You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ti...@apache.org on 2019/01/15 21:13:23 UTC
[mesos] 01/02: Made `SSLTest` an unparameterized test suite.
This is an automated email from the ASF dual-hosted git repository.
tillt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit d43ea0c66558d5eaa20167230945767ac063d67e
Author: Benjamin Bannier <be...@mesosphere.io>
AuthorDate: Tue Jan 15 22:11:40 2019 +0100
Made `SSLTest` an unparameterized test suite.
This general and reusable testing class is made unparameterized since
deriving from a parameterized test is cumbersome (e.g., requires manual
disambiguation of possibly private types and methods inherited from the
respective `::testing::WithParamInterface` base class).
This patch makes `SSLTest` an unparameterized test suite which eases
reuse. We are able to remove a number of redundant test
parameterizations along the way.
Review: https://reviews.apache.org/r/69720/
---
3rdparty/libprocess/include/process/ssl/gtest.hpp | 3 +-
3rdparty/libprocess/src/tests/ssl_tests.cpp | 299 +++++++++++-----------
2 files changed, 153 insertions(+), 149 deletions(-)
diff --git a/3rdparty/libprocess/include/process/ssl/gtest.hpp b/3rdparty/libprocess/include/process/ssl/gtest.hpp
index 23d7aee..e173b32 100644
--- a/3rdparty/libprocess/include/process/ssl/gtest.hpp
+++ b/3rdparty/libprocess/include/process/ssl/gtest.hpp
@@ -269,8 +269,7 @@ protected:
* SSLTest::launch_client that factor out common behavior used in
* tests.
*/
-class SSLTest : public SSLTemporaryDirectoryTest,
- public ::testing::WithParamInterface<const char*>
+class SSLTest : public SSLTemporaryDirectoryTest
{
protected:
SSLTest() : data("Hello World!") {}
diff --git a/3rdparty/libprocess/src/tests/ssl_tests.cpp b/3rdparty/libprocess/src/tests/ssl_tests.cpp
index bfb5eab..77e90e6 100644
--- a/3rdparty/libprocess/src/tests/ssl_tests.cpp
+++ b/3rdparty/libprocess/src/tests/ssl_tests.cpp
@@ -112,11 +112,6 @@ Future<Nothing> await_subprocess(
}
-INSTANTIATE_TEST_CASE_P(SSLVerifyIPAdd,
- SSLTest,
- ::testing::Values("false", "true"));
-
-
// Ensure that we can't create an SSL socket when SSL is not enabled.
TEST(SSL, Disabled)
{
@@ -126,112 +121,6 @@ TEST(SSL, Disabled)
}
-// Test a basic back-and-forth communication within the same OS
-// process.
-TEST_P(SSLTest, BasicSameProcess)
-{
- os::setenv("LIBPROCESS_SSL_ENABLED", "true");
- os::setenv("LIBPROCESS_SSL_KEY_FILE", key_path().string());
- os::setenv("LIBPROCESS_SSL_CERT_FILE", certificate_path().string());
- os::setenv("LIBPROCESS_SSL_REQUIRE_CERT", "true");
- os::setenv("LIBPROCESS_SSL_CA_DIR", os::getcwd());
- os::setenv("LIBPROCESS_SSL_CA_FILE", certificate_path().string());
- os::setenv("LIBPROCESS_SSL_VERIFY_IPADD", GetParam());
-
- openssl::reinitialize();
-
- Try<Socket> server = Socket::create(SocketImpl::Kind::SSL);
- ASSERT_SOME(server);
-
- Try<Socket> client = Socket::create(SocketImpl::Kind::SSL);
- ASSERT_SOME(client);
-
- // We need to explicitly bind to the address advertised by libprocess so the
- // certificate we create in this test fixture can be verified.
- ASSERT_SOME(server->bind(Address(net::IP(process::address().ip), 0)));
- ASSERT_SOME(server->listen(BACKLOG));
-
- Try<Address> address = server->address();
- ASSERT_SOME(address);
-
- Future<Socket> accept = server->accept();
-
- AWAIT_ASSERT_READY(client->connect(address.get()));
-
- // Wait for the server to have accepted the client connection.
- AWAIT_ASSERT_READY(accept);
-
- Socket socket = accept.get();
-
- // Send a message from the client to the server.
- const string data = "Hello World!";
- AWAIT_ASSERT_READY(client->send(data));
-
- // Verify the server received the message.
- AWAIT_ASSERT_EQ(data, socket.recv(data.size()));
-
- // Send the message back from the server to the client.
- AWAIT_ASSERT_READY(socket.send(data));
-
- // Verify the client received the message.
- AWAIT_ASSERT_EQ(data, client->recv(data.size()));
-}
-
-
-#ifndef __WINDOWS__
-TEST_P(SSLTest, BasicSameProcessUnix)
-{
- os::setenv("LIBPROCESS_SSL_ENABLED", "true");
- os::setenv("LIBPROCESS_SSL_KEY_FILE", key_path().string());
- os::setenv("LIBPROCESS_SSL_CERT_FILE", certificate_path().string());
- // NOTE: we must set LIBPROCESS_SSL_REQUIRE_CERT to false because we
- // don't have a hostname or IP to verify!
- os::setenv("LIBPROCESS_SSL_REQUIRE_CERT", "false");
- os::setenv("LIBPROCESS_SSL_CA_DIR", os::getcwd());
- os::setenv("LIBPROCESS_SSL_CA_FILE", certificate_path().string());
- os::setenv("LIBPROCESS_SSL_VERIFY_IPADD", GetParam());
-
- openssl::reinitialize();
-
- Try<unix::Socket> server = unix::Socket::create(SocketImpl::Kind::SSL);
- ASSERT_SOME(server);
-
- Try<unix::Socket> client = unix::Socket::create(SocketImpl::Kind::SSL);
- ASSERT_SOME(client);
-
- // Use a path in the temporary directory so it gets cleaned up.
- string path = path::join(sandbox.get(), "socket");
-
- Try<unix::Address> address = unix::Address::create(path);
- ASSERT_SOME(address);
-
- ASSERT_SOME(server->bind(address.get()));
- ASSERT_SOME(server->listen(BACKLOG));
-
- Future<unix::Socket> accept = server->accept();
-
- AWAIT_ASSERT_READY(client->connect(address.get()));
-
- // Wait for the server to have accepted the client connection.
- AWAIT_ASSERT_READY(accept);
-
- unix::Socket socket = accept.get();
-
- // Send a message from the client to the server.
- const string data = "Hello World!";
- AWAIT_ASSERT_READY(client->send(data));
-
- // Verify the server received the message.
- AWAIT_ASSERT_EQ(data, socket.recv(data.size()));
-
- // Send the message back from the server to the client.
- AWAIT_ASSERT_READY(socket.send(data));
-
- // Verify the client received the message.
- AWAIT_ASSERT_EQ(data, client->recv(data.size()));
-}
-#endif // __WINDOWS__
-
// Test a basic back-and-forth communication using the 'ssl-client'
// subprocess.
TEST_F(SSLTest, SSLSocket)
@@ -411,42 +300,6 @@ TEST_F(SSLTest, VerifyCertificate)
}
-// Ensure that a certificate that WAS generated using the certificate
-// authority IS allowed to communicate when the
-// LIBPROCESS_SSL_REQUIRE_CERT flag is enabled.
-TEST_P(SSLTest, RequireCertificate)
-{
- Try<Socket> server = setup_server({
- {"LIBPROCESS_SSL_ENABLED", "true"},
- {"LIBPROCESS_SSL_KEY_FILE", key_path().string()},
- {"LIBPROCESS_SSL_CERT_FILE", certificate_path().string()},
- {"LIBPROCESS_SSL_CA_FILE", certificate_path().string()},
- {"LIBPROCESS_SSL_REQUIRE_CERT", "true"},
- {"LIBPROCESS_SSL_VERIFY_IPADD", GetParam()}});
- ASSERT_SOME(server);
-
- Try<Subprocess> client = launch_client({
- {"LIBPROCESS_SSL_ENABLED", "true"},
- {"LIBPROCESS_SSL_KEY_FILE", key_path().string()},
- {"LIBPROCESS_SSL_CERT_FILE", certificate_path().string()},
- {"LIBPROCESS_SSL_CA_FILE", certificate_path().string()},
- {"LIBPROCESS_SSL_REQUIRE_CERT", "true"},
- {"LIBPROCESS_SSL_VERIFY_IPADD", GetParam()}},
- server.get(),
- true);
- ASSERT_SOME(client);
-
- Future<Socket> socket = server->accept();
- AWAIT_ASSERT_READY(socket);
-
- // TODO(jmlvanre): Remove const copy.
- AWAIT_ASSERT_EQ(data, Socket(socket.get()).recv());
- AWAIT_ASSERT_READY(Socket(socket.get()).send(data));
-
- AWAIT_ASSERT_READY(await_subprocess(client.get(), 0));
-}
-
-
// The SSL protocols that we support through configuration flags.
static const vector<string> protocols = {
// OpenSSL can be compiled with SSLV3 disabled completely, so we
@@ -919,3 +772,155 @@ TEST_F(SSLTest, ShutdownThenSend)
}
#endif // USE_SSL_SOCKET
+
+
+class SSLVerifyIPAddTest : public SSLTest,
+ public ::testing::WithParamInterface<const char*> {};
+
+
+INSTANTIATE_TEST_CASE_P(SSLVerifyIPAdd,
+ SSLVerifyIPAddTest,
+ ::testing::Values("false", "true"));
+
+
+// Test a basic back-and-forth communication within the same OS
+// process.
+TEST_P(SSLVerifyIPAddTest, BasicSameProcess)
+{
+ os::setenv("LIBPROCESS_SSL_ENABLED", "true");
+ os::setenv("LIBPROCESS_SSL_KEY_FILE", key_path().string());
+ os::setenv("LIBPROCESS_SSL_CERT_FILE", certificate_path().string());
+ os::setenv("LIBPROCESS_SSL_REQUIRE_CERT", "true");
+ os::setenv("LIBPROCESS_SSL_CA_DIR", os::getcwd());
+ os::setenv("LIBPROCESS_SSL_CA_FILE", certificate_path().string());
+ os::setenv("LIBPROCESS_SSL_VERIFY_IPADD", GetParam());
+
+ openssl::reinitialize();
+
+ Try<Socket> server = Socket::create(SocketImpl::Kind::SSL);
+ ASSERT_SOME(server);
+
+ Try<Socket> client = Socket::create(SocketImpl::Kind::SSL);
+ ASSERT_SOME(client);
+
+ // We need to explicitly bind to the address advertised by libprocess so the
+ // certificate we create in this test fixture can be verified.
+ ASSERT_SOME(server->bind(Address(net::IP(process::address().ip), 0)));
+ ASSERT_SOME(server->listen(BACKLOG));
+
+ Try<Address> address = server->address();
+ ASSERT_SOME(address);
+
+ Future<Socket> accept = server->accept();
+
+ AWAIT_ASSERT_READY(client->connect(address.get()));
+
+ // Wait for the server to have accepted the client connection.
+ AWAIT_ASSERT_READY(accept);
+
+ Socket socket = accept.get();
+
+ // Send a message from the client to the server.
+ const string data = "Hello World!";
+ AWAIT_ASSERT_READY(client->send(data));
+
+ // Verify the server received the message.
+ AWAIT_ASSERT_EQ(data, socket.recv(data.size()));
+
+ // Send the message back from the server to the client.
+ AWAIT_ASSERT_READY(socket.send(data));
+
+ // Verify the client received the message.
+ AWAIT_ASSERT_EQ(data, client->recv(data.size()));
+}
+
+
+#ifndef __WINDOWS__
+TEST_P(SSLVerifyIPAddTest, BasicSameProcessUnix)
+{
+ os::setenv("LIBPROCESS_SSL_ENABLED", "true");
+ os::setenv("LIBPROCESS_SSL_KEY_FILE", key_path().string());
+ os::setenv("LIBPROCESS_SSL_CERT_FILE", certificate_path().string());
+ // NOTE: we must set LIBPROCESS_SSL_REQUIRE_CERT to false because we
+ // don't have a hostname or IP to verify!
+ os::setenv("LIBPROCESS_SSL_REQUIRE_CERT", "false");
+ os::setenv("LIBPROCESS_SSL_CA_DIR", os::getcwd());
+ os::setenv("LIBPROCESS_SSL_CA_FILE", certificate_path().string());
+ os::setenv("LIBPROCESS_SSL_VERIFY_IPADD", GetParam());
+
+ openssl::reinitialize();
+
+ Try<unix::Socket> server = unix::Socket::create(SocketImpl::Kind::SSL);
+ ASSERT_SOME(server);
+
+ Try<unix::Socket> client = unix::Socket::create(SocketImpl::Kind::SSL);
+ ASSERT_SOME(client);
+
+ // Use a path in the temporary directory so it gets cleaned up.
+ string path = path::join(sandbox.get(), "socket");
+
+ Try<unix::Address> address = unix::Address::create(path);
+ ASSERT_SOME(address);
+
+ ASSERT_SOME(server->bind(address.get()));
+ ASSERT_SOME(server->listen(BACKLOG));
+
+ Future<unix::Socket> accept = server->accept();
+
+ AWAIT_ASSERT_READY(client->connect(address.get()));
+
+ // Wait for the server to have accepted the client connection.
+ AWAIT_ASSERT_READY(accept);
+
+ unix::Socket socket = accept.get();
+
+ // Send a message from the client to the server.
+ const string data = "Hello World!";
+ AWAIT_ASSERT_READY(client->send(data));
+
+ // Verify the server received the message.
+ AWAIT_ASSERT_EQ(data, socket.recv(data.size()));
+
+ // Send the message back from the server to the client.
+ AWAIT_ASSERT_READY(socket.send(data));
+
+ // Verify the client received the message.
+ AWAIT_ASSERT_EQ(data, client->recv(data.size()));
+}
+#endif // __WINDOWS__
+
+
+// Ensure that a certificate that WAS generated using the certificate
+// authority IS allowed to communicate when the
+// LIBPROCESS_SSL_REQUIRE_CERT flag is enabled.
+TEST_P(SSLVerifyIPAddTest, RequireCertificate)
+{
+ Try<Socket> server = setup_server({
+ {"LIBPROCESS_SSL_ENABLED", "true"},
+ {"LIBPROCESS_SSL_KEY_FILE", key_path().string()},
+ {"LIBPROCESS_SSL_CERT_FILE", certificate_path().string()},
+ {"LIBPROCESS_SSL_CA_FILE", certificate_path().string()},
+ {"LIBPROCESS_SSL_REQUIRE_CERT", "true"},
+ {"LIBPROCESS_SSL_VERIFY_IPADD", GetParam()}});
+ ASSERT_SOME(server);
+
+ Try<Subprocess> client = launch_client({
+ {"LIBPROCESS_SSL_ENABLED", "true"},
+ {"LIBPROCESS_SSL_KEY_FILE", key_path().string()},
+ {"LIBPROCESS_SSL_CERT_FILE", certificate_path().string()},
+ {"LIBPROCESS_SSL_CA_FILE", certificate_path().string()},
+ {"LIBPROCESS_SSL_REQUIRE_CERT", "true"},
+ {"LIBPROCESS_SSL_VERIFY_IPADD", GetParam()}},
+ server.get(),
+ true);
+ ASSERT_SOME(client);
+
+ Future<Socket> socket = server->accept();
+ AWAIT_ASSERT_READY(socket);
+
+ // TODO(jmlvanre): Remove const copy.
+ AWAIT_ASSERT_EQ(data, Socket(socket.get()).recv());
+ AWAIT_ASSERT_READY(Socket(socket.get()).send(data));
+
+ AWAIT_ASSERT_READY(await_subprocess(client.get(), 0));
+}