Aktualizr
C++ SOTA Client
All Classes Namespaces Files Functions Variables Enumerations Enumerator Pages
authenticate_test.cc
1 #include <gtest/gtest.h>
2 
3 #include <string>
4 
5 #include <curl/curl.h>
6 #include <boost/process.hpp>
7 
8 #include "authenticate.h"
9 #include "server_credentials.h"
10 #include "test_utils.h"
11 #include "treehub_server.h"
12 #include "utilities/utils.h"
13 
14 boost::filesystem::path certs_dir;
15 
16 /* Authenticate with OAuth2.
17  * Parse authentication information from treehub.json. */
18 TEST(authenticate, good_zip) {
19  // Authenticates with the ATS portal to the SaaS instance.
20  // It is outdated test. kepp it for backward compatibility
21  boost::filesystem::path filepath = "tests/sota_tools/auth_test_good.zip";
22  ServerCredentials creds(filepath);
23  EXPECT_EQ(creds.GetMethod(), AuthMethod::kOauth2);
24  TreehubServer treehub;
25  int r = authenticate("", creds, treehub);
26  EXPECT_EQ(0, r);
27 }
28 
29 /* Authenticate with TLS credentials.
30  * Parse Image repository URL from a provided archive. */
31 TEST(authenticate, good_cert_zip) {
32  // Authenticates with tls_server on port 1443.
33  boost::filesystem::path filepath = certs_dir / "good.zip";
34  boost::filesystem::path capath = certs_dir / "server.crt";
35  ServerCredentials creds(filepath);
36  EXPECT_EQ(creds.GetMethod(), AuthMethod::kTls);
37  TreehubServer treehub;
38  int r = authenticate(capath.string(), creds, treehub);
39  EXPECT_EQ(0, r);
40  CurlEasyWrapper curl_handle;
41  curlEasySetoptWrapper(curl_handle.get(), CURLOPT_VERBOSE, 1);
42  treehub.InjectIntoCurl("test.txt", curl_handle.get());
43  CURLcode rc = curl_easy_perform(curl_handle.get());
44  EXPECT_EQ(CURLE_OK, rc);
45 }
46 
47 /* Authenticate with nothing (no auth).
48  * Parse authentication information from treehub.json.
49  * Parse Image repository URL from a provided archive. */
50 TEST(authenticate, good_cert_noauth_zip) {
51  // Authenticates with tls_noauth_server on port 2443.
52  boost::filesystem::path filepath = "tests/sota_tools/auth_test_noauth_good.zip";
53  boost::filesystem::path capath = certs_dir / "server.crt";
54  ServerCredentials creds(filepath);
55  EXPECT_EQ(creds.GetMethod(), AuthMethod::kNone);
56  TreehubServer treehub;
57  int r = authenticate(capath.string(), creds, treehub);
58  EXPECT_EQ(0, r);
59  CurlEasyWrapper curl_handle;
60  curlEasySetoptWrapper(curl_handle.get(), CURLOPT_VERBOSE, 1);
61  treehub.InjectIntoCurl("test.txt", curl_handle.get());
62  CURLcode rc = curl_easy_perform(curl_handle.get());
63 
64  EXPECT_EQ(CURLE_OK, rc);
65 }
66 
67 TEST(authenticate, bad_cert_zip) {
68  // Tries to authenticates with tls_server on port 1443.
69  // Fails because the intermediate cert that signed the client cert was signed
70  // by a different root cert.
71  boost::filesystem::path filepath = certs_dir / "bad.zip";
72  ServerCredentials creds(filepath);
73  EXPECT_EQ(creds.GetMethod(), AuthMethod::kTls);
74  TreehubServer treehub;
75  int r = authenticate("", creds, treehub);
76  EXPECT_EQ(0, r);
77  CurlEasyWrapper curl_handle;
78  curlEasySetoptWrapper(curl_handle.get(), CURLOPT_VERBOSE, 1);
79  treehub.InjectIntoCurl("test.txt", curl_handle.get());
80  CURLcode rc = curl_easy_perform(curl_handle.get());
81 
82  EXPECT_NE(CURLE_OK, rc);
83 }
84 
85 /* Reject a provided archive file with bogus credentials. */
86 TEST(authenticate, bad_zip) {
87  boost::filesystem::path filepath = "tests/sota_tools/auth_test_bad.zip";
88  TreehubServer treehub;
89  int r = authenticate("", ServerCredentials(filepath), treehub);
90  EXPECT_EQ(1, r);
91 }
92 
93 /* Reject a provided archive file without a treehub.json. */
94 TEST(authenticate, no_json_zip) {
95  boost::filesystem::path filepath = "tests/sota_tools/auth_test_no_json.zip";
96  EXPECT_THROW(ServerCredentials creds(filepath), BadCredentialsContent);
97 }
98 
99 /* Extract credentials from a provided JSON file. */
100 TEST(authenticate, good_json) {
101  // Authenticates with the ATS portal to the SaaS instance.
102  // Outdated. we can probably get rid of the whole json-only authentication at this point. T
103  // he last time that was officially supported was over three years ago(2017)
104  // and it's been "deprecated" ever since.
105  boost::filesystem::path filepath = "tests/sota_tools/auth_test_good.json";
106  TreehubServer treehub;
107  int r = authenticate("", ServerCredentials(filepath), treehub);
108  EXPECT_EQ(0, r);
109 }
110 
111 TEST(authenticate, good_json_v2) {
112  // Authenticates with new backend.
113  // Note: update auth_test_good_v2.json after deploy on prod. current file uses HAT
114  boost::filesystem::path filepath = "tests/sota_tools/auth_test_good_v2.json";
115  TreehubServer treehub;
116  // Note: enable it in https://saeljira.it.here.com/browse/OTA-5341 and
117  // use stable server instead of HAT env in auth_test_good_v2.json
118  int r = 0; // authenticate("", ServerCredentials(filepath), treehub);
119  EXPECT_EQ(0, r);
120 }
121 
122 /* Reject a bogus provided JSON file. */
123 TEST(authenticate, bad_json) {
124  boost::filesystem::path filepath = "tests/sota_tools/auth_test_bad.json";
125  TreehubServer treehub;
126  int r = authenticate("", ServerCredentials(filepath), treehub);
127  EXPECT_EQ(1, r);
128 }
129 
130 /* Reject a bogus provided file. */
131 TEST(authenticate, invalid_file) {
132  boost::filesystem::path filepath = "tests/sota_tools/auth_test.cc";
133  EXPECT_THROW(ServerCredentials creds(filepath), BadCredentialsJson);
134 }
135 
136 /* Check if credentials support offline signing. */
137 TEST(authenticate, offline_sign_creds) {
138  // Note that these credentials point to the old CI infrastructure that is now
139  // defunct. However, for the sake of this test, that doesn't matter.
140  boost::filesystem::path auth_offline = "tests/sota_tools/auth_test_good_offline.zip";
141  ServerCredentials creds_offline(auth_offline);
142  EXPECT_TRUE(creds_offline.CanSignOffline());
143 }
144 
145 /* Check if credentials do not support offline signing. */
146 TEST(authenticate, online_sign_creds) {
147  // Authenticates with tls_server on port 1443.
148  boost::filesystem::path auth_online = certs_dir / "good.zip";
149  ServerCredentials creds_online(auth_online);
150  EXPECT_FALSE(creds_online.CanSignOffline());
151 }
152 
153 #ifndef __NO_MAIN__
154 int main(int argc, char **argv) {
155  ::testing::InitGoogleTest(&argc, argv);
156  if (argc != 2) {
157  std::cerr << "Error: " << argv[0] << " requires the path to the directory with generated certificates.\n";
158  return EXIT_FAILURE;
159  }
160  certs_dir = argv[1];
161 
162  boost::process::child server_process("tests/sota_tools/authentication/tls_server.py", "1443", certs_dir);
163  boost::process::child server_noauth_process("tests/sota_tools/authentication/tls_server.py", "--noauth", "2443",
164  certs_dir);
165  // TODO: this do not work because the server expects auth! Let's sleep for now.
166  // (could be replaced by a check with raw tcp)
167  // TestUtils::waitForServer("https://localhost:1443/");
168  sleep(4);
169  TestUtils::waitForServer("https://localhost:2443/");
170  return RUN_ALL_TESTS();
171 }
172 #endif
173 
174 // vim: set tabstop=2 shiftwidth=2 expandtab:
CurlEasyWrapper
Definition: utils.h:146
ServerCredentials
Definition: server_credentials.h:25
BadCredentialsJson
Definition: server_credentials.h:15
TreehubServer
Definition: treehub_server.h:11
BadCredentialsContent
Definition: server_credentials.h:10
Generated by   doxygen 1.8.17