Add some basic functional tests.

This tests in an in-tree Apache instance using the local libmodnss.so shared library, so no pre-installation is necessary. The tests use python-nose and a hacked python-requests library. It is hacked so I can obtain the negotiated cipher and protocol as well as pass a few other things into it. Tests right now are limited to GET requests. A new user certificate for 'beta' was added to gencert to do pass/fail access control testing. The basic process of the tests are: - run setup.sh which sets up a new instance with createinstance.sh and does some variable substitution. - nosetests -v I picture multiple test "suites" of different configurations. Right now there is only one. A template file is provided for each suite. Tested only on Fedora 20 right now.
author: Rob Crittenden <rcritten@redhat.com> 2014-02-26 16:37:51 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2014-02-26 16:50:55 -0500
commit: 07c27296c2c940cb119386304ebffb4ab41f0fb9 (patch)
tree: 201d87fb7f87d734bcec06aef66d8f20d8fb4706 /test/test.py
parent: c2ac0d128e776f3edb8aeb8920bf41b99742e74c (diff)
download: mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.tar.gz
mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.tar.xz
mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.zip
1 files changed, 138 insertions, 0 deletions
diff --git a/test/test.py b/test/test.py
new file mode 100644
index 0000000..e7136e6
--- /dev/null
+++ b/test/test.py
@@ -0,0 +1,138 @@
+from test_config import Declarative, write_template_file, restart_apache
+from test_config import stop_apache
+import requests.exceptions
+
+class test_suite1(Declarative):
+    @classmethod
+    def setUpClass(cls):
+        write_template_file('suite1.tmpl', 'work/httpd/conf/test.conf', {})
+        restart_apache()
+
+    @classmethod
+    def tearDownClass(cls):
+        stop_apache()
+
+    tests = [
+
+        dict(
+            desc='Basic SSL connection',
+            request=('/', {}),
+            expected=200,
+        ),
+
+        dict(
+            desc='Basic SSL connection, 404',
+            request=('/notfound', {}),
+            expected=404,
+        ),
+
+        dict(
+            desc='SSL connection, fail to verify',
+            request=('/', {'verify': True}),
+            expected=requests.exceptions.SSLError(),
+        ),
+
+        dict(
+            desc='SSL AES128-SHA cipher check',
+            request=('/index.html', {}),
+            expected=200,
+            cipher='AES128-SHA',
+        ),
+
+        dict(
+            desc='Default protocol check',
+            request=('/', {}),
+            expected=200,
+            protocol='TLSv1/SSLv3',
+        ),
+
+        dict(
+            desc='server-side RC4 cipher check',
+            request=('/rc4_cipher/', {'ciphers': 'ALL'}),
+            expected=200,
+            cipher='RC4-MD5',
+        ),
+
+        dict(
+            desc='client-side RC4 cipher check',
+            request=('/', {'ciphers': 'RC4-MD5'}),
+            expected=200,
+            cipher='RC4-MD5',
+        ),
+
+        dict(
+            desc='Basic client auth, no certificate',
+            request=('/acl/aclS01.html', {}),
+            expected=requests.exceptions.SSLError(),
+        ),
+
+        dict(
+            desc='Basic client auth, valid certificate',
+            request=('/acl/aclS01.html', {
+                      'key_file': 'work/httpd/alpha.key',
+                      'cert_file': 'work/httpd/alpha.crt',}
+            ),
+            expected=200,
+        ),
+
+        dict(
+            desc='NSSRequire auth, no certificate',
+            request=('/acl/aclS02.html', {}),
+            expected=requests.exceptions.SSLError(),
+        ),
+
+        dict(
+            desc='NSSRequire auth, valid certificate',
+            request=('/acl/aclS02.html', {
+                      'key_file': 'work/httpd/alpha.key',
+                      'cert_file': 'work/httpd/alpha.crt',}
+            ),
+            expected=200,
+        ),
+
+        dict(
+            desc='NSSRequire auth, not allowed certificate',
+            request=('/acl/aclS02.html', {
+                      'key_file': 'work/httpd/beta.key',
+                      'cert_file': 'work/httpd/beta.crt',}
+            ),
+            expected=403,
+        ),
+
+        dict(
+            desc='FakeBasicAuth, no certificate',
+            request=('/acl/aclS03.html', {}),
+            expected=requests.exceptions.SSLError(),
+        ),
+
+        dict(
+            desc='FakeBasicAuth, valid certificate',
+            request=('/acl/aclS03.html', {
+                      'key_file': 'work/httpd/alpha.key',
+                      'cert_file': 'work/httpd/alpha.crt',}
+            ),
+            expected=200,
+        ),
+
+        dict(
+            desc='FakeBasicAuth, not allowed user',
+            request=('/acl/aclS03.html', {
+                      'key_file': 'work/httpd/beta.key',
+                      'cert_file': 'work/httpd/beta.crt',}
+            ),
+            expected=401,
+        ),
+
+        dict(
+            desc='Secret key size',
+            request=('/secret-test.html', {}),
+            expected=200,
+        ),
+
+        dict(
+            desc='Impossible secret key size',
+            request=('/secret-test-impossible.html', {}),
+            expected=403,
+        ),
+
+    ]
author	Rob Crittenden <rcritten@redhat.com>	2014-02-26 16:37:51 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2014-02-26 16:50:55 -0500
commit	07c27296c2c940cb119386304ebffb4ab41f0fb9 (patch)
tree	201d87fb7f87d734bcec06aef66d8f20d8fb4706 /test/test.py
parent	c2ac0d128e776f3edb8aeb8920bf41b99742e74c (diff)
download	mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.tar.gz mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.tar.xz mod_nss-07c27296c2c940cb119386304ebffb4ab41f0fb9.zip