[tlsproxy/tlsproxy.git] / tests / common.sh

# Functions used by all tests.
#
# Copyright (C) 2011-2013  Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


set -e


# Terminate all running servers when the script terminates.
trap 'stop_servers' 0
# Same when the user presses Ctrl-C.
trap 'abort SIGINT' INT


cleanup() {
    rm -f \
        tmp tlsproxy-log \
        certificate-localhost-proxy.pem certificate-localhost-server.pem \
        proxy-ca-key.pem proxy-ca.pem proxy-invalid.pem proxy-key.pem
}
stop_servers() {
    if test -n "$pid_server"; then
        kill $pid_server || echo 'failed to kill gnutls-serv'
    fi
    if test -n "$pid_tlsproxy"; then
        kill $pid_tlsproxy || echo 'failed to kill tlsproxy'
    fi
}
abort() {
    echo "abort: $*"
    stop_servers
    exit 1
}
tlsproxy_setup() {
    "$srcdir/../src/tlsproxy-setup" >/dev/null 2>&1
}
tlsproxy_add() {
    # `make distcheck` marks the source PEM-file as read-only which is copied
    # over when using `cp`. This causes a check failure when tlsproxy_add() is
    # called again with the same hostname. Instead use redirection which
    # doesn't use `cp`.
    "$srcdir/../src/tlsproxy-add" "$1" < "$srcdir/$2" >/dev/null 2>&1
}
tlsproxy() {
    #valgrind --leak-check=full --error-exitcode=1 --track-fds=yes \
    ../src/tlsproxy -d2 "$@" >tlsproxy-log 2>&1 &
    pid_tlsproxy=$!
}
server() {
    gnutls-serv --http --port 4712 "$@" >/dev/null 2>&1 &
    pid_server=$!
}
client() {
    ./client ./proxy-ca.pem "$@" > tmp 2>&1
}

wait_for_ports() {
    for x in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
        sleep 1

        # Check if each given port can be reached.
        ready=1
        for port in "$@"; do
            printf 'invalid request\r\n\r\n' \
                | nc localhost "$port" >/dev/null 2>&1 \
                || ready=
        done

        if test -n "$ready"; then
            break
        fi

        echo "waiting for ports $* ..."
    done
}

test_proxy_failure() {
    grep 'proxy failure' tmp >/dev/null \
        || abort 'test_proxy_failure'
    grep 'response: HTTP/1.0 503 Forwarding failure' tmp >/dev/null \
        || abort 'test_proxy_failure 2'
}
test_proxy_authentication_failure() {
    grep 'proxy failure' tmp >/dev/null \
        || abort 'test_proxy_authentication_failure'
    grep 'response: HTTP/1.0 407 Proxy Authentication Required' tmp >/dev/null \
        || abort 'test_proxy_authentication_failure 2'
}
test_authentication_missing() {
    grep 'response: HTTP/1.0 407 Proxy Authentication Required' tmp >/dev/null \
        || abort 'test_authentication_missing'
}
test_proxy_successful() {
    grep 'response: HTTP/1.0 200 Connection established' tmp >/dev/null \
        || abort 'test_proxy_successful'
}
test_invalid_certificate() {
    grep 'certificate invalid' tmp >/dev/null \
        || abort 'test_invalid_certificate'
}
test_no_invalid_certificate() {
    grep 'certificate invalid' tmp >/dev/null \
        && abort 'test_no_invalid_certificate' || true
}