« back to all changes in this revision
Viewing changes to src/EBox/OpenVPN/Server/Test.pm
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): Soren Hansen
- Date: 2007-08-02 10:38:13 UTC
- Revision ID: james.westby@ubuntu.com-20070802103813-dfbetdraf1435qoq
Tags: upstream-0.9.3
ImportĀ upstreamĀ versionĀ 0.9.3
- files added:
- config
- m4
- po
- schemas
- src
- src/EBox
- src/EBox/CGI
- src/EBox/CGI/OpenVPN
- src/EBox/CGI/OpenVPN/Create
- src/EBox/CGI/t
- src/EBox/OpenVPN
- src/EBox/OpenVPN/Client
- src/EBox/OpenVPN/Server
- src/EBox/OpenVPN/Server/ClientBundleGenerator
- src/EBox/OpenVPN/t
- src/EBox/rootTests
- src/EBox/rootTests/lib
- src/EBox/rootTests/testdata
- src/EBox/t
- src/templates
- src/templates/t
- stubs
- stubs/quagga
- www
added
removed
src/EBox/OpenVPN/Server/Test.pm
1
package EBox::OpenVPN::Server::Test;
2
# Description:
3
use strict;
4
use warnings;
5
6
use base qw(EBox::Test::Class);
7
8
use EBox::Test;
9
use EBox::TestStubs qw(fakeEBoxModule);
10
use Test::More;
11
use Test::Exception;
12
use Test::MockObject;
13
use Test::File;
14
use Test::Differences;
15
use Perl6::Junction qw(any);
16
17
use lib '../../../';
18
use EBox::OpenVPN;
19
use EBox::CA::TestStub;
20
21
22
use English qw(-no_match_vars);
23
24
sub testDir
25
{
26
return '/tmp/ebox.openvpn.test';
27
}
28
29
sub fakeCA : Test(startup)
30
{
31
EBox::CA::TestStub::fake();
32
}
33
34
35
# XXX replace with #419 when it is done
36
sub ignoreChownRootCommand : Test(startup)
37
{
38
my $root_r = EBox::Sudo->can('root');
39
40
my $rootIgnoreChown_r = sub {
41
my ($cmd) = @_;
42
my ($cmdWithoutParams) = split '\s+', $cmd;
43
if (($cmdWithoutParams eq 'chown') or ($cmdWithoutParams eq '/bin/chown')) {
44
return [];
45
}
46
47
return $root_r->($cmd);
48
};
49
50
51
defined $root_r or die 'Can not get root sub from EBox::Sudo';
52
53
Test::MockObject->fake_module(
54
'EBox::Sudo',
55
root => $rootIgnoreChown_r,
56
)
57
}
58
59
60
61
sub fakeNetworkModule
62
{
63
my ($externalIfaces_r, $internalIfaces_r) = @_;
64
65
my @externalIfaces = defined $externalIfaces_r ? @{ $externalIfaces_r } : qw(eth0 eth2);
66
my @internalIfaces = defined $internalIfaces_r ? @{ $internalIfaces_r } : ('eth1', 'eth3');
67
68
my $anyExternalIfaces = any(@externalIfaces);
69
my $anyInternalIfaces = any(@internalIfaces);
70
71
my $ifaceExistsSub_r = sub {
72
my ($self, $iface) = @_;
73
return ($iface eq $anyInternalIfaces) or ($iface eq $anyExternalIfaces);
74
};
75
76
my $ifaceIsExternalSub_r = sub {
77
my ($self, $iface) = @_;
78
return ($iface eq $anyExternalIfaces);
79
};
80
81
82
83
fakeEBoxModule(
84
name => 'network',
85
package => 'EBox::Network',
86
subs => [
87
ifaceIsExternal => $ifaceIsExternalSub_r,
88
ifaceExists => $ifaceExistsSub_r,
89
ExternalIfaces => sub { return \@externalIfaces },
90
InternalIfaces => sub { return \@internalIfaces },
91
ifaceMethod => sub { return 'anythingButNonSet' }, # this if for bug #395
92
],
93
);
94
95
}
96
97
98
sub setUpConfiguration : Test(setup)
99
{
100
my ($self) = @_;
101
102
my $confDir = $self->_confDir();
103
104
$self->{openvpnModInstance} = EBox::OpenVPN->_create();
105
106
my @gids = split '\s', $GID;
107
108
my $macacoCertificateCN ='macacoCertificate';
109
110
my @config = (
111
'/ebox/modules/openvpn/user' => $UID,
112
'/ebox/modules/openvpn/group' => $gids[0],
113
'/ebox/modules/openvpn/conf_dir' => $confDir,
114
'/ebox/modules/openvpn/dh' => "$confDir/dh1024.pem",
115
116
'/ebox/modules/openvpn/server/macaco/port' => 1194,
117
'/ebox/modules/openvpn/server/macaco/proto' => 'tcp',
118
'/ebox/modules/openvpn/server/macaco/server_certificate' => $macacoCertificateCN,
119
'/ebox/modules/openvpn/server/macaco/vpn_net' => '10.0.8.0',
120
'/ebox/modules/openvpn/server/macaco/vpn_netmask' => '255.255.255.0',
121
122
'/ebox/modules/openvpn/server/gibon/port' => 1294,
123
'/ebox/modules/openvpn/server/gibon/proto' => 'udp',
124
125
);
126
127
EBox::GConfModule::TestStub::setConfig(@config);
128
EBox::Global::TestStub::setEBoxModule('openvpn' => 'EBox::OpenVPN');
129
EBox::Global::TestStub::setEBoxModule('ca' => 'EBox::CA');
130
131
my $ca = EBox::Global->modInstance('ca');
132
133
134
#setup certificates
135
my @certificates = (
136
{
137
dn => 'CN=monos',
138
isCACert => 1,
139
},
140
{
141
dn => "CN=$macacoCertificateCN",
142
path => 'macaco.crt',
143
keys => [qw(macaco.pub macaco.key)],
144
},
145
);
146
147
$ca->setInitialState(\@certificates);
148
fakeNetworkModule();
149
}
150
151
152
sub clearConfiguration : Test(teardown)
153
{
154
EBox::GConfModule::TestStub::setConfig();
155
156
my $ca = EBox::Global->modInstance('ca');
157
$ca->destroyCA();
158
}
159
160
sub _useOkTest : Test
161
{
162
use_ok ('EBox::OpenVPN::Server');
163
}
164
165
sub newServerTest : Test(6)
166
{
167
my ($self) = @_;
168
my $openVpnMod = $self->{openvpnModInstance};
169
170
my @existentServers = qw(macaco gibon);
171
foreach my $serverName (@existentServers) {
172
my $serverInstance;
173
lives_ok { $serverInstance = new EBox::OpenVPN::Server($serverName, $openVpnMod) };
174
isa_ok $serverInstance, 'EBox::OpenVPN::Server';
175
}
176
177
my @inexistentServers = qw(bufalo gacela);
178
foreach my $serverName (@inexistentServers) {
179
dies_ok { new EBox::OpenVPN::Server($serverName, $openVpnMod) } 'Checking that we can not create OpenVPN servers objects if the server is not registered in configuration';
180
}
181
}
182
183
184
sub setCertificateTest : Test(10)
185
{
186
my ($self) = @_;
187
188
my $ca = EBox::Global->modInstance('ca');
189
my @certificates = (
190
{
191
dn => 'CN=monos',
192
isCACert => 1,
193
},
194
{
195
dn => 'CN=certificate1',
196
path => '/certificate1.crt',
197
},
198
{
199
dn => 'CN=certificate2',
200
path => '/certificate2.crt',
201
},
202
{
203
dn => 'CN=expired',
204
state => 'E',
205
path => '/certificate2.crt',
206
},
207
{
208
dn => 'CN=revoked',
209
state => 'R',
210
path => '/certificate2.crt',
211
},
212
);
213
$ca->setInitialState(\@certificates);
214
215
my $server = $self->_newServer('macaco');
216
my $certificateGetter_r = $server->can('certificate');
217
my $certificateSetter_r = $server->can('setCertificate');
218
my $correctCertificates = [qw(certificate1 certificate2)];
219
my $incorrectCertificates = [qw(inexistentCertificate expired revoked)];
220
221
setterAndGetterTest(
222
object => $server,
223
getter => $certificateGetter_r,
224
setter => $certificateSetter_r,
225
straightValues => $correctCertificates,
226
deviantValues => $incorrectCertificates,
227
propierty => "Server\'s certificate",
228
);
229
230
231
}
232
233
234
235
sub setTlsRemoteTest : Test(12)
236
{
237
my ($self) = @_;
238
239
my $ca = EBox::Global->modInstance('ca');
240
my @certificates = (
241
{
242
dn => 'CN=monos',
243
isCACert => 1,
244
},
245
{
246
dn => 'CN=certificate1',
247
path => '/certificate1.crt',
248
},
249
{
250
dn => 'CN=certificate2',
251
path => '/certificate2.crt',
252
},
253
{
254
dn => 'CN=expired',
255
state => 'E',
256
path => '/certificate2.crt',
257
},
258
{
259
dn => 'CN=revoked',
260
state => 'R',
261
path => '/certificate2.crt',
262
},
263
);
264
$ca->setInitialState(\@certificates);
265
266
my $server = $self->_newServer('macaco');
267
my $certificateGetter_r = $server->can('tlsRemote');
268
my $certificateSetter_r = $server->can('setTlsRemote');
269
my $correctCertificates = [qw(certificate1 certificate2)];
270
my $incorrectCertificates = [qw(inexistentCertificate expired revoked)];
271
272
setterAndGetterTest(
273
object => $server,
274
getter => $certificateGetter_r,
275
setter => $certificateSetter_r,
276
straightValues => $correctCertificates,
277
deviantValues => $incorrectCertificates,
278
propierty => "Server\'s tls-remote option",
279
);
280
281
282
$server->tlsRemote() or die "Must return a tlsRemote or something it is rotten";
283
284
lives_ok { $server->setTlsRemote(0) } 'Trying to disable tls-remote option';
285
ok !$server->tlsRemote(), "Checking wether tls-remote option was disabled";
286
}
287
288
289
sub setProtoTest : Test(6)
290
{
291
my ($self) = @_;
292
293
my $server = $self->_newServer('macaco');
294
my $protoGetter_r = $server->can('proto');
295
my $protoSetter_r = $server->can('setProto');
296
my $correctProtos = [qw(tcp udp)];
297
my $incorrectProtos = [qw(mkkp)];
298
299
setterAndGetterTest(
300
object => $server,
301
getter => $protoGetter_r,
302
setter => $protoSetter_r,
303
straightValues => $correctProtos,
304
deviantValues => $incorrectProtos,
305
propierty => "Server\'s IP protocol",
306
);
307
}
308
309
310
sub setProtoTestForMultipleServers : Test(1)
311
{
312
my ($self) = @_;
313
314
my $samePort = 20000;
315
my $distinctPort = 30000;
316
my $sameProto = 'tcp';
317
my $distinctProto = 'udp';
318
319
my $server = $self->_newServer('macaco');
320
$server->setProto($distinctProto);
321
$server->setPort($samePort);
322
323
my $server2 = $self->_newServer('gibon');
324
$server2->setProto($sameProto);
325
$server2->setPort($samePort);
326
327
dies_ok { $server->setProto($sameProto) } 'Checking that setting protocol is not permitted when we have the same pair of protocol and port in another server';
328
}
329
330
sub setPortTestForSingleServer : Test(19)
331
{
332
my ($self) = @_;
333
334
my $server = $self->_newServer('macaco');
335
336
dies_ok {$server->setPort(100)} 'Setting port before protocol must raise a error';
337
338
$server->setProto('tcp');
339
340
my $portGetter_r = $server->can('port');
341
my $portSetter_r = $server->can('setPort');
342
my $correctPorts = [1024, 1194, 4000];
343
my $incorrectPorts = [0, -1, 'ea', 1023, 40, 0.4];
344
345
setterAndGetterTest(
346
object => $server,
347
getter => $portGetter_r,
348
setter => $portSetter_r,
349
straightValues => $correctPorts,
350
deviantValues => $incorrectPorts,
351
propierty => "Server\'s IP port",
352
);
353
354
355
}
356
357
358
sub setPortTestForMultipleServers : Test(4)
359
{
360
my ($self) = @_;
361
362
my $samePort = 20000;
363
my $distinctPort = 30000;
364
my $sameProto = 'tcp';
365
my $distinctProto = 'udp';
366
367
my $server = $self->_newServer('macaco');
368
$server->setProto($sameProto);
369
$server->setPort($samePort);
370
371
my $server2 = $self->_newServer('gibon');
372
$server2->setProto($sameProto);
373
$server2->setPort($distinctPort);
374
375
dies_ok { $server2->setPort($samePort) } "Checking that setting a duplicate port and protocol combination raises error";
376
is $server2->port(), $distinctPort, "Checking that the port remains untouched after the failed setting operation";
377
378
$server2->setProto($distinctProto);
379
lives_ok { $server2->setPort($samePort) } "Checking that is correct for two servers be setted to the same port number as long they are not using the same protocol";
380
is $server2->port(), $samePort, "Checking that prevoius setPort call was successful";
381
}
382
383
384
sub setLocalTest : Test(14)
385
{
386
my ($self) = @_;
387
388
my $server = $self->_newServer('macaco');
389
my $localGetter_r = $server->can('local');
390
my $localSetter_r = $server->can('setLocal');
391
my $correctLocals = [qw(eth0 eth2) ];
392
my $incorrectLocals = [ qw(inx1 eth1 inx2 eth3)];
393
394
395
Test::MockObject->fake_module('EBox::NetWrappers', 'list_local_addresses' => sub { return @{ $correctLocals } } );
396
397
setterAndGetterTest(
398
object => $server,
399
getter => $localGetter_r,
400
setter => $localSetter_r,
401
straightValues => $correctLocals,
402
deviantValues => $incorrectLocals,
403
propierty => "Server\'s IP local address",
404
);
405
406
lives_ok { $server->setLocal('') } 'Unsetting local (i.e: all interfaces)';
407
ok !$server->local(), 'Cechking wether local value was unsetted';
408
}
409
410
411
sub keyTest : Test(2)
412
{
413
my ($self) = @_;
414
415
my $server = $self->_newServer('macaco');
416
417
lives_ok { $server->key() } 'key' ;
418
419
EBox::TestStubs::setConfigKey('/ebox/modules/openvpn/server/macaco/server_certificate' => undef);
420
dies_ok { $server->key() } 'Checking that trying to get the key from a server without certificate raises error';
421
}
422
423
sub setterAndGetterTest
424
{
425
my %params = @_;
426
my $object = $params{object};
427
my $propierty = exists $params{propierty} ? $params{propierty} : 'propierty';
428
my @straightValues = @{ $params{straightValues} };
429
my @deviantValues = @{ $params{deviantValues} };
430
my $setter_r = $params{setter};
431
my $getter_r = $params{getter};
432
433
foreach my $value (@straightValues) {
434
lives_ok { $setter_r->($object, $value) } "Trying to set $propierty to $value";
435
436
my $actualValue = $getter_r->($object);
437
is $actualValue, $value, "Using getter to check that $propierty was correcty setted" ;
438
}
439
440
foreach my $value (@deviantValues) {
441
my $beforeValue = $getter_r->($object);
442
443
dies_ok { $setter_r->($object, $value) } "Checking that setting $propierty to the invalid value $value raises error";
444
445
my $actualValue = $getter_r->($object);
446
is $actualValue, $beforeValue, "Checking that $propierty\'s value was left untouched";
447
}
448
}
449
450
451
452
sub writeConfFileTest : Test(2)
453
{
454
my ($self) = @_;
455
456
my $stubDir = $self->testDir() . '/stubs';
457
my $confDir = $self->testDir() . "/config";
458
foreach my $testSubdir ($confDir, $stubDir, "$stubDir/openvpn") {
459
system ("rm -rf $testSubdir");
460
($? == 0) or die "Error removing temp test subdir $testSubdir: $!";
461
system ("mkdir -p $testSubdir");
462
($? == 0) or die "Error creating temp test subdir $testSubdir: $!";
463
}
464
465
466
system "cp ../../../../stubs/openvpn.conf.mas $stubDir/openvpn";
467
($? ==0 ) or die "Can not copy templates to stub mock dir";
468
EBox::Config::TestStub::setConfigKeys('stubs' => $stubDir, tmp => '/tmp');
469
470
471
my $server = $self->_newServer('macaco');
472
lives_ok { $server->writeConfFile($confDir) } 'Calling writeConfFile method in server instance';
473
file_exists_ok("$confDir/macaco.conf", "Checking if the new configuration file was written");
474
diag "TODO: try to validate automatically the generated conf file without ressorting a aspect-like thing. (You may validate manually with openvpn --config)";
475
}
476
477
sub setSubnetTest : Test(6)
478
{
479
my ($self) = @_;
480
my $server = $self->_newServer('macaco');
481
my $subnetGetter_r = $server->can('subnet');
482
my $subnetSetter_r = $server->can('setSubnet');
483
484
my $straightCases =[
485
'10.8.0.0'
486
];
487
my $deviantCases = [
488
'255.3.4.3',
489
'domainsnotok.com',
490
];
491
492
setterAndGetterTest(
493
object => $server,
494
getter => $subnetGetter_r,
495
setter => $subnetSetter_r,
496
straightValues => $straightCases,
497
deviantValues => $deviantCases,
498
propierty => "Server\'s VPN subnet",
499
);
500
501
502
503
504
}
505
506
sub setSubnetAndMaskTest : Test(18)
507
{
508
my ($self) = @_;
509
my $server = $self->_newServer();
510
511
my @goodCases = (
512
['192.168.4.0', '255.255.255.0'],
513
['10.0.0.0', '255.0.0.0'],
514
);
515
516
my @badCases = (
517
['192.168.257.0', '255.255.255.0'], # bad address
518
['10.0.0.0', '255.0.0.1'], # bad mask
519
['192.168.4.1', '255.255.255.0'], # host, not net
520
['10.0.1.0', '255.0.0.0'], # host, not net
521
);
522
523
524
foreach my $case_r (@goodCases) {
525
my ($addr, $mask) = @{ $case_r };
526
lives_ok { $server->setSubnetAndMask($addr, $mask) } 'Calling setSubnetAndMask with good arguments';
527
is $server->subnet(), $addr, 'Checking wether net address was correctly changed';
528
is $server->subnetNetmask(), $mask, 'Checking wether netmask was correctly changed';
529
}
530
531
foreach my $case_r (@badCases) {
532
my ($addr, $mask) = @{ $case_r };
533
my $oldAddr = $server->subnet();
534
my $oldMask = $server->subnetNetmask();
535
536
dies_ok { $server->setSubnetAndMask($addr, $mask) } 'Calling setSubnetAndMask with bad arguments';
537
is $server->subnet(), $oldAddr, 'Checking wether net address was preserved';
538
is $server->subnetNetmask(), $oldMask, 'Checking wether netmask was preserved';
539
}
540
}
541
542
543
# sub setSubnetNetmaskTest : Test(6)
544
# {
545
# my ($self) = @_;
546
# my $server = $self->_newServer('macaco');
547
# my $subnetNetmaskGetter_r = $server->can('subnetNetmask');
548
# my $subnetNetmaskSetter_r = $server->can('setSubnetNetmask');
549
# my $straightValues = [
550
# '255.255.255.0',
551
# ];
552
# my $deviantValues = [
553
# '255.0.255.0',
554
# '311.255.255.0',
555
# ];
556
557
# setterAndGetterTest(
558
# object => $server,
559
# getter => $subnetNetmaskGetter_r,
560
# setter => $subnetNetmaskSetter_r,
561
# straightValues => $straightValues,
562
# deviantValues => $deviantValues,
563
# propierty => "Server\'s VPN subnet netmask",
564
# );
565
566
# }
567
568
569
sub addAndRemoveAdvertisedNet : Test(25)
570
{
571
my ($self) = @_;
572
my $server = $self->_newServer('macaco');
573
574
my @straightNets = (
575
['192.168.24.1', '255.255.255.0'],
576
['192.168.86.0', '255.255.255.0'],
577
['10.0.0.0', '255.0.0.0'],
578
);
579
580
# assure straights nets can be reached using fake routes
581
EBox::TestStubs::setFakeIfaces(
582
'eth0' => {
583
up => 1,
584
address => {
585
'192.168.34.21' => '255.255.255.0',
586
}
587
},
588
) ;
589
my @fakeRoutes = map {
590
my $addr = EBox::NetWrappers::to_network_with_mask(@{ $_ });
591
( $addr => '192.168.34.21') # (route, gateway)
592
} @straightNets;
593
594
EBox::TestStubs::setFakeRoutes(@fakeRoutes);
595
596
597
598
# varaibles to control the tests' results
599
my ($address, $mask);
600
my @nets;
601
my $netCount = 0;
602
my $netFound;
603
604
# add straight cases
605
606
foreach my $net (@straightNets) {
607
($address, $mask)= @{ $net };
608
lives_ok { $server->addAdvertisedNet($address, $mask) } 'Adding advertised net to the server';
609
$netCount += 1;
610
611
@nets = $server->advertisedNets();
612
is @nets, $netCount, 'Checking if the net count is coherent';
613
614
$netFound = _advertisedNetFound($address, $mask, @nets);
615
ok $netFound, 'Checking wether net was correctly reported by the server as used';
616
}
617
618
# add deviant cases
619
dies_ok { $server->addAdvertisedNet($address, $mask) } 'Expecting error when adding a duplicate net';
620
dies_ok { $server->addAdvertisedNet('10.0.0.0.0', '255.255.255.0') } 'Expecting error when adding a net with a incorrect address';
621
dies_ok { $server->addAdvertisedNet('10.0.0.0', '256.255.255.0') } 'Expecting error when adding a net with a incorrect netmask';
622
dies_ok { $server->addAdvertisedNet('10.0.0.0.1111', '0.255.255.0') } 'Expecting error when adding a net with both a incorrect address and netmask';
623
dies_ok { $server->addAdvertisedNet('192.168.34.0', '255.255.255.0') } 'Expecting error when adding a private net not reacheable by eBox';
624
625
# remove straight cases
626
627
foreach my $net (@straightNets) {
628
($address, $mask)= @{ $net };
629
lives_ok { $server->removeAdvertisedNet($address, $mask) } 'Removing advertised net from the server';
630
631
$netCount -= 1;
632
633
@nets = $server->advertisedNets();
634
is @nets, $netCount, 'Checking if the net count is coherent';
635
636
$netFound = _advertisedNetFound($address, $mask, @nets);
637
ok !$netFound, 'Checked wether net was correctly removed from the server';
638
}
639
640
# remove deviant cases
641
dies_ok { $server->removeAdvertisedNet('192.168.45.0', '255.255.255.0') } 'Expecting error when removing a inexistent net';
642
throws_ok { $server->removeAdvertisedNet('10.0.0.0.0', '255.255.255.0') } 'EBox::Exceptions::InvalidData', 'Expecting error when removing a net with a incorrect address';
643
}
644
645
646
sub certificateRevokedTest : Test(4)
647
{
648
my ($self) = @_;
649
650
my $server = $self->_newServer('macaco');
651
my $serverCertificate = $server->certificate();
652
my $otherCertificate = 'no-' . $serverCertificate;
653
654
655
my @trueCases = (
656
[$otherCertificate, 1],
657
[$serverCertificate, 1],
658
[$serverCertificate, 0],
659
);
660
661
my @falseCases = (
662
[$otherCertificate, 0],
663
);
664
665
foreach my $case_r (@trueCases) {
666
ok $server->certificateRevoked(@{ $case_r }), 'Checking wether certificateRevoked returns true';
667
}
668
foreach my $case_r (@falseCases) {
669
ok !$server->certificateRevoked(@{ $case_r }), 'Checking wether certificateRevoked returs false' ;
670
}
671
}
672
673
sub certificateExpiredTest : Test(12)
674
{
675
my ($self) = @_;
676
677
my $server = $self->_newServer('macaco');
678
$server->setService(1);
679
my $serverCertificate = $server->certificate();
680
my $otherCertificate = 'no-' . $serverCertificate;
681
682
my @innocuousCases = (
683
[$otherCertificate, 0],
684
);
685
686
my @invalidateCertificateCases = (
687
[$otherCertificate, 1],
688
[$serverCertificate, 1],
689
[$serverCertificate, 0],
690
);
691
692
foreach my $case_r (@innocuousCases) {
693
lives_ok { $server->certificateExpired( @{ $case_r } ) } 'Notifying server of innocuous certificate expiration';
694
is $server->certificate(), $serverCertificate, 'Checking wether server certificate was left unchanged';
695
ok $server->service(), 'Checking wether service status of the server was left untouched';
696
}
697
698
foreach my $case_r (@invalidateCertificateCases) {
699
lives_ok { $server->certificateExpired( @{ $case_r } ) } 'Notifying server of certificate expiration';
700
701
ok !$server->certificate(), 'Checking wether the server certificate was invalided';
702
ok !$server->service(), 'Checking wether the server was disabled';
703
704
# restoring server state
705
$self->setUpConfiguration();
706
$server = $self->_newServer('macaco');
707
$server->setService(1);
708
}
709
}
710
711
712
sub freeCertificateTest : Test(6)
713
{
714
my ($self) = @_;
715
716
my $server = $self->_newServer('macaco');
717
$server->setService(1);
718
my $serverCertificate = $server->certificate();
719
my $otherCertificate = 'no-' . $serverCertificate;
720
721
lives_ok { $server->freeCertificate($otherCertificate) } 'Forcing server to free a certificate which does not uses';
722
is $server->certificate(), $serverCertificate, 'Checking wether server certificate was left unchanged';
723
ok $server->service(), 'Checking wether service status of the server was left untouched';
724
725
lives_ok { $server->freeCertificate($serverCertificate) } 'Forcing serve to release his certificate';
726
ok !$server->certificate(), 'Checking wether the server certificate was invalided';
727
ok !$server->service(), 'Checking wether the server was disabled';
728
729
}
730
731
732
sub ifaceMethodChangedTest : Test(6)
733
{
734
my ($self) = @_;
735
736
my $server = $self->_newServer();
737
738
$server->setLocal('eth0');
739
ok !$server->ifaceMethodChanged('eth0', 'whatever', 'whateverMethod'), "Checking wether changing the iface method to a non-'nonset' method is not considered disruptive even where done in the local inerface";
740
741
$server->setLocal('');
742
ok !$server->ifaceMethodChanged('eth0', 'whatever', 'nonset'), "Checking wether changing the iface method to 'nonset' is not considered disruptive where are ifaces left and the interface is not the local interface";
743
744
$server->setLocal('eth0');
745
ok !$server->ifaceMethodChanged('eth0', 'whatever', 'nonset'), "Checking wether changing the iface method to 'nonset' is considered disruptive if the interface is the local interface";
746
747
748
fakeNetworkModule(['eth0'], []);
749
$server->setLocal('');
750
ok !$server->ifaceMethodChanged('eth0', 'whatever', 'nonset'), "Checking wether changing the iface method to 'nonset' is considered disruptive where are only one interface left";
751
752
$server->setLocal('eth0');
753
ok !$server->ifaceMethodChanged('eth0', 'whatever', 'nonset'), "Checking wether changing the iface method to 'nonset' is considered disruptive where are only one interface lef0 and adittionally the change is in the local interface";
754
ok !$server->ifaceMethodChanged('eth0', 'whatever', 'whateverMethod'), "Checking wether changing the iface method to a non-'nonset' method is not considered disruptive even where done in the local inerface and with only one interface left";
755
}
756
757
sub vifaceDeleteTest : Test(4)
758
{
759
my ($self) = @_;
760
761
my $server = $self->_newServer();
762
763
ok !$server->vifaceDelete('eth0', 'eth2'), 'Checking wether deleting a virtual interface is not reported as disruptive if the interface is not the local interface and there are interfaces left';
764
765
$server->setLocal('eth2');
766
ok $server->vifaceDelete('eth0', 'eth2'), 'Checking wether deleting a virtual interface is reported as disruptive when the interface is the local interface';
767
768
fakeNetworkModule(['eth2'], []);
769
770
$server->setLocal('');
771
ok $server->vifaceDelete('eth0', 'eth2'), 'Checking wether deleting a virtual interface is reported as disruptive when the interface is the only interfaces left';
772
773
$server->setLocal('eth2');
774
ok $server->vifaceDelete('eth0', 'eth2'), 'Checking wether deleting a virtual interface is reported as disruptive when the interface is the local interface and there is no interfaces left';
775
}
776
777
778
sub freeIfaceTest : Test(4)
779
{
780
my ($self) = @_;
781
782
my $server = $self->_newServer();
783
$server->setService(1);
784
785
$server->setLocal('');
786
$server->freeIface('eth8');
787
ok $server->service(), 'Checking wether freeing a interface which is not the local interface in a system which has more interfaces available does not deactivate the server';
788
789
$server->setLocal('eth0');
790
$server->freeIface('eth0');
791
ok !$server->service(), 'Checking wether freeing a interface which is the local interface in a system which has more interfaces available deactivates the server';
792
793
794
fakeNetworkModule(['eth2'], []);
795
796
$server->setLocal('');
797
$server->setService(1);
798
$server->freeIface('eth2');
799
ok !$server->service(), 'Checking wether freeing a interface which is not the local interface in a system which has only this interface available deactivates the server';
800
801
$server->setLocal('eth2');
802
$server->setService(1);
803
$server->freeIface('eth2');
804
ok !$server->service(), 'Checking wether freeing a interface which is the local interface in a system which has only this interface available deactivates the server';
805
}
806
807
sub freeVifaceTest : Test(4)
808
{
809
my ($self) = @_;
810
811
my $server = $self->_newServer();
812
$server->setService(1);
813
814
$server->setLocal('');
815
$server->freeViface('eth0', 'eth8');
816
ok $server->service(), 'Checking wether freeing a virtual interface which is not the local virtual interface in a system which has more virtual interfaces available does not deactivate the server';
817
818
$server->setLocal('eth2');
819
$server->freeViface('eth8', 'eth2');
820
ok !$server->service(), 'Checking wether freeing a virtual interface which is the local virtual interface in a system which has more virtual interfaces available deactivates the server';
821
822
823
fakeNetworkModule(['eth2'], []);
824
825
$server->setLocal('');
826
$server->setService(1);
827
$server->freeViface('eth0', 'eth2');
828
ok !$server->service(), 'Checking wether freeing a virtual interface which is not the local virtual interface in a system which has only this virtual interface available deactivates the server';
829
830
$server->setLocal('eth2');
831
$server->setService(1);
832
$server->freeViface('eth0', 'eth2');
833
ok !$server->service(), 'Checking wether freeing a virtual interface which is the local virtual interface in a system which has only this virtual interface available deactivates the server';
834
}
835
836
sub otherNetworkObserverMethodsTest : Test(2)
837
{
838
my ($self) = @_;
839
my $server = $self->_newServer();
840
841
ok !$server->staticIfaceAddressChanged('eth0', '192.168.45.4', '255.255.255.0', '10.0.0.1', '255.0.0.0'), 'Checking wether server notifies that is not disrupted after staticIfaceAddressChanged invokation';
842
843
ok !$server->vifaceAdded('eth0', 'eth0:1', '10.0.0.1', '255.0.0.0'), 'Checking wether server notifies that is not disrupted after staticIfaceAddressChanged invokation';
844
}
845
846
847
sub setServiceTest : Test(56)
848
{
849
my ($self) = @_;
850
my $server = $self->_newServer();
851
$server->setService(0);
852
853
my @serviceStates = ('0', '1', '1', '0');
854
855
diag 'Server in correct state';
856
foreach my $newService (@serviceStates) {
857
lives_ok { $server->setService($newService) } "Setting server service to $newService";
858
is $server->service() ? 1 : 0, $newService, 'Checking wether service was correctly setted';
859
}
860
861
diag 'Setting local interface to listen on to a inexistent interface';
862
$server->setConfString('local', 'fw5');
863
$self->_checkSetServiceeWithBadStatus($server, 'using a inexistent interface as local interface to listen on');
864
865
diag 'Setting local interface to listen on to a internal interface';
866
$server->setConfString('local', 'eth1');
867
$self->_checkSetServiceeWithBadStatus($server, 'using a internal interface as local interface to listen on');
868
869
diag 'Setting server to listen in all interfaces but with no interfaces left';
870
$server->unsetConf('local');
871
fakeNetworkModule([], []);
872
$self->_checkSetServiceeWithBadStatus($server, 'no networks interfaces available');
873
fakeNetworkModule();
874
875
# certificates bad states
876
my $ca = EBox::Global->modInstance('ca');
877
my @certificates = (
878
{
879
dn => 'CN=expired',
880
state => 'E',
881
path => '/certificate2.crt',
882
},
883
{
884
dn => 'CN=revoked',
885
state => 'R',
886
path => '/certificate2.crt',
887
},
888
);
889
$ca->setInitialState(\@certificates);
890
891
892
diag 'Setting server to use a inexistent certificate';
893
$server->setConfString('inexistent');
894
$self->_checkSetServiceeWithBadStatus($server, 'using a inexistent certificate');
895
896
diag 'Setting server to use a expired certificate';
897
$server->setConfString('expired');
898
$self->_checkSetServiceeWithBadStatus($server, 'using a expired certificate');
899
900
diag 'Setting server to use a revoked certificate';
901
$server->setConfString('revoked');
902
$self->_checkSetServiceeWithBadStatus($server, 'using a revoked certificate');
903
}
904
905
sub _checkSetServiceeWithBadStatus
906
{
907
my ($self, $server, $badState) = @_;
908
909
my @serviceStates = ('0', '1', '1', '0');
910
foreach my $newService (@serviceStates) {
911
if ($newService) {
912
dies_ok { $server->setService($newService) } 'Changing wether activating service with bad state: $badState';
913
ok !$server->service, 'Checking wether the client continues inactive';
914
}
915
else {
916
lives_ok { $server->setService($newService) } 'Changing service status to inactive';
917
is $server->service() ? 1 : 0, $newService, 'Checking wether the service change was done';
918
}
919
}
920
}
921
922
sub _advertisedNetFound
923
{
924
my ($address, $mask, @advertisedNets) = @_;
925
926
my $netFound = grep {
927
my ($address2, $mask2) = @{ $_ };
928
($address2 eq $address) and ($mask eq $mask2)
929
} @advertisedNets;
930
931
return $netFound;
932
}
933
934
sub _confDir
935
{
936
my ($self) = @_;
937
return $self->testDir() . "/config";
938
}
939
940
sub _newServer
941
{
942
my ($self, $name) = @_;
943
defined $name or $name = 'macaco';
944
945
my $openVpnMod = $self->{openvpnModInstance};
946
my $server = new EBox::OpenVPN::Server($name, $openVpnMod);
947
948
return $server;
949
}
950
951
1;
Loggerhead is a web-based interface for Breezy
Version: 2.0.1