4493d40a-92aa-4162-9dfc-bfc4ec0996e6
/
polardbxengine
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polardbxengine/mysql-test/suite/auth_sec/t/mysql_ssl_rsa_setup.test

367 lines
12 KiB
Plaintext
Raw Blame History

--source include/have_openssl_binary.inc
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
#------------------------------------------------------------------------------
--echo # Test cases for mysql_ssl_rsa_setup binary
--echo # Setup
let DATADIR_LOCATION=$MYSQLTEST_VARDIR/mysqld.1/data;
#We let mysql_ssl_rsa_setup write to $wl7706_log
let wl7706_log= $MYSQLTEST_VARDIR/log/wl7706_log.txt;
let SEARCH_FILE= $wl7706_log;
# remove files
--error 0,1
--remove_file $wl7706_log
--error 0,1
--remove_file $DATADIR_LOCATION/ca.pem
--error 0,1
--remove_file $DATADIR_LOCATION/ca-key.pem
--error 0,1
--remove_file $DATADIR_LOCATION/server-cert.pem
--error 0,1
--remove_file $DATADIR_LOCATION/server-key.pem
--error 0,1
--remove_file $DATADIR_LOCATION/client-cert.pem
--error 0,1
--remove_file $DATADIR_LOCATION/client-key.pem
--error 0,1
--remove_file $DATADIR_LOCATION/private_key.pem
--error 0,1
--remove_file $DATADIR_LOCATION/public_key.pem
#------------------------------------------------------------------------------
--echo # Case 1 : Generate Files
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION > $wl7706_log
--file_exists $DATADIR_LOCATION/ca.pem
--file_exists $DATADIR_LOCATION/ca-key.pem
--file_exists $DATADIR_LOCATION/server-cert.pem
--file_exists $DATADIR_LOCATION/server-key.pem
--file_exists $DATADIR_LOCATION/client-cert.pem
--file_exists $DATADIR_LOCATION/client-key.pem
--file_exists $DATADIR_LOCATION/private_key.pem
--file_exists $DATADIR_LOCATION/public_key.pem
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 2 : Files are present : Generation should be skipped
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --verbose > $wl7706_log
let SEARCH_PATTERN= Certificate files are present in given dir. Skipping generation.;
--source include/search_pattern.inc
let SEARCH_PATTERN= RSA key files are present in given dir. Skipping generation.;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 3 : Certificate files are not present but RSA key files are present.
--echo # Only SSL certificates and keys should be generated.
--remove_file $DATADIR_LOCATION/ca.pem
--remove_file $DATADIR_LOCATION/ca-key.pem
--remove_file $DATADIR_LOCATION/server-cert.pem
--remove_file $DATADIR_LOCATION/server-key.pem
--remove_file $DATADIR_LOCATION/client-cert.pem
--remove_file $DATADIR_LOCATION/client-key.pem
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --verbose > $wl7706_log
--file_exists $DATADIR_LOCATION/ca.pem
--file_exists $DATADIR_LOCATION/ca-key.pem
--file_exists $DATADIR_LOCATION/server-cert.pem
--file_exists $DATADIR_LOCATION/server-key.pem
--file_exists $DATADIR_LOCATION/client-cert.pem
--file_exists $DATADIR_LOCATION/client-key.pem
let SEARCH_PATTERN= Executing : openssl x509;
--source include/search_pattern.inc
let SEARCH_PATTERN= Executing : openssl req;
--source include/search_pattern.inc
let SEARCH_PATTERN= RSA key files are present in given dir. Skipping generation.;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 4 : Certificate files are present but RSA key files are not present.
--echo # Only RSA key files should be generated.
--remove_file $DATADIR_LOCATION/private_key.pem
--remove_file $DATADIR_LOCATION/public_key.pem
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --verbose > $wl7706_log
--file_exists $DATADIR_LOCATION/private_key.pem
--file_exists $DATADIR_LOCATION/public_key.pem
let SEARCH_PATTERN= Certificate files are present in given dir. Skipping generation.;
--source include/search_pattern.inc
let SEARCH_PATTERN= Executing : openssl genrsa;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 5 : Remove only client-cert.pem and client-key.pem.
--echo # Certificate files should not be generated.
--remove_file $DATADIR_LOCATION/client-cert.pem
--remove_file $DATADIR_LOCATION/client-key.pem
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --verbose > $wl7706_log
let SEARCH_PATTERN= Certificate files are present in given dir. Skipping generation.;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 6 : Remove server-key.pem and public_key.pem.
--echo # Certificates and RSA keys should not be generated.
--remove_file $DATADIR_LOCATION/server-key.pem
--remove_file $DATADIR_LOCATION/public_key.pem
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --verbose > $wl7706_log
let SEARCH_PATTERN= Certificate files are present in given dir. Skipping generation.;
--source include/search_pattern.inc
let SEARCH_PATTERN= RSA key files are present in given dir. Skipping generation.;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 7 : Provide Invalid directory
--error 1
--exec $MYSQL_SSL_RSA_SETUP --datadir=$MYSQLTEST_VARDIR/doesnotexist --verbose 2> $wl7706_log
let SEARCH_PATTERN= Failed to access directory pointed by;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 8 : Custom suffix of invalid length
--remove_file $DATADIR_LOCATION/ca.pem
--remove_file $DATADIR_LOCATION/ca-key.pem
--remove_file $DATADIR_LOCATION/server-cert.pem
--remove_file $DATADIR_LOCATION/private_key.pem
--error 1
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --suffix=string_greater_than_17_characters 2> $wl7706_log
let SEARCH_PATTERN= Maximum number of characters allowed as the value for --suffix are 17;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 9 : Custom suffix of valid length
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --suffix=wl7706_test --verbose > $wl7706_log
let SEARCH_PATTERN= MySQL_Server_wl7706_test_Auto_Generated_CA_Certificate;
--source include/search_pattern.inc
let SEARCH_PATTERN= MySQL_Server_wl7706_test_Auto_Generated_Server_Certificate;
--source include/search_pattern.inc
let SEARCH_PATTERN= MySQL_Server_wl7706_test_Auto_Generated_Server_Certificate;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 10 : Custom suffix with invalid characters
--remove_file $DATADIR_LOCATION/ca.pem
--remove_file $DATADIR_LOCATION/ca-key.pem
--remove_file $DATADIR_LOCATION/server-cert.pem
--remove_file $DATADIR_LOCATION/private_key.pem
--error 1
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --suffix=ab@c!de-gh 2> $wl7706_log
let SEARCH_PATTERN=Invalid string;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 11 : Help and Version information
--exec $MYSQL_SSL_RSA_SETUP --help > $wl7706_log
let SEARCH_PATTERN=MySQL SSL Certificate and RSA Key Generation Utility;
--source include/search_pattern.inc
--remove_file $wl7706_log
--exec $MYSQL_SSL_RSA_SETUP -? > $wl7706_log
let SEARCH_PATTERN=MySQL SSL Certificate and RSA Key Generation Utility;
--source include/search_pattern.inc
--remove_file $wl7706_log
--exec $MYSQL_SSL_RSA_SETUP --version > $wl7706_log
let SEARCH_PATTERN=Ver ;
--source include/search_pattern.inc
--remove_file $wl7706_log
--exec $MYSQL_SSL_RSA_SETUP -V > $wl7706_log
let SEARCH_PATTERN=Ver ;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo # Case 12 : Very long path
let $LONG_PATH=`SELECT REPEAT('/asdfg', 100)`;
--error 1
--exec $MYSQL_SSL_RSA_SETUP --datadir=$LONG_PATH 2> $wl7706_log
let SEARCH_PATTERN=Dir path is too long;
--source include/search_pattern.inc
--remove_file $wl7706_log
#------------------------------------------------------------------------------
--echo #
--echo # Bug#21087116 : MYSQL_SSL_RSA_SETUP CREATES CLIENT-CERT.PEM WITH INCORRECT CN
--echo #
--remove_file $DATADIR_LOCATION/server-key.pem
--remove_file $DATADIR_LOCATION/client-cert.pem
--remove_file $DATADIR_LOCATION/client-key.pem
--remove_file $DATADIR_LOCATION/public_key.pem
--exec $MYSQL_SSL_RSA_SETUP --datadir=$DATADIR_LOCATION --verbose > $wl7706_log
--echo # CN of CA certificate should be MySQL_Server_.*_Auto_Generated_CA_Certificate
let SEARCH_PATTERN= MySQL_Server_.*_Auto_Generated_CA_Certificate;
--source include/search_pattern.inc
--echo # CN of Server certificate should be MySQL_Server_.*_Auto_Generated_Server_Certificate
let SEARCH_PATTERN= MySQL_Server_.*_Auto_Generated_Server_Certificate;
--source include/search_pattern.inc
--echo # CN of Client certificate should be MySQL_Server_.*_Auto_Generated_Client_Certificate
let SEARCH_PATTERN= MySQL_Server_.*_Auto_Generated_Client_Certificate;
--source include/search_pattern.inc
#------------------------------------------------------------------------------
--echo # Global Cleanup
--remove_file $wl7706_log
--remove_file $DATADIR_LOCATION/ca.pem
--remove_file $DATADIR_LOCATION/ca-key.pem
--remove_file $DATADIR_LOCATION/server-cert.pem
--remove_file $DATADIR_LOCATION/server-key.pem
--remove_file $DATADIR_LOCATION/client-cert.pem
--remove_file $DATADIR_LOCATION/client-key.pem
--remove_file $DATADIR_LOCATION/private_key.pem
--remove_file $DATADIR_LOCATION/public_key.pem
# Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc
#------------------------------------------------------------------------------
--echo #
--echo # Bug#21025377: CAN'T CONNECT TO SSL ENABLED SERVER FIRST 30 SEC AFTER
--echo # INITIAL STARTUP
--echo #
let mysqladmin_log=$MYSQLTEST_VARDIR/log/mysqladmin_log.txt;
--error 0, 1
--remove_file $mysqladmin_log
let CADIR_LOCATION=$MYSQLTEST_VARDIR/tmp/certs;
--error 0, 1
--rmdir $CADIR_LOCATION
--mkdir $CADIR_LOCATION
--exec $MYSQL_SSL_RSA_SETUP --datadir=$CADIR_LOCATION > /dev/null 2>&1
--echo # Restart the server
let server_log= $MYSQLTEST_VARDIR/log/mysql_ssl_rsa_setup.err;
let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $restart_file
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart: --log-error=$server_log --ssl-ca=$CADIR_LOCATION/ca.pem --ssl-cert=$CADIR_LOCATION/server-cert.pem --ssl-key=$CADIR_LOCATION/server-key.pem" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
--exec $MYSQLADMIN --no-defaults --host=127.0.0.1 -P $MASTER_MYPORT --user=unknown_mysql_user ping --ssl-mode=REQUIRED > $mysqladmin_log 2>&1
--perl
my $file= $ENV{'mysqladmin_log'};
my $pattern= "SSL connection error";
open(FILE, "$file") or die("unable to open $file: $!\n");
my $count = 0;
while (<FILE>) {
if ($_ =~ m/$pattern/) {
$count++;
break;
}
}
if ($count == 0){
print "No ssl errors found after running mysql server with newely created certs.\n";
} else {
print "test failed.\n";
}
close(file);
EOF
# cleanup
--remove_file $mysqladmin_log
--remove_file $CADIR_LOCATION/ca.pem
--remove_file $CADIR_LOCATION/ca-key.pem
--remove_file $CADIR_LOCATION/server-cert.pem
--remove_file $CADIR_LOCATION/server-key.pem
--remove_file $CADIR_LOCATION/client-cert.pem
--remove_file $CADIR_LOCATION/client-key.pem
--remove_file $CADIR_LOCATION/private_key.pem
--remove_file $CADIR_LOCATION/public_key.pem
#------------------------------------------------------------------------------
Reference in New Issue View Git Blame Copy Permalink