static size_t testIoRead(void *driver, Buffer *buffer) { ASSERT(driver == (void *)999); bufCat(buffer, BUFSTRDEF("Z")); return 1; }
/*********************************************************************************************************************************** Test Run ***********************************************************************************************************************************/ void testRun(void) { FUNCTION_HARNESS_VOID(); // Additional coverage not provided by testing with actual certificates // ***************************************************************************************************************************** if (testBegin("asn1ToStr(), tlsClientHostVerify(), and tlsClientHostVerifyName()")) { TEST_ERROR(asn1ToStr(NULL), CryptoError, "TLS certificate name entry is missing"); TEST_ERROR( tlsClientHostVerifyName( strNew("host"), strNewN("ab\0cd", 5)), CryptoError, "TLS certificate name contains embedded null"); TEST_ERROR(tlsClientHostVerify(strNew("host"), NULL), CryptoError, "No certificate presented by the TLS server"); TEST_RESULT_BOOL(tlsClientHostVerifyName(strNew("host"), strNew("**")), false, "invalid pattern"); TEST_RESULT_BOOL(tlsClientHostVerifyName(strNew("host"), strNew("*.")), false, "invalid pattern"); TEST_RESULT_BOOL(tlsClientHostVerifyName(strNew("a.bogus.host.com"), strNew("*.host.com")), false, "invalid host"); } // ***************************************************************************************************************************** if (testBegin("TlsClient verification")) { TlsClient *client = NULL; // Connection errors // ------------------------------------------------------------------------------------------------------------------------- TEST_ASSIGN(client, tlsClientNew(strNew("99.99.99.99.99"), 9443, 0, true, NULL, NULL), "new client"); TEST_ERROR( tlsClientOpen(client), HostConnectError, "unable to get address for '99.99.99.99.99': [-2] Name or service not known"); TEST_ASSIGN(client, tlsClientNew(strNew("localhost"), 9443, 100, true, NULL, NULL), "new client"); TEST_ERROR(tlsClientOpen(client), HostConnectError, "unable to connect to 'localhost:9443': [111] Connection refused"); // Certificate location and validation errors // ------------------------------------------------------------------------------------------------------------------------- // Add test hosts if (system( // {uncoverable_branch} "echo \"127.0.0.1 test.pgbackrest.org host.test2.pgbackrest.org test3.pgbackrest.org\" |" " sudo tee -a /etc/hosts > /dev/null") != 0) { THROW(AssertError, "unable to add test hosts to /etc/hosts"); // {uncovered+} } // Start server to test various certificate errors testTlsServerAltName(); TEST_ERROR( tlsClientOpen(tlsClientNew(strNew("localhost"), 9443, 500, true, strNew("bogus.crt"), strNew("/bogus"))), CryptoError, "unable to set user-defined CA certificate location: [33558530] No such file or directory"); TEST_ERROR( tlsClientOpen(tlsClientNew(strNew("localhost"), 9443, 500, true, NULL, strNew("/bogus"))), CryptoError, "unable to verify certificate presented by 'localhost:9443': [20] unable to get local issuer certificate"); TEST_RESULT_VOID( tlsClientOpen( tlsClientNew(strNew("test.pgbackrest.org"), 9443, 500, true, strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)), "success on valid ca file and match common name"); TEST_RESULT_VOID( tlsClientOpen( tlsClientNew(strNew("host.test2.pgbackrest.org"), 9443, 500, true, strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)), "success on valid ca file and match alt name"); TEST_ERROR( tlsClientOpen( tlsClientNew(strNew("test3.pgbackrest.org"), 9443, 500, true, strNewFmt("%s/" TEST_CERTIFICATE_PREFIX "-ca.crt", testRepoPath()), NULL)), CryptoError, "unable to find hostname 'test3.pgbackrest.org' in certificate common name or subject alternative names"); TEST_ERROR( tlsClientOpen( tlsClientNew(strNew("localhost"), 9443, 500, true, strNewFmt("%s/" TEST_CERTIFICATE_PREFIX ".crt", testRepoPath()), NULL)), CryptoError, "unable to verify certificate presented by 'localhost:9443': [20] unable to get local issuer certificate"); TEST_RESULT_VOID( tlsClientOpen(tlsClientNew(strNew("localhost"), 9443, 500, false, NULL, NULL)), "success on no verify"); } // ***************************************************************************************************************************** if (testBegin("TlsClient general usage")) { TlsClient *client = NULL; // Reset statistics tlsClientStatLocal = (TlsClientStat){0}; TEST_RESULT_STR(tlsClientStatStr(), NULL, "no stats yet"); testTlsServer(); ioBufferSizeSet(12); TEST_ASSIGN(client, tlsClientNew(strNew(TLS_TEST_HOST), 9443, 500, true, NULL, NULL), "new client"); TEST_RESULT_VOID(tlsClientOpen(client), "open client"); const Buffer *input = BUFSTRDEF("some protocol info"); TEST_RESULT_VOID(ioWrite(tlsClientIoWrite(client), input), "write input"); ioWriteFlush(tlsClientIoWrite(client)); TEST_RESULT_STR(strPtr(ioReadLine(tlsClientIoRead(client))), "something:0", "read line"); TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), false, " check eof = false"); Buffer *output = bufNew(12); TEST_RESULT_INT(ioRead(tlsClientIoRead(client), output), 12, "read output"); TEST_RESULT_STR(strPtr(strNewBuf(output)), "some content", " check output"); TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), false, " check eof = false"); output = bufNew(8); TEST_RESULT_INT(ioRead(tlsClientIoRead(client), output), 8, "read output"); TEST_RESULT_STR(strPtr(strNewBuf(output)), "AND MORE", " check output"); TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), false, " check eof = false"); output = bufNew(12); TEST_ERROR( ioRead(tlsClientIoRead(client), output), FileReadError, "unable to read data from 'tls.test.pgbackrest.org:9443' after 500ms"); // ------------------------------------------------------------------------------------------------------------------------- input = BUFSTRDEF("more protocol info"); TEST_RESULT_VOID(tlsClientOpen(client), "open client again (it is already open)"); TEST_RESULT_VOID(ioWrite(tlsClientIoWrite(client), input), "write input"); ioWriteFlush(tlsClientIoWrite(client)); output = bufNew(12); TEST_RESULT_INT(ioRead(tlsClientIoRead(client), output), 12, "read output"); TEST_RESULT_STR(strPtr(strNewBuf(output)), "0123456789AB", " check output"); TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), false, " check eof = false"); output = bufNew(12); TEST_RESULT_INT(ioRead(tlsClientIoRead(client), output), 0, "read no output after eof"); TEST_RESULT_BOOL(ioReadEof(tlsClientIoRead(client)), true, " check eof = true"); TEST_RESULT_BOOL(tlsClientStatStr() != NULL, true, "check statistics exist"); TEST_RESULT_VOID(tlsClientFree(client), "free client"); } FUNCTION_HARNESS_RESULT_VOID(); }
/*********************************************************************************************************************************** Test Run ***********************************************************************************************************************************/ void testRun(void) { // Create default storage object for testing Storage *storageTest = storagePosixNew( strNew(testPath()), STORAGE_MODE_FILE_DEFAULT, STORAGE_MODE_PATH_DEFAULT, true, NULL); // ***************************************************************************************************************************** if (testBegin("infoNewLoad(), infoFileName(), infoIni()")) { // Initialize test variables //-------------------------------------------------------------------------------------------------------------------------- String *content = NULL; String *fileName = strNewFmt("%s/test.ini", testPath()); String *fileNameCopy = strNewFmt("%s/test.ini.copy", testPath()); Info *info = NULL; content = strNew ( "[backrest]\n" "backrest-checksum=\"1efa53e0611604ad7d833c5547eb60ff716e758c\"\n" "backrest-format=5\n" "backrest-version=\"2.04\"\n" "\n" "[db]\n" "db-id=1\n" "db-system-id=6569239123849665679\n" "db-version=\"9.4\"\n" "\n" "[db:history]\n" "1={\"db-id\":6569239123849665679,\"db-version\":\"9.4\"}\n" ); // Info files missing and at least one is required //-------------------------------------------------------------------------------------------------------------------------- TEST_ERROR_FMT( infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), FileMissingError, "unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n" "FileMissingError: " STORAGE_ERROR_READ_MISSING "\n" "FileMissingError: " STORAGE_ERROR_READ_MISSING, testPath(), testPath(), strPtr(strNewFmt("%s/test.ini", testPath())), strPtr(strNewFmt("%s/test.ini.copy", testPath()))); // Only copy exists and one is required //-------------------------------------------------------------------------------------------------------------------------- TEST_RESULT_VOID( storagePutNP(storageNewWriteNP(storageLocalWrite(), fileNameCopy), BUFSTR(content)), "put info.copy to file"); TEST_ASSIGN(info, infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), "load copy file"); TEST_RESULT_PTR(infoCipherPass(info), NULL, " cipherPass is not set"); // Remove the copy and store only the main info file and encrypt it. One is required. //-------------------------------------------------------------------------------------------------------------------------- StorageWrite *infoWrite = storageNewWriteNP(storageLocalWrite(), fileName); ioWriteFilterGroupSet( storageWriteIo(infoWrite), ioFilterGroupAdd( ioFilterGroupNew(), cipherBlockNew(cipherModeEncrypt, cipherTypeAes256Cbc, BUFSTRDEF("12345678"), NULL))); storageRemoveNP(storageLocalWrite(), fileNameCopy); storagePutNP( infoWrite, BUFSTRDEF( "[backrest]\n" "backrest-checksum=\"9d2f6dce339751e1a056187fad67d2834b3d4ab3\"\n" "backrest-format=5\n" "backrest-version=\"2.04\"\n" "\n" "[cipher]\n" "cipher-pass=\"ABCDEFGH\"\n" "\n" "[db]\n" "db-id=1\n" "db-system-id=6569239123849665679\n" "db-version=\"9.4\"\n" "\n" "[db:history]\n" "1={\"db-id\":6569239123849665679,\"db-version\":\"9.4\"}\n")); // Only main info exists and is required Ini *ini = NULL; TEST_ASSIGN(info, infoNewLoad(storageLocal(), fileName, cipherTypeAes256Cbc, strNew("12345678"), &ini), "load file"); TEST_RESULT_STR(strPtr(iniGet(ini, strNew("cipher"), strNew("cipher-pass"))), "\"ABCDEFGH\"", " check ini"); TEST_RESULT_STR(strPtr(infoCipherPass(info)), "ABCDEFGH", " cipherPass is set"); // Invalid format //-------------------------------------------------------------------------------------------------------------------------- storageRemoveNP(storageLocalWrite(), fileName); content = strNew ( "[backrest]\n" "backrest-checksum=\"14617b089cb5c9b3224e739bb794e865b9bcdf4b\"\n" "backrest-format=4\n" "backrest-version=\"2.04\"\n" "\n" "[db]\n" "db-catalog-version=201409291\n" "db-control-version=942\n" "db-id=1\n" "db-system-id=6569239123849665679\n" "db-version=\"9.4\"\n" "\n" "[db:history]\n" "1={\"db-catalog-version\":201409291,\"db-control-version\":942,\"db-system-id\":6569239123849665679," "\"db-version\":\"9.4\"}\n" ); // Only main file exists but the backrest-format is invalid TEST_RESULT_VOID( storagePutNP(storageNewWriteNP(storageLocalWrite(), fileName), BUFSTR(content)), "put invalid br format to file"); TEST_ERROR_FMT( infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), FormatError, "unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n" "FormatError: invalid format in '%s/test.ini', expected 5 but found 4\n" "FileMissingError: " STORAGE_ERROR_READ_MISSING, testPath(), testPath(), testPath(), strPtr(strNewFmt("%s/test.ini.copy", testPath()))); content = strNew ( "[backrest]\n" "backrest-checksum=\"14617b089cb5c9b3224e739bb794e865b9bcdf4b\"\n" "backrest-format=4\n" "backrest-version=\"2.05\"\n" "\n" "[db]\n" "db-catalog-version=201409291\n" "db-control-version=942\n" "db-id=1\n" "db-system-id=6569239123849665679\n" "db-version=\"9.4\"\n" "\n" "[db:history]\n" "1={\"db-catalog-version\":201409291,\"db-control-version\":942,\"db-system-id\":6569239123849665679," "\"db-version\":\"9.4\"}\n" ); TEST_RESULT_VOID( storagePutNP( storageNewWriteNP(storageLocalWrite(), fileNameCopy), BUFSTR(content)), "put invalid info to copy file"); TEST_ERROR( infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), FileOpenError, strPtr( strNewFmt( "unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n" "FormatError: invalid format in '%s/test.ini', expected 5 but found 4\n" "ChecksumError: invalid checksum in '%s/test.ini.copy', expected 'af92308095d6141bcda6b2df6d574f98d1115163'" " but found '14617b089cb5c9b3224e739bb794e865b9bcdf4b'", testPath(), testPath(), testPath(), testPath()))); // Invalid checksum //-------------------------------------------------------------------------------------------------------------------------- storageRemoveNP(storageLocalWrite(), fileName); storageRemoveNP(storageLocalWrite(), fileNameCopy); // change the checksum content = strNew ( "[backrest]\n" "backrest-checksum=\"4306ec205f71417c301e403c4714090e61c8a999\"\n" "backrest-format=5\n" "backrest-version=\"1.23\"\n" "\n" "[db]\n" "db-id=1\n" "db-system-id=6455618988686438683\n" "db-version=\"9.6\"\n" "\n" "[db:history]\n" "1={\"db-id\":6455618988686438683,\"db-version\":\"9.6\"}\n" "2={\"db-id\":6457457208275135411,\"db-version\":\"9.6\"}\n" ); TEST_RESULT_VOID( storagePutNP(storageNewWriteNP(storageLocalWrite(), fileNameCopy), BUFSTR(content)), "put invalid checksum to copy"); // Empty checksum for main file content = strNew ( "[backrest]\n" "backrest-checksum=\n" "backrest-format=5\n" "backrest-version=\"1.23\"\n" "\n" "[db]\n" "db-id=1\n" "db-system-id=6455618988686438683\n" "db-version=\"9.6\"\n" "\n" "[db:history]\n" "1={\"db-id\":6455618988686438683,\"db-version\":\"9.6\"}\n" "2={\"db-id\":6457457208275135411,\"db-version\":\"9.6\"}\n" ); TEST_RESULT_VOID( storagePutNP(storageNewWriteNP(storageLocalWrite(), fileName), BUFSTR(content)), "put empty checksum to file"); // Copy file error TEST_ERROR( infoNewLoad(storageLocal(), fileName, cipherTypeNone, NULL, NULL), ChecksumError, strPtr( strNewFmt( "unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n" "ChecksumError: invalid checksum in '%s/test.ini', expected '4306ec205f71417c301e403c4714090e61c8a736' but" " no checksum found\n" "ChecksumError: invalid checksum in '%s/test.ini.copy', expected '4306ec205f71417c301e403c4714090e61c8a736'" " but found '4306ec205f71417c301e403c4714090e61c8a999'", testPath(), testPath(), testPath(), testPath()))); // Encryption error //-------------------------------------------------------------------------------------------------------------------------- storageRemoveNP(storageLocalWrite(), fileName); TEST_ERROR_FMT( infoNewLoad(storageLocal(), fileName, cipherTypeAes256Cbc, strNew("12345678"), NULL), CryptoError, "unable to load info file '%s/test.ini' or '%s/test.ini.copy':\n" "FileMissingError: " STORAGE_ERROR_READ_MISSING "\n" "CryptoError: '%s/test.ini.copy' cipher header invalid\n" "HINT: Is or was the repo encrypted?", testPath(), testPath(), strPtr(strNewFmt("%s/test.ini", testPath())), testPath()); storageRemoveNP(storageLocalWrite(), fileNameCopy); // infoFree() //-------------------------------------------------------------------------------------------------------------------------- TEST_RESULT_VOID(infoFree(info), "infoFree() - free info memory context"); } // ***************************************************************************************************************************** if (testBegin("infoSave()")) { const String *fileName = strNew("test.info"); const String *cipherPass = strNew("12345"); Ini *ini = iniNew(); iniSet(ini, strNew("section1"), strNew("key1"), strNew("value1")); TEST_RESULT_VOID(infoSave(infoNew(), ini, storageTest, fileName, cipherTypeNone, NULL), "save info"); ini = NULL; TEST_RESULT_VOID(infoNewLoad(storageTest, fileName, cipherTypeNone, NULL, &ini), " reload info"); TEST_RESULT_STR(strPtr(iniGet(ini, strNew("section1"), strNew("key1"))), "value1", " check ini"); TEST_RESULT_BOOL(storageExistsNP(storageTest, fileName), true, "check main exists"); TEST_RESULT_BOOL(storageExistsNP(storageTest, strNewFmt("%s" INFO_COPY_EXT, strPtr(fileName))), true, "check main exists"); // Add encryption // ------------------------------------------------------------------------------------------------------------------------- ini = iniNew(); iniSet(ini, strNew("section1"), strNew("key1"), strNew("value4")); Info *info = infoNew(); info->cipherPass = strNew("/badpass"); TEST_RESULT_VOID(infoSave(info, ini, storageTest, fileName, cipherTypeAes256Cbc, cipherPass), "save encrypted info"); ini = NULL; TEST_RESULT_VOID(infoNewLoad(storageTest, fileName, cipherTypeAes256Cbc, cipherPass, &ini), " reload info"); TEST_RESULT_STR(strPtr(iniGet(ini, strNew("section1"), strNew("key1"))), "value4", " check ini"); TEST_RESULT_STR(strPtr(iniGet(ini, strNew("cipher"), strNew("cipher-pass"))), "\"/badpass\"", " check cipher-pass"); } }