1# 2# CDDL HEADER START 3# 4# This file and its contents are supplied under the terms of the 5# Common Development and Distribution License ("CDDL"), version 1.0. 6# You may only use this file in accordance with the terms of version 7# 1.0 of the CDDL. 8# 9# A full copy of the text of the CDDL should have accompanied this 10# source. A copy of the CDDL is also available via the Internet at 11# http://www.illumos.org/license/CDDL. 12# 13# CDDL HEADER END 14# 15 16# 17# Copyright (c) 2017 Datto, Inc. All rights reserved. 18# 19 20. $STF_SUITE/include/libtest.shlib 21. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key.cfg 22 23# Return 0 is a dataset key is available, 1 otherwise 24# 25# $1 - dataset 26# 27function key_available 28{ 29 typeset ds=$1 30 31 datasetexists $ds || return 1 32 33 typeset val=$(get_prop keystatus $ds) 34 if [[ "$val" == "none" ]]; then 35 log_note "Dataset $ds is not encrypted" 36 elif [[ "$val" == "available" ]]; then 37 return 0 38 fi 39 40 return 1 41} 42 43function key_unavailable 44{ 45 ! key_available $1 46} 47 48function verify_keyformat 49{ 50 typeset ds=$1 51 typeset format=$2 52 typeset fmt=$(get_prop keyformat $ds) 53 54 if [[ "$fmt" != "$format" ]]; then 55 log_fail "Expected keyformat $format, got $fmt" 56 fi 57 58 return 0 59} 60 61function verify_keylocation 62{ 63 typeset ds=$1 64 typeset location=$2 65 typeset keyloc=$(get_prop keylocation $ds) 66 67 if [[ "$keyloc" != "$location" ]]; then 68 log_fail "Expected keylocation $location, got $keyloc" 69 fi 70 71 return 0 72} 73 74function verify_encryption_root 75{ 76 typeset ds=$1 77 typeset val=$2 78 typeset eroot=$(get_prop encryptionroot $ds) 79 80 if [[ "$eroot" != "$val" ]]; then 81 log_note "Expected encryption root '$val', got '$eroot'" 82 return 1 83 fi 84 85 return 0 86} 87 88function verify_origin 89{ 90 typeset ds=$1 91 typeset val=$2 92 typeset orig=$(get_prop origin $ds) 93 94 if [[ "$orig" != "$val" ]]; then 95 log_note "Expected origin '$val', got '$orig'" 96 return 1 97 fi 98 99 return 0 100} 101 102function setup_https 103{ 104 log_must openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout "/$TESTPOOL/snakeoil.key" -out "$SSL_CA_CERT_FILE" -subj "/CN=$HTTPS_HOSTNAME" 105 106 python3 -uc " 107import http.server, ssl, sys, os, time, random 108 109sys.stdin.close() 110 111httpd, err, port = None, None, None 112for i in range(1, 100): 113 port = random.randint(0xC000, 0xFFFF) # ephemeral range 114 try: 115 httpd = http.server.HTTPServer(('$HTTPS_HOSTNAME', port), http.server.SimpleHTTPRequestHandler) 116 break 117 except: 118 err = sys.exc_info()[1] 119 time.sleep(i / 100) 120if not httpd: 121 raise err 122 123with open('$HTTPS_PORT_FILE', 'w') as portf: 124 print(port, file=portf) 125 126httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, keyfile='/$TESTPOOL/snakeoil.key', certfile='$SSL_CA_CERT_FILE', ssl_version=ssl.PROTOCOL_TLS) 127 128os.chdir('$STF_SUITE/tests/functional/cli_root/zfs_load-key') 129 130with open('/$TESTPOOL/snakeoil.pid', 'w') as pidf: 131 if os.fork() != 0: 132 os._exit(0) 133 print(os.getpid(), file=pidf) 134 135sys.stdout.close() 136sys.stderr.close() 137try: 138 sys.stdout = sys.stderr = open('/tmp/ZTS-snakeoil.log', 'w', buffering=1) # line 139except: 140 sys.stdout = sys.stderr = open('/dev/null', 'w') 141 142print('{} start on {}'.format(os.getpid(), port)) 143httpd.serve_forever() 144" || log_fail 145 146 typeset https_pid= 147 for d in $(seq 0 0.1 5); do 148 read -r https_pid 2>/dev/null < "/$TESTPOOL/snakeoil.pid" && [ -n "$https_pid" ] && break 149 sleep "$d" 150 done 151 [ -z "$https_pid" ] && log_fail "Couldn't start HTTPS server" 152 log_note "Started HTTPS server as $https_pid on port $(get_https_port)" 153} 154 155function cleanup_https 156{ 157 typeset https_pid= 158 read -r https_pid 2>/dev/null < "/$TESTPOOL/snakeoil.pid" || return 0 159 160 log_must kill "$https_pid" 161 cat /tmp/ZTS-snakeoil.log 162 rm -f "/$TESTPOOL/snakeoil.pid" "/tmp/ZTS-snakeoil.log" 163} 164