static size_t
testIoRead(void *driver, Buffer *buffer)
{
ASSERT(driver == (void *)999);
bufCat(buffer, BUFSTRDEF("Z"));
return 1;
}
/***********************************************************************************************************************************
Test Run
***********************************************************************************************************************************/
void
testRun(void)
{
FUNCTION_HARNESS_VOID();
// Additional coverage not provided by testing with actual certificates
// *****************************************************************************************************************************
if (testBegin("asn1ToStr(), tlsClientHostVerify(), and tlsClientHostVerifyName()"))
{
TEST_ERROR(asn1ToStr(NULL), CryptoError, "TLS certificate name entry is missing");
TEST_ERROR(
tlsClientHostVerifyName(
strNew("host"), strNewN("ab\0cd", 5)), CryptoError, "TLS certificate name contains embedded null");
TEST_ERROR(tlsClientHostVerify(strNew("host"), NULL), CryptoError, "No certificate presented by the TLS server");
TEST_RESULT_BOOL(tlsClientHostVerifyName(strNew("host"), strNew("**")), false, "invalid pattern");
TEST_RESULT_BOOL(tlsClientHostVerifyName(strNew("host"), strNew("*.")), false, "invalid pattern");
TEST_RESULT_BOOL(tlsClientHostVerifyName(strNew("a.bogus.host.com"), strNew("*.host.com")), false, "invalid host");
}
// *****************************************************************************************************************************
if (testBegin("TlsClient verification"))
{
TlsClient *client = NULL;
// Connection errors
// -------------------------------------------------------------------------------------------------------------------------
TEST_ASSIGN(client, tlsClientNew(strNew("99.99.99.99.99"), 9443, 0, true, NULL, NULL), "new client");
TEST_ERROR(
tlsClientOpen(client), HostConnectError, "unable to get address for '99.99.99.99.99': [-2] Name or service not known");
TEST_ASSIGN(client, tlsClientNew(strNew("localhost"), 9443, 100, true, NULL, NULL), "new client");
TEST_ERROR(tlsClientOpen(client), HostConnectError, "unable to connect to 'localhost:9443': [111] Connection refused");
// Certificate location and validation errors
// -------------------------------------------------------------------------------------------------------------------------
// Add test hosts
if (system( // {uncoverable_branch}
"echo \"127.0.0.1 test.pgbackrest.org host.test2.pgbackrest.org test3.pgbackrest.org\" |"
" sudo tee -a /etc/hosts > /dev/null") != 0)
{
THROW(AssertError, "unable to add test hosts to /etc/hosts"); // {uncovered+}
}
// Start server to test various certificate errors
testTlsServerAltName();
TEST_ERROR(
tlsClientOpen(tlsClientNew(strNew("localhost"), 9443, 500, true, strNew("bogus.crt"), strNew("/bogus"))),
CryptoError, "unable to set user-defined CA certificate location: [33558530] No such file or directory");
TEST_ERROR(
tlsClientOpen(tlsClientNew(strNew("localhost"), 9443, 500, true, NULL, strNew("/bogus"))),
CryptoError, "unable to verify certificate presented by 'localhost:9443': [20] unable to get local issuer certificate");
TEST_RESULT_VOID(
tlsClientOpen(
tlsClientNew(strNew("test.pgbackrest.org"), 9443, 500, true,
strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)),
"success on valid ca file and match common name");
TEST_RESULT_VOID(
tlsClientOpen(
tlsClientNew(strNew("host.test2.pgbackrest.org"), 9443, 500, true,
strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)),
"success on valid ca file and match alt name");
TEST_ERROR(
tlsClientOpen(
tlsClientNew(strNew("test3.pgbackrest.org"), 9443, 500, true,
strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)),
CryptoError, "unable to find hostname 'test3.pgbackrest.org' in certificate common name or subject alternative names");
TEST_ERROR(
tlsClientOpen(
tlsClientNew(strNew("localhost"), 9443, 500, true, strNewFmt("%s/" TEST_CERTIFICATE_PREFIX ".crt", testRepoPath()),
NULL)),
CryptoError, "unable to verify certificate presented by 'localhost:9443': [20] unable to get local issuer certificate");
TEST_RESULT_VOID(
tlsClientOpen(tlsClientNew(strNew("localhost"), 9443, 500, false, NULL, NULL)), "success on no verify");
}
// *****************************************************************************************************************************
if (testBegin("TlsClient general usage"))
{
TlsClient *client = NULL;
// Reset statistics
tlsClientStatLocal = (TlsClientStat){0};
TEST_RESULT_STR(tlsClientStatStr(), NULL, "no stats yet");
testTlsServer();
ioBufferSizeSet(12);
TEST_ASSIGN(client, tlsClientNew(strNew(TLS_TEST_HOST), 9443, 500, true, NULL, NULL), "new client");
TEST_RESULT_VOID(tlsClientOpen(client), "open client");
const Buffer *input = BUFSTRDEF("some protocol info");
TEST_RESULT_VOID(ioWrite(tlsClientIoWrite(client), input), "write input");
ioWriteFlush(tlsClientIoWrite(client));
TEST_RESULT_STR(strPtr(ioReadLine(tlsClientIoRead(client))), "something:0", "read line");
TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), false, " check eof = false");
Buffer *output = bufNew(12);
TEST_RESULT_INT(ioRead(tlsClientIoRead(client), output), 12, "read output");
TEST_RESULT_STR(strPtr(strNewBuf(output)), "some content", " check output");
TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), false, " check eof = false");
output = bufNew(8);
TEST_RESULT_INT(ioRead(tlsClientIoRead(client), output), 8, "read output");
TEST_RESULT_STR(strPtr(strNewBuf(output)), "AND MORE", " check output");
TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), false, " check eof = false");
output = bufNew(12);
TEST_ERROR(
ioRead(tlsClientIoRead(client), output), FileReadError,
"unable to read data from 'tls.test.pgbackrest.org:9443' after 500ms");
// -------------------------------------------------------------------------------------------------------------------------
input = BUFSTRDEF("more protocol info");
TEST_RESULT_VOID(tlsClientOpen(client), "open client again (it is already open)");
TEST_RESULT_VOID(ioWrite(tlsClientIoWrite(client), input), "write input");
ioWriteFlush(tlsClientIoWrite(client));
output = bufNew(12);
TEST_RESULT_INT(ioRead(tlsClientIoRead(client), output), 12, "read output");
TEST_RESULT_STR(strPtr(strNewBuf(output)), "0123456789AB", " check output");
TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), false, " check eof = false");
output = bufNew(12);
TEST_RESULT_INT(ioRead(tlsClientIoRead(client), output), 0, "read no output after eof");
TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), true, " check eof = true");
TEST_RESULT_BOOL(tlsClientStatStr() != NULL, true, "check statistics exist");
TEST_RESULT_VOID(tlsClientFree(client), "free client");
}
FUNCTION_HARNESS_RESULT_VOID();
}
/***********************************************************************************************************************************
Test Run
***********************************************************************************************************************************/
void
testRun(void)
{
// Create default storage object for testing
Storage *storageTest = storagePosixNew(
strNew(testPath()), STORAGE_MODE_FILE_DEFAULT, STORAGE_MODE_PATH_DEFAULT, true, NULL);
// *****************************************************************************************************************************
if (testBegin("infoNewLoad(), infoFileName(), infoIni()"))
{
// Initialize test variables
//--------------------------------------------------------------------------------------------------------------------------
String *content = NULL;
String *fileName = strNewFmt("%s/test.ini", testPath());
String *fileNameCopy = strNewFmt("%s/test.ini.copy", testPath());
Info *info = NULL;
content = strNew
(
"[backrest]\n"
"backrest-checksum=\"1efa53e0611604ad7d833c5547eb60ff716e758c\"\n"
"backrest-format=5\n"
"backrest-version=\"2.04\"\n"
"\n"
"[db]\n"
"db-id=1\n"
"db-system-id=6569239123849665679\n"
"db-version=\"9.4\"\n"
"\n"
"[db:history]\n"
"1={\"db-id\":6569239123849665679,\"db-version\":\"9.4\"}\n"
);
// Info files missing and at least one is required
//--------------------------------------------------------------------------------------------------------------------------
TEST_ERROR_FMT(
infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), FileMissingError,
"unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n"
"FileMissingError: " STORAGE_ERROR_READ_MISSING "\n"
"FileMissingError: " STORAGE_ERROR_READ_MISSING,
testPath(), testPath(), strPtr(strNewFmt("%s/test.ini", testPath())),
strPtr(strNewFmt("%s/test.ini.copy", testPath())));
// Only copy exists and one is required
//--------------------------------------------------------------------------------------------------------------------------
TEST_RESULT_VOID(
storagePutNP(storageNewWriteNP(storageLocalWrite(), fileNameCopy), BUFSTR(content)), "put info.copy to file");
TEST_ASSIGN(info, infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), "load copy file");
TEST_RESULT_PTR(infoCipherPass(info), NULL, " cipherPass is not set");
// Remove the copy and store only the main info file and encrypt it. One is required.
//--------------------------------------------------------------------------------------------------------------------------
StorageWrite *infoWrite = storageNewWriteNP(storageLocalWrite(), fileName);
ioWriteFilterGroupSet(
storageWriteIo(infoWrite),
ioFilterGroupAdd(
ioFilterGroupNew(), cipherBlockNew(cipherModeEncrypt, cipherTypeAes256Cbc, BUFSTRDEF("12345678"), NULL)));
storageRemoveNP(storageLocalWrite(), fileNameCopy);
storagePutNP(
infoWrite,
BUFSTRDEF(
"[backrest]\n"
"backrest-checksum=\"9d2f6dce339751e1a056187fad67d2834b3d4ab3\"\n"
"backrest-format=5\n"
"backrest-version=\"2.04\"\n"
"\n"
"[cipher]\n"
"cipher-pass=\"ABCDEFGH\"\n"
"\n"
"[db]\n"
"db-id=1\n"
"db-system-id=6569239123849665679\n"
"db-version=\"9.4\"\n"
"\n"
"[db:history]\n"
"1={\"db-id\":6569239123849665679,\"db-version\":\"9.4\"}\n"));
// Only main info exists and is required
Ini *ini = NULL;
TEST_ASSIGN(info, infoNewLoad(storageLocal(), fileName, cipherTypeAes256Cbc, strNew("12345678"), &ini), "load file");
TEST_RESULT_STR(strPtr(iniGet(ini, strNew("cipher"), strNew("cipher-pass"))), "\"ABCDEFGH\"", " check ini");
TEST_RESULT_STR(strPtr(infoCipherPass(info)), "ABCDEFGH", " cipherPass is set");
// Invalid format
//--------------------------------------------------------------------------------------------------------------------------
storageRemoveNP(storageLocalWrite(), fileName);
content = strNew
(
"[backrest]\n"
"backrest-checksum=\"14617b089cb5c9b3224e739bb794e865b9bcdf4b\"\n"
"backrest-format=4\n"
"backrest-version=\"2.04\"\n"
"\n"
"[db]\n"
"db-catalog-version=201409291\n"
"db-control-version=942\n"
"db-id=1\n"
"db-system-id=6569239123849665679\n"
"db-version=\"9.4\"\n"
"\n"
"[db:history]\n"
"1={\"db-catalog-version\":201409291,\"db-control-version\":942,\"db-system-id\":6569239123849665679,"
"\"db-version\":\"9.4\"}\n"
);
// Only main file exists but the backrest-format is invalid
TEST_RESULT_VOID(
storagePutNP(storageNewWriteNP(storageLocalWrite(), fileName), BUFSTR(content)), "put invalid br format to file");
TEST_ERROR_FMT(
infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), FormatError,
"unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n"
"FormatError: invalid format in '%s/test.ini', expected 5 but found 4\n"
"FileMissingError: " STORAGE_ERROR_READ_MISSING,
testPath(), testPath(), testPath(), strPtr(strNewFmt("%s/test.ini.copy", testPath())));
content = strNew
(
"[backrest]\n"
"backrest-checksum=\"14617b089cb5c9b3224e739bb794e865b9bcdf4b\"\n"
"backrest-format=4\n"
"backrest-version=\"2.05\"\n"
"\n"
"[db]\n"
"db-catalog-version=201409291\n"
"db-control-version=942\n"
"db-id=1\n"
"db-system-id=6569239123849665679\n"
"db-version=\"9.4\"\n"
"\n"
"[db:history]\n"
"1={\"db-catalog-version\":201409291,\"db-control-version\":942,\"db-system-id\":6569239123849665679,"
"\"db-version\":\"9.4\"}\n"
);
TEST_RESULT_VOID(
storagePutNP(
storageNewWriteNP(storageLocalWrite(), fileNameCopy), BUFSTR(content)), "put invalid info to copy file");
TEST_ERROR(
infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), FileOpenError,
strPtr(
strNewFmt(
"unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n"
"FormatError: invalid format in '%s/test.ini', expected 5 but found 4\n"
"ChecksumError: invalid checksum in '%s/test.ini.copy', expected 'af92308095d6141bcda6b2df6d574f98d1115163'"
" but found '14617b089cb5c9b3224e739bb794e865b9bcdf4b'",
testPath(), testPath(), testPath(), testPath())));
// Invalid checksum
//--------------------------------------------------------------------------------------------------------------------------
storageRemoveNP(storageLocalWrite(), fileName);
storageRemoveNP(storageLocalWrite(), fileNameCopy);
// change the checksum
content = strNew
(
"[backrest]\n"
"backrest-checksum=\"4306ec205f71417c301e403c4714090e61c8a999\"\n"
"backrest-format=5\n"
"backrest-version=\"1.23\"\n"
"\n"
"[db]\n"
"db-id=1\n"
"db-system-id=6455618988686438683\n"
"db-version=\"9.6\"\n"
"\n"
"[db:history]\n"
"1={\"db-id\":6455618988686438683,\"db-version\":\"9.6\"}\n"
"2={\"db-id\":6457457208275135411,\"db-version\":\"9.6\"}\n"
);
TEST_RESULT_VOID(
storagePutNP(storageNewWriteNP(storageLocalWrite(), fileNameCopy), BUFSTR(content)), "put invalid checksum to copy");
// Empty checksum for main file
content = strNew
(
"[backrest]\n"
"backrest-checksum=\n"
"backrest-format=5\n"
"backrest-version=\"1.23\"\n"
"\n"
"[db]\n"
"db-id=1\n"
"db-system-id=6455618988686438683\n"
"db-version=\"9.6\"\n"
"\n"
"[db:history]\n"
"1={\"db-id\":6455618988686438683,\"db-version\":\"9.6\"}\n"
"2={\"db-id\":6457457208275135411,\"db-version\":\"9.6\"}\n"
);
TEST_RESULT_VOID(
storagePutNP(storageNewWriteNP(storageLocalWrite(), fileName), BUFSTR(content)), "put empty checksum to file");
// Copy file error
TEST_ERROR(
infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), ChecksumError,
strPtr(
strNewFmt(
"unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n"
"ChecksumError: invalid checksum in '%s/test.ini', expected '4306ec205f71417c301e403c4714090e61c8a736' but"
" no checksum found\n"
"ChecksumError: invalid checksum in '%s/test.ini.copy', expected '4306ec205f71417c301e403c4714090e61c8a736'"
" but found '4306ec205f71417c301e403c4714090e61c8a999'",
testPath(), testPath(), testPath(), testPath())));
// Encryption error
//--------------------------------------------------------------------------------------------------------------------------
storageRemoveNP(storageLocalWrite(), fileName);
TEST_ERROR_FMT(
infoNewLoad(storageLocal(), fileName, cipherTypeAes256Cbc, strNew("12345678"), NULL), CryptoError,
"unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n"
"FileMissingError: " STORAGE_ERROR_READ_MISSING "\n"
"CryptoError: '%s/test.ini.copy' cipher header invalid\n"
"HINT: Is or was the repo encrypted?",
testPath(), testPath(), strPtr(strNewFmt("%s/test.ini", testPath())), testPath());
storageRemoveNP(storageLocalWrite(), fileNameCopy);
// infoFree()
//--------------------------------------------------------------------------------------------------------------------------
TEST_RESULT_VOID(infoFree(info), "infoFree() - free info memory context");
}
// *****************************************************************************************************************************
if (testBegin("infoSave()"))
{
const String *fileName = strNew("test.info");
const String *cipherPass = strNew("12345");
Ini *ini = iniNew();
iniSet(ini, strNew("section1"), strNew("key1"), strNew("value1"));
TEST_RESULT_VOID(infoSave(infoNew(), ini, storageTest, fileName, cipherTypeNone, NULL), "save info");
ini = NULL;
TEST_RESULT_VOID(infoNewLoad(storageTest, fileName, cipherTypeNone, NULL, &ini), " reload info");
TEST_RESULT_STR(strPtr(iniGet(ini, strNew("section1"), strNew("key1"))), "value1", " check ini");
TEST_RESULT_BOOL(storageExistsNP(storageTest, fileName), true, "check main exists");
TEST_RESULT_BOOL(storageExistsNP(storageTest, strNewFmt("%s" INFO_COPY_EXT, strPtr(fileName))), true, "check main exists");
// Add encryption
// -------------------------------------------------------------------------------------------------------------------------
ini = iniNew();
iniSet(ini, strNew("section1"), strNew("key1"), strNew("value4"));
Info *info = infoNew();
info->cipherPass = strNew("/badpass");
TEST_RESULT_VOID(infoSave(info, ini, storageTest, fileName, cipherTypeAes256Cbc, cipherPass), "save encrypted info");
ini = NULL;
TEST_RESULT_VOID(infoNewLoad(storageTest, fileName, cipherTypeAes256Cbc, cipherPass, &ini), " reload info");
TEST_RESULT_STR(strPtr(iniGet(ini, strNew("section1"), strNew("key1"))), "value4", " check ini");
TEST_RESULT_STR(strPtr(iniGet(ini, strNew("cipher"), strNew("cipher-pass"))), "\"/badpass\"", " check cipher-pass");
}
}
