trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jackso...@apache.org
Subject [3/3] trafficserver git commit: Move test_tls_ticket_key_rotation.py to tsqa directory
Date Tue, 30 Jun 2015 01:36:08 GMT
Move test_tls_ticket_key_rotation.py to tsqa directory

This closes #189


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/551e9a0e
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/551e9a0e
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/551e9a0e

Branch: refs/heads/master
Commit: 551e9a0e6796a4cc0e8baf35bc4c3888f61274aa
Parents: 9f9e611
Author: Bin Zeng <bzeng@linkedin.com>
Authored: Thu May 21 14:42:22 2015 -0700
Committer: Thomas Jackson <jacksontj@apache.org>
Committed: Mon Jun 29 18:30:40 2015 -0700

----------------------------------------------------------------------
 .../tests/test_tls_ticket_key_rotation.py       | 172 -------------------
 ci/tsqa/tests/test_tls_ticket_key_rotation.py   | 172 +++++++++++++++++++
 2 files changed, 172 insertions(+), 172 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/551e9a0e/ci/new_tsqa/tests/test_tls_ticket_key_rotation.py
----------------------------------------------------------------------
diff --git a/ci/new_tsqa/tests/test_tls_ticket_key_rotation.py b/ci/new_tsqa/tests/test_tls_ticket_key_rotation.py
deleted file mode 100644
index 3b9bc77..0000000
--- a/ci/new_tsqa/tests/test_tls_ticket_key_rotation.py
+++ /dev/null
@@ -1,172 +0,0 @@
-#  Licensed to the Apache Software Foundation (ASF) under one
-#  or more contributor license agreements.  See the NOTICE file
-#  distributed with this work for additional information
-#  regarding copyright ownership.  The ASF licenses this file
-#  to you under the Apache License, Version 2.0 (the
-#  "License"); you may not use this file except in compliance
-#  with the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-
-import logging
-from OpenSSL import SSL
-import socket
-import subprocess
-import time
-
-import helpers
-import tsqa.utils
-
-import os
-import tsqa.utils
-
-# helper function to get the path of a program.
-def which(program):
-    def is_exe(fpath):
-        return os.path.isfile(fpath) and os.access(fpath, os.X_OK)
-    fpath, fname = os.path.split(program)
-    if fpath:
-        if is_exe(program):
-            return program
-    else:
-        for path in os.environ["PATH"].split(os.pathsep):
-            path = path.strip('"')
-            exe_file = os.path.join(path, program)
-            if is_exe(exe_file):
-                return exe_file
-    return None
-"""
- Test TLS session resumption through session tickets and TLS ticket key rotation.
-"""
-class TestTLSTicketKeyRotation(helpers.EnvironmentCase):
-    @classmethod
-    def setUpEnv(cls, env):
-        '''
-        This function is responsible for setting up the environment for this fixture
-        This includes everything pre-daemon start
-        '''
-
-        # add an SSL port to ATS
-        cls.ssl_port = tsqa.utils.bind_unused_port()[1]
-        cls.configs['records.config']['CONFIG']['proxy.config.http.server_ports'] += ' {0}:ssl'.format(cls.ssl_port)
-        cls.configs['records.config']['CONFIG']['proxy.config.diags.debug.enabled'] = 1
-        cls.configs['records.config']['CONFIG']['proxy.config.diags.debug.tags'] = 'ssl'
-
-        # configure SSL multicert
-
-        cls.configs['ssl_multicert.config'].add_line('dest_ip=* ssl_cert_name={0} ssl_key_name={1}
ticket_key_name={2}'.format(helpers.tests_file_path('rsa_keys/ca.crt'), helpers.tests_file_path('rsa_keys/ca.key'),
helpers.tests_file_path('rsa_keys/ssl_ticket.key')))
-
-    def start_connection(self, addr):
-        '''
-        Return the certificate for addr.
-        '''
-        ctx = SSL.Context(SSL.SSLv23_METHOD)
-        # Set up client
-        sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
-        sock.connect(addr)
-        sock.do_handshake()
-
-    def test_tls_ticket_resumption(self):
-        '''
-        Make sure the new ticket key is loaded
-        '''
-        addr = ('127.0.0.1', self.ssl_port)
-        self.start_connection(addr)
-
-        # openssl s_client -connect 127.0.0.1:443 -tls1 < /dev/null
-        sess = os.path.join(self.environment.layout.logdir, 'sess')
-        ticket_cmd = 'echo | openssl s_client -connect {0}:{1} -sess_out {2}'.format(addr[0],
addr[1], sess);
-
-        # check whether TLS session tickets are received by s_client.
-        stdout, _ = tsqa.utils.run_sync_command(ticket_cmd, stdout=subprocess.PIPE, shell=True)
-        ticket_exists = False
-        for line in stdout.splitlines():
-            text = line.strip()
-            if text.startswith("TLS session ticket:"):
-                ticket_exists = True
-                break
-        self.assertTrue(ticket_exists, "Sesssion tickets are not received")
-
-        # check whether the session has been reused
-        reused = False
-        ticket_cmd = 'echo | openssl s_client -connect {0}:{1} -sess_in {2}'.format(addr[0],
addr[1], sess);
-        stdout, _ = tsqa.utils.run_sync_command(ticket_cmd, stdout=subprocess.PIPE, shell=True)
-        for line in stdout.splitlines():
-            text = line.strip()
-            if text.startswith("Reused, TLSv1/SSLv3,"):
-                reused = True
-                break
-        self.assertTrue(reused, "TLS session was not reused!")
-
-        # negative test case. The session is not reused.
-        reused = False
-        ticket_cmd = 'echo | openssl s_client -connect {0}:{1}'.format(addr[0], addr[1]);
-        stdout, _ = tsqa.utils.run_sync_command(ticket_cmd, stdout=subprocess.PIPE, shell=True)
-        for line in stdout.splitlines():
-            text = line.strip()
-            if text.startswith("Reused, TLSv1/SSLv3,"):
-                reused = True
-                break
-        self.assertFalse(reused, "TLS session has been reused!")
-
-    def test_tls_ticket_rotation(self):
-        '''
-        Make sure the new ticket key is loaded
-        '''
-        addr = ('127.0.0.1', self.ssl_port)
-        self.start_connection(addr)
-
-        '''
-        openssl s_client -connect server_ip:ssl_port -tls1 < /dev/null
-        '''
-
-        # Generate and push a new ticket key
-        rotate_cmd = 'openssl rand 48 -base64 > {0}'.format(helpers.tests_file_path('rsa_keys/ssl_ticket.key'))
-        stdout, _ = tsqa.utils.run_sync_command(rotate_cmd, stdout=subprocess.PIPE, shell=True)
-
-        # touch the ssl_multicert.config file
-        ssl_multicert = os.path.join(self.environment.layout.sysconfdir, 'ssl_multicert.config')
-
-        read_renewed_cmd = os.path.join(self.environment.layout.bindir, 'traffic_line') +
' -r proxy.process.ssl.total_ticket_keys_renewed'
-
-        # Check whether the config file exists.
-        self.assertTrue(os.path.isfile(ssl_multicert), ssl_multicert)
-        touch_cmd = which('touch') + ' ' +  ssl_multicert
-        tsqa.utils.run_sync_command(touch_cmd, stdout=subprocess.PIPE, shell=True)
-
-        count = 0
-        while True:
-            try:
-                stdout, _ = tsqa.utils.run_sync_command(read_renewed_cmd, stdout=subprocess.PIPE,
shell=True)
-                old_renewed = stdout
-                break
-            except Exception:
-                ++count
-                # If we have tried 30 times and the command still failed, quit here.
-                if count > 30:
-                    self.assertTrue(False, "Failed to get the number of renewed keys!")
-
-        signal_cmd = os.path.join(self.environment.layout.bindir, 'traffic_line') + ' -x'
-        tsqa.utils.run_sync_command(signal_cmd, stdout=subprocess.PIPE, shell=True)
-
-        # wait for the ticket keys to be sucked in by traffic_server.
-        count = 0
-        while True:
-            try:
-                stdout, _ = tsqa.utils.run_sync_command(read_renewed_cmd, stdout=subprocess.PIPE,
shell=True)
-                cur_renewed = stdout
-                if old_renewed != cur_renewed:
-                    break
-            except Exception:
-                ++count
-                if count > 30:
-                    self.assertTrue(False, "Failed to get the number of renewed keys!")
-
-        # the number of ticket keys renewed has been increased.
-        self.assertNotEqual(old_renewed, cur_renewed)

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/551e9a0e/ci/tsqa/tests/test_tls_ticket_key_rotation.py
----------------------------------------------------------------------
diff --git a/ci/tsqa/tests/test_tls_ticket_key_rotation.py b/ci/tsqa/tests/test_tls_ticket_key_rotation.py
new file mode 100644
index 0000000..3b9bc77
--- /dev/null
+++ b/ci/tsqa/tests/test_tls_ticket_key_rotation.py
@@ -0,0 +1,172 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+import logging
+from OpenSSL import SSL
+import socket
+import subprocess
+import time
+
+import helpers
+import tsqa.utils
+
+import os
+import tsqa.utils
+
+# helper function to get the path of a program.
+def which(program):
+    def is_exe(fpath):
+        return os.path.isfile(fpath) and os.access(fpath, os.X_OK)
+    fpath, fname = os.path.split(program)
+    if fpath:
+        if is_exe(program):
+            return program
+    else:
+        for path in os.environ["PATH"].split(os.pathsep):
+            path = path.strip('"')
+            exe_file = os.path.join(path, program)
+            if is_exe(exe_file):
+                return exe_file
+    return None
+"""
+ Test TLS session resumption through session tickets and TLS ticket key rotation.
+"""
+class TestTLSTicketKeyRotation(helpers.EnvironmentCase):
+    @classmethod
+    def setUpEnv(cls, env):
+        '''
+        This function is responsible for setting up the environment for this fixture
+        This includes everything pre-daemon start
+        '''
+
+        # add an SSL port to ATS
+        cls.ssl_port = tsqa.utils.bind_unused_port()[1]
+        cls.configs['records.config']['CONFIG']['proxy.config.http.server_ports'] += ' {0}:ssl'.format(cls.ssl_port)
+        cls.configs['records.config']['CONFIG']['proxy.config.diags.debug.enabled'] = 1
+        cls.configs['records.config']['CONFIG']['proxy.config.diags.debug.tags'] = 'ssl'
+
+        # configure SSL multicert
+
+        cls.configs['ssl_multicert.config'].add_line('dest_ip=* ssl_cert_name={0} ssl_key_name={1}
ticket_key_name={2}'.format(helpers.tests_file_path('rsa_keys/ca.crt'), helpers.tests_file_path('rsa_keys/ca.key'),
helpers.tests_file_path('rsa_keys/ssl_ticket.key')))
+
+    def start_connection(self, addr):
+        '''
+        Return the certificate for addr.
+        '''
+        ctx = SSL.Context(SSL.SSLv23_METHOD)
+        # Set up client
+        sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
+        sock.connect(addr)
+        sock.do_handshake()
+
+    def test_tls_ticket_resumption(self):
+        '''
+        Make sure the new ticket key is loaded
+        '''
+        addr = ('127.0.0.1', self.ssl_port)
+        self.start_connection(addr)
+
+        # openssl s_client -connect 127.0.0.1:443 -tls1 < /dev/null
+        sess = os.path.join(self.environment.layout.logdir, 'sess')
+        ticket_cmd = 'echo | openssl s_client -connect {0}:{1} -sess_out {2}'.format(addr[0],
addr[1], sess);
+
+        # check whether TLS session tickets are received by s_client.
+        stdout, _ = tsqa.utils.run_sync_command(ticket_cmd, stdout=subprocess.PIPE, shell=True)
+        ticket_exists = False
+        for line in stdout.splitlines():
+            text = line.strip()
+            if text.startswith("TLS session ticket:"):
+                ticket_exists = True
+                break
+        self.assertTrue(ticket_exists, "Sesssion tickets are not received")
+
+        # check whether the session has been reused
+        reused = False
+        ticket_cmd = 'echo | openssl s_client -connect {0}:{1} -sess_in {2}'.format(addr[0],
addr[1], sess);
+        stdout, _ = tsqa.utils.run_sync_command(ticket_cmd, stdout=subprocess.PIPE, shell=True)
+        for line in stdout.splitlines():
+            text = line.strip()
+            if text.startswith("Reused, TLSv1/SSLv3,"):
+                reused = True
+                break
+        self.assertTrue(reused, "TLS session was not reused!")
+
+        # negative test case. The session is not reused.
+        reused = False
+        ticket_cmd = 'echo | openssl s_client -connect {0}:{1}'.format(addr[0], addr[1]);
+        stdout, _ = tsqa.utils.run_sync_command(ticket_cmd, stdout=subprocess.PIPE, shell=True)
+        for line in stdout.splitlines():
+            text = line.strip()
+            if text.startswith("Reused, TLSv1/SSLv3,"):
+                reused = True
+                break
+        self.assertFalse(reused, "TLS session has been reused!")
+
+    def test_tls_ticket_rotation(self):
+        '''
+        Make sure the new ticket key is loaded
+        '''
+        addr = ('127.0.0.1', self.ssl_port)
+        self.start_connection(addr)
+
+        '''
+        openssl s_client -connect server_ip:ssl_port -tls1 < /dev/null
+        '''
+
+        # Generate and push a new ticket key
+        rotate_cmd = 'openssl rand 48 -base64 > {0}'.format(helpers.tests_file_path('rsa_keys/ssl_ticket.key'))
+        stdout, _ = tsqa.utils.run_sync_command(rotate_cmd, stdout=subprocess.PIPE, shell=True)
+
+        # touch the ssl_multicert.config file
+        ssl_multicert = os.path.join(self.environment.layout.sysconfdir, 'ssl_multicert.config')
+
+        read_renewed_cmd = os.path.join(self.environment.layout.bindir, 'traffic_line') +
' -r proxy.process.ssl.total_ticket_keys_renewed'
+
+        # Check whether the config file exists.
+        self.assertTrue(os.path.isfile(ssl_multicert), ssl_multicert)
+        touch_cmd = which('touch') + ' ' +  ssl_multicert
+        tsqa.utils.run_sync_command(touch_cmd, stdout=subprocess.PIPE, shell=True)
+
+        count = 0
+        while True:
+            try:
+                stdout, _ = tsqa.utils.run_sync_command(read_renewed_cmd, stdout=subprocess.PIPE,
shell=True)
+                old_renewed = stdout
+                break
+            except Exception:
+                ++count
+                # If we have tried 30 times and the command still failed, quit here.
+                if count > 30:
+                    self.assertTrue(False, "Failed to get the number of renewed keys!")
+
+        signal_cmd = os.path.join(self.environment.layout.bindir, 'traffic_line') + ' -x'
+        tsqa.utils.run_sync_command(signal_cmd, stdout=subprocess.PIPE, shell=True)
+
+        # wait for the ticket keys to be sucked in by traffic_server.
+        count = 0
+        while True:
+            try:
+                stdout, _ = tsqa.utils.run_sync_command(read_renewed_cmd, stdout=subprocess.PIPE,
shell=True)
+                cur_renewed = stdout
+                if old_renewed != cur_renewed:
+                    break
+            except Exception:
+                ++count
+                if count > 30:
+                    self.assertTrue(False, "Failed to get the number of renewed keys!")
+
+        # the number of ticket keys renewed has been increased.
+        self.assertNotEqual(old_renewed, cur_renewed)


Mime
View raw message