summaryrefslogtreecommitdiff
path: root/qa/713
diff options
context:
space:
mode:
Diffstat (limited to 'qa/713')
-rwxr-xr-xqa/71371
1 files changed, 71 insertions, 0 deletions
diff --git a/qa/713 b/qa/713
new file mode 100755
index 0000000..2d12deb
--- /dev/null
+++ b/qa/713
@@ -0,0 +1,71 @@
+#!/bin/sh
+# PCP QA Test No. 713
+#
+# Exercise encrypted communications between pmproxy/clients
+# Copyright (c) 2013 Red Hat.
+#
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+. ./common.secure
+nss_notrun_checks
+
+_cleanup()
+{
+ nss_cleanup
+
+ $sudo $signal -a pmproxy >/dev/null 2>&1
+ $sudo $PCP_RC_DIR/pcp restart 2>&1 | _filter_pcp_stop | _filter_pcp_start
+ _wait_for_pmcd
+ _wait_for_pmlogger
+
+ $sudo rm -f $tmp.*
+ $sudo rm -fr $tmp
+}
+
+status=1 # failure is the default!
+username=`id -u -n`
+signal=$PCP_BINADM_DIR/pmsignal
+$sudo rm -rf $tmp.* $seq.full
+trap "_cleanup; exit \$status" 0 1 2 3 15
+$sudo $PCP_RC_DIR/pcp stop | _filter_pcp_stop
+
+# real QA test starts here
+nss_backup
+nss_setup_randomness
+nss_setup_collector true $qahost $hostname
+
+# pmcd is now secure. next, pmproxy...
+$sudo $PCP_RC_DIR/pmproxy stop >/dev/null 2>&1
+$sudo $signal -a pmproxy >/dev/null 2>&1
+
+proxyargs="-C $PCP_SECURE_DB_METHOD$collectordb -P $collectorpw"
+id pcp >/dev/null 2>&1 && proxyargs="$proxyargs -U $username"
+$PCP_BINADM_DIR/pmproxy $proxyargs -l $tmp.log 2>&1
+echo "Checking pmproxy.log for unexpected messages" | tee -a $seq.full
+sleep 1 # allow log file creation to complete
+egrep 'Error:|Info:' $tmp.log
+cat $tmp.log >> $seq.full
+
+# verify that local clients are prompted to establish a connection
+# when a valid collectoer certificate exists but no client config.
+nss_setup_empty_userdb
+echo "checking client, server certificate only. should prompt and fail..." | tee -a $seq.full
+export PMPROXY_HOST=$hostname
+export PCP_SECURE_SOCKETS=enforce
+yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
+unset PMPROXY_HOST PCP_SECURE_SOCKETS
+
+# make the new certificate visible to just this user
+echo "checking client, user certificate only. should pass..."
+nss_setup_empty_userdb
+nss_import_cert_userdb
+export PMPROXY_HOST=$hostname
+export PCP_SECURE_SOCKETS=enforce
+yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
+unset PMPROXY_HOST PCP_SECURE_SOCKETS
+
+# success, all done
+status=0
+exit
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-28 16:23:17 +0000