1%% 2%% %CopyrightBegin% 3%% 4%% Copyright Ericsson AB 2015-2018. All Rights Reserved. 5%% 6%% Licensed under the Apache License, Version 2.0 (the "License"); 7%% you may not use this file except in compliance with the License. 8%% You may obtain a copy of the License at 9%% 10%% http://www.apache.org/licenses/LICENSE-2.0 11%% 12%% Unless required by applicable law or agreed to in writing, software 13%% distributed under the License is distributed on an "AS IS" BASIS, 14%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15%% See the License for the specific language governing permissions and 16%% limitations under the License. 17%% 18%% %CopyrightEnd% 19%% 20 21%% 22 23-module(ssl_pem_cache_SUITE). 24 25%% Note: This directive should only be used in test suites. 26-compile(export_all). 27 28-include_lib("common_test/include/ct.hrl"). 29-include_lib("kernel/include/file.hrl"). 30 31-define(CLEANUP_INTERVAL, 5000). 32 33%%-------------------------------------------------------------------- 34%% Common Test interface functions ----------------------------------- 35%%-------------------------------------------------------------------- 36all() -> 37 [pem_cleanup, invalid_insert]. 38 39groups() -> 40 []. 41 42init_per_suite(Config0) -> 43 catch crypto:stop(), 44 try crypto:start() of 45 ok -> 46 ssl_test_lib:clean_start(), 47 %% make rsa certs 48 ssl_test_lib:make_rsa_cert(Config0) 49 catch _:_ -> 50 {skip, "Crypto did not start"} 51 end. 52 53end_per_suite(_Config) -> 54 application:stop(crypto). 55 56init_per_group(_GroupName, Config) -> 57 Config. 58 59end_per_group(_GroupName, Config) -> 60 Config. 61 62init_per_testcase(pem_cleanup = Case, Config) -> 63 application:load(ssl), 64 end_per_testcase(Case, Config) , 65 application:set_env(ssl, ssl_pem_cache_clean, ?CLEANUP_INTERVAL), 66 ssl:start(), 67 ct:timetrap({minutes, 1}), 68 Config; 69init_per_testcase(_, Config) -> 70 ssl:start(), 71 ct:timetrap({seconds, 5}), 72 Config. 73 74end_per_testcase(_TestCase, Config) -> 75 ssl_test_lib:clean_env(), 76 ssl:stop(), 77 Config. 78 79%%-------------------------------------------------------------------- 80%% Test Cases -------------------------------------------------------- 81%%-------------------------------------------------------------------- 82pem_cleanup() -> 83 [{doc, "Test pem cache invalidate mechanism"}]. 84pem_cleanup(Config)when is_list(Config) -> 85 process_flag(trap_exit, true), 86 ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), 87 ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), 88 {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), 89 90 Server = 91 ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 92 {from, self()}, 93 {mfa, {ssl_test_lib, no_result, []}}, 94 {options, ServerOpts}]), 95 Port = ssl_test_lib:inet_port(Server), 96 Client = 97 ssl_test_lib:start_client([{node, ClientNode}, 98 {port, Port}, {host, Hostname}, 99 {mfa, {ssl_test_lib, no_result, []}}, 100 {from, self()}, {options, ClientOpts}]), 101 102 Size = ssl_pkix_db:db_size(get_pem_cache()), 103 Certfile = proplists:get_value(certfile, ServerOpts), 104 {ok, FileInfo} = file:read_file_info(Certfile), 105 Time = later(), 106 ok = file:write_file_info(Certfile, FileInfo#file_info{mtime = Time}), 107 ct:sleep(2 * ?CLEANUP_INTERVAL), 108 Size1 = ssl_pkix_db:db_size(get_pem_cache()), 109 ssl_test_lib:close(Server), 110 ssl_test_lib:close(Client), 111 false = Size == Size1. 112 113invalid_insert() -> 114 [{doc, "Test that insert of invalid pem does not cause empty cache entry"}]. 115invalid_insert(Config)when is_list(Config) -> 116 process_flag(trap_exit, true), 117 118 ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), 119 ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), 120 {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), 121 BadClientOpts = [{cacertfile, "tmp/does_not_exist.pem"} | proplists:delete(cacertfile, ClientOpts)], 122 Server = 123 ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 124 {from, self()}, 125 {mfa, {ssl_test_lib, no_result, []}}, 126 {options, ServerOpts}]), 127 Port = ssl_test_lib:inet_port(Server), 128 ssl_test_lib:start_client_error([{node, ClientNode}, 129 {port, Port}, {host, Hostname}, 130 {from, self()}, {options, BadClientOpts}]), 131 ssl_test_lib:close(Server), 132 1 = ssl_pkix_db:db_size(get_fileref_db()). 133 134 135 136%%-------------------------------------------------------------------- 137%% Internal funcations 138%%-------------------------------------------------------------------- 139 140get_pem_cache() -> 141 {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)), 142 [_, _,_, _, Prop] = StatusInfo, 143 State = ssl_test_lib:state(Prop), 144 case element(6, State) of 145 [_CertDb, _FileRefDb, PemCache| _] -> 146 PemCache; 147 _ -> 148 undefined 149 end. 150 151get_fileref_db() -> 152 {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)), 153 [_, _,_, _, Prop] = StatusInfo, 154 State = ssl_test_lib:state(Prop), 155 case element(6, State) of 156 [_CertDb, {FileRefDb,_} | _] -> 157 FileRefDb; 158 _ -> 159 undefined 160 end. 161later()-> 162 DateTime = calendar:now_to_local_time(os:timestamp()), 163 Gregorian = calendar:datetime_to_gregorian_seconds(DateTime), 164 calendar:gregorian_seconds_to_datetime(Gregorian + (2 * ?CLEANUP_INTERVAL)). 165 166