuites.ctb/gridsite/tests/gridsite-test-all.sh +++ b/org.glite.testsuites.ctb/gridsite/tests/gridsite-test-all.sh @@ -84,12 +84,13 @@ test_start # check_binaries printf "Testing if all binaries are available" -check_binaries curl rm chown openssl htcp htls htmv htcp htrm htls htls htproxydestroy awk sed openssl tail head sort +check_binaries curl rm chown openssl htcp htls htmv htcp htrm htls htls htproxydestroy awk sed openssl tail head sort id if [ $? -gt 0 ]; then test_failed else test_done fi +UPROXY="/tmp/x509up_u`id -u`" if getent passwd www-data >/dev/null; then HTTPD_USER=www-data @@ -111,7 +112,7 @@ EOF $SYS_RM /var/www/htdocs/.gacl printf "Plain read... " - code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.html` + code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.html` printf "Return code $code" if [ "$code" = "403" ]; then test_done @@ -130,7 +131,7 @@ EOF printf "With gacl... " - code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.html` + code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.html` printf "Return code $code" if [ "$code" = "200" ]; then test_done @@ -142,7 +143,7 @@ EOF printf "Get index (list & read permissions)\n" printf "Plain read... " - code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/` + code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/` printf "Return code $code" if [ "$code" = "403" ]; then test_done @@ -154,7 +155,7 @@ cat >/var/www/htdocs/.gacl < - `openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'` + `openssl x509 -noout -subject -in ${UPROXY} | sed -e 's/^subject= //'` @@ -162,7 +163,7 @@ cat >/var/www/htdocs/.gacl </var/www/htdocs/.gacl < - `openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'` + `openssl x509 -noout -subject -in ${UPROXY} | sed -e 's/^subject= //'` @@ -201,7 +202,7 @@ cat >/var/www/htdocs/.gacl </var/www/htdocs/.gacl < - `openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'` + `openssl x509 -noout -subject -in ${UPROXY} | sed -e 's/^subject= //'` @@ -256,7 +257,7 @@ EOF printf "Run test.cgi... " chmod +x /var/www/htdocs/test.cgi - code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.cgi` + code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.cgi` printf "Return code $code" if [ "$code" = "200" ]; then test_done @@ -278,7 +279,7 @@ cat >/var/www/htdocs/.gacl < - `openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'` + `openssl x509 -noout -subject -in ${UPROXY} | sed -e 's/^subject= //'` @@ -290,49 +291,49 @@ EOF date > /tmp/test.txt printf "Testing htcp... " - htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/ + htcp --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/ if [ $? -eq 0 ]; then test_done else test_failed fi printf "Checking by htls... " - htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null + htls --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null if [ $? -eq 0 ]; then test_done else test_failed fi printf "Testing htmv... " - htmv --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt + htmv --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt if [ $? -eq 0 ]; then test_done else test_failed fi printf "htcp, file 2... " - htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp + htcp --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp if [ $? -eq 0 ]; then test_done else test_failed fi printf "Testing htrm... " - htrm --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt + htrm --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt if [ $? -eq 0 ]; then test_done else test_failed fi printf "Checking by htls... " - htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null + htls --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null if [ $? -eq 22 ]; then test_done else test_failed fi printf "Checking directory contents with htls... " - htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null + htls --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null if [ $? -eq 0 ]; then test_done else @@ -356,7 +357,7 @@ EOF chown $HTTPD_USER /var/www/proxycache #delegation - id=`htproxyput --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates https://$(hostname -f)/gridsite-delegation.cgi` + id=`htproxyput --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates https://$(hostname -f)/gridsite-delegation.cgi` printf "id: $id" if [ $? -eq 0 -a -n "$id" ]; then test_done @@ -364,9 +365,9 @@ EOF test_failed fi - expiry=`htproxyunixtime --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi` + expiry=`htproxyunixtime --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi` - newid=`htproxyrenew --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi` + newid=`htproxyrenew --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi` printf "newid: $newid" if [ $? -eq 0 -a -n "$newid" ]; then test_done @@ -374,7 +375,7 @@ EOF test_failed fi - htproxydestroy --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi + htproxydestroy --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi printf "Test handling of VOMS .lsc files (Regression test for bug #39254 and #82023)\n" @@ -389,7 +390,7 @@ EOF mkdir -p /tmp/vomsdir.$$ mv -f /etc/grid-security/vomsdir/* /tmp/vomsdir.$$/ printf "Trying with empty vomsdir. GRST_CRED_2 should not be present... " - GRST_CRED_2=`curl --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --cacert /tmp/x509up_u0 --silent https://$(hostname -f)/test.cgi|grep GRST_CRED_2` + GRST_CRED_2=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --cacert ${UPROXY} --silent https://$(hostname -f)/test.cgi|grep GRST_CRED_2` if [ "$GRST_CRED_2" = "" ]; then test_done else @@ -399,8 +400,6 @@ EOF mv -f /tmp/vomsdir.$$/* /etc/grid-security/vomsdir/ rm -rf /tmp/vomsdir.$$ - printf "Setting up .lsc file and trying again\n" - UTOPIA=`voms-proxy-info -all | grep -A 100 "extension information" | grep "^issuer" | grep "L=Tropic" | grep "O=Utopia" | grep "OU=Relaxation"` if [ "$UTOPIA" != "" ]; then printf "Possibly fake VOMS extensions. Regenerating... " @@ -409,6 +408,8 @@ EOF fi; # voms-proxy-info -all | grep -A 100 "extension information" | sed "s/\$/$NL/" + printf "Setting up .lsc file and trying again\n" + for vomsfile in /etc/vomses/* do if [ -f $vomsfile ]; then @@ -435,7 +436,7 @@ EOF done exit 0 - GRST_CRED_2=`curl --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --cacert /tmp/x509up_u0 --silent https://$(hostname -f)/test.cgi|grep GRST_CRED_2` + GRST_CRED_2=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --cacert ${UPROXY} --silent https://$(hostname -f)/test.cgi|grep GRST_CRED_2` if [ "$GRST_CRED_2" = "" ]; then print_error "GRST_CRED_2 not returned" @@ -465,7 +466,7 @@ exit 0 test_done printf "Getting list of Role attributes from test.cgi... " - curl --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --cacert /tmp/x509up_u0 --silent https://$(hostname -f)/test.cgi|grep -E "^GRST_CRED_AURI_.*Role=" | sed -r 's/^GRST_CRED_AURI_[0-9]+=fqan://' > test-roles-pre.$$.out + curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --cacert ${UPROXY} --silent https://$(hostname -f)/test.cgi|grep -E "^GRST_CRED_AURI_.*Role=" | sed -r 's/^GRST_CRED_AURI_[0-9]+=fqan://' > test-roles-pre.$$.out if [ ! -s info-roles.$$.out ]; then printf "EMPTY!" @@ -477,7 +478,7 @@ exit 0 voms-proxy-init -noregen > /dev/null 2> /dev/null test_done printf "Getting another set of Role attributes from test.cgi... " - curl --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --cacert /tmp/x509up_u0 --silent https://$(hostname -f)/test.cgi|grep -E "^GRST_CRED_AURI_.*Role=" | sed -r 's/^GRST_CRED_AURI_[0-9]+=fqan://' > test-roles-post.$$.out + curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --cacert ${UPROXY} --silent https://$(hostname -f)/test.cgi|grep -E "^GRST_CRED_AURI_.*Role=" | sed -r 's/^GRST_CRED_AURI_[0-9]+=fqan://' > test-roles-post.$$.out if [ ! -s test-roles-post.$$.out ]; then test_failed print_error "List of role attributes is empty!" -- 1.8.2.3