1# 2# CDDL HEADER START 3# 4# This file and its contents are supplied under the terms of the 5# Common Development and Distribution License ("CDDL"), version 1.0. 6# You may only use this file in accordance with the terms of version 7# 1.0 of the CDDL. 8# 9# A full copy of the text of the CDDL should have accompanied this 10# source. A copy of the CDDL is also available via the Internet at 11# http://www.illumos.org/license/CDDL. 12# 13# CDDL HEADER END 14# 15 16# 17# Copyright (c) 2017 Datto, Inc. All rights reserved. 18# 19 20. $STF_SUITE/include/libtest.shlib 21. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key.cfg 22 23# Return 0 is a dataset key is available, 1 otherwise 24# 25# $1 - dataset 26# 27function key_available 28{ 29 typeset ds=$1 30 31 datasetexists $ds || return 1 32 33 typeset val=$(get_prop keystatus $ds) 34 if [[ "$val" == "none" ]]; then 35 log_note "Dataset $ds is not encrypted" 36 elif [[ "$val" == "available" ]]; then 37 return 0 38 fi 39 40 return 1 41} 42 43function key_unavailable 44{ 45 key_available $1 && return 1 46 return 0 47} 48 49function verify_keyformat 50{ 51 typeset ds=$1 52 typeset format=$2 53 typeset fmt=$(get_prop keyformat $ds) 54 55 if [[ "$fmt" != "$format" ]]; then 56 log_fail "Expected keyformat $format, got $fmt" 57 fi 58 59 return 0 60} 61 62function verify_keylocation 63{ 64 typeset ds=$1 65 typeset location=$2 66 typeset keyloc=$(get_prop keylocation $ds) 67 68 if [[ "$keyloc" != "$location" ]]; then 69 log_fail "Expected keylocation $location, got $keyloc" 70 fi 71 72 return 0 73} 74 75function verify_encryption_root 76{ 77 typeset ds=$1 78 typeset val=$2 79 typeset eroot=$(get_prop encryptionroot $ds) 80 81 if [[ "$eroot" != "$val" ]]; then 82 log_note "Expected encryption root '$val', got '$eroot'" 83 return 1 84 fi 85 86 return 0 87} 88 89function verify_origin 90{ 91 typeset ds=$1 92 typeset val=$2 93 typeset orig=$(get_prop origin $ds) 94 95 if [[ "$orig" != "$val" ]]; then 96 log_note "Expected origin '$val', got '$orig'" 97 return 1 98 fi 99 100 return 0 101} 102 103function setup_https 104{ 105 log_must openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout "/$TESTPOOL/snakeoil.key" -out "$SSL_CA_CERT_FILE" -subj "/CN=$HTTPS_HOSTNAME" 106 107 python3 -uc " 108import http.server, ssl, sys, os, time, random 109 110sys.stdin.close() 111 112httpd, err, port = None, None, None 113for i in range(1, 100): 114 port = random.randint(0xC000, 0xFFFF) # ephemeral range 115 try: 116 httpd = http.server.HTTPServer(('$HTTPS_HOSTNAME', port), http.server.SimpleHTTPRequestHandler) 117 break 118 except: 119 err = sys.exc_info()[1] 120 time.sleep(i / 100) 121if not httpd: 122 raise err 123 124with open('$HTTPS_PORT_FILE', 'w') as portf: 125 print(port, file=portf) 126 127httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, keyfile='/$TESTPOOL/snakeoil.key', certfile='$SSL_CA_CERT_FILE', ssl_version=ssl.PROTOCOL_TLS) 128 129os.chdir('$STF_SUITE/tests/functional/cli_root/zfs_load-key') 130 131with open('/$TESTPOOL/snakeoil.pid', 'w') as pidf: 132 if os.fork() != 0: 133 os._exit(0) 134 print(os.getpid(), file=pidf) 135 136sys.stdout.close() 137sys.stderr.close() 138try: 139 sys.stdout = sys.stderr = open('/tmp/ZTS-snakeoil.log', 'w', buffering=1) # line 140except: 141 sys.stdout = sys.stderr = open('/dev/null', 'w') 142 143print('{} start on {}'.format(os.getpid(), port)) 144httpd.serve_forever() 145" || log_fail 146 147 typeset https_pid= 148 for d in $(seq 0 0.1 5); do 149 read -r https_pid 2>/dev/null < "/$TESTPOOL/snakeoil.pid" && [ -n "$https_pid" ] && break 150 sleep "$d" 151 done 152 [ -z "$https_pid" ] && log_fail "Couldn't start HTTPS server" 153 log_note "Started HTTPS server as $https_pid on port $(get_https_port)" 154} 155 156function cleanup_https 157{ 158 typeset https_pid= 159 read -r https_pid 2>/dev/null < "/$TESTPOOL/snakeoil.pid" || return 0 160 161 log_must kill "$https_pid" 162 cat /tmp/ZTS-snakeoil.log 163 rm -f "/$TESTPOOL/snakeoil.pid" "/tmp/ZTS-snakeoil.log" 164} 165