"Fossies" - the Fresh Open Source Software Archive

Member "memcached-1.6.15/t/ssl_cert_refresh.t" (21 Feb 2022, 3122 Bytes) of package /linux/www/memcached-1.6.15.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Perl source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "ssl_cert_refresh.t": 1.6.12_vs_1.6.13.

    1 #!/usr/bin/perl
    2 
    3 use strict;
    4 use warnings;
    5 use File::Copy;
    6 use File::Temp;
    7 use Test::More;
    8 use FindBin qw($Bin);
    9 use lib "$Bin/lib";
   10 use MemcachedTest;
   11 
   12 if (!enabled_tls_testing()) {
   13     plan skip_all => 'SSL testing is not enabled';
   14     exit 0;
   15 }
   16 
   17 my $ca_cert = File::Temp->new()->filename;
   18 my $cert = File::Temp->new()->filename;
   19 my $key = File::Temp->new()->filename;
   20 my $new_cert_key = File::Temp->new()->filename;
   21 my $ca_cert_back = $ca_cert . ".bak";
   22 my $cert_back = $cert . ".bak";
   23 my $key_back = $key . ".bak";
   24 
   25 copy("t/" . MemcachedTest::CA_CRT, $ca_cert);
   26 copy("t/" . MemcachedTest::SRV_CRT, $cert);
   27 copy("t/" . MemcachedTest::SRV_KEY, $key);
   28 copy("t/server.pem", $new_cert_key);
   29 
   30 my $default_crt_ou = "OU=Subunit of Test Organization";
   31 
   32 my $server = new_memcached("-o ssl_ca_cert=$ca_cert -o ssl_chain_cert=$cert -o ssl_key=$key");
   33 my $stats = mem_stats($server->sock);
   34 my $sock = $server->sock;
   35 
   36 # This connection should return the default server certificate
   37 # memcached was started with.
   38 my $cert_details =$sock->dump_peer_certificate();
   39 $cert_details =~ m/(OU=([^\/\n]*))/;
   40 is($1, $default_crt_ou, 'Got the default cert');
   41 
   42 # Swap a new certificate with a key
   43 copy($ca_cert, $ca_cert_back) or die "CA cert backup failed: $!";
   44 copy($cert, $cert_back) or die "Cert backup failed: $!";
   45 copy($key, $key_back) or die "Key backup failed: $!";
   46 copy($new_cert_key, $ca_cert) or die "New CA cert copy failed: $!";
   47 copy($new_cert_key, $cert) or die "New Cert copy failed: $!";
   48 copy($new_cert_key, $key) or die "New key copy failed: $!";
   49 
   50 # Ask server to refresh certificates
   51 print $sock "refresh_certs\r\n";
   52 is(scalar <$sock>, "OK\r\n", "refreshed certificates");
   53 
   54 # New connections should use the new certificate
   55 $cert_details = $server->new_sock->dump_peer_certificate();
   56 $cert_details =~ m/(OU=([^\/]*))/;
   57 is($1, 'OU=FOR TESTING PURPOSES ONLY','Got the new cert');
   58 # Old connection should use the previous certificate
   59 $cert_details = $sock->dump_peer_certificate();
   60 $cert_details =~ m/(OU=([^\/\n]*))/;
   61 is($1, $default_crt_ou, 'Old connection still has the old cert');
   62 
   63 # Just sleep a while to test the time_since_server_cert_refresh as it's counted
   64 # in seconds.
   65 sleep 5;
   66 $stats = mem_stats($sock);
   67 
   68 # Restore and ensure previous certificate is back for new connections.
   69 move($ca_cert_back, $ca_cert) or die "CA cert restore failed: $!";
   70 move($cert_back, $cert) or die "Cert restore failed: $!";
   71 move($key_back, $key) or die "Key restore failed: $!";
   72 print $sock "refresh_certs\r\n";
   73 is(scalar <$sock>, "OK\r\n", "refreshed certificates");
   74 
   75 
   76 $cert_details = $server->new_sock->dump_peer_certificate();
   77 $cert_details =~ m/(OU=([^\/\n]*))/;
   78 is($1, $default_crt_ou, 'Got the old cert back');
   79 
   80 my $stats_after = mem_stats($sock);
   81 
   82 # We should see last refresh time is reset; hence the new
   83 # time_since_server_cert_refresh should be less.
   84 cmp_ok($stats_after->{time_since_server_cert_refresh}, '<',
   85     $stats->{time_since_server_cert_refresh}, 'Certs refreshed');
   86 
   87 done_testing();
   88 
   89 END {
   90     unlink $ca_cert if $ca_cert;
   91     unlink $cert if $cert;
   92     unlink $key if $key;
   93     unlink $new_cert_key if $new_cert_key;
   94 }