1%%
2%% %CopyrightBegin%
3%%
4%% Copyright Ericsson AB 2015-2018. All Rights Reserved.
5%%
6%% Licensed under the Apache License, Version 2.0 (the "License");
7%% you may not use this file except in compliance with the License.
8%% You may obtain a copy of the License at
9%%
10%%     http://www.apache.org/licenses/LICENSE-2.0
11%%
12%% Unless required by applicable law or agreed to in writing, software
13%% distributed under the License is distributed on an "AS IS" BASIS,
14%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15%% See the License for the specific language governing permissions and
16%% limitations under the License.
17%%
18%% %CopyrightEnd%
19%%
20
21%%
22
23-module(ssl_pem_cache_SUITE).
24
25%% Note: This directive should only be used in test suites.
26-compile(export_all).
27
28-include_lib("common_test/include/ct.hrl").
29-include_lib("kernel/include/file.hrl").
30
31-define(CLEANUP_INTERVAL, 5000).
32
33%%--------------------------------------------------------------------
34%% Common Test interface functions -----------------------------------
35%%--------------------------------------------------------------------
36all() ->
37    [pem_cleanup, invalid_insert].
38
39groups() ->
40    [].
41
42init_per_suite(Config0) ->
43    catch crypto:stop(),
44    try crypto:start() of
45	ok ->
46	    ssl_test_lib:clean_start(),
47	    %% make rsa certs
48            ssl_test_lib:make_rsa_cert(Config0)
49    catch _:_ ->
50	    {skip, "Crypto did not start"}
51    end.
52
53end_per_suite(_Config) ->
54    application:stop(crypto).
55
56init_per_group(_GroupName, Config) ->
57    Config.
58
59end_per_group(_GroupName, Config) ->
60    Config.
61
62init_per_testcase(pem_cleanup = Case, Config) ->
63    application:load(ssl),
64    end_per_testcase(Case, Config) ,
65    application:set_env(ssl, ssl_pem_cache_clean, ?CLEANUP_INTERVAL),
66    ssl:start(),
67    ct:timetrap({minutes, 1}),
68    Config;
69init_per_testcase(_, Config) ->
70    ssl:start(),
71    ct:timetrap({seconds, 5}),
72    Config.
73
74end_per_testcase(_TestCase, Config) ->
75    ssl_test_lib:clean_env(),
76    ssl:stop(),
77    Config.
78
79%%--------------------------------------------------------------------
80%% Test Cases --------------------------------------------------------
81%%--------------------------------------------------------------------
82pem_cleanup() ->
83    [{doc, "Test pem cache invalidate mechanism"}].
84pem_cleanup(Config)when is_list(Config) ->
85    process_flag(trap_exit, true),
86    ClientOpts = proplists:get_value(client_rsa_verify_opts, Config),
87    ServerOpts = proplists:get_value(server_rsa_verify_opts, Config),
88    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
89
90    Server =
91	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
92				   {from, self()},
93				   {mfa, {ssl_test_lib, no_result, []}},
94				   {options, ServerOpts}]),
95    Port = ssl_test_lib:inet_port(Server),
96    Client =
97	ssl_test_lib:start_client([{node, ClientNode},
98		      {port, Port}, {host, Hostname},
99				   {mfa, {ssl_test_lib, no_result, []}},
100				   {from, self()}, {options, ClientOpts}]),
101
102    Size = ssl_pkix_db:db_size(get_pem_cache()),
103    Certfile = proplists:get_value(certfile, ServerOpts),
104    {ok, FileInfo} = file:read_file_info(Certfile),
105    Time = later(),
106    ok = file:write_file_info(Certfile, FileInfo#file_info{mtime = Time}),
107    ct:sleep(2 * ?CLEANUP_INTERVAL),
108    Size1 = ssl_pkix_db:db_size(get_pem_cache()),
109    ssl_test_lib:close(Server),
110    ssl_test_lib:close(Client),
111    false = Size == Size1.
112
113invalid_insert() ->
114    [{doc, "Test that insert of invalid pem does not cause empty cache entry"}].
115invalid_insert(Config)when is_list(Config) ->
116    process_flag(trap_exit, true),
117
118    ClientOpts = proplists:get_value(client_rsa_verify_opts, Config),
119    ServerOpts = proplists:get_value(server_rsa_verify_opts, Config),
120    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
121    BadClientOpts = [{cacertfile, "tmp/does_not_exist.pem"} | proplists:delete(cacertfile, ClientOpts)],
122    Server =
123	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
124				   {from, self()},
125				   {mfa, {ssl_test_lib, no_result, []}},
126				   {options, ServerOpts}]),
127    Port = ssl_test_lib:inet_port(Server),
128    ssl_test_lib:start_client_error([{node, ClientNode},
129                               {port, Port}, {host, Hostname},
130                               {from, self()}, {options, BadClientOpts}]),
131    ssl_test_lib:close(Server),
132    1 = ssl_pkix_db:db_size(get_fileref_db()).
133
134
135
136%%--------------------------------------------------------------------
137%% Internal funcations
138%%--------------------------------------------------------------------
139
140get_pem_cache() ->
141    {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
142    [_, _,_, _, Prop] = StatusInfo,
143    State = ssl_test_lib:state(Prop),
144    case element(6, State) of
145	[_CertDb, _FileRefDb, PemCache| _] ->
146	    PemCache;
147	_ ->
148	    undefined
149    end.
150
151get_fileref_db() ->
152    {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
153    [_, _,_, _, Prop] = StatusInfo,
154    State = ssl_test_lib:state(Prop),
155    case element(6, State) of
156	[_CertDb, {FileRefDb,_} | _] ->
157	    FileRefDb;
158	_ ->
159	    undefined
160    end.
161later()->
162    DateTime = calendar:now_to_local_time(os:timestamp()),
163    Gregorian = calendar:datetime_to_gregorian_seconds(DateTime),
164    calendar:gregorian_seconds_to_datetime(Gregorian + (2 * ?CLEANUP_INTERVAL)).
165
166