From 80d326ad2a08995300aa02aaae2087fcd96694f4 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Mon, 11 Jan 2010 13:07:11 -0800 Subject: [PATCH] ovsdb: Add tests for OVSDB protocol over SSL. --- tests/automake.mk | 6 ++-- tests/ovsdb-server.at | 43 +++++++++++++++++++++-- tests/testpki-cert2.pem | 70 ++++++++++++++++++++++++++++++++++++++ tests/testpki-privkey2.pem | 27 +++++++++++++++ tests/testpki-req2.pem | 63 ++++++++++++++++++++++++++++++++++ 5 files changed, 205 insertions(+), 4 deletions(-) create mode 100644 tests/testpki-cert2.pem create mode 100644 tests/testpki-privkey2.pem create mode 100644 tests/testpki-req2.pem diff --git a/tests/automake.mk b/tests/automake.mk index ee738d1b..ef8b7c30 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -152,6 +152,8 @@ tests_test_vconn_LDADD = lib/libopenvswitch.a $(SSL_LIBS) EXTRA_DIST += \ tests/testpki-cacert.pem \ tests/testpki-cert.pem \ + tests/testpki-cert2.pem \ tests/testpki-privkey.pem \ - tests/testpki-req.pem - + tests/testpki-privkey2.pem \ + tests/testpki-req.pem \ + tests/testpki-req2.pem diff --git a/tests/ovsdb-server.at b/tests/ovsdb-server.at index e73add80..a1738eaa 100644 --- a/tests/ovsdb-server.at +++ b/tests/ovsdb-server.at @@ -1,4 +1,4 @@ -AT_BANNER([OVSDB -- ovsdb-server transactions]) +AT_BANNER([OVSDB -- ovsdb-server transactions (Unix sockets)]) # OVSDB_CHECK_EXECUTION(TITLE, SCHEMA, TRANSACTIONS, OUTPUT, [KEYWORDS]) # @@ -32,7 +32,7 @@ cat stdout >> output AT_CLEANUP]) EXECUTION_EXAMPLES - + AT_SETUP([--remote=db: implementation]) AT_KEYWORDS([ovsdb server positive]) AT_DATA([schema], @@ -65,3 +65,42 @@ AT_CHECK( [test ! -e pid || kill `cat pid`]) test ! -e pid || kill `cat pid` AT_CLEANUP + +AT_BANNER([OVSDB -- ovsdb-server transactions (SSL sockets)]) + +# OVSDB_CHECK_EXECUTION(TITLE, SCHEMA, TRANSACTIONS, OUTPUT, [KEYWORDS]) +# +# Creates a database with the given SCHEMA, starts an ovsdb-server on +# that database, and runs each of the TRANSACTIONS (which should be a +# quoted list of quoted strings) against it with ovsdb-client one at a +# time. +# +# Checks that the overall output is OUTPUT, but UUIDs in the output +# are replaced by markers of the form where N is a number. The +# first unique UUID is replaced by <0>, the next by <1>, and so on. +# If a given UUID appears more than once it is always replaced by the +# same marker. +# +# TITLE is provided to AT_SETUP and KEYWORDS to AT_KEYWORDS. +m4_define([OVSDB_CHECK_EXECUTION], + [AT_SETUP([$1]) + AT_KEYWORDS([ovsdb server positive ssl $5]) + AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) + AT_SKIP_IF([test "x$RANDOM" = x]) + AT_DATA([schema], [$2 +]) + SSL_PORT=`expr 32767 + \( $RANDOM % 32767 \)` + PKIDIR=$abs_top_srcdir/tests + OVS_CHECK_LCOV([ovsdb-tool create db schema], [0], [stdout], [ignore]) + AT_CHECK([ovsdb-server --detach --pidfile=$PWD/pid --private-key=$PKIDIR/testpki-privkey2.pem --certificate=$PKIDIR/testpki-cert2.pem --ca-cert=$PKIDIR/testpki-cacert.pem --remote=pssl:$SSL_PORT:127.0.0.1 --unixctl=$PWD/unixctl db], [0], [ignore], [ignore]) + m4_foreach([txn], [$3], + [OVS_CHECK_LCOV([ovsdb-client --private-key=$PKIDIR/testpki-privkey.pem --certificate=$PKIDIR/testpki-cert.pem --ca-cert=$PKIDIR/testpki-cacert.pem transact ssl:127.0.0.1:$SSL_PORT 'txn'], [0], [stdout], [ignore], + [test ! -e pid || kill `cat pid`]) +cat stdout >> output +]) + AT_CHECK([perl $srcdir/uuidfilt.pl output], [0], [$4], [ignore], + [test ! -e pid || kill `cat pid`]) + test ! -e pid || kill `cat pid` + AT_CLEANUP]) + +EXECUTION_EXAMPLES diff --git a/tests/testpki-cert2.pem b/tests/testpki-cert2.pem new file mode 100644 index 00000000..b282bd0d --- /dev/null +++ b/tests/testpki-cert2.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 3 (0x3) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2010 Jan 06 17:08:30) + Validity + Not Before: Jan 11 20:06:58 2010 GMT + Not After : Jan 11 20:06:58 2011 GMT + Subject: C=US, ST=CA, O=Open vSwitch, OU=Open vSwitch certifier, CN=Open vSwitch certificate for testpki2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:b0:0a:97:1e:d8:48:76:57:32:e6:4d:d7:84:86: + 7a:d8:0c:b7:a4:13:9c:23:bc:d5:01:94:10:81:f7: + 5f:b7:70:ba:1e:85:c6:5c:72:ca:cc:2a:d5:fe:cc: + 94:0b:54:5e:ae:40:fd:d9:c1:cc:8b:58:7e:87:73: + 5e:ac:98:17:f2:93:b4:cd:d7:dd:12:59:b7:8e:31: + d8:63:c9:7a:14:27:f6:67:64:cb:8f:b1:d4:c1:3c: + be:30:e2:08:1e:e2:db:12:9b:23:53:9f:6b:46:9b: + 08:46:80:6f:89:f5:77:88:b8:e0:48:89:be:0e:47: + c5:5e:64:28:7e:c3:f3:10:cb:e2:95:20:6a:81:7a: + 14:e3:8f:e8:b8:d3:f9:31:b2:98:0c:a6:5e:9f:ea: + 25:89:34:22:f2:fc:a1:5d:2b:2d:0a:40:85:7a:ff: + 4f:5e:5a:51:72:f2:b8:03:17:db:d2:3e:40:7f:1b: + 6b:f1:ad:e8:ae:d3:33:d4:ad:9c:05:d4:b1:1f:53: + 1d:45:18:50:31:28:88:56:93:a7:f9:b2:cd:90:d5: + 91:dc:14:a9:33:2d:0b:8c:74:7d:94:1e:be:58:d7: + fe:1e:6d:a5:a5:3b:e2:66:f0:06:f9:d9:5c:2c:66: + fb:7b:85:38:13:65:ff:38:ba:1b:59:f4:08:a0:49: + 03:3f + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 6b:36:9d:38:52:14:c7:59:a4:3d:39:eb:7f:47:53:8a:f2:3e: + 42:b3:ba:f9:1b:9f:72:3f:3d:38:7f:c7:41:2d:e9:9d:ed:94: + 50:79:00:55:d0:52:8a:c4:2f:0b:74:36:05:d4:0a:d5:fd:a6: + 87:6e:3a:e2:12:c0:4e:0e:92:9f:98:8d:77:68:0a:bf:21:0d: + 78:20:03:0e:13:9f:49:cf:bd:c3:42:b2:69:a6:d0:67:e8:33: + e0:f2:9e:1c:ff:04:2f:1b:fd:37:68:a9:23:54:a5:a2:83:9d: + cb:ee:70:3a:c5:03:30:51:c6:90:01:39:f4:e1:29:be:53:2e: + fd:71:90:b7:31:33:95:70:48:98:08:4b:2f:3b:33:11:ba:4c: + ce:ed:f5:d8:f7:02:e7:da:f3:e9:56:9d:3a:e2:af:ec:61:e5: + 9c:06:8a:21:18:64:5c:b8:71:e5:4e:64:cc:2d:35:65:e7:cb: + 96:f3:8b:bc:51:79:42:92:70:e2:e4:28:70:58:44:81:45:83: + e2:c3:2c:3b:5b:01:04:94:ce:25:40:8e:15:a3:b3:05:e4:68: + 17:4b:50:41:1a:58:51:75:81:0c:72:bd:4c:bc:b3:d1:dd:d9: + aa:8f:8c:b4:bb:61:b7:55:c1:3f:74:2c:76:73:1e:25:cc:3d: + 5c:ac:d5:22 +-----BEGIN CERTIFICATE----- +MIIDeTCCAmECAQMwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj +YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDEwIEph +biAwNiAxNzowODozMCkwHhcNMTAwMTExMjAwNjU4WhcNMTEwMTExMjAwNjU4WjCB +gjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0 +Y2gxHzAdBgNVBAsTFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxLjAsBgNVBAMTJU9w +ZW4gdlN3aXRjaCBjZXJ0aWZpY2F0ZSBmb3IgdGVzdHBraTIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCwCpce2Eh2VzLmTdeEhnrYDLekE5wjvNUBlBCB +91+3cLoehcZccsrMKtX+zJQLVF6uQP3ZwcyLWH6Hc16smBfyk7TN190SWbeOMdhj +yXoUJ/ZnZMuPsdTBPL4w4gge4tsSmyNTn2tGmwhGgG+J9XeIuOBIib4OR8VeZCh+ +w/MQy+KVIGqBehTjj+i40/kxspgMpl6f6iWJNCLy/KFdKy0KQIV6/09eWlFy8rgD +F9vSPkB/G2vxreiu0zPUrZwF1LEfUx1FGFAxKIhWk6f5ss2Q1ZHcFKkzLQuMdH2U +Hr5Y1/4ebaWlO+Jm8Ab52VwsZvt7hTgTZf84uhtZ9AigSQM/AgMBAAEwDQYJKoZI +hvcNAQEEBQADggEBAGs2nThSFMdZpD05639HU4ryPkKzuvkbn3I/PTh/x0Et6Z3t +lFB5AFXQUorELwt0NgXUCtX9poduOuISwE4Okp+YjXdoCr8hDXggAw4Tn0nPvcNC +smmm0GfoM+Dynhz/BC8b/TdoqSNUpaKDncvucDrFAzBRxpABOfThKb5TLv1xkLcx +M5VwSJgISy87MxG6TM7t9dj3Aufa8+lWnTrir+xh5ZwGiiEYZFy4ceVOZMwtNWXn +y5bzi7xReUKScOLkKHBYRIFFg+LDLDtbAQSUziVAjhWjswXkaBdLUEEaWFF1gQxy +vUy8s9Hd2aqPjLS7YbdVwT90LHZzHiXMPVys1SI= +-----END CERTIFICATE----- diff --git a/tests/testpki-privkey2.pem b/tests/testpki-privkey2.pem new file mode 100644 index 00000000..21b26983 --- /dev/null +++ b/tests/testpki-privkey2.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAsAqXHthIdlcy5k3XhIZ62Ay3pBOcI7zVAZQQgfdft3C6HoXG +XHLKzCrV/syUC1RerkD92cHMi1h+h3NerJgX8pO0zdfdElm3jjHYY8l6FCf2Z2TL +j7HUwTy+MOIIHuLbEpsjU59rRpsIRoBvifV3iLjgSIm+DkfFXmQofsPzEMvilSBq +gXoU44/ouNP5MbKYDKZen+oliTQi8vyhXSstCkCFev9PXlpRcvK4Axfb0j5Afxtr +8a3ortMz1K2cBdSxH1MdRRhQMSiIVpOn+bLNkNWR3BSpMy0LjHR9lB6+WNf+Hm2l +pTviZvAG+dlcLGb7e4U4E2X/OLobWfQIoEkDPwIDAQABAoIBAQCcFVe2Dnf5DQlh +LyVmKEIk6umr/YMUIKoPkzMruKRSJg2vYFbmwxTR/yzrlIGypeSoxZENkIoGBrlw +6TbI+rVI6/OECt/FFGzuE33Tw+CMnH4ZYEIoLrj/eBb9ins+v08T6R9iVlesK2sj +7151yIFqZNjfF9m+GZ6COXW6J4yMl3Aq+x72IBq46pyu/WoBkxBPfXcIfImoaoUI +2dbid5S074qmPpyfaVLkS6s77nxypH1T2dhi1TkpQmIIx+aCyxdlTmpCwa7Uik6l +ZQxpzQPtT1aiBixJbEHmvyTnnptNTzWXQP+mxnfGUZ6TyCNtW2V3o2I9/EoHc7I4 +OXb1p/WpAoGBAOHgNlyYanlm0ezvROA/JDMPgizJJrYv9BGJez+1NaEw+gSRBFrZ +IpVU9OuiCnkJCcNAH1KO/f4InnbJyvSweQd0CUOvNPAwqMHLjH2FnL2WQLv+9afY +tt0oZpDT9Wj+VskYoVu2jPhGfKzSrtjevmCU7w7heUjdQM2WCYuSHLktAoGBAMeE +8bGq+v5yfjn8/8SYvxYe3iRtpEgn8hg1XEl0VN7zVXVOVfastdh9xuNiAnHn16GT ++4VeqYCBfb9ygcRyid048dXhLCUsD84EMsdCtKHgG0iJh2RJ7L67z4ZFgEZw03K3 +sRfRo/2QxFMIG30ZFip7MLiTZc1OvP+OZ/lovZmbAoGARqaN+mqGK1D46qZwob++ +P+Zi7kVAwY3ARtf84BF7I98g5NrDRPNT+Oeo8CcwJWmpTxQ4d+dYFOR3RGqb++tS +//zQhQZBhbuCnZNgb0ainz5nIyZ9ijGkCQsBAd36jgu385Crr/cqouHRT3Fa1WTe +oXEUUVA/UoY6JdP/SlO6fkUCgYBfTFHBYgCm3nsKKZzlA2xqHW5Pigso5+OLypj9 +ANK09xc/g54tx4rIEDOaUisGyw1EwREnP/LITZGJiyEOewL8poFkfjv+uVAHQBwc +7vCmTQvbFs2TinfJFp3l7XZ6rtNgfPrafKjOqYIMgtfWZdAflF3OG6FJci12B0gE +ahH9twKBgQDgMuZ2RomZST/x8ClWpE6jDJzwBRAO8RwFDQqTV3OXqu1fImTrB8x0 +Qtclr6NeHWLgb00njgZTCk4/Yo7htdMoL8CsuUJ3Rz3hzjdN2fLO5SUNNI5vJu5/ +iHCAqSlDUmPuTSIE+xvfwZrHAxPNO+xCPoAgvFXUs7BWaGJNf16HSQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/testpki-req2.pem b/tests/testpki-req2.pem new file mode 100644 index 00000000..0ec61cd3 --- /dev/null +++ b/tests/testpki-req2.pem @@ -0,0 +1,63 @@ +Certificate Request: + Data: + Version: 0 (0x0) + Subject: C=US, ST=CA, L=Palo Alto, O=Open vSwitch, OU=Open vSwitch certifier, CN=Open vSwitch certificate for testpki2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:b0:0a:97:1e:d8:48:76:57:32:e6:4d:d7:84:86: + 7a:d8:0c:b7:a4:13:9c:23:bc:d5:01:94:10:81:f7: + 5f:b7:70:ba:1e:85:c6:5c:72:ca:cc:2a:d5:fe:cc: + 94:0b:54:5e:ae:40:fd:d9:c1:cc:8b:58:7e:87:73: + 5e:ac:98:17:f2:93:b4:cd:d7:dd:12:59:b7:8e:31: + d8:63:c9:7a:14:27:f6:67:64:cb:8f:b1:d4:c1:3c: + be:30:e2:08:1e:e2:db:12:9b:23:53:9f:6b:46:9b: + 08:46:80:6f:89:f5:77:88:b8:e0:48:89:be:0e:47: + c5:5e:64:28:7e:c3:f3:10:cb:e2:95:20:6a:81:7a: + 14:e3:8f:e8:b8:d3:f9:31:b2:98:0c:a6:5e:9f:ea: + 25:89:34:22:f2:fc:a1:5d:2b:2d:0a:40:85:7a:ff: + 4f:5e:5a:51:72:f2:b8:03:17:db:d2:3e:40:7f:1b: + 6b:f1:ad:e8:ae:d3:33:d4:ad:9c:05:d4:b1:1f:53: + 1d:45:18:50:31:28:88:56:93:a7:f9:b2:cd:90:d5: + 91:dc:14:a9:33:2d:0b:8c:74:7d:94:1e:be:58:d7: + fe:1e:6d:a5:a5:3b:e2:66:f0:06:f9:d9:5c:2c:66: + fb:7b:85:38:13:65:ff:38:ba:1b:59:f4:08:a0:49: + 03:3f + Exponent: 65537 (0x10001) + Attributes: + a0:00 + Signature Algorithm: sha1WithRSAEncryption + 6e:d7:7c:0b:91:75:9a:36:25:44:cf:9b:0c:6b:8f:a5:ed:f2: + 4f:cc:bd:9f:fd:43:dd:b4:27:0a:0d:61:4c:54:99:b0:4c:a9: + 52:3e:39:93:68:63:e1:15:fc:47:27:54:17:08:eb:b0:6a:61: + 61:d8:d5:d4:95:fc:1e:50:ba:6a:7f:7b:33:87:a9:b4:27:6b: + f4:12:05:c3:90:ca:bf:98:ea:ae:d2:1e:26:bb:cd:23:cd:38: + c8:f0:a1:03:9e:d7:e1:e4:d9:c0:ea:b0:31:5c:ba:7c:53:d1: + 5e:23:c2:e8:74:57:0b:fb:23:79:89:5a:88:74:96:37:7e:3a: + 06:8d:76:fe:e0:f0:d1:8e:60:a3:7d:0c:99:16:a0:a3:ec:f9: + 62:c0:7d:22:18:33:16:b6:a8:31:39:07:6e:8f:d7:3f:5c:c4: + 44:53:c6:1c:09:1a:f7:f6:27:3e:d2:73:ce:e9:37:ca:86:8a: + 58:cc:47:0b:5c:c9:58:12:92:88:4e:6b:13:f9:b4:44:db:9c: + e3:f2:0a:61:8e:f8:49:59:44:35:ba:7d:b8:eb:6c:ea:72:e3: + cf:39:12:fc:df:08:af:b5:67:91:08:06:f6:2c:69:e9:de:b6: + a4:95:0a:30:72:bc:0e:f4:72:ab:0b:bc:68:ad:90:cf:c7:2d: + 71:6e:4f:9f +-----BEGIN CERTIFICATE REQUEST----- +MIIC3DCCAcQCAQAwgZYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UE +BxMJUGFsbyBBbHRvMRUwEwYDVQQKEwxPcGVuIHZTd2l0Y2gxHzAdBgNVBAsTFk9w +ZW4gdlN3aXRjaCBjZXJ0aWZpZXIxLjAsBgNVBAMTJU9wZW4gdlN3aXRjaCBjZXJ0 +aWZpY2F0ZSBmb3IgdGVzdHBraTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwCpce2Eh2VzLmTdeEhnrYDLekE5wjvNUBlBCB91+3cLoehcZccsrMKtX+ +zJQLVF6uQP3ZwcyLWH6Hc16smBfyk7TN190SWbeOMdhjyXoUJ/ZnZMuPsdTBPL4w +4gge4tsSmyNTn2tGmwhGgG+J9XeIuOBIib4OR8VeZCh+w/MQy+KVIGqBehTjj+i4 +0/kxspgMpl6f6iWJNCLy/KFdKy0KQIV6/09eWlFy8rgDF9vSPkB/G2vxreiu0zPU +rZwF1LEfUx1FGFAxKIhWk6f5ss2Q1ZHcFKkzLQuMdH2UHr5Y1/4ebaWlO+Jm8Ab5 +2VwsZvt7hTgTZf84uhtZ9AigSQM/AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEA +btd8C5F1mjYlRM+bDGuPpe3yT8y9n/1D3bQnCg1hTFSZsEypUj45k2hj4RX8RydU +FwjrsGphYdjV1JX8HlC6an97M4eptCdr9BIFw5DKv5jqrtIeJrvNI804yPChA57X +4eTZwOqwMVy6fFPRXiPC6HRXC/sjeYlaiHSWN346Bo12/uDw0Y5go30MmRago+z5 +YsB9IhgzFraoMTkHbo/XP1zERFPGHAka9/YnPtJzzuk3yoaKWMxHC1zJWBKSiE5r +E/m0RNuc4/IKYY74SVlENbp9uOts6nLjzzkS/N8Ir7VnkQgG9ixp6d62pJUKMHK8 +DvRyqwu8aK2Qz8ctcW5Pnw== +-----END CERTIFICATE REQUEST----- -- 2.30.2