zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone

Blame SOURCES/0023-Ticket-47928-CI-test-added-test-cases-for-ticket-479.patch

f92ce9
From 8a412f7c540ac2925ad33ee633e60bf7e55e929c Mon Sep 17 00:00:00 2001
f92ce9
From: Noriko Hosoi <nhosoi@redhat.com>
f92ce9
Date: Wed, 22 Oct 2014 17:11:17 -0700
f92ce9
Subject: [PATCH 23/28] Ticket 47928 - CI test: added test cases for ticket
f92ce9
 47928
f92ce9
f92ce9
Description:
f92ce9
test_ticket47928_run_0 - Test Case 13 - No SSL version config parameters
f92ce9
test_ticket47928_run_1 - Test Case 14 - No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax
f92ce9
test_ticket47928_run_2 - Test Case 15 - nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
f92ce9
test_ticket47928_run_3 - Test Case 16 - nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
f92ce9
f92ce9
(cherry picked from commit 958be1271ab440a15649046e7927b44b57a4e19a)
f92ce9
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
f92ce9
---
f92ce9
 dirsrvtests/tickets/ticket47838_test.py | 165 +++++++++++++++++++++++++++++++-
f92ce9
 1 file changed, 161 insertions(+), 4 deletions(-)
f92ce9
f92ce9
diff --git a/dirsrvtests/tickets/ticket47838_test.py b/dirsrvtests/tickets/ticket47838_test.py
f92ce9
index c98c36e..50a4b50 100644
f92ce9
--- a/dirsrvtests/tickets/ticket47838_test.py
f92ce9
+++ b/dirsrvtests/tickets/ticket47838_test.py
f92ce9
@@ -201,7 +201,8 @@ def test_ticket47838_init(topology):
f92ce9
 
f92ce9
     log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")
f92ce9
     topology.standalone.simple_bind_s(DN_DM, PASSWORD)
f92ce9
-    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'on'),
f92ce9
+    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'off'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'nsTLS1', 'on'),
f92ce9
                                                  (ldap.MOD_REPLACE, 'nsSSLClientAuth', 'allowed'),
f92ce9
                                                  (ldap.MOD_REPLACE, 'allowWeakCipher', 'on'),
f92ce9
                                                  (ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all')])
f92ce9
@@ -645,19 +646,171 @@ def test_ticket47838_run_11(topology):
f92ce9
 
f92ce9
     comp_nsSSLEnableCipherCount(topology, 0)
f92ce9
 
f92ce9
+def test_ticket47928_run_0(topology):
f92ce9
+    """
f92ce9
+    No SSL version config parameters.
f92ce9
+    Check SSL3 (TLS1.0) is off.
f92ce9
+    """
f92ce9
+    _header(topology, 'Test Case 13 - No SSL version config parameters')
f92ce9
+
f92ce9
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
f92ce9
+    # add them once and remove them
f92ce9
+    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'off'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'nsTLS1', 'on'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2')])
f92ce9
+    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3', None),
f92ce9
+                                                 (ldap.MOD_DELETE, 'nsTLS1', None),
f92ce9
+                                                 (ldap.MOD_DELETE, 'sslVersionMin', None),
f92ce9
+                                                 (ldap.MOD_DELETE, 'sslVersionMax', None)])
f92ce9
+    topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '64')])
f92ce9
+
f92ce9
+    log.info("\n######################### Restarting the server ######################\n")
f92ce9
+    topology.standalone.stop(timeout=10)
f92ce9
+    os.system('mv %s %s.47838_11' % (topology.standalone.errlog, topology.standalone.errlog))
f92ce9
+    os.system('touch %s' % (topology.standalone.errlog))
f92ce9
+    topology.standalone.start(timeout=120)
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL alert:" %s | egrep "Default SSL Version settings; Configuring the version range as min: TLS1.1"' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
+def test_ticket47928_run_1(topology):
f92ce9
+    """
f92ce9
+    No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax
f92ce9
+    Check sslVersionMax is ignored.
f92ce9
+    """
f92ce9
+    _header(topology, 'Test Case 14 - No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax')
f92ce9
+
f92ce9
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
f92ce9
+    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.2'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.1')])
f92ce9
+
f92ce9
+    log.info("\n######################### Restarting the server ######################\n")
f92ce9
+    topology.standalone.stop(timeout=10)
f92ce9
+    os.system('mv %s %s.47838_12' % (topology.standalone.errlog, topology.standalone.errlog))
f92ce9
+    os.system('touch %s' % (topology.standalone.errlog))
f92ce9
+    topology.standalone.start(timeout=120)
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL alert:" %s | egrep "The min value of NSS version range"' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.2, max: TLS1"' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
+def test_ticket47928_run_2(topology):
f92ce9
+    """
f92ce9
+    nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
f92ce9
+    Conflict between nsSSL3 and range; nsSSL3 is disabled
f92ce9
+    """
f92ce9
+    _header(topology, 'Test Case 15 - nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2')
f92ce9
+
f92ce9
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
f92ce9
+    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'nsSSL3', 'on')])
f92ce9
+
f92ce9
+    log.info("\n######################### Restarting the server ######################\n")
f92ce9
+    topology.standalone.stop(timeout=10)
f92ce9
+    os.system('mv %s %s.47838_13' % (topology.standalone.errlog, topology.standalone.errlog))
f92ce9
+    os.system('touch %s' % (topology.standalone.errlog))
f92ce9
+    topology.standalone.start(timeout=120)
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL alert:" %s | egrep "Found unsecure configuration: nsSSL3: on"' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL alert:" %s | egrep "Respect the supported range."' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.1, max: TLS1"' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
+def test_ticket47928_run_3(topology):
f92ce9
+    """
f92ce9
+    nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
f92ce9
+    Conflict between nsSSL3/nsTLS1 and range; nsSSL3 is disabled; nsTLS1 is enabled.
f92ce9
+    """
f92ce9
+    _header(topology, 'Test Case 16 - nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2')
f92ce9
+
f92ce9
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
f92ce9
+    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'nsSSL3', 'on'),
f92ce9
+                                                 (ldap.MOD_REPLACE, 'nsTLS1', 'off')])
f92ce9
+
f92ce9
+    log.info("\n######################### Restarting the server ######################\n")
f92ce9
+    topology.standalone.stop(timeout=10)
f92ce9
+    os.system('mv %s %s.47838_14' % (topology.standalone.errlog, topology.standalone.errlog))
f92ce9
+    os.system('touch %s' % (topology.standalone.errlog))
f92ce9
+    topology.standalone.start(timeout=120)
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL alert:" %s | egrep "Found unsecure configuration: nsSSL3: on"' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL alert:" %s | egrep "Respect the configured range."' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
+    errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.1, max: TLS1"' % topology.standalone.errlog)
f92ce9
+    if errmsg != "":
f92ce9
+        log.info("Expected message:")
f92ce9
+        log.info("%s" % errmsg.readline())
f92ce9
+    else:
f92ce9
+        log.info("Expected message was not found")
f92ce9
+        assert False
f92ce9
+
f92ce9
 def test_ticket47838_run_last(topology):
f92ce9
     """
f92ce9
     Check nssSSL3Chiphers: all <== invalid value
f92ce9
     All ciphers are disabled.
f92ce9
     """
f92ce9
-    _header(topology, 'Test Case 13 - Check nssSSL3Chiphers: all, which is invalid')
f92ce9
+    _header(topology, 'Test Case 17 - Check nssSSL3Chiphers: all, which is invalid')
f92ce9
 
f92ce9
     topology.standalone.simple_bind_s(DN_DM, PASSWORD)
f92ce9
+    topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])
f92ce9
     topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', 'all')])
f92ce9
 
f92ce9
     log.info("\n######################### Restarting the server ######################\n")
f92ce9
     topology.standalone.stop(timeout=10)
f92ce9
-    os.system('mv %s %s.47838_10' % (topology.standalone.errlog, topology.standalone.errlog))
f92ce9
+    os.system('mv %s %s.47838_15' % (topology.standalone.errlog, topology.standalone.errlog))
f92ce9
     os.system('touch %s' % (topology.standalone.errlog))
f92ce9
     topology.standalone.start(timeout=120)
f92ce9
 
f92ce9
@@ -671,7 +824,7 @@ def test_ticket47838_run_last(topology):
f92ce9
 
f92ce9
     comp_nsSSLEnableCipherCount(topology, 0)
f92ce9
 
f92ce9
-    topology.standalone.log.info("ticket47838, 47880, 47908 were successfully verified.");
f92ce9
+    topology.standalone.log.info("ticket47838, 47880, 47908, 47928 were successfully verified.");
f92ce9
 
f92ce9
 def test_ticket47838_final(topology):
f92ce9
     topology.standalone.simple_bind_s(DN_DM, PASSWORD)
f92ce9
@@ -706,6 +859,10 @@ def run_isolated():
f92ce9
     test_ticket47838_run_9(topo)
f92ce9
     test_ticket47838_run_10(topo)
f92ce9
     test_ticket47838_run_11(topo)
f92ce9
+    test_ticket47928_run_0(topo)
f92ce9
+    test_ticket47928_run_1(topo)
f92ce9
+    test_ticket47928_run_2(topo)
f92ce9
+    test_ticket47928_run_3(topo)
f92ce9
 
f92ce9
     test_ticket47838_run_last(topo)
f92ce9
     
f92ce9
-- 
f92ce9
1.9.3
f92ce9